| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKashWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.05.2012, 14:33
| #16 |
 |  PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash Hier das tdss-log: Code:
ATTFilter 15:28:12.0739 0176 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
15:28:12.0802 0176 ============================================================
15:28:12.0802 0176 Current date / time: 2012/05/16 15:28:12.0802
15:28:12.0802 0176 SystemInfo:
15:28:12.0802 0176
15:28:12.0802 0176 OS Version: 6.1.7600 ServicePack: 0.0
15:28:12.0802 0176 Product type: Workstation
15:28:12.0802 0176 ComputerName: SETARI-HP
15:28:12.0802 0176 UserName: Setari
15:28:12.0802 0176 Windows directory: C:\Windows
15:28:12.0802 0176 System windows directory: C:\Windows
15:28:12.0802 0176 Processor architecture: Intel x86
15:28:12.0802 0176 Number of processors: 2
15:28:12.0802 0176 Page size: 0x1000
15:28:12.0802 0176 Boot type: Normal boot
15:28:12.0802 0176 ============================================================
15:28:13.0535 0176 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:28:13.0566 0176 Drive \Device\Harddisk2\DR3 - Size: 0x1E3000000 (7.55 Gb), SectorSize: 0x200, Cylinders: 0x3D9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:28:13.0566 0176 ============================================================
15:28:13.0566 0176 \Device\Harddisk0\DR0:
15:28:13.0566 0176 MBR partitions:
15:28:13.0566 0176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:28:13.0566 0176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38FB8800
15:28:13.0566 0176 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38FEB000, BlocksNum 0x139A800
15:28:13.0566 0176 \Device\Harddisk2\DR3:
15:28:13.0566 0176 MBR partitions:
15:28:13.0566 0176 \Device\Harddisk2\DR3\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0xF17FE0
15:28:13.0566 0176 ============================================================
15:28:13.0597 0176 C: <-> \Device\Harddisk0\DR0\Partition1
15:28:13.0644 0176 D: <-> \Device\Harddisk0\DR0\Partition2
15:28:13.0644 0176 ============================================================
15:28:13.0644 0176 Initialize success
15:28:13.0644 0176 ============================================================
15:28:49.0384 2152 ============================================================
15:28:49.0384 2152 Scan started
15:28:49.0384 2152 Mode: Manual; SigCheck; TDLFS;
15:28:49.0384 2152 ============================================================
15:28:49.0742 2152 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
15:28:49.0805 2152 1394ohci - ok
15:28:49.0852 2152 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
15:28:49.0867 2152 ACPI - ok
15:28:49.0883 2152 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
15:28:49.0898 2152 AcpiPmi - ok
15:28:49.0961 2152 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:28:49.0976 2152 AdobeARMservice - ok
15:28:50.0054 2152 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:28:50.0070 2152 AdobeFlashPlayerUpdateSvc - ok
15:28:50.0117 2152 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:28:50.0148 2152 adp94xx - ok
15:28:50.0179 2152 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:28:50.0195 2152 adpahci - ok
15:28:50.0210 2152 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:28:50.0226 2152 adpu320 - ok
15:28:50.0257 2152 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
15:28:50.0273 2152 AeLookupSvc - ok
15:28:50.0320 2152 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
15:28:50.0351 2152 AFD - ok
15:28:50.0382 2152 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
15:28:50.0398 2152 agp440 - ok
15:28:50.0429 2152 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:28:50.0444 2152 aic78xx - ok
15:28:50.0476 2152 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
15:28:50.0507 2152 ALG - ok
15:28:50.0522 2152 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
15:28:50.0522 2152 aliide - ok
15:28:50.0554 2152 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
15:28:50.0554 2152 amdagp - ok
15:28:50.0569 2152 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
15:28:50.0569 2152 amdide - ok
15:28:50.0585 2152 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:28:50.0600 2152 AmdK8 - ok
15:28:50.0616 2152 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:28:50.0616 2152 AmdPPM - ok
15:28:50.0647 2152 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
15:28:50.0647 2152 amdsata - ok
15:28:50.0678 2152 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:28:50.0694 2152 amdsbs - ok
15:28:50.0710 2152 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
15:28:50.0710 2152 amdxata - ok
15:28:50.0725 2152 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
15:28:50.0741 2152 AppID - ok
15:28:50.0772 2152 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
15:28:50.0788 2152 AppIDSvc - ok
15:28:50.0788 2152 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
15:28:50.0819 2152 Appinfo - ok
15:28:50.0834 2152 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
15:28:50.0850 2152 AppMgmt - ok
15:28:50.0881 2152 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:28:50.0897 2152 arc - ok
15:28:50.0912 2152 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:28:50.0912 2152 arcsas - ok
15:28:51.0022 2152 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:28:51.0037 2152 aspnet_state - ok
15:28:51.0068 2152 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
15:28:51.0100 2152 aswFsBlk - ok
15:28:51.0115 2152 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
15:28:51.0115 2152 aswMonFlt - ok
15:28:51.0146 2152 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
15:28:51.0146 2152 aswRdr - ok
15:28:51.0240 2152 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
15:28:51.0256 2152 aswSnx - ok
15:28:51.0287 2152 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
15:28:51.0302 2152 aswSP - ok
15:28:51.0318 2152 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
15:28:51.0318 2152 aswTdi - ok
15:28:51.0349 2152 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:28:51.0365 2152 AsyncMac - ok
15:28:51.0380 2152 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
15:28:51.0396 2152 atapi - ok
15:28:51.0427 2152 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
15:28:51.0474 2152 AudioEndpointBuilder - ok
15:28:51.0474 2152 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
15:28:51.0505 2152 Audiosrv - ok
15:28:51.0552 2152 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
15:28:51.0568 2152 avast! Antivirus - ok
15:28:51.0599 2152 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
15:28:51.0630 2152 AxInstSV - ok
15:28:51.0677 2152 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:28:51.0708 2152 b06bdrv - ok
15:28:51.0739 2152 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:28:51.0755 2152 b57nd60x - ok
15:28:51.0833 2152 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
15:28:51.0848 2152 BBSvc - ok
15:28:51.0911 2152 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
15:28:51.0926 2152 BBUpdate - ok
15:28:51.0958 2152 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
15:28:51.0973 2152 BDESVC - ok
15:28:52.0004 2152 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:28:52.0020 2152 Beep - ok
15:28:52.0067 2152 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
15:28:52.0098 2152 BFE - ok
15:28:52.0145 2152 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
15:28:52.0207 2152 BITS - ok
15:28:52.0223 2152 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:28:52.0223 2152 blbdrive - ok
15:28:52.0254 2152 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
15:28:52.0285 2152 bowser - ok
15:28:52.0316 2152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:28:52.0332 2152 BrFiltLo - ok
15:28:52.0348 2152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:28:52.0363 2152 BrFiltUp - ok
15:28:52.0394 2152 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
15:28:52.0410 2152 Browser - ok
15:28:52.0441 2152 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:28:52.0472 2152 Brserid - ok
15:28:52.0488 2152 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:28:52.0504 2152 BrSerWdm - ok
15:28:52.0535 2152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:28:52.0535 2152 BrUsbMdm - ok
15:28:52.0550 2152 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:28:52.0566 2152 BrUsbSer - ok
15:28:52.0582 2152 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:28:52.0597 2152 BTHMODEM - ok
15:28:52.0628 2152 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
15:28:52.0660 2152 bthserv - ok
15:28:52.0675 2152 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:28:52.0706 2152 cdfs - ok
15:28:52.0769 2152 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
15:28:52.0800 2152 cdrom - ok
15:28:52.0894 2152 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
15:28:52.0940 2152 CertPropSvc - ok
15:28:52.0987 2152 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:28:53.0003 2152 circlass - ok
15:28:53.0034 2152 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:28:53.0065 2152 CLFS - ok
15:28:53.0143 2152 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:28:53.0159 2152 clr_optimization_v2.0.50727_32 - ok
15:28:53.0221 2152 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:28:53.0237 2152 clr_optimization_v4.0.30319_32 - ok
15:28:53.0237 2152 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:28:53.0252 2152 CmBatt - ok
15:28:53.0268 2152 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
15:28:53.0284 2152 cmdide - ok
15:28:53.0315 2152 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
15:28:53.0330 2152 CNG - ok
15:28:53.0346 2152 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:28:53.0346 2152 Compbatt - ok
15:28:53.0362 2152 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:28:53.0377 2152 CompositeBus - ok
15:28:53.0393 2152 COMSysApp - ok
15:28:53.0408 2152 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:28:53.0424 2152 crcdisk - ok
15:28:53.0440 2152 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
15:28:53.0471 2152 CryptSvc - ok
15:28:53.0486 2152 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
15:28:53.0502 2152 CSC - ok
15:28:53.0533 2152 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
15:28:53.0580 2152 CscService - ok
15:28:53.0611 2152 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
15:28:53.0658 2152 DcomLaunch - ok
15:28:53.0689 2152 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
15:28:53.0736 2152 defragsvc - ok
15:28:53.0783 2152 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
15:28:53.0798 2152 DfsC - ok
15:28:53.0861 2152 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
15:28:53.0892 2152 Dhcp - ok
15:28:53.0923 2152 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:28:53.0970 2152 discache - ok
15:28:54.0017 2152 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:28:54.0017 2152 Disk - ok
15:28:54.0064 2152 DLABMFSM (e328f653bb38dca443b6b5c209550f16) C:\Windows\system32\DLA\DLABMFSM.SYS
15:28:54.0064 2152 DLABMFSM - ok
15:28:54.0079 2152 DLABOIOM (5324fbe31307eddd03df5539225454c8) C:\Windows\system32\DLA\DLABOIOM.SYS
15:28:54.0079 2152 DLABOIOM - ok
15:28:54.0095 2152 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
15:28:54.0110 2152 DLACDBHM - ok
15:28:54.0110 2152 DLADResM (5d71db0c8c693324a20d6a6e230d3877) C:\Windows\system32\DLA\DLADResM.SYS
15:28:54.0126 2152 DLADResM - ok
15:28:54.0142 2152 DLAIFS_M (b89653704319073f71311a676baf70d4) C:\Windows\system32\DLA\DLAIFS_M.SYS
15:28:54.0142 2152 DLAIFS_M - ok
15:28:54.0157 2152 DLAOPIOM (e08f04c7f7e0c31c9ac928abac9d0193) C:\Windows\system32\DLA\DLAOPIOM.SYS
15:28:54.0157 2152 DLAOPIOM - ok
15:28:54.0173 2152 DLAPoolM (daa942572d1b3393040209bf5eadf4a8) C:\Windows\system32\DLA\DLAPoolM.SYS
15:28:54.0173 2152 DLAPoolM - ok
15:28:54.0188 2152 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
15:28:54.0188 2152 DLARTL_M - ok
15:28:54.0204 2152 DLAUDFAM (e1160a37a6f1a7607510744267501836) C:\Windows\system32\DLA\DLAUDFAM.SYS
15:28:54.0204 2152 DLAUDFAM - ok
15:28:54.0220 2152 DLAUDF_M (26dad89dc9de1f7f4990849bc5731d03) C:\Windows\system32\DLA\DLAUDF_M.SYS
15:28:54.0235 2152 DLAUDF_M - ok
15:28:54.0251 2152 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
15:28:54.0282 2152 Dnscache - ok
15:28:54.0313 2152 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
15:28:54.0329 2152 dot3svc - ok
15:28:54.0344 2152 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
15:28:54.0391 2152 DPS - ok
15:28:54.0407 2152 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:28:54.0438 2152 drmkaud - ok
15:28:54.0454 2152 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
15:28:54.0469 2152 DRVMCDB - ok
15:28:54.0485 2152 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
15:28:54.0485 2152 DRVNDDM - ok
15:28:54.0532 2152 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
15:28:54.0563 2152 DXGKrnl - ok
15:28:54.0578 2152 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
15:28:54.0610 2152 EapHost - ok
15:28:54.0766 2152 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:28:54.0828 2152 ebdrv - ok
15:28:54.0922 2152 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
15:28:54.0953 2152 EFS - ok
15:28:55.0015 2152 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
15:28:55.0046 2152 ehRecvr - ok
15:28:55.0078 2152 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
15:28:55.0109 2152 ehSched - ok
15:28:55.0187 2152 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:28:55.0218 2152 elxstor - ok
15:28:55.0218 2152 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
15:28:55.0234 2152 ErrDev - ok
15:28:55.0265 2152 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
15:28:55.0296 2152 EventSystem - ok
15:28:55.0312 2152 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:28:55.0343 2152 exfat - ok
15:28:55.0358 2152 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:28:55.0390 2152 fastfat - ok
15:28:55.0436 2152 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
15:28:55.0468 2152 Fax - ok
15:28:55.0499 2152 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:28:55.0514 2152 fdc - ok
15:28:55.0546 2152 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
15:28:55.0561 2152 fdPHost - ok
15:28:55.0561 2152 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
15:28:55.0592 2152 FDResPub - ok
15:28:55.0608 2152 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:28:55.0608 2152 FileInfo - ok
15:28:55.0624 2152 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:28:55.0655 2152 Filetrace - ok
15:28:55.0670 2152 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:28:55.0686 2152 flpydisk - ok
15:28:55.0702 2152 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:28:55.0717 2152 FltMgr - ok
15:28:55.0795 2152 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
15:28:55.0826 2152 FontCache - ok
15:28:55.0889 2152 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:28:55.0904 2152 FontCache3.0.0.0 - ok
15:28:55.0936 2152 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:28:55.0951 2152 FsDepends - ok
15:28:55.0967 2152 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
15:28:55.0982 2152 Fs_Rec - ok
15:28:56.0014 2152 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
15:28:56.0045 2152 fvevol - ok
15:28:56.0076 2152 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:28:56.0092 2152 gagp30kx - ok
15:28:56.0154 2152 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
15:28:56.0170 2152 GameConsoleService - ok
15:28:56.0216 2152 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
15:28:56.0248 2152 gpsvc - ok
15:28:56.0279 2152 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:28:56.0294 2152 hcw85cir - ok
15:28:56.0326 2152 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
15:28:56.0372 2152 HdAudAddService - ok
15:28:56.0388 2152 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:28:56.0419 2152 HDAudBus - ok
15:28:56.0435 2152 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:28:56.0450 2152 HidBatt - ok
15:28:56.0482 2152 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:28:56.0482 2152 HidBth - ok
15:28:56.0497 2152 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:28:56.0513 2152 HidIr - ok
15:28:56.0528 2152 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
15:28:56.0560 2152 hidserv - ok
15:28:56.0591 2152 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
15:28:56.0591 2152 HidUsb - ok
15:28:56.0622 2152 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
15:28:56.0638 2152 hkmsvc - ok
15:28:56.0653 2152 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
15:28:56.0684 2152 HomeGroupListener - ok
15:28:56.0716 2152 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
15:28:56.0731 2152 HomeGroupProvider - ok
15:28:56.0809 2152 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:28:56.0825 2152 HP Support Assistant Service - ok
15:28:56.0887 2152 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:28:56.0903 2152 HPDrvMntSvc.exe - ok
15:28:56.0934 2152 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:28:56.0965 2152 hpqwmiex - ok
15:28:57.0028 2152 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:28:57.0043 2152 HpSAMD - ok
15:28:57.0090 2152 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
15:28:57.0137 2152 HTTP - ok
15:28:57.0152 2152 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
15:28:57.0168 2152 hwpolicy - ok
15:28:57.0199 2152 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:28:57.0215 2152 i8042prt - ok
15:28:57.0262 2152 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
15:28:57.0293 2152 iaStorV - ok
15:28:57.0371 2152 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:28:57.0371 2152 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:28:57.0371 2152 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:28:57.0480 2152 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:28:57.0511 2152 idsvc - ok
15:28:57.0964 2152 igfx (59fa038451070172e47d0cd347f32bc4) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:28:58.0151 2152 igfx - ok
15:28:58.0291 2152 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:28:58.0307 2152 iirsp - ok
15:28:58.0369 2152 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
15:28:58.0416 2152 IKEEXT - ok
15:28:58.0432 2152 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
15:28:58.0447 2152 Impcd - ok
15:28:58.0634 2152 IntcAzAudAddService (5a4aad2240cb8b50ffeaedb2bf747abd) C:\Windows\system32\drivers\RTKVHDA.sys
15:28:58.0681 2152 IntcAzAudAddService - ok
15:28:58.0790 2152 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
15:28:58.0806 2152 intelide - ok
15:28:58.0837 2152 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:28:58.0868 2152 intelppm - ok
15:28:58.0900 2152 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
15:28:58.0946 2152 IPBusEnum - ok
15:28:58.0962 2152 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:28:58.0978 2152 IpFilterDriver - ok
15:28:59.0024 2152 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
15:28:59.0071 2152 iphlpsvc - ok
15:28:59.0087 2152 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:28:59.0102 2152 IPMIDRV - ok
15:28:59.0118 2152 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:28:59.0149 2152 IPNAT - ok
15:28:59.0180 2152 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:28:59.0196 2152 IRENUM - ok
15:28:59.0196 2152 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
15:28:59.0212 2152 isapnp - ok
15:28:59.0243 2152 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
15:28:59.0258 2152 iScsiPrt - ok
15:28:59.0305 2152 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:28:59.0321 2152 IviRegMgr - ok
15:28:59.0352 2152 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:28:59.0368 2152 kbdclass - ok
15:28:59.0399 2152 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
15:28:59.0414 2152 kbdhid - ok
15:28:59.0446 2152 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
15:28:59.0461 2152 KeyIso - ok
15:28:59.0461 2152 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
15:28:59.0477 2152 KSecDD - ok
15:28:59.0492 2152 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
15:28:59.0508 2152 KSecPkg - ok
15:28:59.0539 2152 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
15:28:59.0570 2152 KtmRm - ok
15:28:59.0602 2152 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
15:28:59.0617 2152 LanmanServer - ok
15:28:59.0648 2152 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
15:28:59.0680 2152 LanmanWorkstation - ok
15:28:59.0726 2152 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:28:59.0726 2152 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:28:59.0726 2152 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:28:59.0773 2152 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:28:59.0789 2152 lltdio - ok
15:28:59.0820 2152 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
15:28:59.0851 2152 lltdsvc - ok
15:28:59.0867 2152 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
15:28:59.0914 2152 lmhosts - ok
15:28:59.0945 2152 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:28:59.0960 2152 LSI_FC - ok
15:28:59.0960 2152 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:28:59.0976 2152 LSI_SAS - ok
15:28:59.0976 2152 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:28:59.0992 2152 LSI_SAS2 - ok
15:28:59.0992 2152 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:29:00.0007 2152 LSI_SCSI - ok
15:29:00.0023 2152 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:29:00.0054 2152 luafv - ok
15:29:00.0070 2152 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
15:29:00.0085 2152 Mcx2Svc - ok
15:29:00.0116 2152 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:29:00.0116 2152 megasas - ok
15:29:00.0148 2152 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:29:00.0163 2152 MegaSR - ok
15:29:00.0179 2152 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:29:00.0194 2152 MMCSS - ok
15:29:00.0210 2152 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:29:00.0241 2152 Modem - ok
15:29:00.0257 2152 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:29:00.0288 2152 monitor - ok
15:29:00.0304 2152 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:29:00.0304 2152 mouclass - ok
15:29:00.0335 2152 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:29:00.0350 2152 mouhid - ok
15:29:00.0382 2152 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
15:29:00.0382 2152 mountmgr - ok
15:29:00.0444 2152 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:29:00.0460 2152 MozillaMaintenance - ok
15:29:00.0491 2152 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
15:29:00.0506 2152 mpio - ok
15:29:00.0522 2152 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:29:00.0538 2152 mpsdrv - ok
15:29:00.0584 2152 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
15:29:00.0631 2152 MpsSvc - ok
15:29:00.0647 2152 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
15:29:00.0662 2152 MRxDAV - ok
15:29:00.0709 2152 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:29:00.0725 2152 mrxsmb - ok
15:29:00.0756 2152 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:29:00.0772 2152 mrxsmb10 - ok
15:29:00.0787 2152 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:29:00.0787 2152 mrxsmb20 - ok
15:29:00.0818 2152 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
15:29:00.0818 2152 msahci - ok
15:29:00.0834 2152 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
15:29:00.0834 2152 msdsm - ok
15:29:00.0865 2152 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
15:29:00.0896 2152 MSDTC - ok
15:29:00.0912 2152 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:29:00.0943 2152 Msfs - ok
15:29:00.0959 2152 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:29:00.0990 2152 mshidkmdf - ok
15:29:01.0006 2152 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
15:29:01.0006 2152 msisadrv - ok
15:29:01.0052 2152 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
15:29:01.0084 2152 MSiSCSI - ok
15:29:01.0084 2152 msiserver - ok
15:29:01.0115 2152 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:29:01.0146 2152 MSKSSRV - ok
15:29:01.0162 2152 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:29:01.0177 2152 MSPCLOCK - ok
15:29:01.0193 2152 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:29:01.0208 2152 MSPQM - ok
15:29:01.0224 2152 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:29:01.0240 2152 MsRPC - ok
15:29:01.0255 2152 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
15:29:01.0271 2152 mssmbios - ok
15:29:01.0286 2152 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:29:01.0318 2152 MSTEE - ok
15:29:01.0333 2152 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:29:01.0349 2152 MTConfig - ok
15:29:01.0364 2152 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:29:01.0364 2152 Mup - ok
15:29:01.0396 2152 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
15:29:01.0442 2152 napagent - ok
15:29:01.0474 2152 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:29:01.0489 2152 NativeWifiP - ok
15:29:01.0536 2152 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
15:29:01.0567 2152 NDIS - ok
15:29:01.0583 2152 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:29:01.0598 2152 NdisCap - ok
15:29:01.0645 2152 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:29:01.0676 2152 NdisTapi - ok
15:29:01.0676 2152 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
15:29:01.0692 2152 Ndisuio - ok
15:29:01.0708 2152 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
15:29:01.0739 2152 NdisWan - ok
15:29:01.0739 2152 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
15:29:01.0754 2152 NDProxy - ok
15:29:01.0786 2152 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:29:01.0817 2152 NetBIOS - ok
15:29:01.0848 2152 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
15:29:01.0879 2152 NetBT - ok
15:29:01.0910 2152 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
15:29:01.0910 2152 Netlogon - ok
15:29:01.0957 2152 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
15:29:02.0004 2152 Netman - ok
15:29:02.0082 2152 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:29:02.0098 2152 NetMsmqActivator - ok
15:29:02.0098 2152 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:29:02.0113 2152 NetPipeActivator - ok
15:29:02.0144 2152 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
15:29:02.0191 2152 netprofm - ok
15:29:02.0191 2152 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:29:02.0207 2152 NetTcpActivator - ok
15:29:02.0207 2152 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:29:02.0222 2152 NetTcpPortSharing - ok
15:29:02.0254 2152 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:29:02.0254 2152 nfrd960 - ok
15:29:02.0300 2152 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
15:29:02.0316 2152 NlaSvc - ok
15:29:02.0332 2152 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:29:02.0363 2152 Npfs - ok
15:29:02.0378 2152 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
15:29:02.0394 2152 nsi - ok
15:29:02.0410 2152 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:29:02.0425 2152 nsiproxy - ok
15:29:02.0503 2152 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
15:29:02.0550 2152 Ntfs - ok
15:29:02.0659 2152 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:29:02.0690 2152 Null - ok
15:29:02.0737 2152 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
15:29:02.0753 2152 nvraid - ok
15:29:02.0784 2152 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
15:29:02.0800 2152 nvstor - ok
15:29:02.0831 2152 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
15:29:02.0831 2152 nv_agp - ok
15:29:02.0940 2152 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:29:02.0971 2152 odserv - ok
15:29:02.0987 2152 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
15:29:03.0002 2152 ohci1394 - ok
15:29:03.0034 2152 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:29:03.0049 2152 ose - ok
15:29:03.0080 2152 OxPPort (05564282ea0fa0c7543452d7bc46a4fb) C:\Windows\system32\DRIVERS\OxPPort.sys
15:29:03.0096 2152 OxPPort - ok
15:29:03.0127 2152 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:29:03.0174 2152 p2pimsvc - ok
15:29:03.0205 2152 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
15:29:03.0221 2152 p2psvc - ok
15:29:03.0268 2152 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:29:03.0283 2152 Parport - ok
15:29:03.0314 2152 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
15:29:03.0330 2152 partmgr - ok
15:29:03.0346 2152 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:29:03.0377 2152 Parvdm - ok
15:29:03.0424 2152 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
15:29:03.0439 2152 PcaSvc - ok
15:29:03.0470 2152 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
15:29:03.0486 2152 pci - ok
15:29:03.0502 2152 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
15:29:03.0502 2152 pciide - ok
15:29:03.0517 2152 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:29:03.0533 2152 pcmcia - ok
15:29:03.0548 2152 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:29:03.0564 2152 pcw - ok
15:29:03.0595 2152 pdfcDispatcher - ok
15:29:03.0642 2152 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:29:03.0689 2152 PEAUTH - ok
15:29:03.0751 2152 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
15:29:03.0782 2152 PeerDistSvc - ok
15:29:03.0860 2152 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
15:29:03.0938 2152 pla - ok
15:29:04.0048 2152 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
15:29:04.0079 2152 PlugPlay - ok
15:29:04.0141 2152 PnkBstrA (831883b107684301f48ace752c963984) C:\Windows\system32\PnkBstrA.exe
15:29:04.0157 2152 PnkBstrA - ok
15:29:04.0172 2152 PnkBstrB (e138d7aa8c2b15c5e08d2bc3f6e912a2) C:\Windows\system32\PnkBstrB.exe
15:29:04.0188 2152 PnkBstrB - ok
15:29:04.0266 2152 PnkBstrK (b35d2efe5847369903eec9455a6d23d7) C:\Windows\system32\drivers\PnkBstrK.sys
15:29:04.0266 2152 PnkBstrK - ok
15:29:04.0297 2152 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
15:29:04.0344 2152 PNRPAutoReg - ok
15:29:04.0375 2152 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:29:04.0391 2152 PNRPsvc - ok
15:29:04.0438 2152 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
15:29:04.0469 2152 PolicyAgent - ok
15:29:04.0500 2152 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
15:29:04.0531 2152 Power - ok
15:29:04.0547 2152 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:29:04.0578 2152 PptpMiniport - ok
15:29:04.0594 2152 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:29:04.0594 2152 Processor - ok
15:29:04.0640 2152 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
15:29:04.0672 2152 ProfSvc - ok
15:29:04.0703 2152 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
15:29:04.0703 2152 ProtectedStorage - ok
15:29:04.0750 2152 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:29:04.0796 2152 Psched - ok
15:29:04.0843 2152 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
15:29:04.0859 2152 PSI_SVC_2 - ok
15:29:04.0890 2152 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
15:29:04.0890 2152 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
15:29:04.0890 2152 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
15:29:04.0984 2152 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:29:05.0015 2152 ql2300 - ok
15:29:05.0124 2152 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:29:05.0140 2152 ql40xx - ok
15:29:05.0171 2152 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
15:29:05.0202 2152 QWAVE - ok
15:29:05.0202 2152 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:29:05.0218 2152 QWAVEdrv - ok
15:29:05.0233 2152 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:29:05.0249 2152 RasAcd - ok
15:29:05.0296 2152 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:29:05.0311 2152 RasAgileVpn - ok
15:29:05.0327 2152 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
15:29:05.0358 2152 RasAuto - ok
15:29:05.0374 2152 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:29:05.0389 2152 Rasl2tp - ok
15:29:05.0420 2152 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
15:29:05.0452 2152 RasMan - ok
15:29:05.0483 2152 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:29:05.0514 2152 RasPppoe - ok
15:29:05.0530 2152 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:29:05.0545 2152 RasSstp - ok
15:29:05.0576 2152 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
15:29:05.0608 2152 rdbss - ok
15:29:05.0639 2152 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:29:05.0670 2152 rdpbus - ok
15:29:05.0686 2152 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:29:05.0701 2152 RDPCDD - ok
15:29:05.0732 2152 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
15:29:05.0748 2152 RDPDR - ok
15:29:05.0764 2152 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:29:05.0795 2152 RDPENCDD - ok
15:29:05.0810 2152 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:29:05.0842 2152 RDPREFMP - ok
15:29:05.0888 2152 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
15:29:05.0904 2152 RDPWD - ok
15:29:05.0935 2152 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
15:29:05.0935 2152 rdyboost - ok
15:29:05.0966 2152 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
15:29:05.0982 2152 regi - ok
15:29:05.0998 2152 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
15:29:06.0029 2152 RemoteAccess - ok
15:29:06.0060 2152 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
15:29:06.0076 2152 RemoteRegistry - ok
15:29:06.0200 2152 RoxMediaDB9 (ad1411a7ea50f2f97a73a3f51153066e) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
15:29:06.0232 2152 RoxMediaDB9 - ok
15:29:06.0263 2152 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
15:29:06.0278 2152 RpcEptMapper - ok
15:29:06.0294 2152 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
15:29:06.0325 2152 RpcLocator - ok
15:29:06.0356 2152 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
15:29:06.0388 2152 RpcSs - ok
15:29:06.0434 2152 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:29:06.0481 2152 rspndr - ok
15:29:06.0512 2152 RTL8167 (83f5445dc0ba1994c1f5ff02ba79cc3a) C:\Windows\system32\DRIVERS\Rt86win7.sys
15:29:06.0528 2152 RTL8167 - ok
15:29:06.0544 2152 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
15:29:06.0559 2152 s3cap - ok
15:29:06.0590 2152 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
15:29:06.0622 2152 SamSs - ok
15:29:06.0637 2152 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
15:29:06.0653 2152 sbp2port - ok
15:29:06.0668 2152 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
15:29:06.0700 2152 SCardSvr - ok
15:29:06.0715 2152 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
15:29:06.0746 2152 scfilter - ok
15:29:06.0809 2152 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
15:29:06.0840 2152 Schedule - ok
15:29:06.0856 2152 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
15:29:06.0887 2152 SCPolicySvc - ok
15:29:06.0902 2152 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
15:29:06.0918 2152 SDRSVC - ok
15:29:06.0949 2152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:29:06.0980 2152 secdrv - ok
15:29:06.0996 2152 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
15:29:07.0027 2152 seclogon - ok
15:29:07.0074 2152 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
15:29:07.0090 2152 SENS - ok
15:29:07.0105 2152 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
15:29:07.0105 2152 SensrSvc - ok
15:29:07.0136 2152 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:29:07.0136 2152 Serenum - ok
15:29:07.0152 2152 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:29:07.0183 2152 Serial - ok
15:29:07.0183 2152 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:29:07.0183 2152 sermouse - ok
15:29:07.0230 2152 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
15:29:07.0246 2152 SessionEnv - ok
15:29:07.0261 2152 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
15:29:07.0292 2152 sffdisk - ok
15:29:07.0308 2152 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:29:07.0308 2152 sffp_mmc - ok
15:29:07.0324 2152 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:29:07.0339 2152 sffp_sd - ok
15:29:07.0355 2152 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:29:07.0355 2152 sfloppy - ok
15:29:07.0402 2152 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
15:29:07.0417 2152 SharedAccess - ok
15:29:07.0448 2152 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
15:29:07.0480 2152 ShellHWDetection - ok
15:29:07.0511 2152 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
15:29:07.0511 2152 sisagp - ok
15:29:07.0526 2152 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:29:07.0542 2152 SiSRaid2 - ok
15:29:07.0542 2152 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:29:07.0558 2152 SiSRaid4 - ok
15:29:07.0558 2152 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:29:07.0589 2152 Smb - ok
15:29:07.0636 2152 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
15:29:07.0651 2152 SNMPTRAP - ok
15:29:07.0682 2152 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:29:07.0698 2152 spldr - ok
15:29:07.0745 2152 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
15:29:07.0792 2152 Spooler - ok
15:29:07.0948 2152 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
15:29:07.0994 2152 sppsvc - ok
15:29:08.0088 2152 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
15:29:08.0135 2152 sppuinotify - ok
15:29:08.0182 2152 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
15:29:08.0213 2152 srv - ok
15:29:08.0244 2152 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
15:29:08.0275 2152 srv2 - ok
15:29:08.0306 2152 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
15:29:08.0322 2152 srvnet - ok
15:29:08.0338 2152 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
15:29:08.0369 2152 SSDPSRV - ok
15:29:08.0384 2152 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
15:29:08.0416 2152 SstpSvc - ok
15:29:08.0447 2152 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:29:08.0462 2152 stexstor - ok
15:29:08.0494 2152 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
15:29:08.0525 2152 StiSvc - ok
15:29:08.0587 2152 stllssvr (b254b1434208f280edf3785613dcc41b) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:29:08.0603 2152 stllssvr ( UnsignedFile.Multi.Generic ) - warning
15:29:08.0603 2152 stllssvr - detected UnsignedFile.Multi.Generic (1)
15:29:08.0634 2152 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
15:29:08.0650 2152 storflt - ok
15:29:08.0665 2152 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
15:29:08.0681 2152 StorSvc - ok
15:29:08.0696 2152 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
15:29:08.0712 2152 storvsc - ok
15:29:08.0728 2152 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
15:29:08.0743 2152 swenum - ok
15:29:08.0759 2152 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
15:29:08.0790 2152 swprv - ok
15:29:08.0868 2152 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
15:29:08.0915 2152 SysMain - ok
15:29:08.0946 2152 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
15:29:08.0962 2152 TabletInputService - ok
15:29:08.0977 2152 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
15:29:09.0008 2152 TapiSrv - ok
15:29:09.0024 2152 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
15:29:09.0055 2152 TBS - ok
15:29:09.0164 2152 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
15:29:09.0211 2152 Tcpip - ok
15:29:09.0383 2152 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
15:29:09.0398 2152 TCPIP6 - ok
15:29:09.0508 2152 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
15:29:09.0539 2152 tcpipreg - ok
15:29:09.0570 2152 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
15:29:09.0586 2152 TDPIPE - ok
15:29:09.0601 2152 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
15:29:09.0632 2152 TDTCP - ok
15:29:09.0648 2152 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
15:29:09.0679 2152 tdx - ok
15:29:09.0804 2152 TeamViewer5 (2a64c802f4c8aa00ac8472c771688e00) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
15:29:09.0835 2152 TeamViewer5 - ok
15:29:09.0944 2152 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
15:29:09.0960 2152 TermDD - ok
15:29:10.0007 2152 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
15:29:10.0054 2152 TermService - ok
15:29:10.0069 2152 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
15:29:10.0085 2152 Themes - ok
15:29:10.0100 2152 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:29:10.0132 2152 THREADORDER - ok
15:29:10.0147 2152 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
15:29:10.0178 2152 TrkWks - ok
15:29:10.0225 2152 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
15:29:10.0241 2152 TrustedInstaller - ok
15:29:10.0256 2152 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:29:10.0272 2152 tssecsrv - ok
15:29:10.0303 2152 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
15:29:10.0319 2152 tunnel - ok
15:29:10.0350 2152 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:29:10.0366 2152 uagp35 - ok
15:29:10.0381 2152 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
15:29:10.0412 2152 udfs - ok
15:29:10.0444 2152 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
15:29:10.0459 2152 UI0Detect - ok
15:29:10.0475 2152 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:29:10.0490 2152 uliagpkx - ok
15:29:10.0506 2152 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
15:29:10.0522 2152 umbus - ok
15:29:10.0537 2152 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:29:10.0553 2152 UmPass - ok
15:29:10.0600 2152 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
15:29:10.0631 2152 UmRdpService - ok
15:29:10.0646 2152 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
15:29:10.0678 2152 upnphost - ok
15:29:10.0740 2152 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
15:29:10.0771 2152 usbccgp - ok
15:29:10.0818 2152 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
15:29:10.0849 2152 usbcir - ok
15:29:10.0880 2152 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
15:29:10.0896 2152 usbehci - ok
15:29:10.0927 2152 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
15:29:10.0943 2152 usbhub - ok
15:29:10.0974 2152 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
15:29:11.0005 2152 usbohci - ok
15:29:11.0036 2152 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:29:11.0068 2152 usbprint - ok
15:29:11.0099 2152 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:29:11.0114 2152 USBSTOR - ok
15:29:11.0130 2152 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
15:29:11.0146 2152 usbuhci - ok
15:29:11.0161 2152 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
15:29:11.0208 2152 UxSms - ok
15:29:11.0224 2152 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
15:29:11.0224 2152 VaultSvc - ok
15:29:11.0255 2152 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:29:11.0270 2152 vdrvroot - ok
15:29:11.0302 2152 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
15:29:11.0333 2152 vds - ok
15:29:11.0348 2152 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:29:11.0364 2152 vga - ok
15:29:11.0380 2152 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:29:11.0395 2152 VgaSave - ok
15:29:11.0411 2152 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
15:29:11.0426 2152 vhdmp - ok
15:29:11.0442 2152 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
15:29:11.0458 2152 viaagp - ok
15:29:11.0458 2152 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:29:11.0473 2152 ViaC7 - ok
15:29:11.0489 2152 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
15:29:11.0504 2152 viaide - ok
15:29:11.0520 2152 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
15:29:11.0520 2152 vmbus - ok
15:29:11.0536 2152 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
15:29:11.0536 2152 VMBusHID - ok
15:29:11.0551 2152 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
15:29:11.0567 2152 volmgr - ok
15:29:11.0598 2152 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:29:11.0614 2152 volmgrx - ok
15:29:11.0629 2152 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
15:29:11.0645 2152 volsnap - ok
15:29:11.0676 2152 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:29:11.0692 2152 vsmraid - ok
15:29:11.0754 2152 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
15:29:11.0801 2152 VSS - ok
15:29:11.0816 2152 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:29:11.0816 2152 vwifibus - ok
15:29:11.0848 2152 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
15:29:11.0879 2152 W32Time - ok
15:29:11.0910 2152 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:29:11.0926 2152 WacomPen - ok
15:29:11.0941 2152 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:29:11.0972 2152 WANARP - ok
15:29:11.0972 2152 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:29:11.0988 2152 Wanarpv6 - ok
15:29:12.0066 2152 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
15:29:12.0113 2152 wbengine - ok
15:29:12.0128 2152 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
15:29:12.0144 2152 WbioSrvc - ok
15:29:12.0191 2152 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
15:29:12.0206 2152 wcncsvc - ok
15:29:12.0238 2152 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
15:29:12.0269 2152 WcsPlugInService - ok
15:29:12.0284 2152 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:29:12.0300 2152 Wd - ok
15:29:12.0331 2152 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:29:12.0347 2152 Wdf01000 - ok
15:29:12.0347 2152 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:29:12.0362 2152 WdiServiceHost - ok
15:29:12.0378 2152 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:29:12.0394 2152 WdiSystemHost - ok
15:29:12.0425 2152 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
15:29:12.0440 2152 WebClient - ok
15:29:12.0487 2152 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
15:29:12.0534 2152 Wecsvc - ok
15:29:12.0550 2152 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
15:29:12.0581 2152 wercplsupport - ok
15:29:12.0612 2152 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
15:29:12.0628 2152 WerSvc - ok
15:29:12.0659 2152 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:29:12.0690 2152 WfpLwf - ok
15:29:12.0706 2152 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:29:12.0721 2152 WIMMount - ok
15:29:12.0799 2152 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:29:12.0830 2152 WinDefend - ok
15:29:12.0830 2152 WinHttpAutoProxySvc - ok
15:29:12.0893 2152 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
15:29:12.0940 2152 Winmgmt - ok
15:29:13.0002 2152 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
15:29:13.0064 2152 WinRM - ok
15:29:13.0127 2152 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
15:29:13.0142 2152 WinUsb - ok
15:29:13.0205 2152 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
15:29:13.0252 2152 Wlansvc - ok
15:29:13.0267 2152 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:29:13.0298 2152 WmiAcpi - ok
15:29:13.0361 2152 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
15:29:13.0376 2152 wmiApSrv - ok
15:29:13.0470 2152 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:29:13.0517 2152 WMPNetworkSvc - ok
15:29:13.0610 2152 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
15:29:13.0626 2152 WPCSvc - ok
15:29:13.0642 2152 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
15:29:13.0657 2152 WPDBusEnum - ok
15:29:13.0673 2152 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:29:13.0704 2152 ws2ifsl - ok
15:29:13.0720 2152 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll
15:29:13.0751 2152 wscsvc - ok
15:29:13.0751 2152 WSearch - ok
15:29:13.0844 2152 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
15:29:13.0922 2152 wuauserv - ok
15:29:14.0016 2152 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
15:29:14.0063 2152 WudfPf - ok
15:29:14.0094 2152 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:29:14.0125 2152 WUDFRd - ok
15:29:14.0156 2152 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
15:29:14.0203 2152 wudfsvc - ok
15:29:14.0219 2152 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
15:29:14.0250 2152 WwanSvc - ok
15:29:14.0266 2152 MBR (0x1B8) (7e76f7175c2a6baf7661d0532a681bb9) \Device\Harddisk0\DR0
15:29:14.0531 2152 \Device\Harddisk0\DR0 - ok
15:29:14.0531 2152 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR3
15:29:16.0465 2152 \Device\Harddisk2\DR3 - ok
15:29:16.0465 2152 Boot (0x1200) (1bedbf79dde27985c229671b44b79109) \Device\Harddisk0\DR0\Partition0
15:29:16.0465 2152 \Device\Harddisk0\DR0\Partition0 - ok
15:29:16.0496 2152 Boot (0x1200) (8c3b6d038688616de74a354b8d416142) \Device\Harddisk0\DR0\Partition1
15:29:16.0496 2152 \Device\Harddisk0\DR0\Partition1 - ok
15:29:16.0543 2152 Boot (0x1200) (d737e8d49217b76696beb25f9fac79eb) \Device\Harddisk0\DR0\Partition2
15:29:16.0543 2152 \Device\Harddisk0\DR0\Partition2 - ok
15:29:16.0543 2152 Boot (0x1200) (1ae452056f03bbdc2a7b32391ae4b005) \Device\Harddisk2\DR3\Partition0
15:29:16.0543 2152 \Device\Harddisk2\DR3\Partition0 - ok
15:29:16.0543 2152 ============================================================
15:29:16.0543 2152 Scan finished
15:29:16.0543 2152 ============================================================
15:29:16.0559 3664 Detected object count: 4
15:29:16.0559 3664 Actual detected object count: 4
15:29:42.0970 3664 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:42.0970 3664 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:42.0970 3664 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:42.0970 3664 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:42.0970 3664 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:42.0970 3664 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:42.0970 3664 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:42.0970 3664 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
Patric |
|
16.05.2012, 14:58
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
16.05.2012, 15:18
| #18 |
| | PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash combofix wie beschrieben durchgeführt, hier der log:
__________________Code:
ATTFilter Combofix Logfile: Patric |
|
16.05.2012, 20:24
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\users\Setari\AppData\Roaming\Algauerpvlg
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.05.2012, 20:53
| #20 |
| | PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash Hier der Log: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-05-16.02 - Setari 16.05.2012 21:42:17.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3037.2237 [GMT 2:00]
ausgeführt von:: c:\users\Setari\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Setari\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Setari\AppData\Roaming\Algauerpvlg
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-16 bis 2012-05-16 ))))))))))))))))))))))))))))))
.
.
2012-05-16 19:48 . 2012-05-16 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-16 11:41 . 2012-05-16 11:41 -------- d-----w- C:\_OTL
2012-05-16 05:19 . 2012-05-16 05:19 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-15 18:13 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBAB9BF5-0381-4C9B-8062-F6D50F381938}\mpengine.dll
2012-05-14 20:33 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-14 20:32 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-14 14:41 . 2012-05-14 14:41 -------- d-----w- c:\program files\ESET
2012-05-14 14:07 . 2012-05-14 14:07 -------- d-----w- c:\users\Setari\AppData\Roaming\Malwarebytes
2012-05-14 14:07 . 2012-05-14 14:07 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 05:19 . 2011-06-27 15:39 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 23:15 . 2010-10-21 10:18 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-10-21 10:18 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2010-10-21 10:19 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2010-10-21 10:19 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-10-21 10:19 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2010-10-21 10:19 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 05:53 . 2012-04-12 18:18 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49 . 2012-04-12 18:18 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:45 . 2012-04-12 18:18 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 18:18 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-12 18:21 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 18:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 18:21 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 18:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-26 13:15 . 2011-10-30 17:07 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-26 13:15 . 2011-10-30 17:07 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-23 20:00 . 2012-02-23 20:00 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-23 20:00 . 2012-02-23 20:00 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-23 20:00 . 2012-02-23 20:00 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-23 20:00 . 2012-02-23 20:00 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-23 20:00 . 2012-02-23 20:00 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-23 20:00 . 2012-02-23 20:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-23 20:00 . 2012-02-23 20:00 367104 ----a-w- c:\windows\system32\html.iec
2012-02-23 20:00 . 2012-02-23 20:00 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-23 20:00 . 2012-02-23 20:00 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-23 20:00 . 2012-02-23 20:00 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-23 20:00 . 2012-02-23 20:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-23 20:00 . 2012-02-23 20:00 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-23 20:00 . 2012-02-23 20:00 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-23 20:00 . 2012-02-23 20:00 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-23 20:00 . 2012-02-23 20:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-23 20:00 . 2012-02-23 20:00 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-23 20:00 . 2012-02-23 20:00 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-23 08:18 . 2010-10-21 09:56 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-14 12:15 . 2012-05-14 12:15 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"HP KEYBOARDx"="c:\program files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"HP Remote Solution"="c:\program files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"BATINDICATOR"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Setari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
phase-6 Reminder.lnk - c:\program files\phase-6\phase-6\reminder\reminder.exe [2011-11-9 1032192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 257696]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-14 129976]
R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [2008-07-31 82048]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-05-03 266344]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 05:19]
.
2012-04-30 c:\windows\Tasks\HPCeeScheduleForSetari.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-627805222-3500879786-540079800-1001\Software\SecuROM\License information*]
"datasecu"=hex:a1,27,53,a4,76,f7,85,33,6a,11,90,2d,3a,eb,64,3e,69,8a,20,32,fa,
98,9f,5a,43,15,43,da,c3,e5,53,66,f9,cf,25,2c,00,f2,04,81,9e,02,fe,57,c7,f3,\
"rkeysecu"=hex:89,d0,23,a4,e1,5f,fa,d6,68,b6,6c,5a,94,49,b1,d2
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1824)
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
.
Zeit der Fertigstellung: 2012-05-16 21:50:20
ComboFix-quarantined-files.txt 2012-05-16 19:50
ComboFix2.txt 2012-05-16 14:17
.
Vor Suchlauf: 12 Verzeichnis(se), 427.113.615.360 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 427.068.358.656 Bytes frei
.
- - End Of File - - 6C3F56A84C93E2B579295B9E3CFD6A70
Gruß, Patric |
|
16.05.2012, 22:31
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash |
|
17.05.2012, 13:25
| #22 |
| | PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash hallo arne. der gmer-log ist zu lange - ich bekomme vom board den hinweis, dass der beitrag um 1751 zeichen zu lange ist. kann ich da was raus löschen? grüße, patric aber hier mal der osam log: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 13:26:48 on 17.05.2012 OS: Windows 7 (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 12.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "HPCeeScheduleForSetari.job" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "catchme" (catchme) - ? - C:\Users\Setari\AppData\Local\Temp\catchme.sys (File not found) "DLABMFSM" (DLABMFSM) - "Roxio" - C:\Windows\System32\DLA\DLABMFSM.SYS "DLABOIOM" (DLABOIOM) - "Roxio" - C:\Windows\System32\DLA\DLABOIOM.SYS "DLACDBHM" (DLACDBHM) - "Roxio" - C:\Windows\System32\Drivers\DLACDBHM.SYS "DLADResM" (DLADResM) - "Roxio" - C:\Windows\System32\DLA\DLADResM.SYS "DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\Windows\System32\DLA\DLAIFS_M.SYS "DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\Windows\System32\DLA\DLAOPIOM.SYS "DLAPoolM" (DLAPoolM) - "Roxio" - C:\Windows\System32\DLA\DLAPoolM.SYS "DLARTL_M" (DLARTL_M) - "Roxio" - C:\Windows\System32\Drivers\DLARTL_M.SYS "DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\Windows\System32\DLA\DLAUDFAM.SYS "DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\Windows\System32\DLA\DLAUDF_M.SYS "DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\Windows\System32\Drivers\DRVMCDB.SYS "DRVNDDM" (DRVNDDM) - "Roxio" - C:\Windows\System32\Drivers\DRVNDDM.SYS "PnkBstrK" (PnkBstrK) - ? - C:\Windows\system32\drivers\PnkBstrK.sys (File found, but it contains no detailed information) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys "uxdcrpow" (uxdcrpow) - ? - C:\Users\Setari\AppData\Local\Temp\uxdcrpow.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5FCD4425-CA3A-48F4-A57C-B8A75C32ACB1} "NSE_WithSubFld" - ? - C:\Program Files\Hewlett-Packard\Recovery\Protect.dll {5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Roxio" - C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Setari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "phase-6 Reminder.lnk" - "phase-6" - C:\Program Files\phase-6\phase-6\reminder\reminder.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "BATINDICATOR" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe "HP KEYBOARDx" - "Hewlett-Packard" - "C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" "HP Remote Solution" - "Hewlett-Packard" - %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe "hpsysdrv" - "Hewlett-Packard" - c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe "LaunchHPOSIAPP" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe "PDF Complete" - "PDF Complete Inc" - C:\Program Files\PDF Complete\pdfsty.exe "RoxioDragToDisc" - "Roxio" - "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFC" - "PDF Complete, Inc." - C:\Windows\system32\pdfc_port.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE "Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE "GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe "HP Quick Synchronization Service" (HPDrvMntSvc.exe) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe "HP Support Assistant Service" (HP Support Assistant Service) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PDF Document Manager" (pdfcDispatcher) - "PDF Complete Inc" - C:\Program Files\PDF Complete\pdfsvc.exe "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "PnkBstrB" (PnkBstrB) - ? - C:\Windows\system32\PnkBstrB.exe (File found, but it contains no detailed information) "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe "RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] und der aswmbr-log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-17 13:28:55
-----------------------------
13:28:55.437 OS Version: Windows 6.1.7600
13:28:55.437 Number of processors: 2 586 0x170A
13:28:55.437 ComputerName: SETARI-HP UserName: Setari
13:28:58.073 Initialize success
13:29:01.599 AVAST engine defs: 12051601
13:29:30.350 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
13:29:30.350 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3GC Size: 476940MB BusType: 3
13:29:30.412 Disk 0 MBR read successfully
13:29:30.412 Disk 0 MBR scan
13:29:30.412 Disk 0 unknown MBR code
13:29:30.459 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:29:30.506 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 466801 MB offset 206848
13:29:30.584 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10037 MB offset 956215296
13:29:30.646 Disk 0 scanning sectors +976771072
13:29:30.787 Disk 0 scanning C:\Windows\system32\drivers
13:29:55.965 Service scanning
13:30:11.393 Modules scanning
13:30:23.296 Disk 0 trace - called modules:
13:30:23.327 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
13:30:23.327 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ede030]
13:30:23.327 3 CLASSPNP.SYS[8340459e] -> nt!IofCallDriver -> [0x85a9f770]
13:30:23.327 5 ACPI.sys[836a03b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85a98908]
13:30:27.571 AVAST engine scan C:\Windows
13:30:32.750 AVAST engine scan C:\Windows\system32
13:32:32.465 AVAST engine scan C:\Windows\system32\drivers
13:32:41.013 AVAST engine scan C:\Users\Setari
13:36:39.803 AVAST engine scan C:\ProgramData
13:45:43.635 Scan finished successfully
13:51:58.099 Disk 0 MBR has been saved successfully to "C:\Users\Setari\Desktop\MBR.dat"
13:51:58.099 The log file has been saved successfully to "C:\Users\Setari\Desktop\aswMBR.txt"
patric |
|
17.05.2012, 18:18
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2012, 19:48
| #24 |
| | PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash Hier der neue aswmbr log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-17 20:35:24
-----------------------------
20:35:24.653 OS Version: Windows 6.1.7600
20:35:24.653 Number of processors: 2 586 0x170A
20:35:24.653 ComputerName: SETARI-HP UserName: Setari
20:35:31.174 Initialize success
20:35:34.684 AVAST engine defs: 12051700
20:35:41.173 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:35:41.189 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3GC Size: 476940MB BusType: 3
20:35:41.205 Disk 0 MBR read successfully
20:35:41.220 Disk 0 MBR scan
20:35:41.220 Disk 0 Windows 7 default MBR code
20:35:41.220 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:35:41.236 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 466801 MB offset 206848
20:35:41.267 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10037 MB offset 956215296
20:35:41.329 Disk 0 scanning sectors +976771072
20:35:41.454 Disk 0 scanning C:\Windows\system32\drivers
20:35:50.580 Service scanning
20:36:09.425 Modules scanning
20:36:17.599 Disk 0 trace - called modules:
20:36:18.114 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:36:18.130 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ede030]
20:36:18.130 3 CLASSPNP.SYS[8340459e] -> nt!IofCallDriver -> [0x85a73900]
20:36:18.145 5 ACPI.sys[836b93b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85a98908]
20:36:19.815 AVAST engine scan C:\Windows
20:36:24.604 AVAST engine scan C:\Windows\system32
20:38:11.402 AVAST engine scan C:\Windows\system32\drivers
20:38:20.184 AVAST engine scan C:\Users\Setari
20:40:46.762 AVAST engine scan C:\ProgramData
20:44:31.840 Scan finished successfully
20:45:42.398 Disk 0 MBR has been saved successfully to "C:\Users\Setari\Desktop\MBR.dat"
20:45:42.398 The log file has been saved successfully to "C:\Users\Setari\Desktop\aswMBR.txt"
20:46:45.189 Disk 0 MBR has been saved successfully to "C:\Users\Setari\Desktop\MBR.dat"
20:46:45.189 The log file has been saved successfully to "C:\Users\Setari\Desktop\aswMBR.txt"
Patric |
|
17.05.2012, 19:50
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2012, 20:07
| #26 |
| | PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash Die Scans laufen. Logs kommen umgehend. Hast Du mir noch einen Tipp, wie ich die "locked-" Daten wieder beleben kann? Gruß, Patric Hier die Scans: malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.17.06 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Setari :: SETARI-HP [Administrator] Schutz: Deaktiviert 17.05.2012 21:04:48 mbam-log-2012-05-17 (21-04-48).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 340969 Laufzeit: 58 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 05/17/2012 bei 10:21 PM
Version der Applikation : 5.0.1148
Version der Kern-Datenbank : 8614
Version der Spur-Datenbank : 6426
Scan Art : Schneller Scann
Totale Scann-Zeit : 00:02:39
Operating System Information
Windows 7 Professional 32-bit (Build 6.01.7600)
UAC On - Limited User
Gescannte Speicherelemente : 539
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 27418
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 7516
Erfasste Datei-Elemente : 0
|
|
17.05.2012, 21:48
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash Keine Funde!  Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2012, 22:29
| #28 |
| | PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash Mein großes Problem sind die "locked-" Dateien - ich kann die ja nicht mehr öffnen. Das sind alle Bilder, Dokumente Excel-Tabellen, usw. Nix geht da mehr. Gruß, Patric Ach ja; zuerst mal vielen Dank für die super tolle Hilfe !!!! |
|
17.05.2012, 22:35
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash Zur Entschlüsselung gibt es hier einige Hinweise, folge diesen mal Es kann sein, dass du deine Daten nicht sofort entschlüsseln kannst, da brauchst du Geduld Aber malwaretechnisch wären wir durch Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash |
| 32bit, codes, eingabe, infiziert, manager, microsoft, mutter, normale, normalen, rechner, start, start von windows, task manager, ukash, update, willkommen, windows, windows update, windows-verschlüsselungs-trojaner, zahlen |
Linear-Darstellung
