| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 100€ Virus (mor.exe)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.04.2012, 14:22
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  100€ Virus (mor.exe) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
DRV - (atqxz1ce) -- File not found
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
FF - prefs.js..browser.startup.homepage: "http://www.12startseite.de/index.php"
FF - user.js - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02fd1b56-584d-11df-a5f4-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{02fd1b56-584d-11df-a5f4-001f16be9587}\Shell\AutoRun\command - "" = J:\preinst.exe
O33 - MountPoints2\{12f03283-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{12f03283-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{12f0328d-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{12f0328d-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{12f03298-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{12f03298-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{37dd83cc-57f5-11df-a13d-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{37dd83cc-57f5-11df-a13d-001f16be9587}\Shell\AutoRun\command - "" = I:\preinst.exe
O33 - MountPoints2\{614d254d-8f85-11df-804a-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{614d254d-8f85-11df-804a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63b23e4d-8267-11df-8c5f-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{63b23e4d-8267-11df-8c5f-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63b23e55-8267-11df-8c5f-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{63b23e55-8267-11df-8c5f-001e657ece4c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7e4a52cd-8752-11df-b642-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{7e4a52cd-8752-11df-b642-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8ac17976-b854-11de-88c9-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{8ac17976-b854-11de-88c9-001e657ece4c}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{8b58dfcd-97ee-11df-a5ae-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{8b58dfcd-97ee-11df-a5ae-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8b58dfd0-97ee-11df-a5ae-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{8b58dfd0-97ee-11df-a5ae-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a54171c8-022d-11e0-aed3-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{a54171c8-022d-11e0-aed3-001f16be9587}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ab371969-d057-11de-9019-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{ab371969-d057-11de-9019-001f16be9587}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{ac721ece-8442-11df-800a-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{ac721ece-8442-11df-800a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ac721ed0-8442-11df-800a-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{ac721ed0-8442-11df-800a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ca98c62e-4a6e-11df-8aa0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ca98c62e-4a6e-11df-8aa0-806e6f6e6963}\Shell\AutoRun\command - "" = H:\SETUP95.EXE
O33 - MountPoints2\{e57b67c4-b1db-11df-9e23-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{e57b67c4-b1db-11df-9e23-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e57b67c7-b1db-11df-9e23-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{e57b67c7-b1db-11df-9e23-001f16be9587}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
MsConfig - StartUpFolder: C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.713674863367620167f76.exe.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk - - File not found
[2009.10.19 11:21:58 | 000,000,000 | -HSD | M] -- C:\Users\Pegasuz\AppData\Roaming\.#
[2009.12.27 06:31:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\CheckPoint
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:364682BC
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.04.2012, 15:26
| #17 |
 | 100€ Virus (mor.exe) Hat alles geklappt, hier das Log:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named atqxz1ce was found to stop!
Service\Driver key atqxz1ce not found.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-3659569405-2327324472-3049137322-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "hxxp://www.12startseite.de/index.php" removed from browser.startup.homepage
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInternetOpenWith deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02fd1b56-584d-11df-a5f4-001f16be9587}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02fd1b56-584d-11df-a5f4-001f16be9587}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02fd1b56-584d-11df-a5f4-001f16be9587}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02fd1b56-584d-11df-a5f4-001f16be9587}\ not found.
File J:\preinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12f03283-0571-11e1-9179-001f16be9587}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12f03283-0571-11e1-9179-001f16be9587}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12f03283-0571-11e1-9179-001f16be9587}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12f03283-0571-11e1-9179-001f16be9587}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12f0328d-0571-11e1-9179-001f16be9587}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12f0328d-0571-11e1-9179-001f16be9587}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12f0328d-0571-11e1-9179-001f16be9587}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12f0328d-0571-11e1-9179-001f16be9587}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12f03298-0571-11e1-9179-001f16be9587}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12f03298-0571-11e1-9179-001f16be9587}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12f03298-0571-11e1-9179-001f16be9587}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12f03298-0571-11e1-9179-001f16be9587}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37dd83cc-57f5-11df-a13d-001f16be9587}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37dd83cc-57f5-11df-a13d-001f16be9587}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37dd83cc-57f5-11df-a13d-001f16be9587}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37dd83cc-57f5-11df-a13d-001f16be9587}\ not found.
File I:\preinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{614d254d-8f85-11df-804a-001e657ece4c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{614d254d-8f85-11df-804a-001e657ece4c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{614d254d-8f85-11df-804a-001e657ece4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{614d254d-8f85-11df-804a-001e657ece4c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63b23e4d-8267-11df-8c5f-001e657ece4c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63b23e4d-8267-11df-8c5f-001e657ece4c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63b23e4d-8267-11df-8c5f-001e657ece4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63b23e4d-8267-11df-8c5f-001e657ece4c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63b23e55-8267-11df-8c5f-001e657ece4c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63b23e55-8267-11df-8c5f-001e657ece4c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63b23e55-8267-11df-8c5f-001e657ece4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63b23e55-8267-11df-8c5f-001e657ece4c}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e4a52cd-8752-11df-b642-001e657ece4c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e4a52cd-8752-11df-b642-001e657ece4c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e4a52cd-8752-11df-b642-001e657ece4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e4a52cd-8752-11df-b642-001e657ece4c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ac17976-b854-11de-88c9-001e657ece4c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ac17976-b854-11de-88c9-001e657ece4c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ac17976-b854-11de-88c9-001e657ece4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ac17976-b854-11de-88c9-001e657ece4c}\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b58dfcd-97ee-11df-a5ae-001e657ece4c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b58dfcd-97ee-11df-a5ae-001e657ece4c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b58dfcd-97ee-11df-a5ae-001e657ece4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b58dfcd-97ee-11df-a5ae-001e657ece4c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b58dfd0-97ee-11df-a5ae-001e657ece4c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b58dfd0-97ee-11df-a5ae-001e657ece4c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b58dfd0-97ee-11df-a5ae-001e657ece4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b58dfd0-97ee-11df-a5ae-001e657ece4c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a54171c8-022d-11e0-aed3-001f16be9587}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a54171c8-022d-11e0-aed3-001f16be9587}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a54171c8-022d-11e0-aed3-001f16be9587}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a54171c8-022d-11e0-aed3-001f16be9587}\ not found.
File "G:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab371969-d057-11de-9019-001f16be9587}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab371969-d057-11de-9019-001f16be9587}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab371969-d057-11de-9019-001f16be9587}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab371969-d057-11de-9019-001f16be9587}\ not found.
File G:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac721ece-8442-11df-800a-001e657ece4c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac721ece-8442-11df-800a-001e657ece4c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac721ece-8442-11df-800a-001e657ece4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac721ece-8442-11df-800a-001e657ece4c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac721ed0-8442-11df-800a-001e657ece4c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac721ed0-8442-11df-800a-001e657ece4c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac721ed0-8442-11df-800a-001e657ece4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac721ed0-8442-11df-800a-001e657ece4c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca98c62e-4a6e-11df-8aa0-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca98c62e-4a6e-11df-8aa0-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca98c62e-4a6e-11df-8aa0-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca98c62e-4a6e-11df-8aa0-806e6f6e6963}\ not found.
File H:\SETUP95.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e57b67c4-b1db-11df-9e23-001f16be9587}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e57b67c4-b1db-11df-9e23-001f16be9587}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e57b67c4-b1db-11df-9e23-001f16be9587}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e57b67c4-b1db-11df-9e23-001f16be9587}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e57b67c7-b1db-11df-9e23-001f16be9587}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e57b67c7-b1db-11df-9e23-001f16be9587}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e57b67c7-b1db-11df-9e23-001f16be9587}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e57b67c7-b1db-11df-9e23-001f16be9587}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.713674863367620167f76.exe.lnk\ deleted successfully.
C:\Windows\pss\0.713674863367620167f76.exe.lnk.Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk\ deleted successfully.
C:\Windows\pss\IMVU.lnk.Startup moved successfully.
C:\Users\Pegasuz\AppData\Roaming\.# folder moved successfully.
C:\Users\Pegasuz\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\TrustChecker folder moved successfully.
C:\Users\Pegasuz\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\PTPCACHE folder moved successfully.
C:\Users\Pegasuz\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar folder moved successfully.
C:\Users\Pegasuz\AppData\Roaming\CheckPoint\ISW folder moved successfully.
C:\Users\Pegasuz\AppData\Roaming\CheckPoint folder moved successfully.
ADS C:\ProgramData\Temp:364682BC deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Pegasuz
->Temp folder emptied: 14412435 bytes
->Temporary Internet Files folder emptied: 854140 bytes
->Java cache emptied: 48837347 bytes
->FireFox cache emptied: 148515168 bytes
->Flash cache emptied: 73397734 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45125082 bytes
RecycleBin emptied: 26424395 bytes
Total Files Cleaned = 341,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Pegasuz
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04062012_162516
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
06.04.2012, 15:39
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 100€ Virus (mor.exe) Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
06.04.2012, 16:48
| #19 |
| | 100€ Virus (mor.exe) ...und hier das dazugehörige Log: Code:
ATTFilter 17:33:39.0315 3724 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
17:33:39.0518 3724 ============================================================
17:33:39.0518 3724 Current date / time: 2012/04/06 17:33:39.0518
17:33:39.0518 3724 SystemInfo:
17:33:39.0518 3724
17:33:39.0518 3724 OS Version: 6.1.7601 ServicePack: 1.0
17:33:39.0518 3724 Product type: Workstation
17:33:39.0518 3724 ComputerName: PEGASUZ2
17:33:39.0518 3724 UserName: Pegasuz
17:33:39.0518 3724 Windows directory: C:\Windows
17:33:39.0518 3724 System windows directory: C:\Windows
17:33:39.0518 3724 Processor architecture: Intel x86
17:33:39.0518 3724 Number of processors: 2
17:33:39.0518 3724 Page size: 0x1000
17:33:39.0518 3724 Boot type: Normal boot
17:33:39.0518 3724 ============================================================
17:33:40.0247 3724 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:33:40.0254 3724 \Device\Harddisk0\DR0:
17:33:40.0254 3724 MBR used
17:33:40.0254 3724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x157C800, BlocksNum 0x11C53000
17:33:40.0254 3724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x131CF800, BlocksNum 0x11C5E800
17:33:40.0363 3724 Initialize success
17:33:40.0363 3724 ============================================================
17:48:52.0695 3256 ============================================================
17:48:52.0695 3256 Scan started
17:48:52.0695 3256 Mode: Manual; SigCheck; TDLFS;
17:48:52.0695 3256 ============================================================
17:48:53.0069 3256 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:48:53.0210 3256 1394ohci - ok
17:48:53.0319 3256 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:48:53.0334 3256 ACPI - ok
17:48:53.0366 3256 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:48:53.0459 3256 AcpiPmi - ok
17:48:53.0615 3256 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:48:53.0631 3256 AdobeARMservice - ok
17:48:53.0818 3256 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:48:53.0818 3256 AdobeFlashPlayerUpdateSvc - ok
17:48:53.0927 3256 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:48:53.0943 3256 adp94xx - ok
17:48:53.0990 3256 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:48:54.0005 3256 adpahci - ok
17:48:54.0036 3256 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:48:54.0052 3256 adpu320 - ok
17:48:54.0083 3256 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
17:48:54.0130 3256 AeLookupSvc - ok
17:48:54.0177 3256 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:48:54.0239 3256 AFD - ok
17:48:54.0286 3256 AFPAnsi (66b3a85d6a6d385bc59d2bffc6540fd0) C:\Windows\system32\Drivers\AFPAnsi.sys
17:48:54.0317 3256 AFPAnsi ( UnsignedFile.Multi.Generic ) - warning
17:48:54.0317 3256 AFPAnsi - detected UnsignedFile.Multi.Generic (1)
17:48:54.0348 3256 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:48:54.0364 3256 agp440 - ok
17:48:54.0411 3256 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:48:54.0426 3256 aic78xx - ok
17:48:54.0458 3256 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
17:48:54.0504 3256 ALG - ok
17:48:54.0536 3256 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:48:54.0551 3256 aliide - ok
17:48:54.0582 3256 AMD External Events Utility (8570625ca5dbd8083bea7cb73065b53d) C:\Windows\system32\atiesrxx.exe
17:48:54.0660 3256 AMD External Events Utility - ok
17:48:54.0692 3256 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:48:54.0707 3256 amdagp - ok
17:48:54.0723 3256 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:48:54.0738 3256 amdide - ok
17:48:54.0785 3256 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:48:54.0832 3256 AmdK8 - ok
17:48:55.0050 3256 amdkmdag (c22bdfcbed2596692096f85a9bf54358) C:\Windows\system32\DRIVERS\atikmdag.sys
17:48:55.0253 3256 amdkmdag - ok
17:48:55.0456 3256 amdkmdap (cc6a16ce23dbc94a59f8e821558d5754) C:\Windows\system32\DRIVERS\atikmpag.sys
17:48:55.0503 3256 amdkmdap - ok
17:48:55.0565 3256 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:48:55.0612 3256 AmdPPM - ok
17:48:55.0643 3256 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:48:55.0659 3256 amdsata - ok
17:48:55.0690 3256 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:48:55.0706 3256 amdsbs - ok
17:48:55.0737 3256 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:48:55.0737 3256 amdxata - ok
17:48:55.0986 3256 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:48:56.0002 3256 AntiVirSchedulerService - ok
17:48:56.0049 3256 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:48:56.0064 3256 AntiVirService - ok
17:48:56.0205 3256 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:48:56.0345 3256 AppID - ok
17:48:56.0408 3256 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
17:48:56.0454 3256 AppIDSvc - ok
17:48:56.0501 3256 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
17:48:56.0548 3256 Appinfo - ok
17:48:56.0595 3256 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:48:56.0610 3256 arc - ok
17:48:56.0642 3256 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:48:56.0657 3256 arcsas - ok
17:48:56.0688 3256 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:48:56.0798 3256 AsyncMac - ok
17:48:56.0829 3256 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:48:56.0829 3256 atapi - ok
17:48:57.0016 3256 atikmdag (c22bdfcbed2596692096f85a9bf54358) C:\Windows\system32\DRIVERS\atikmdag.sys
17:48:57.0094 3256 atikmdag - ok
17:48:57.0141 3256 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:48:57.0203 3256 AudioEndpointBuilder - ok
17:48:57.0234 3256 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:48:57.0266 3256 Audiosrv - ok
17:48:57.0312 3256 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
17:48:57.0344 3256 avgntflt - ok
17:48:57.0422 3256 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
17:48:57.0422 3256 avipbb - ok
17:48:57.0500 3256 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
17:48:57.0515 3256 avkmgr - ok
17:48:57.0531 3256 AVMUNET (980f4c96c73c61cc6fcf657a721b35d3) C:\Windows\system32\DRIVERS\avmunet.sys
17:48:57.0578 3256 AVMUNET - ok
17:48:57.0624 3256 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
17:48:57.0702 3256 AxInstSV - ok
17:48:57.0749 3256 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:48:57.0780 3256 b06bdrv - ok
17:48:57.0812 3256 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:48:57.0827 3256 b57nd60x - ok
17:48:57.0874 3256 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
17:48:57.0921 3256 BDESVC - ok
17:48:57.0936 3256 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:48:57.0983 3256 Beep - ok
17:48:58.0030 3256 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
17:48:58.0061 3256 BFE - ok
17:48:58.0124 3256 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
17:48:58.0170 3256 BITS - ok
17:48:58.0202 3256 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:48:58.0233 3256 blbdrive - ok
17:48:58.0280 3256 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:48:58.0311 3256 bowser - ok
17:48:58.0358 3256 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:48:58.0420 3256 BrFiltLo - ok
17:48:58.0451 3256 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:48:58.0482 3256 BrFiltUp - ok
17:48:58.0514 3256 Brother XP spl Service (c711ed965009bdcff9aa62ceb6ff1aad) C:\Windows\system32\brsvc01a.exe
17:48:58.0592 3256 Brother XP spl Service - ok
17:48:58.0670 3256 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
17:48:58.0701 3256 Browser - ok
17:48:58.0732 3256 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:48:58.0794 3256 Brserid - ok
17:48:58.0826 3256 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:48:58.0841 3256 BrSerWdm - ok
17:48:58.0872 3256 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:48:58.0904 3256 BrUsbMdm - ok
17:48:58.0919 3256 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:48:58.0950 3256 BrUsbSer - ok
17:48:58.0966 3256 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:48:58.0982 3256 BTHMODEM - ok
17:48:59.0028 3256 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
17:48:59.0060 3256 bthserv - ok
17:48:59.0091 3256 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:48:59.0138 3256 cdfs - ok
17:48:59.0169 3256 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
17:48:59.0200 3256 cdrom - ok
17:48:59.0247 3256 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:48:59.0278 3256 CertPropSvc - ok
17:48:59.0325 3256 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:48:59.0340 3256 circlass - ok
17:48:59.0372 3256 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:48:59.0387 3256 CLFS - ok
17:48:59.0574 3256 CLHNService (8b67044ae0621c005245ef62eef0746f) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
17:48:59.0590 3256 CLHNService ( UnsignedFile.Multi.Generic ) - warning
17:48:59.0590 3256 CLHNService - detected UnsignedFile.Multi.Generic (1)
17:48:59.0684 3256 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:48:59.0684 3256 clr_optimization_v2.0.50727_32 - ok
17:48:59.0902 3256 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:48:59.0918 3256 clr_optimization_v4.0.30319_32 - ok
17:49:00.0042 3256 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:49:00.0058 3256 CmBatt - ok
17:49:00.0105 3256 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:49:00.0120 3256 cmdide - ok
17:49:00.0120 3256 cmnsusbser - ok
17:49:00.0183 3256 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
17:49:00.0198 3256 CNG - ok
17:49:00.0230 3256 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:49:00.0230 3256 Compbatt - ok
17:49:00.0261 3256 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:49:00.0292 3256 CompositeBus - ok
17:49:00.0308 3256 COMSysApp - ok
17:49:00.0308 3256 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:49:00.0323 3256 crcdisk - ok
17:49:00.0370 3256 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
17:49:00.0417 3256 CryptSvc - ok
17:49:00.0479 3256 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:49:00.0526 3256 DcomLaunch - ok
17:49:00.0588 3256 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
17:49:00.0620 3256 defragsvc - ok
17:49:00.0666 3256 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:49:00.0698 3256 DfsC - ok
17:49:00.0744 3256 dgderdrv - ok
17:49:00.0791 3256 dg_ssudbus (c9f9cafafbffaf7e380efc353ccc940c) C:\Windows\system32\DRIVERS\ssudbus.sys
17:49:00.0807 3256 dg_ssudbus - ok
17:49:00.0869 3256 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
17:49:00.0916 3256 Dhcp - ok
17:49:00.0947 3256 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:49:00.0994 3256 discache - ok
17:49:00.0994 3256 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:49:01.0010 3256 Disk - ok
17:49:01.0041 3256 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
17:49:01.0041 3256 DKbFltr - ok
17:49:01.0088 3256 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
17:49:01.0134 3256 Dnscache - ok
17:49:01.0166 3256 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
17:49:01.0212 3256 dot3svc - ok
17:49:01.0259 3256 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
17:49:01.0322 3256 DPS - ok
17:49:01.0353 3256 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:49:01.0384 3256 drmkaud - ok
17:49:01.0509 3256 DTProTS (5d7c136c7eb09c798ba5032daf5df059) C:\Program Files\DTProTS\DTProTS.exe
17:49:01.0524 3256 DTProTS ( UnsignedFile.Multi.Generic ) - warning
17:49:01.0524 3256 DTProTS - detected UnsignedFile.Multi.Generic (1)
17:49:01.0587 3256 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:49:01.0618 3256 DXGKrnl - ok
17:49:01.0665 3256 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
17:49:01.0712 3256 EapHost - ok
17:49:01.0836 3256 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:49:01.0899 3256 ebdrv - ok
17:49:02.0102 3256 eDataSecurity Service (b1f2503e23425b386df0f3413b2596f3) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
17:49:02.0117 3256 eDataSecurity Service - ok
17:49:02.0164 3256 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
17:49:02.0195 3256 EFS - ok
17:49:02.0273 3256 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
17:49:02.0320 3256 ehRecvr - ok
17:49:02.0351 3256 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
17:49:02.0398 3256 ehSched - ok
17:49:02.0492 3256 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:49:02.0523 3256 elxstor - ok
17:49:02.0554 3256 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
17:49:02.0554 3256 ENTECH - ok
17:49:02.0601 3256 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:49:02.0632 3256 ErrDev - ok
17:49:02.0757 3256 ETService (e23acf6cb61079afd90a09519c8c6189) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
17:49:02.0772 3256 ETService ( UnsignedFile.Multi.Generic ) - warning
17:49:02.0772 3256 ETService - detected UnsignedFile.Multi.Generic (1)
17:49:02.0819 3256 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
17:49:02.0866 3256 EventSystem - ok
17:49:02.0913 3256 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:49:02.0960 3256 exfat - ok
17:49:02.0975 3256 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:49:03.0022 3256 fastfat - ok
17:49:03.0084 3256 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
17:49:03.0131 3256 Fax - ok
17:49:03.0147 3256 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:49:03.0178 3256 fdc - ok
17:49:03.0225 3256 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
17:49:03.0256 3256 fdPHost - ok
17:49:03.0287 3256 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
17:49:03.0318 3256 FDResPub - ok
17:49:03.0350 3256 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:49:03.0350 3256 FileInfo - ok
17:49:03.0381 3256 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:49:03.0428 3256 Filetrace - ok
17:49:03.0459 3256 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:49:03.0474 3256 flpydisk - ok
17:49:03.0490 3256 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:49:03.0506 3256 FltMgr - ok
17:49:03.0568 3256 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
17:49:03.0630 3256 FontCache - ok
17:49:03.0771 3256 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:49:03.0786 3256 FontCache3.0.0.0 - ok
17:49:03.0802 3256 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:49:03.0818 3256 FsDepends - ok
17:49:03.0896 3256 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
17:49:03.0911 3256 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
17:49:03.0911 3256 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
17:49:04.0005 3256 FsUsbExService (15ab846886c225fff0376f3cef21188f) C:\Windows\system32\FsUsbExService.Exe
17:49:04.0020 3256 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
17:49:04.0020 3256 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
17:49:04.0098 3256 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
17:49:04.0114 3256 Fs_Rec - ok
17:49:04.0176 3256 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:49:04.0192 3256 fvevol - ok
17:49:04.0208 3256 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:49:04.0223 3256 gagp30kx - ok
17:49:04.0270 3256 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:49:04.0286 3256 GEARAspiWDM - ok
17:49:04.0379 3256 getPlusHelper - ok
17:49:04.0442 3256 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
17:49:04.0488 3256 gpsvc - ok
17:49:04.0520 3256 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:49:04.0535 3256 gusvc - ok
17:49:04.0613 3256 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:49:04.0660 3256 hcw85cir - ok
17:49:04.0722 3256 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
17:49:04.0754 3256 HdAudAddService - ok
17:49:04.0785 3256 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:49:04.0816 3256 HDAudBus - ok
17:49:04.0847 3256 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:49:04.0863 3256 HidBatt - ok
17:49:04.0894 3256 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:49:04.0910 3256 HidBth - ok
17:49:04.0941 3256 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:49:04.0972 3256 HidIr - ok
17:49:05.0019 3256 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
17:49:05.0066 3256 hidserv - ok
17:49:05.0112 3256 hidshim (7903a9fb9fc7102ad26b2627fc7934ae) C:\Windows\system32\DRIVERS\hidshim.sys
17:49:05.0144 3256 hidshim - ok
17:49:05.0175 3256 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
17:49:05.0190 3256 HidUsb - ok
17:49:05.0222 3256 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
17:49:05.0268 3256 hkmsvc - ok
17:49:05.0315 3256 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
17:49:05.0362 3256 HomeGroupListener - ok
17:49:05.0409 3256 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
17:49:05.0471 3256 HomeGroupProvider - ok
17:49:05.0502 3256 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:49:05.0518 3256 HpSAMD - ok
17:49:05.0580 3256 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:49:05.0643 3256 HSF_DPV - ok
17:49:05.0658 3256 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:49:05.0690 3256 HSXHWAZL - ok
17:49:05.0752 3256 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:49:05.0783 3256 HTTP - ok
17:49:05.0799 3256 hwdatacard - ok
17:49:05.0861 3256 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:49:05.0861 3256 hwpolicy - ok
17:49:05.0924 3256 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:49:05.0939 3256 i8042prt - ok
17:49:06.0002 3256 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
17:49:06.0002 3256 iaStor - ok
17:49:06.0048 3256 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:49:06.0064 3256 iaStorV - ok
17:49:06.0236 3256 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:49:06.0251 3256 idsvc - ok
17:49:06.0282 3256 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:49:06.0298 3256 iirsp - ok
17:49:06.0345 3256 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
17:49:06.0392 3256 IKEEXT - ok
17:49:06.0438 3256 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
17:49:06.0438 3256 int15 - ok
17:49:06.0454 3256 IntcAzAudAddService - ok
17:49:06.0501 3256 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:49:06.0501 3256 intelide - ok
17:49:06.0532 3256 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:49:06.0563 3256 intelppm - ok
17:49:06.0594 3256 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
17:49:06.0626 3256 IPBusEnum - ok
17:49:06.0641 3256 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:49:06.0688 3256 IpFilterDriver - ok
17:49:06.0750 3256 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
17:49:06.0782 3256 iphlpsvc - ok
17:49:06.0828 3256 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:49:06.0844 3256 IPMIDRV - ok
17:49:06.0875 3256 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:49:06.0922 3256 IPNAT - ok
17:49:06.0938 3256 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:49:06.0953 3256 IRENUM - ok
17:49:06.0984 3256 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:49:07.0000 3256 isapnp - ok
17:49:07.0047 3256 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:49:07.0062 3256 iScsiPrt - ok
17:49:07.0078 3256 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
17:49:07.0094 3256 kbdclass - ok
17:49:07.0140 3256 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
17:49:07.0156 3256 kbdhid - ok
17:49:07.0187 3256 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:49:07.0203 3256 KeyIso - ok
17:49:07.0250 3256 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
17:49:07.0265 3256 KSecDD - ok
17:49:07.0296 3256 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
17:49:07.0312 3256 KSecPkg - ok
17:49:07.0359 3256 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
17:49:07.0390 3256 KtmRm - ok
17:49:07.0452 3256 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
17:49:07.0499 3256 LanmanServer - ok
17:49:07.0530 3256 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
17:49:07.0562 3256 LanmanWorkstation - ok
17:49:07.0686 3256 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:49:07.0702 3256 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:49:07.0702 3256 LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:49:07.0780 3256 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:49:07.0796 3256 lltdio - ok
17:49:07.0842 3256 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
17:49:07.0874 3256 lltdsvc - ok
17:49:07.0889 3256 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
17:49:07.0920 3256 lmhosts - ok
17:49:07.0936 3256 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:49:07.0952 3256 LSI_FC - ok
17:49:07.0967 3256 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:49:07.0967 3256 LSI_SAS - ok
17:49:07.0983 3256 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:49:07.0998 3256 LSI_SAS2 - ok
17:49:08.0014 3256 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:49:08.0030 3256 LSI_SCSI - ok
17:49:08.0045 3256 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:49:08.0076 3256 luafv - ok
17:49:08.0170 3256 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
17:49:08.0170 3256 MBAMProtector - ok
17:49:08.0326 3256 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:49:08.0357 3256 MBAMService - ok
17:49:08.0388 3256 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
17:49:08.0404 3256 Mcx2Svc - ok
17:49:08.0451 3256 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:49:08.0466 3256 mdmxsdk - ok
17:49:08.0498 3256 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:49:08.0513 3256 megasas - ok
17:49:08.0529 3256 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:49:08.0544 3256 MegaSR - ok
17:49:08.0576 3256 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:49:08.0622 3256 MMCSS - ok
17:49:08.0685 3256 MobilityService - ok
17:49:08.0700 3256 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:49:08.0732 3256 Modem - ok
17:49:08.0763 3256 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:49:08.0794 3256 monitor - ok
17:49:08.0825 3256 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
17:49:08.0841 3256 mouclass - ok
17:49:08.0856 3256 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:49:08.0888 3256 mouhid - ok
17:49:08.0919 3256 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:49:08.0934 3256 mountmgr - ok
17:49:08.0981 3256 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:49:08.0997 3256 mpio - ok
17:49:09.0028 3256 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:49:09.0075 3256 mpsdrv - ok
17:49:09.0122 3256 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
17:49:09.0168 3256 MpsSvc - ok
17:49:09.0215 3256 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:49:09.0231 3256 MRxDAV - ok
17:49:09.0278 3256 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:49:09.0324 3256 mrxsmb - ok
17:49:09.0371 3256 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:49:09.0402 3256 mrxsmb10 - ok
17:49:09.0434 3256 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:49:09.0465 3256 mrxsmb20 - ok
17:49:09.0496 3256 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:49:09.0512 3256 msahci - ok
17:49:09.0543 3256 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:49:09.0543 3256 msdsm - ok
17:49:09.0590 3256 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
17:49:09.0621 3256 MSDTC - ok
17:49:09.0683 3256 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:49:09.0714 3256 Msfs - ok
17:49:09.0730 3256 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:49:09.0761 3256 mshidkmdf - ok
17:49:09.0777 3256 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:49:09.0792 3256 msisadrv - ok
17:49:09.0839 3256 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
17:49:09.0886 3256 MSiSCSI - ok
17:49:09.0902 3256 msiserver - ok
17:49:09.0902 3256 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:49:09.0948 3256 MSKSSRV - ok
17:49:09.0964 3256 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:49:09.0980 3256 MSPCLOCK - ok
17:49:09.0995 3256 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:49:10.0026 3256 MSPQM - ok
17:49:10.0058 3256 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:49:10.0058 3256 MsRPC - ok
17:49:10.0104 3256 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:49:10.0104 3256 mssmbios - ok
17:49:10.0120 3256 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:49:10.0151 3256 MSTEE - ok
17:49:10.0151 3256 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:49:10.0182 3256 MTConfig - ok
17:49:10.0198 3256 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:49:10.0214 3256 Mup - ok
17:49:10.0260 3256 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
17:49:10.0307 3256 napagent - ok
17:49:10.0323 3256 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:49:10.0354 3256 NativeWifiP - ok
17:49:10.0401 3256 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:49:10.0432 3256 NDIS - ok
17:49:10.0448 3256 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:49:10.0494 3256 NdisCap - ok
17:49:10.0494 3256 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:49:10.0541 3256 NdisTapi - ok
17:49:10.0588 3256 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:49:10.0619 3256 Ndisuio - ok
17:49:10.0666 3256 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:49:10.0697 3256 NdisWan - ok
17:49:10.0744 3256 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:49:10.0775 3256 NDProxy - ok
17:49:10.0806 3256 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:49:10.0853 3256 NetBIOS - ok
17:49:10.0900 3256 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:49:10.0947 3256 NetBT - ok
17:49:10.0994 3256 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:49:11.0009 3256 Netlogon - ok
17:49:11.0056 3256 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
17:49:11.0087 3256 Netman - ok
17:49:11.0134 3256 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
17:49:11.0150 3256 netprofm - ok
17:49:11.0290 3256 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:49:11.0306 3256 NetTcpPortSharing - ok
17:49:11.0524 3256 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
17:49:11.0727 3256 NETw5s32 - ok
17:49:11.0867 3256 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
17:49:11.0945 3256 netw5v32 - ok
17:49:11.0976 3256 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:49:11.0992 3256 nfrd960 - ok
17:49:12.0039 3256 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
17:49:12.0086 3256 NlaSvc - ok
17:49:12.0273 3256 nosGetPlusHelper (0e58f99692802c501454eac3d2ac3394) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
17:49:12.0288 3256 nosGetPlusHelper - ok
17:49:12.0351 3256 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:49:12.0398 3256 Npfs - ok
17:49:12.0444 3256 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
17:49:12.0491 3256 nsi - ok
17:49:12.0491 3256 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:49:12.0522 3256 nsiproxy - ok
17:49:12.0600 3256 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:49:12.0647 3256 Ntfs - ok
17:49:12.0694 3256 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
17:49:12.0694 3256 NTIDrvr - ok
17:49:12.0710 3256 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:49:12.0741 3256 Null - ok
17:49:12.0772 3256 nuvotonhidgeneric (07ca8c569e8d6231512e7e0c04543c99) C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys
17:49:12.0803 3256 nuvotonhidgeneric - ok
17:49:12.0834 3256 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:49:12.0850 3256 nvraid - ok
17:49:12.0881 3256 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:49:12.0897 3256 nvstor - ok
17:49:12.0928 3256 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:49:12.0944 3256 nv_agp - ok
17:49:13.0100 3256 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:49:13.0115 3256 odserv - ok
17:49:13.0162 3256 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:49:13.0193 3256 ohci1394 - ok
17:49:13.0240 3256 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:49:13.0256 3256 ose - ok
17:49:13.0302 3256 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:49:13.0334 3256 p2pimsvc - ok
17:49:13.0396 3256 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
17:49:13.0412 3256 p2psvc - ok
17:49:13.0490 3256 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:49:13.0521 3256 Parport - ok
17:49:13.0583 3256 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
17:49:13.0599 3256 partmgr - ok
17:49:13.0630 3256 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:49:13.0661 3256 Parvdm - ok
17:49:13.0677 3256 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
17:49:13.0692 3256 PcaSvc - ok
17:49:13.0724 3256 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:49:13.0739 3256 pci - ok
17:49:13.0770 3256 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:49:13.0786 3256 pciide - ok
17:49:13.0817 3256 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:49:13.0833 3256 pcmcia - ok
17:49:13.0848 3256 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:49:13.0848 3256 pcw - ok
17:49:13.0880 3256 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:49:13.0926 3256 PEAUTH - ok
17:49:14.0020 3256 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
17:49:14.0082 3256 pla - ok
17:49:14.0145 3256 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
17:49:14.0192 3256 PlugPlay - ok
17:49:14.0238 3256 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
17:49:14.0270 3256 PNRPAutoReg - ok
17:49:14.0301 3256 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:49:14.0316 3256 PNRPsvc - ok
17:49:14.0348 3256 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
17:49:14.0410 3256 PolicyAgent - ok
17:49:14.0457 3256 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
17:49:14.0472 3256 Power - ok
17:49:14.0550 3256 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:49:14.0597 3256 PptpMiniport - ok
17:49:14.0644 3256 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:49:14.0675 3256 Processor - ok
17:49:14.0722 3256 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
17:49:14.0753 3256 ProfSvc - ok
17:49:14.0784 3256 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:49:14.0800 3256 ProtectedStorage - ok
17:49:14.0847 3256 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:49:14.0878 3256 Psched - ok
17:49:14.0925 3256 PSDFilter (628321c8dd76ad369b362b202e655a68) C:\Windows\system32\DRIVERS\psdfilter.sys
17:49:14.0940 3256 PSDFilter - ok
17:49:14.0956 3256 PSDNServ (79d7117e62709c7690cf3dd55acead37) C:\Windows\system32\DRIVERS\PSDNServ.sys
17:49:14.0956 3256 PSDNServ - ok
17:49:14.0972 3256 psdvdisk (cae5e82827990cf4bd4a49576bde3a43) C:\Windows\system32\DRIVERS\PSDVdisk.sys
17:49:14.0987 3256 psdvdisk - ok
17:49:15.0034 3256 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:49:15.0065 3256 ql2300 - ok
17:49:15.0096 3256 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:49:15.0112 3256 ql40xx - ok
17:49:15.0159 3256 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
17:49:15.0190 3256 QWAVE - ok
17:49:15.0206 3256 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:49:15.0221 3256 QWAVEdrv - ok
17:49:15.0237 3256 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:49:15.0284 3256 RasAcd - ok
17:49:15.0330 3256 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:49:15.0362 3256 RasAgileVpn - ok
17:49:15.0377 3256 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
17:49:15.0408 3256 RasAuto - ok
17:49:15.0424 3256 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:49:15.0471 3256 Rasl2tp - ok
17:49:15.0518 3256 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
17:49:15.0564 3256 RasMan - ok
17:49:15.0580 3256 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:49:15.0611 3256 RasPppoe - ok
17:49:15.0658 3256 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:49:15.0689 3256 RasSstp - ok
17:49:15.0736 3256 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:49:15.0783 3256 rdbss - ok
17:49:15.0814 3256 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:49:15.0830 3256 rdpbus - ok
17:49:15.0861 3256 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:49:15.0892 3256 RDPCDD - ok
17:49:15.0923 3256 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:49:15.0970 3256 RDPENCDD - ok
17:49:16.0001 3256 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:49:16.0032 3256 RDPREFMP - ok
17:49:16.0079 3256 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
17:49:16.0110 3256 RDPWD - ok
17:49:16.0157 3256 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:49:16.0173 3256 rdyboost - ok
17:49:16.0235 3256 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
17:49:16.0282 3256 RemoteAccess - ok
17:49:16.0313 3256 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
17:49:16.0360 3256 RemoteRegistry - ok
17:49:16.0422 3256 RMCAST (906dcfc5ebf4ec0433f8d4fffb0ba334) C:\Windows\system32\DRIVERS\RMCAST.sys
17:49:16.0438 3256 RMCAST - ok
17:49:16.0469 3256 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
17:49:16.0485 3256 RpcEptMapper - ok
17:49:16.0532 3256 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
17:49:16.0563 3256 RpcLocator - ok
17:49:16.0610 3256 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:49:16.0641 3256 RpcSs - ok
17:49:16.0688 3256 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:49:16.0734 3256 rspndr - ok
17:49:16.0766 3256 RSUSBSTOR - ok
17:49:16.0812 3256 RTHDMIAzAudService (87407b31ea6ff0dc4765258164b98bea) C:\Windows\system32\drivers\RtHDMIV.sys
17:49:16.0828 3256 RTHDMIAzAudService - ok
17:49:16.0875 3256 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
17:49:16.0906 3256 RTSTOR - ok
17:49:16.0953 3256 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:49:16.0968 3256 SamSs - ok
17:49:17.0234 3256 SamsungAllShareV2.0 (9d19e17449c8e8759d6872f662104321) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
17:49:17.0234 3256 SamsungAllShareV2.0 - ok
17:49:17.0405 3256 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:49:17.0421 3256 sbp2port - ok
17:49:17.0514 3256 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
17:49:17.0546 3256 SCardSvr - ok
17:49:17.0592 3256 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:49:17.0624 3256 scfilter - ok
17:49:17.0686 3256 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
17:49:17.0733 3256 Schedule - ok
17:49:17.0764 3256 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:49:17.0795 3256 SCPolicySvc - ok
17:49:17.0842 3256 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
17:49:17.0889 3256 SDRSVC - ok
17:49:17.0936 3256 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:49:17.0951 3256 secdrv - ok
17:49:17.0998 3256 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
17:49:18.0029 3256 seclogon - ok
17:49:18.0060 3256 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
17:49:18.0107 3256 SENS - ok
17:49:18.0154 3256 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
17:49:18.0185 3256 SensrSvc - ok
17:49:18.0216 3256 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:49:18.0232 3256 Serenum - ok
17:49:18.0248 3256 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:49:18.0279 3256 Serial - ok
17:49:18.0326 3256 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:49:18.0341 3256 sermouse - ok
17:49:18.0388 3256 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
17:49:18.0435 3256 SessionEnv - ok
17:49:18.0466 3256 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:49:18.0513 3256 sffdisk - ok
17:49:18.0544 3256 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:49:18.0575 3256 sffp_mmc - ok
17:49:18.0622 3256 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:49:18.0638 3256 sffp_sd - ok
17:49:18.0684 3256 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:49:18.0700 3256 sfloppy - ok
17:49:18.0762 3256 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
17:49:18.0809 3256 SharedAccess - ok
17:49:18.0856 3256 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
17:49:18.0903 3256 ShellHWDetection - ok
17:49:19.0090 3256 SimpleSlideShowServer (1435bf57b18b3fd2c28060ef4374e704) C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
17:49:19.0106 3256 SimpleSlideShowServer - ok
17:49:19.0277 3256 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:49:19.0277 3256 sisagp - ok
17:49:19.0340 3256 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:49:19.0355 3256 SiSRaid2 - ok
17:49:19.0371 3256 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:49:19.0386 3256 SiSRaid4 - ok
17:49:19.0402 3256 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:49:19.0433 3256 Smb - ok
17:49:19.0496 3256 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
17:49:19.0511 3256 SNMPTRAP - ok
17:49:19.0511 3256 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:49:19.0527 3256 spldr - ok
17:49:19.0574 3256 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
17:49:19.0620 3256 Spooler - ok
17:49:19.0730 3256 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
17:49:19.0792 3256 sppsvc - ok
17:49:19.0854 3256 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
17:49:19.0886 3256 sppuinotify - ok
17:49:19.0932 3256 sptd (614deea4bdcec3fd5a07bdc705723ad7) C:\Windows\System32\Drivers\sptd.sys
17:49:19.0932 3256 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 614deea4bdcec3fd5a07bdc705723ad7
17:49:19.0948 3256 sptd ( LockedFile.Multi.Generic ) - warning
17:49:19.0948 3256 sptd - detected LockedFile.Multi.Generic (1)
17:49:19.0995 3256 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:49:20.0057 3256 srv - ok
17:49:20.0088 3256 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:49:20.0120 3256 srv2 - ok
17:49:20.0166 3256 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:49:20.0182 3256 srvnet - ok
17:49:20.0229 3256 sscebus (b2063ce662af3ab20045121a5b716df6) C:\Windows\system32\DRIVERS\sscebus.sys
17:49:20.0244 3256 sscebus - ok
17:49:20.0276 3256 sscemdfl (66799dc0afe3dcaf8368cae17394a762) C:\Windows\system32\DRIVERS\sscemdfl.sys
17:49:20.0276 3256 sscemdfl - ok
17:49:20.0322 3256 sscemdm (cbf03ffc08f8db547bab2f79aa663d16) C:\Windows\system32\DRIVERS\sscemdm.sys
17:49:20.0338 3256 sscemdm - ok
17:49:20.0400 3256 ssceserd (60cd4ad33aa52e58faac3abad18cf8ef) C:\Windows\system32\DRIVERS\ssceserd.sys
17:49:20.0416 3256 ssceserd - ok
17:49:20.0447 3256 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
17:49:20.0478 3256 SSDPSRV - ok
17:49:20.0556 3256 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
17:49:20.0572 3256 ssmdrv - ok
17:49:20.0603 3256 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
17:49:20.0634 3256 SstpSvc - ok
17:49:20.0697 3256 ssudmdm (91970cc4a3a30a01c1573184a62f5143) C:\Windows\system32\DRIVERS\ssudmdm.sys
17:49:20.0697 3256 ssudmdm - ok
17:49:20.0744 3256 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys
17:49:20.0744 3256 ss_bbus - ok
17:49:20.0822 3256 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
17:49:20.0822 3256 ss_bmdfl - ok
17:49:20.0853 3256 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys
17:49:20.0868 3256 ss_bmdm - ok
17:49:20.0915 3256 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:49:20.0915 3256 stexstor - ok
17:49:20.0978 3256 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
17:49:21.0009 3256 StiSvc - ok
17:49:21.0056 3256 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:49:21.0056 3256 swenum - ok
17:49:21.0118 3256 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
17:49:21.0149 3256 swprv - ok
17:49:21.0196 3256 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys
17:49:21.0196 3256 SynTP - ok
17:49:21.0274 3256 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
17:49:21.0305 3256 SysMain - ok
17:49:21.0352 3256 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
17:49:21.0368 3256 TabletInputService - ok
17:49:21.0414 3256 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
17:49:21.0446 3256 TapiSrv - ok
17:49:21.0477 3256 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
17:49:21.0508 3256 TBS - ok
17:49:21.0648 3256 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
17:49:21.0664 3256 Tcpip - ok
17:49:21.0726 3256 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
17:49:21.0742 3256 TCPIP6 - ok
17:49:21.0804 3256 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:49:21.0851 3256 tcpipreg - ok
17:49:21.0898 3256 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:49:21.0929 3256 TDPIPE - ok
17:49:21.0992 3256 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:49:22.0007 3256 TDTCP - ok
17:49:22.0054 3256 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:49:22.0085 3256 tdx - ok
17:49:22.0132 3256 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:49:22.0148 3256 TermDD - ok
17:49:22.0194 3256 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
17:49:22.0226 3256 TermService - ok
17:49:22.0257 3256 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
17:49:22.0304 3256 Themes - ok
17:49:22.0350 3256 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:49:22.0366 3256 THREADORDER - ok
17:49:22.0397 3256 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
17:49:22.0428 3256 TrkWks - ok
17:49:22.0506 3256 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
17:49:22.0553 3256 TrustedInstaller - ok
17:49:22.0631 3256 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:49:22.0662 3256 tssecsrv - ok
17:49:22.0725 3256 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:49:22.0756 3256 TsUsbFlt - ok
17:49:22.0787 3256 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:49:22.0834 3256 tunnel - ok
17:49:22.0881 3256 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:49:22.0896 3256 uagp35 - ok
17:49:22.0959 3256 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:49:23.0006 3256 udfs - ok
17:49:23.0052 3256 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
17:49:23.0084 3256 UI0Detect - ok
17:49:23.0130 3256 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:49:23.0130 3256 uliagpkx - ok
17:49:23.0177 3256 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
17:49:23.0193 3256 umbus - ok
17:49:23.0224 3256 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:49:23.0240 3256 UmPass - ok
17:49:23.0286 3256 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
17:49:23.0318 3256 upnphost - ok
17:49:23.0411 3256 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
17:49:23.0427 3256 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
17:49:23.0427 3256 USBAAPL - detected UnsignedFile.Multi.Generic (1)
17:49:23.0442 3256 usbbus - ok
17:49:23.0474 3256 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:49:23.0505 3256 usbccgp - ok
17:49:23.0536 3256 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:49:23.0567 3256 usbcir - ok
17:49:23.0598 3256 UsbDiag - ok
17:49:23.0630 3256 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
17:49:23.0645 3256 usbehci - ok
17:49:23.0676 3256 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:49:23.0692 3256 usbhub - ok
17:49:23.0708 3256 USBModem - ok
17:49:23.0739 3256 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
17:49:23.0770 3256 usbohci - ok
17:49:23.0832 3256 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:49:23.0848 3256 usbprint - ok
17:49:23.0910 3256 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
17:49:23.0926 3256 usbscan - ok
17:49:23.0973 3256 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
17:49:24.0004 3256 USBSTOR - ok
17:49:24.0051 3256 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
17:49:24.0051 3256 usbuhci - ok
17:49:24.0113 3256 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
17:49:24.0129 3256 usbvideo - ok
17:49:24.0176 3256 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
17:49:24.0207 3256 usb_rndisx - ok
17:49:24.0269 3256 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
17:49:24.0332 3256 UxSms - ok
17:49:24.0363 3256 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:49:24.0378 3256 VaultSvc - ok
17:49:24.0425 3256 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:49:24.0441 3256 vdrvroot - ok
17:49:24.0488 3256 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
17:49:24.0519 3256 vds - ok
17:49:24.0566 3256 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:49:24.0581 3256 vga - ok
17:49:24.0597 3256 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:49:24.0628 3256 VgaSave - ok
17:49:24.0675 3256 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:49:24.0690 3256 vhdmp - ok
17:49:24.0722 3256 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:49:24.0737 3256 viaagp - ok
17:49:24.0768 3256 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:49:24.0800 3256 ViaC7 - ok
17:49:24.0831 3256 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:49:24.0831 3256 viaide - ok
17:49:24.0862 3256 VMnetAdapter - ok
17:49:24.0893 3256 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:49:24.0909 3256 volmgr - ok
17:49:24.0940 3256 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:49:24.0956 3256 volmgrx - ok
17:49:25.0002 3256 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:49:25.0018 3256 volsnap - ok
17:49:25.0049 3256 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:49:25.0065 3256 vsmraid - ok
17:49:25.0143 3256 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:49:25.0174 3256 VSS - ok
17:49:25.0205 3256 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
17:49:25.0236 3256 vwifibus - ok
17:49:25.0268 3256 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:49:25.0283 3256 vwififlt - ok
17:49:25.0330 3256 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:49:25.0361 3256 W32Time - ok
17:49:25.0408 3256 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:49:25.0424 3256 WacomPen - ok
17:49:25.0486 3256 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:49:25.0502 3256 WANARP - ok
17:49:25.0517 3256 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:49:25.0533 3256 Wanarpv6 - ok
17:49:25.0611 3256 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:49:25.0642 3256 wbengine - ok
17:49:25.0673 3256 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:49:25.0704 3256 WbioSrvc - ok
17:49:25.0751 3256 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:49:25.0798 3256 wcncsvc - ok
17:49:25.0829 3256 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:49:25.0860 3256 WcsPlugInService - ok
17:49:25.0938 3256 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:49:25.0938 3256 Wd - ok
17:49:25.0985 3256 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:49:26.0001 3256 Wdf01000 - ok
17:49:26.0032 3256 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:49:26.0079 3256 WdiServiceHost - ok
17:49:26.0079 3256 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:49:26.0110 3256 WdiSystemHost - ok
17:49:26.0157 3256 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:49:26.0172 3256 WebClient - ok
17:49:26.0219 3256 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:49:26.0250 3256 Wecsvc - ok
17:49:26.0266 3256 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:49:26.0297 3256 wercplsupport - ok
17:49:26.0328 3256 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:49:26.0360 3256 WerSvc - ok
17:49:26.0438 3256 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:49:26.0469 3256 WfpLwf - ok
17:49:26.0484 3256 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:49:26.0484 3256 WIMMount - ok
17:49:26.0547 3256 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:49:26.0578 3256 winachsf - ok
17:49:26.0703 3256 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:49:26.0734 3256 WinDefend - ok
17:49:26.0734 3256 WinHttpAutoProxySvc - ok
17:49:26.0812 3256 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:49:26.0859 3256 Winmgmt - ok
17:49:26.0921 3256 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:49:26.0984 3256 WinRM - ok
17:49:27.0093 3256 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
17:49:27.0124 3256 WinUsb - ok
17:49:27.0186 3256 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:49:27.0233 3256 Wlansvc - ok
17:49:27.0436 3256 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:49:27.0498 3256 wlidsvc - ok
17:49:27.0654 3256 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:49:27.0670 3256 WmiAcpi - ok
17:49:27.0779 3256 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:49:27.0810 3256 wmiApSrv - ok
17:49:27.0951 3256 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:49:28.0013 3256 WMPNetworkSvc - ok
17:49:28.0060 3256 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:49:28.0076 3256 WPCSvc - ok
17:49:28.0122 3256 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:49:28.0169 3256 WPDBusEnum - ok
17:49:28.0247 3256 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:49:28.0294 3256 ws2ifsl - ok
17:49:28.0325 3256 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
17:49:28.0372 3256 wscsvc - ok
17:49:28.0372 3256 WSearch - ok
17:49:28.0481 3256 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
17:49:28.0528 3256 wuauserv - ok
17:49:28.0575 3256 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:49:28.0606 3256 WudfPf - ok
17:49:28.0668 3256 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:49:28.0684 3256 WUDFRd - ok
17:49:28.0746 3256 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:49:28.0762 3256 wudfsvc - ok
17:49:28.0809 3256 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:49:28.0840 3256 WwanSvc - ok
17:49:28.0887 3256 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
17:49:28.0918 3256 XAudio - ok
17:49:28.0949 3256 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
17:49:28.0965 3256 XAudioService - ok
17:49:28.0996 3256 XDva391 - ok
17:49:29.0152 3256 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
17:49:29.0168 3256 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
17:49:29.0199 3256 MBR (0x1B8) (bb9d3a6a13c5010348da7c900bb6af50) \Device\Harddisk0\DR0
17:49:29.0854 3256 \Device\Harddisk0\DR0 - ok
17:49:29.0870 3256 Boot (0x1200) (6b3bb12230bfc00805d4b40ca5836595) \Device\Harddisk0\DR0\Partition0
17:49:29.0870 3256 \Device\Harddisk0\DR0\Partition0 - ok
17:49:29.0901 3256 Boot (0x1200) (2e6f5ff485b5eec66a164b6143d6cb79) \Device\Harddisk0\DR0\Partition1
17:49:29.0901 3256 \Device\Harddisk0\DR0\Partition1 - ok
17:49:29.0901 3256 ============================================================
17:49:29.0901 3256 Scan finished
17:49:29.0901 3256 ============================================================
17:49:29.0916 4068 Detected object count: 9
17:49:29.0916 4068 Actual detected object count: 9
17:49:58.0542 4068 AFPAnsi ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:58.0542 4068 AFPAnsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:58.0542 4068 CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:58.0542 4068 CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:58.0542 4068 DTProTS ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:58.0542 4068 DTProTS ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:58.0558 4068 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:58.0558 4068 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:58.0558 4068 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:58.0558 4068 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:58.0558 4068 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:58.0558 4068 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:58.0558 4068 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:58.0558 4068 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:58.0558 4068 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:49:58.0558 4068 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:49:58.0558 4068 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:58.0558 4068 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.04.2012, 17:01
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 100€ Virus (mor.exe) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2012, 17:29
| #21 |
| | 100€ Virus (mor.exe) Hier das Combofix Log. Nach dem neustart den combofix macht konnte ich keine programme mehr öffnen (firefox, paint,...). Wie beschrieben geht nach erneutem neustart aber alles wieder. Firefox war nicht mehr als Standardbrowser gesetzt, ansonsten ist mir nichts aufgefallen.Code:
ATTFilter ComboFix 12-04-06.03 - Pegasuz 06.04.2012 18:08:31.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3067.2020 [GMT 2:00]
ausgeführt von:: c:\users\Pegasuz\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\jce06_SP.pp
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\Windows
c:\programdata\windows\dumd.dat
c:\programdata\windows\xdor.dat
c:\users\Pegasuz\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
c:\windows\system32\CBUTTON.OCX
c:\windows\system32\fldlckun.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AFPANSI
-------\Service_AFPAnsi
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-06 bis 2012-04-06 ))))))))))))))))))))))))))))))
.
.
2012-04-06 16:16 . 2012-04-06 16:16 -------- d-----w- c:\users\Pegasuz\AppData\Local\temp
2012-04-06 16:16 . 2012-04-06 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 15:29 . 2012-04-05 15:29 -------- d-----w- c:\programdata\ZA_PreservedFiles
2012-04-04 20:51 . 2012-04-04 20:51 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 20:36 . 2012-04-04 20:36 -------- d-----w- c:\program files\Skype
2012-04-04 19:58 . 2012-04-04 19:58 -------- d-----w- c:\program files\Secure Banking
2012-04-01 22:33 . 2012-04-01 22:33 -------- d-----w- c:\program files\ESET
2012-03-31 04:30 . 2012-03-31 04:30 -------- d-----w- c:\users\Pegasuz\AppData\Roaming\Malwarebytes
2012-03-31 04:30 . 2012-03-31 04:30 -------- d-----w- c:\programdata\Malwarebytes
2012-03-31 04:30 . 2012-03-31 04:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-31 04:30 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-23 17:43 . 2012-03-23 17:47 -------- d-----w- c:\users\Pegasuz\AppData\Roaming\WindSolutions
2012-03-23 17:43 . 2012-03-23 17:47 -------- d-----w- c:\programdata\WindSolutions
2012-03-23 16:27 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-23 16:27 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-23 16:27 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-23 16:26 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-23 16:26 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-23 16:26 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-23 16:26 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-23 16:26 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-03-23 16:26 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-23 16:26 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-23 16:26 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-23 16:26 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-19 21:06 . 2012-03-19 21:06 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 21:06 . 2012-03-19 21:06 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-12 12:03 . 2012-03-12 12:19 -------- d-----w- c:\program files\ShadowBladeTN3ENG
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 18:17 . 2010-05-24 19:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:51 . 2011-05-20 18:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-24 07:46 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-16 05:29 . 2011-12-18 17:17 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-03-19 21:06 . 2012-02-24 07:23 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 15:52 121392 ----a-r- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SecureBanking"="c:\program files\Secure Banking\v1.4\SecureBanking.exe" [2012-03-11 294912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.lnk]
path=c:\users\Pegasuz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk
backup=c:\windows\pss\DesktopVideoPlayer.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]
2012-01-19 10:39 285072 ----a-w- c:\program files\Samsung\AllShare\AllShareAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 08:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2011-01-13 10:29 840000 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-08-01 03:32 958352 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-08-01 03:32 20880 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-04-06 19:25 102400 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 253600]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2006-10-06 14976]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-07-20 77624]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [2012-01-19 27584]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-04-27 100352]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-07-20 181432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-09 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/08/16 00:01];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-10-17 12:49 87536]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-12-09 86224]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]
S2 DTProTS;DTProTS 2.01;c:\program files\DTProTS\DTProTS.exe [1999-12-31 271360]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-13 24576]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-05-28 233472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-01-19 25504]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2009-07-21 5632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric.sys [2009-07-21 22528]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
*Deregistered* - tcpipBM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:51]
.
2012-01-13 c:\windows\Tasks\{2547A0A8-7423-4C11-8E25-12E177C73BCC}.job
- c:\program files\Skype\Phone\Skype.exe [2011-10-13 08:27]
.
2012-04-04 c:\windows\Tasks\{BA37C855-184C-4BDB-95D3-9588C533021B}.job
- c:\program files\Mozilla Firefox\firefox.exe [2012-02-24 21:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1;127.0.0.1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Pegasuz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Pegasuz\AppData\Roaming\Mozilla\Firefox\Profiles\2xmvettj.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
MSConfigStartUp-Akamai NetSession Interface - c:\users\Pegasuz\AppData\Local\Akamai\netsession_win.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-Google Update - c:\users\Pegasuz\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
AddRemove-UnityWebPlayer - c:\users\Pegasuz\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3659569405-2327324472-3049137322-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2E698900-CAE2-EB56-28EA-E7DCAFFC9481}*]
"maadhfimndafldjibmicamcdoa"=hex:6f,61,70,61,64,62,6b,63,6b,68,67,63,63,66,62,
63,6e,66,6a,63,66,6b,65,69,63,6a,62,6e,67,70,00,6d
.
[HKEY_USERS\S-1-5-21-3659569405-2327324472-3049137322-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9f,dc,86,55,26,3d,78,c5,76,d6,b5,34,17,af,1a,d5,bc,b9,43,82,e4,85,00,
b4,82,a2,08,b0,85,c7,be,57,8b,11,d1,46,a9,ec,6b,18,91,88,78,c9,24,c2,cc,32,\
"??"=hex:08,9b,58,ee,38,e9,1a,f0,a2,9e,62,18,61,f7,d2,98
.
[HKEY_USERS\S-1-5-21-3659569405-2327324472-3049137322-1000\Software\SecuROM\License information*]
"datasecu"=hex:3a,71,44,5c,2a,de,39,26,dd,24,5f,60,3f,fc,8b,3e,ea,86,9f,03,f9,
2d,bf,93,08,41,5f,e5,77,ac,10,ef,b8,6d,56,43,b2,17,b5,54,73,33,53,a2,87,d4,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1852)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-06 18:23:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-06 16:23
.
Vor Suchlauf: 16 Verzeichnis(se), 27.102.060.544 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 26.658.836.480 Bytes frei
.
- - End Of File - - E6203EF7447E018886B218B9A1F2DE09
|
|
06.04.2012, 17:46
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 100€ Virus (mor.exe) Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2012, 20:00
| #23 |
| | 100€ Virus (mor.exe) gmer: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-06 19:17:17
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: xzb6zyqq.exe; Driver: C:\Users\Pegasuz\AppData\Local\Temp\fxlyapow.sys
---- System - GMER 1.0.15 ----
SSDT 8F453B16 ZwCreateSection
SSDT 8F453B20 ZwRequestWaitReplyPort
SSDT 8F453B1B ZwSetContextThread
SSDT 8F453B25 ZwSetSecurityObject
SSDT 8F453B2A ZwSystemDebugControl
SSDT 8F453AB7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 8327E3D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832B7D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 832BEEEC 4 Bytes [16, 3B, 45, 8F] {PUSH SS; CMP EAX, [EBP-0x71]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 832BF248 4 Bytes [20, 3B, 45, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 832BF28C 4 Bytes [1B, 3B, 45, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 832BF308 4 Bytes [25, 3B, 45, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 832BF35C 4 Bytes [2A, 3B, 45, 8F]
.text ...
.text sptd.sys 8B6A5000 8 Bytes JMP C7A08320
.text sptd.sys 8B6A5009 23 Bytes [C7, 20, 83, 34, 62, 21, 83, ...]
.text sptd.sys 8B6A5024 4 Bytes [44, 15, 7D, 8B]
.text sptd.sys 8B6A502C 185 Bytes [CD, 84, 40, 83, 28, 8F, 27, ...]
.text sptd.sys 8B6A50E6 238 Bytes [36, 83, 60, 9B, 27, 83, EA, ...]
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8B77F0AD]
? C:\Windows\System32\Drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9201B000, 0x2F786C, 0xE8000020]
.text USBPORT.SYS!DllUnload 92991DB9 5 Bytes JMP 875151C8
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl section is writeable [0xA1D1D000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in ".vmp2" section [0xA1D40050]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B6A671C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B6A6F0E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8B6A722E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B6A70EC] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B6A6910] \SystemRoot\System32\Drivers\sptd.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73792437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73775600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [737756BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [737924B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73788514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73784CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7378506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73785144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73786671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7378826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [737887BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7378901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7378E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73784BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[2180] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 859701E8
Device \FileSystem\fastfat \FatCdrom 874FD1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0C5F150D-4CA5-4E28-A2A7-3BC269E2EFAD} 874841E8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 875161E8
Device \Driver\usbuhci \Device\USBPDO-1 875161E8
Device \Driver\usbuhci \Device\USBPDO-2 875161E8
Device \Driver\usbehci \Device\USBPDO-3 874CC430
Device \Driver\usbuhci \Device\USBPDO-4 875161E8
Device \Driver\usbuhci \Device\USBPDO-5 875161E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{43159A36-F1B6-4E52-B8CA-4AF080311307} 874841E8
Device \Driver\usbuhci \Device\USBPDO-6 875161E8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 874CC430
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 874031E8
Device \Driver\iaStor \Device\Ide\iaStor0 [8BA54360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 8596E1E8
Device \Driver\atapi \Device\Ide\IdePort0 8596E1E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8BA54360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8BA54360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 8596E1E8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom1 874031E8
Device \Driver\cdrom \Device\CdRom2 874031E8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom3 874031E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 874841E8
Device \Driver\USBSTOR \Device\00000086 893A91E8
Device \Driver\USBSTOR \Device\00000087 893A91E8
Device \Driver\PCI_PNP6740 \Device\0000005b sptd.sys
Device \Driver\PCI_PNP6740 \Device\0000005b sptd.sys
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 875161E8
Device \Driver\usbuhci \Device\USBFDO-1 875161E8
Device \Driver\usbuhci \Device\USBFDO-2 875161E8
Device \Driver\usbehci \Device\USBFDO-3 874CC430
Device \Driver\usbuhci \Device\USBFDO-4 875161E8
Device \Driver\usbuhci \Device\USBFDO-5 875161E8
Device \Driver\usbuhci \Device\USBFDO-6 875161E8
Device \Driver\usbehci \Device\USBFDO-7 874CC430
Device \Driver\aq8hrzv9 \Device\Scsi\aq8hrzv91Port2Path0Target0Lun0 873621E8
Device \Driver\aq8hrzv9 \Device\Scsi\aq8hrzv91 873621E8
Device \FileSystem\fastfat \Fat 874FD1E8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x87 0x9C 0xC6 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAF 0xB8 0x30 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFF 0x14 0x4E 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xFE 0xD5 0x98 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x00 0xA8 0x41 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0xE4 0x3E 0x2A 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x87 0x9C 0xC6 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAF 0xB8 0x30 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFF 0x14 0x4E 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xFE 0xD5 0x98 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x00 0xA8 0x41 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0xE4 0x3E 0x2A 0xE1 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 47AB75FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555F481EE6C580D6A59AE61391212AF0FD9D0F477BF5AC63F7D73D24409469F7E0ED5E9C13DCC2973B12F9ACAD100594466C4E470E10D9EBB815A1E50BF9362C64EEABF308DCA9938AE3E3DED73F26BE3D3B772C3579B6006838F20D8AD38A5FD72476C9C578560D0A4F80AFA94BB8F8B69F45BDE7B14FDE05C2D2BFD8E9E47AA04EE7E7CD6E564ABEE736ADD8F6056AC71BC7C416DBA52E2673F3AF564E787298E5CA8DC8B076F08E935E615891A338CBA43DAFD100519F58346E80AF2660DA9A37D3F59BDBC30FA7838B0B365D67BC597B020BE0B9CF05B9438F895C1A1E0AFD6353CA5F3873AEC7EEB196251B76D47DE2195C0C8E1E02383FD4F0C1DD4F092C1D8BE877D23021CE63496DA389127506CA22D51F865CF3539F5F3F294F00D7F00B287D969F9E2182066C5EC4D6F2CF61DBB79D70F708ACCA8ED94617D98EC74B3017D8A8D2D9BC51A4EE4FB080EE327D4E233CA417A41F643AD8286EEA2274601752A9A05924D5E4B2B56FE20DF999CF80636B60BB3889801ECB123C51CBB1D8FB53B222A3180EE2D30A10215097C6B7583013CAB7ED8685E593B0CA1C30AF28C5C024A9F451ED6BD04F0A3A96
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOCC06.00.00.01WSSV B2AED4402AD0A7916B3904E897C64C60CF696378F24CBF1DF6856E7F0A11AE883B1CA219CFDF4579071E9B1473E753EAAC5643657B558456CEA38FEC81352460628B520C6DB77855309D14054AAEA276F72007B62BEB9D949211839A9866BA80B2F7179C18384043AD87213D3CDE0DACD18A048B475A4E2F5AA76162DD93458DDE6FE901FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407D384C165D3FD55EA483F22FC0E3EE2659E4751E2C3AD9F83169A28F123FA3A6240C439F169B98E34BDBE14BDE1F16ED8792B1A48657B01BE7EDEE96401B5AC9A5ABAD25E9783A2E88F4FD8F0A19CDC43945AD078732DC9886B0E04879B49724B4327E5BC4D2CBE1A26D7DB72D4C4BD93C20111BDAC1D8CCBB837E3B30D053CFBFC1F530F1D17550FCF138C942B04E5ED3A1E7C5379B81E2922C07BB3144B806D6F0EFDCDC03C9F42BA11DF1BF3876DA89206B76EE28317764CE240471494798D66B0CA6613A897E2FCB2CB3FA48F2FD04BE06A349592553BBBAA2B2093E9A484101926B693FCFBD28E314DAD55724C2544A841BCE511F9B3DC783BE53D6C45AA022E7E14E7ECCF294A94E309C39A2998C2AF6E9848BCE8D1FC027033604F608E312745C5D641DC2F72BC92E
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2E698900-CAE2-EB56-28EA-E7DCAFFC9481}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2E698900-CAE2-EB56-28EA-E7DCAFFC9481}@maadhfimndafldjibmicamcdoa 0x6F 0x61 0x70 0x61 ...
---- EOF - GMER 1.0.15 ----
osam Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:18:51 on 06.04.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 11.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "{2547A0A8-7423-4C11-8E25-12E177C73BCC}.job" - "Skype Technologies S.A." - C:\Program Files\Skype\Phone\Skype.exe "{BA37C855-184C-4BDB-95D3-9588C533021B}.job" - "Mozilla Corporation" - C:\Program Files\Mozilla Firefox\firefox.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys "aq8hrzv9" (aq8hrzv9) - "Advanced Micro Devices" - C:\Windows\system32\drivers\aq8hrzv9.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\Pegasuz\AppData\Local\Temp\catchme.sys (File not found) "dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys (File not found) "ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys "FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "fxlyapow" (fxlyapow) - ? - C:\Users\Pegasuz\AppData\Local\Temp\fxlyapow.sys (Hidden registry entry, rootkit activity | File not found) "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys (File not found) "int15" (int15) - "Acer, Inc." - C:\Windows\system32\drivers\int15.sys "LGE Mobile Composite USB Device" (usbbus) - ? - C:\Windows\System32\DRIVERS\lgusbbus.sys (File not found) "LGE Mobile USB Modem" (USBModem) - ? - C:\Windows\System32\DRIVERS\lgusbmodem.sys (File not found) "LGE Mobile USB Serial Port" (UsbDiag) - ? - C:\Windows\System32\DRIVERS\lgusbdiag.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "Mobile Connector USB Device for Legacy Serial Communication LCT2053s" (cmnsusbser) - ? - C:\Windows\System32\DRIVERS\cmnsusbser.sys (File not found) "Power Control [2009/08/16 00:01:22]" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - ? - C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl "PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys "PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys "PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys "RtsUStor.Sys Realtek USB Card Reader" (RSUSBSTOR) - ? - C:\Windows\System32\Drivers\RtsUStor.sys (File not found) "Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - ? - C:\Windows\System32\drivers\RTKVHDA.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\Windows\System32\DRIVERS\vmnetadapter.sys (File not found) "XDva391" (XDva391) - ? - C:\Windows\system32\XDva391.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Inc." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "Egis" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "RocketDock" - ? - "C:\Program Files\RocketDock\RocketDock.exe" (File found, but it contains no detailed information) "SecureBanking" - ? - C:\Program Files\Secure Banking\v1.4\SecureBanking.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "eAudio" - "Acer Incorporated" - "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" "eDataSecurity Loader" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - ? - C:\Program Files\NOS\bin\getPlus_Helper.dll (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe "DTProTS 2.01" (DTProTS) - ? - C:\Program Files\DTProTS\DTProTS.exe (File found, but it contains no detailed information) "eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe "Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe "getPlus(R) Helper 3004" (nosGetPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper_3004.dll "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MobilityService" (MobilityService) - "Acer Incorporated" - C:\Acer\Mobility Center\MobilityService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Samsung AllShare PC" (SamsungAllShareV2.0) - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe "SimpleSlideShowServer" (SimpleSlideShowServer) - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-06 19:39:53
-----------------------------
19:39:53.156 OS Version: Windows 6.1.7601 Service Pack 1
19:39:53.156 Number of processors: 2 586 0x170A
19:39:53.156 ComputerName: PEGASUZ2 UserName: Pegasuz
19:39:53.920 Initialize success
19:39:57.680 AVAST engine defs: 12040600
19:40:11.813 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:40:11.813 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
19:40:12.016 Disk 0 MBR read successfully
19:40:12.016 Disk 0 MBR scan
19:40:12.016 Disk 0 unknown MBR code
19:40:12.079 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 11000 MB offset 2048
19:40:12.157 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145574 MB offset 22530048
19:40:12.172 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 145597 MB offset 320665600
19:40:12.250 Disk 0 Partition 4 00 12 Compaq diag NTFS 3072 MB offset 618848256
19:40:12.281 Disk 0 scanning sectors +625139712
19:40:12.687 Disk 0 scanning C:\Windows\system32\drivers
19:40:36.571 Service scanning
19:40:55.213 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:41:02.451 Modules scanning
19:41:13.714 Disk 0 trace - called modules:
19:41:13.730 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys halmacpi.dll
19:41:13.745 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87142030]
19:41:13.745 3 CLASSPNP.SYS[8bfb959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866b5028]
19:41:15.025 AVAST engine scan C:\Windows
19:41:20.906 AVAST engine scan C:\Windows\system32
19:44:53.877 AVAST engine scan C:\Windows\system32\drivers
19:45:09.867 AVAST engine scan C:\Users\Pegasuz
20:03:49.684 AVAST engine scan C:\ProgramData
20:04:28.809 Scan finished successfully
20:41:15.605 Disk 0 MBR has been saved successfully to "C:\Users\Pegasuz\Desktop\MBR.dat"
20:41:15.605 The log file has been saved successfully to "C:\Users\Pegasuz\Desktop\aswMBR.txt"
|
|
06.04.2012, 20:47
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 100€ Virus (mor.exe) Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.04.2012, 23:15
| #25 |
| | 100€ Virus (mor.exe) Hat funktioniert  Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-07 20:05:09
-----------------------------
20:05:09.364 OS Version: Windows 6.1.7601 Service Pack 1
20:05:09.364 Number of processors: 2 586 0x170A
20:05:09.364 ComputerName: PEGASUZ2 UserName: Pegasuz
20:05:37.928 Initialize success
20:05:44.964 AVAST engine defs: 12040600
20:06:23.255 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:06:23.255 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
20:06:23.270 Disk 0 MBR read successfully
20:06:23.286 Disk 0 MBR scan
20:06:23.286 Disk 0 Windows 7 default MBR code
20:06:23.286 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 11000 MB offset 2048
20:06:23.301 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145574 MB offset 22530048
20:06:23.333 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 145597 MB offset 320665600
20:06:23.348 Disk 0 Partition 4 00 12 Compaq diag NTFS 3072 MB offset 618848256
20:06:23.364 Disk 0 scanning sectors +625139712
20:06:23.426 Disk 0 scanning C:\Windows\system32\drivers
20:06:39.057 Service scanning
20:07:03.783 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
20:07:16.388 Modules scanning
20:07:28.119 Disk 0 trace - called modules:
20:07:28.151 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys halmacpi.dll
20:07:28.151 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87144a58]
20:07:28.166 3 CLASSPNP.SYS[8b7d959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866b3028]
20:07:29.492 AVAST engine scan C:\Windows
20:07:34.453 AVAST engine scan C:\Windows\system32
20:11:51.214 AVAST engine scan C:\Windows\system32\drivers
20:12:17.687 AVAST engine scan C:\Users\Pegasuz
20:33:28.247 AVAST engine scan C:\ProgramData
20:34:12.052 Scan finished successfully
00:17:15.315 Disk 0 MBR has been saved successfully to "C:\Users\Pegasuz\Desktop\MBR.dat"
00:17:15.315 The log file has been saved successfully to "C:\Users\Pegasuz\Desktop\aswMBR.txt"
|
|
08.04.2012, 16:32
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 100€ Virus (mor.exe) Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.04.2012, 01:24
| #27 |
| | 100€ Virus (mor.exe)Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.08.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Pegasuz :: PEGASUZ2 [Administrator] Schutz: Aktiviert 08.04.2012 20:19:20 mbam-log-2012-04-08 (20-19-20).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 346439 Laufzeit: 55 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/09/2012 at 02:04 AM
Application Version : 5.0.1146
Core Rules Database Version : 8424
Trace Rules Database Version: 6236
Scan type : Complete Scan
Total Scan Time : 01:42:20
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 730
Memory threats detected : 0
Registry items scanned : 35274
Registry threats detected : 1
File items scanned : 162915
File threats detected : 0
System.BrokenFileAssociation
HKCR\.exe
|
|
09.04.2012, 16:26
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 100€ Virus (mor.exe) Keine Funde! (da war nur ien Überrest, das kann weg)Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.04.2012, 17:33
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 100€ Virus (mor.exe) Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu 100€ Virus (mor.exe) |
| bereits, datei, eingefangen, entfern, entfernt, gefangen, gen, löschen, mor.exe, nicht sicher, ordner, problemlos, rechner, schließe, schließen, temp, temp ordner, virus, wirklich, öfter |
Linear-Darstellung
