| |
| |||||||
Log-Analyse und Auswertung: Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.AWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.08.2012, 12:25
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2012, 13:31
| #17 |
 | Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A Hi,
__________________hier das Log: Code:
ATTFilter 14:25:59.0023 4284 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:25:59.0043 4284 ============================================================
14:25:59.0043 4284 Current date / time: 2012/08/06 14:25:59.0043
14:25:59.0043 4284 SystemInfo:
14:25:59.0043 4284
14:25:59.0043 4284 OS Version: 6.1.7601 ServicePack: 1.0
14:25:59.0043 4284 Product type: Workstation
14:25:59.0043 4284 ComputerName: ERNST-PC
14:25:59.0043 4284 UserName: Ernst
14:25:59.0043 4284 Windows directory: C:\Windows
14:25:59.0043 4284 System windows directory: C:\Windows
14:25:59.0043 4284 Running under WOW64
14:25:59.0043 4284 Processor architecture: Intel x64
14:25:59.0043 4284 Number of processors: 4
14:25:59.0043 4284 Page size: 0x1000
14:25:59.0043 4284 Boot type: Normal boot
14:25:59.0043 4284 ============================================================
14:25:59.0403 4284 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:25:59.0413 4284 ============================================================
14:25:59.0413 4284 \Device\Harddisk0\DR0:
14:25:59.0413 4284 MBR partitions:
14:25:59.0413 4284 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:25:59.0413 4284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4447D800
14:25:59.0413 4284 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x444B0000, BlocksNum 0x61A8000
14:25:59.0413 4284 ============================================================
14:25:59.0463 4284 C: <-> \Device\Harddisk0\DR0\Partition1
14:25:59.0503 4284 D: <-> \Device\Harddisk0\DR0\Partition2
14:25:59.0503 4284 ============================================================
14:25:59.0503 4284 Initialize success
14:25:59.0503 4284 ============================================================
14:26:57.0629 0500 ============================================================
14:26:57.0629 0500 Scan started
14:26:57.0629 0500 Mode: Manual; SigCheck; TDLFS;
14:26:57.0629 0500 ============================================================
14:26:58.0191 0500 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:26:58.0315 0500 1394ohci - ok
14:26:58.0378 0500 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:26:58.0393 0500 ACPI - ok
14:26:58.0456 0500 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:26:58.0534 0500 AcpiPmi - ok
14:26:58.0659 0500 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:26:58.0674 0500 AdobeARMservice - ok
14:26:58.0815 0500 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:26:58.0830 0500 AdobeFlashPlayerUpdateSvc - ok
14:26:58.0908 0500 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:26:58.0939 0500 adp94xx - ok
14:26:59.0002 0500 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:26:59.0017 0500 adpahci - ok
14:26:59.0080 0500 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:26:59.0111 0500 adpu320 - ok
14:26:59.0173 0500 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:26:59.0329 0500 AeLookupSvc - ok
14:26:59.0392 0500 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:26:59.0454 0500 AFD - ok
14:26:59.0517 0500 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:26:59.0532 0500 agp440 - ok
14:26:59.0579 0500 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:26:59.0641 0500 ALG - ok
14:26:59.0688 0500 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:26:59.0719 0500 aliide - ok
14:26:59.0735 0500 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:26:59.0751 0500 amdide - ok
14:26:59.0782 0500 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:26:59.0844 0500 AmdK8 - ok
14:26:59.0875 0500 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:26:59.0907 0500 AmdPPM - ok
14:26:59.0969 0500 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:26:59.0985 0500 amdsata - ok
14:27:00.0031 0500 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:27:00.0047 0500 amdsbs - ok
14:27:00.0094 0500 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:27:00.0109 0500 amdxata - ok
14:27:00.0172 0500 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:27:00.0359 0500 AppID - ok
14:27:00.0421 0500 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:27:00.0484 0500 AppIDSvc - ok
14:27:00.0531 0500 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:27:00.0624 0500 Appinfo - ok
14:27:00.0671 0500 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:27:00.0702 0500 arc - ok
14:27:00.0733 0500 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:27:00.0749 0500 arcsas - ok
14:27:00.0780 0500 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:27:00.0889 0500 AsyncMac - ok
14:27:00.0952 0500 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:27:00.0967 0500 atapi - ok
14:27:01.0061 0500 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:27:01.0139 0500 AudioEndpointBuilder - ok
14:27:01.0139 0500 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:27:01.0186 0500 AudioSrv - ok
14:27:01.0279 0500 AVM WLAN Connection Service (c6f4c466b654c1be98af31418bb5ac30) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
14:27:01.0295 0500 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
14:27:01.0295 0500 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
14:27:01.0342 0500 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
14:27:01.0389 0500 avmeject - ok
14:27:01.0435 0500 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:27:01.0529 0500 AxInstSV - ok
14:27:01.0607 0500 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:27:01.0669 0500 b06bdrv - ok
14:27:01.0716 0500 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:27:01.0763 0500 b57nd60a - ok
14:27:01.0794 0500 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:27:01.0841 0500 BDESVC - ok
14:27:01.0888 0500 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:27:01.0966 0500 Beep - ok
14:27:02.0044 0500 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:27:02.0106 0500 BFE - ok
14:27:02.0278 0500 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
14:27:02.0309 0500 BHDrvx64 - ok
14:27:02.0434 0500 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:27:02.0512 0500 BITS - ok
14:27:02.0543 0500 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:27:02.0574 0500 blbdrive - ok
14:27:02.0621 0500 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:27:02.0715 0500 bowser - ok
14:27:02.0730 0500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:27:02.0808 0500 BrFiltLo - ok
14:27:02.0839 0500 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:27:02.0886 0500 BrFiltUp - ok
14:27:02.0949 0500 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:27:03.0027 0500 Browser - ok
14:27:03.0058 0500 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:27:03.0120 0500 Brserid - ok
14:27:03.0136 0500 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:27:03.0167 0500 BrSerWdm - ok
14:27:03.0198 0500 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:27:03.0229 0500 BrUsbMdm - ok
14:27:03.0261 0500 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:27:03.0292 0500 BrUsbSer - ok
14:27:03.0323 0500 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:27:03.0354 0500 BTHMODEM - ok
14:27:03.0401 0500 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:27:03.0463 0500 bthserv - ok
14:27:03.0573 0500 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys
14:27:03.0588 0500 ccSet_NIS - ok
14:27:03.0635 0500 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:27:03.0713 0500 cdfs - ok
14:27:03.0760 0500 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:27:03.0791 0500 cdrom - ok
14:27:03.0838 0500 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:27:03.0916 0500 CertPropSvc - ok
14:27:03.0978 0500 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:27:04.0025 0500 circlass - ok
14:27:04.0072 0500 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:27:04.0087 0500 CLFS - ok
14:27:04.0134 0500 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:27:04.0150 0500 clr_optimization_v2.0.50727_32 - ok
14:27:04.0197 0500 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:27:04.0212 0500 clr_optimization_v2.0.50727_64 - ok
14:27:04.0306 0500 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:27:04.0337 0500 clr_optimization_v4.0.30319_32 - ok
14:27:04.0353 0500 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:27:04.0368 0500 clr_optimization_v4.0.30319_64 - ok
14:27:04.0431 0500 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
14:27:04.0446 0500 clwvd - ok
14:27:04.0477 0500 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:27:04.0524 0500 CmBatt - ok
14:27:04.0555 0500 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:27:04.0571 0500 cmdide - ok
14:27:04.0618 0500 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:27:04.0665 0500 CNG - ok
14:27:04.0696 0500 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:27:04.0727 0500 Compbatt - ok
14:27:04.0774 0500 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:27:04.0821 0500 CompositeBus - ok
14:27:04.0821 0500 COMSysApp - ok
14:27:04.0852 0500 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:27:04.0867 0500 crcdisk - ok
14:27:04.0914 0500 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:27:04.0961 0500 CryptSvc - ok
14:27:05.0008 0500 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:27:05.0086 0500 DcomLaunch - ok
14:27:05.0117 0500 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:27:05.0179 0500 defragsvc - ok
14:27:05.0226 0500 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:27:05.0304 0500 DfsC - ok
14:27:05.0351 0500 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:27:05.0445 0500 Dhcp - ok
14:27:05.0476 0500 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:27:05.0538 0500 discache - ok
14:27:05.0585 0500 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:27:05.0601 0500 Disk - ok
14:27:05.0647 0500 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:27:05.0694 0500 Dnscache - ok
14:27:05.0741 0500 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:27:05.0835 0500 dot3svc - ok
14:27:05.0866 0500 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:27:05.0928 0500 DPS - ok
14:27:05.0959 0500 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:27:05.0991 0500 drmkaud - ok
14:27:06.0037 0500 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:27:06.0084 0500 DXGKrnl - ok
14:27:06.0115 0500 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:27:06.0162 0500 EapHost - ok
14:27:06.0271 0500 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:27:06.0365 0500 ebdrv - ok
14:27:06.0474 0500 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:27:06.0505 0500 eeCtrl - ok
14:27:06.0615 0500 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:27:06.0677 0500 EFS - ok
14:27:06.0771 0500 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:27:06.0833 0500 ehRecvr - ok
14:27:06.0880 0500 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:27:06.0927 0500 ehSched - ok
14:27:07.0005 0500 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:27:07.0036 0500 elxstor - ok
14:27:07.0145 0500 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:27:07.0161 0500 EraserUtilRebootDrv - ok
14:27:07.0207 0500 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:27:07.0239 0500 ErrDev - ok
14:27:07.0285 0500 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:27:07.0363 0500 EventSystem - ok
14:27:07.0410 0500 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:27:07.0457 0500 exfat - ok
14:27:07.0473 0500 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:27:07.0519 0500 fastfat - ok
14:27:07.0597 0500 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:27:07.0644 0500 Fax - ok
14:27:07.0691 0500 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:27:07.0722 0500 fdc - ok
14:27:07.0769 0500 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:27:07.0847 0500 fdPHost - ok
14:27:07.0863 0500 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:27:07.0894 0500 FDResPub - ok
14:27:07.0925 0500 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:27:07.0941 0500 FileInfo - ok
14:27:07.0956 0500 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:27:08.0003 0500 Filetrace - ok
14:27:08.0034 0500 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:27:08.0081 0500 flpydisk - ok
14:27:08.0112 0500 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:27:08.0143 0500 FltMgr - ok
14:27:08.0206 0500 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:27:08.0284 0500 FontCache - ok
14:27:08.0377 0500 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:27:08.0393 0500 FontCache3.0.0.0 - ok
14:27:08.0440 0500 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:27:08.0471 0500 FsDepends - ok
14:27:08.0502 0500 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:27:08.0533 0500 Fs_Rec - ok
14:27:08.0565 0500 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:27:08.0580 0500 fvevol - ok
14:27:08.0643 0500 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
14:27:08.0721 0500 FWLANUSB - ok
14:27:08.0767 0500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:27:08.0799 0500 gagp30kx - ok
14:27:08.0845 0500 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:27:08.0861 0500 GEARAspiWDM - ok
14:27:08.0877 0500 GenericMount (9ba50351af95c9df28c8bcd382427d11) C:\Windows\system32\DRIVERS\GenericMount.sys
14:27:08.0892 0500 GenericMount - ok
14:27:09.0064 0500 GenericMount Helper Service (9573dc01b6baa0371ed4afbaebee4dcc) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe
14:27:09.0126 0500 GenericMount Helper Service - ok
14:27:09.0267 0500 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:27:09.0329 0500 gpsvc - ok
14:27:09.0438 0500 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:27:09.0454 0500 gupdate - ok
14:27:09.0485 0500 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:27:09.0501 0500 gupdatem - ok
14:27:09.0516 0500 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:27:09.0532 0500 gusvc - ok
14:27:09.0594 0500 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:27:09.0625 0500 hcw85cir - ok
14:27:09.0703 0500 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:27:09.0750 0500 HdAudAddService - ok
14:27:09.0781 0500 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:27:09.0813 0500 HDAudBus - ok
14:27:09.0859 0500 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:27:09.0875 0500 HECIx64 - ok
14:27:09.0906 0500 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:27:09.0937 0500 HidBatt - ok
14:27:09.0953 0500 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:27:10.0015 0500 HidBth - ok
14:27:10.0047 0500 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:27:10.0093 0500 HidIr - ok
14:27:10.0125 0500 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:27:10.0187 0500 hidserv - ok
14:27:10.0249 0500 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:27:10.0281 0500 HidUsb - ok
14:27:10.0327 0500 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:27:10.0390 0500 hkmsvc - ok
14:27:10.0452 0500 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:27:10.0515 0500 HomeGroupListener - ok
14:27:10.0546 0500 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:27:10.0577 0500 HomeGroupProvider - ok
14:27:10.0624 0500 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:27:10.0639 0500 HpSAMD - ok
14:27:10.0702 0500 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:27:10.0780 0500 HTTP - ok
14:27:10.0827 0500 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:27:10.0842 0500 hwpolicy - ok
14:27:10.0889 0500 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:27:10.0905 0500 i8042prt - ok
14:27:10.0936 0500 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
14:27:10.0967 0500 iaStor - ok
14:27:11.0029 0500 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:27:11.0045 0500 IAStorDataMgrSvc - ok
14:27:11.0092 0500 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:27:11.0139 0500 iaStorV - ok
14:27:11.0232 0500 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:27:11.0263 0500 idsvc - ok
14:27:11.0419 0500 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120803.002\IDSvia64.sys
14:27:11.0451 0500 IDSVia64 - ok
14:27:11.0560 0500 IGDCTRL (ac9ebde25db39a35e1ceb0441ba7a464) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
14:27:11.0575 0500 IGDCTRL - ok
14:27:11.0950 0500 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:27:12.0355 0500 igfx - ok
14:27:12.0465 0500 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:27:12.0496 0500 iirsp - ok
14:27:12.0543 0500 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:27:12.0621 0500 IKEEXT - ok
14:27:12.0667 0500 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
14:27:12.0714 0500 Impcd - ok
14:27:12.0839 0500 IntcAzAudAddService (4e2745db3adef0ffa5e14857666aae13) C:\Windows\system32\drivers\RTKVHD64.sys
14:27:12.0901 0500 IntcAzAudAddService - ok
14:27:13.0011 0500 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:27:13.0073 0500 IntcDAud - ok
14:27:13.0104 0500 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:27:13.0135 0500 intelide - ok
14:27:13.0167 0500 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:27:13.0198 0500 intelppm - ok
14:27:13.0245 0500 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:27:13.0323 0500 IPBusEnum - ok
14:27:13.0354 0500 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:27:13.0416 0500 IpFilterDriver - ok
14:27:13.0463 0500 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:27:13.0572 0500 iphlpsvc - ok
14:27:13.0619 0500 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:27:13.0650 0500 IPMIDRV - ok
14:27:13.0681 0500 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:27:13.0744 0500 IPNAT - ok
14:27:13.0775 0500 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:27:13.0837 0500 IRENUM - ok
14:27:13.0869 0500 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:27:13.0884 0500 isapnp - ok
14:27:13.0915 0500 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:27:13.0962 0500 iScsiPrt - ok
14:27:13.0978 0500 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:27:13.0993 0500 kbdclass - ok
14:27:14.0040 0500 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:27:14.0087 0500 kbdhid - ok
14:27:14.0134 0500 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:27:14.0149 0500 KeyIso - ok
14:27:14.0212 0500 KOBCCEX (322cd7a01a961d94c6eab640d6427504) C:\Windows\system32\drivers\KOBCCEX.sys
14:27:14.0259 0500 KOBCCEX - ok
14:27:14.0290 0500 KOBCCID (000200ad75de8363546eecaff77980fe) C:\Windows\system32\drivers\KOBCCID.sys
14:27:14.0305 0500 KOBCCID - ok
14:27:14.0368 0500 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:27:14.0383 0500 KSecDD - ok
14:27:14.0415 0500 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:27:14.0446 0500 KSecPkg - ok
14:27:14.0477 0500 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:27:14.0524 0500 ksthunk - ok
14:27:14.0571 0500 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:27:14.0649 0500 KtmRm - ok
14:27:14.0695 0500 L1C (48686c29856f46443952a831424f8d6f) C:\Windows\system32\DRIVERS\L1C62x64.sys
14:27:14.0711 0500 L1C - ok
14:27:14.0773 0500 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:27:14.0851 0500 LanmanServer - ok
14:27:14.0898 0500 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:27:14.0976 0500 LanmanWorkstation - ok
14:27:15.0148 0500 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
14:27:15.0210 0500 LiveUpdate - ok
14:27:15.0304 0500 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:27:15.0382 0500 lltdio - ok
14:27:15.0413 0500 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:27:15.0460 0500 lltdsvc - ok
14:27:15.0491 0500 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:27:15.0522 0500 lmhosts - ok
14:27:15.0616 0500 LMS (1e2f802846eb944e0333efee7c9532a8) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:27:15.0647 0500 LMS - ok
14:27:15.0678 0500 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:27:15.0694 0500 LSI_FC - ok
14:27:15.0741 0500 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:27:15.0772 0500 LSI_SAS - ok
14:27:15.0803 0500 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:27:15.0819 0500 LSI_SAS2 - ok
14:27:15.0850 0500 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:27:15.0865 0500 LSI_SCSI - ok
14:27:15.0897 0500 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:27:15.0959 0500 luafv - ok
14:27:16.0006 0500 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
14:27:16.0037 0500 MBAMProtector - ok
14:27:16.0099 0500 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:27:16.0131 0500 MBAMService - ok
14:27:16.0209 0500 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
14:27:16.0224 0500 McComponentHostService - ok
14:27:16.0287 0500 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:27:16.0318 0500 Mcx2Svc - ok
14:27:16.0349 0500 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:27:16.0380 0500 megasas - ok
14:27:16.0427 0500 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:27:16.0458 0500 MegaSR - ok
14:27:16.0489 0500 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:27:16.0552 0500 MMCSS - ok
14:27:16.0614 0500 mod7764 (b6187c5f104da7f2519bb996f9653f01) C:\Windows\system32\DRIVERS\mod77-64.sys
14:27:16.0708 0500 mod7764 - ok
14:27:16.0723 0500 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:27:16.0801 0500 Modem - ok
14:27:16.0848 0500 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:27:16.0879 0500 monitor - ok
14:27:16.0926 0500 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:27:16.0942 0500 mouclass - ok
14:27:16.0973 0500 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:27:17.0020 0500 mouhid - ok
14:27:17.0051 0500 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:27:17.0067 0500 mountmgr - ok
14:27:17.0160 0500 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:27:17.0191 0500 MozillaMaintenance - ok
14:27:17.0223 0500 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:27:17.0238 0500 mpio - ok
14:27:17.0269 0500 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:27:17.0301 0500 mpsdrv - ok
14:27:17.0363 0500 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:27:17.0441 0500 MpsSvc - ok
14:27:17.0488 0500 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:27:17.0519 0500 MRxDAV - ok
14:27:17.0566 0500 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:27:17.0628 0500 mrxsmb - ok
14:27:17.0659 0500 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:27:17.0691 0500 mrxsmb10 - ok
14:27:17.0706 0500 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:27:17.0753 0500 mrxsmb20 - ok
14:27:17.0784 0500 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:27:17.0800 0500 msahci - ok
14:27:17.0831 0500 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:27:17.0847 0500 msdsm - ok
14:27:17.0878 0500 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:27:17.0909 0500 MSDTC - ok
14:27:17.0940 0500 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:27:18.0003 0500 Msfs - ok
14:27:18.0018 0500 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:27:18.0096 0500 mshidkmdf - ok
14:27:18.0127 0500 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:27:18.0143 0500 msisadrv - ok
14:27:18.0159 0500 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:27:18.0221 0500 MSiSCSI - ok
14:27:18.0221 0500 msiserver - ok
14:27:18.0252 0500 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:27:18.0315 0500 MSKSSRV - ok
14:27:18.0315 0500 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:27:18.0361 0500 MSPCLOCK - ok
14:27:18.0361 0500 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:27:18.0408 0500 MSPQM - ok
14:27:18.0439 0500 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:27:18.0455 0500 MsRPC - ok
14:27:18.0486 0500 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:27:18.0517 0500 mssmbios - ok
14:27:18.0549 0500 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:27:18.0595 0500 MSTEE - ok
14:27:18.0611 0500 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:27:18.0642 0500 MTConfig - ok
14:27:18.0642 0500 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:27:18.0658 0500 Mup - ok
14:27:18.0705 0500 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:27:18.0767 0500 napagent - ok
14:27:18.0829 0500 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:27:18.0892 0500 NativeWifiP - ok
14:27:19.0032 0500 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120804.009\ENG64.SYS
14:27:19.0063 0500 NAVENG - ok
14:27:19.0126 0500 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120804.009\EX64.SYS
14:27:19.0204 0500 NAVEX15 - ok
14:27:19.0329 0500 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:27:19.0375 0500 NDIS - ok
14:27:19.0407 0500 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:27:19.0500 0500 NdisCap - ok
14:27:19.0516 0500 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:27:19.0563 0500 NdisTapi - ok
14:27:19.0625 0500 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:27:19.0703 0500 Ndisuio - ok
14:27:19.0719 0500 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:27:19.0781 0500 NdisWan - ok
14:27:19.0812 0500 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:27:19.0875 0500 NDProxy - ok
14:27:19.0906 0500 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:27:19.0968 0500 NetBIOS - ok
14:27:19.0999 0500 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:27:20.0093 0500 NetBT - ok
14:27:20.0140 0500 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:27:20.0171 0500 Netlogon - ok
14:27:20.0202 0500 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:27:20.0280 0500 Netman - ok
14:27:20.0327 0500 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:27:20.0389 0500 netprofm - ok
14:27:20.0467 0500 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:27:20.0483 0500 NetTcpPortSharing - ok
14:27:20.0514 0500 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:27:20.0545 0500 nfrd960 - ok
14:27:20.0670 0500 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
14:27:20.0686 0500 NIS - ok
14:27:20.0748 0500 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:27:20.0826 0500 NlaSvc - ok
14:27:20.0998 0500 Norton Ghost (a1787754952a0b700e386dc7c5fa5726) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
14:27:21.0185 0500 Norton Ghost - ok
14:27:21.0263 0500 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:27:21.0357 0500 Npfs - ok
14:27:21.0388 0500 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:27:21.0435 0500 nsi - ok
14:27:21.0450 0500 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:27:21.0497 0500 nsiproxy - ok
14:27:21.0575 0500 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:27:21.0637 0500 Ntfs - ok
14:27:21.0715 0500 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:27:21.0778 0500 Null - ok
14:27:21.0809 0500 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
14:27:21.0856 0500 nusb3hub - ok
14:27:21.0887 0500 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:27:21.0934 0500 nusb3xhc - ok
14:27:22.0293 0500 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:27:22.0636 0500 nvlddmkm - ok
14:27:22.0745 0500 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:27:22.0761 0500 nvraid - ok
14:27:22.0792 0500 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:27:22.0839 0500 nvstor - ok
14:27:22.0870 0500 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:27:22.0901 0500 nv_agp - ok
14:27:22.0979 0500 NxpCap64 (c64097401081d5d641924e8b96332f75) C:\Windows\system32\DRIVERS\NxpCap64.sys
14:27:23.0057 0500 NxpCap64 ( UnsignedFile.Multi.Generic ) - warning
14:27:23.0057 0500 NxpCap64 - detected UnsignedFile.Multi.Generic (1)
14:27:23.0135 0500 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:27:23.0182 0500 ohci1394 - ok
14:27:23.0260 0500 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:27:23.0275 0500 ose - ok
14:27:23.0494 0500 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:27:23.0587 0500 osppsvc - ok
14:27:23.0681 0500 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:27:23.0743 0500 p2pimsvc - ok
14:27:23.0775 0500 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:27:23.0821 0500 p2psvc - ok
14:27:23.0868 0500 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:27:23.0899 0500 Parport - ok
14:27:23.0946 0500 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:27:23.0962 0500 partmgr - ok
14:27:23.0993 0500 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:27:24.0024 0500 PcaSvc - ok
14:27:24.0071 0500 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:27:24.0102 0500 pci - ok
14:27:24.0133 0500 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:27:24.0165 0500 pciide - ok
14:27:24.0196 0500 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:27:24.0211 0500 pcmcia - ok
14:27:24.0243 0500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:27:24.0243 0500 pcw - ok
14:27:24.0274 0500 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:27:24.0336 0500 PEAUTH - ok
14:27:24.0414 0500 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:27:24.0445 0500 PerfHost - ok
14:27:24.0555 0500 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:27:24.0617 0500 pla - ok
14:27:24.0664 0500 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:27:24.0695 0500 PlugPlay - ok
14:27:24.0726 0500 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:27:24.0757 0500 PNRPAutoReg - ok
14:27:24.0773 0500 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:27:24.0789 0500 PNRPsvc - ok
14:27:24.0835 0500 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:27:24.0898 0500 PolicyAgent - ok
14:27:24.0929 0500 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:27:24.0976 0500 Power - ok
14:27:25.0054 0500 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:27:25.0116 0500 PptpMiniport - ok
14:27:25.0147 0500 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:27:25.0179 0500 Processor - ok
14:27:25.0210 0500 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:27:25.0257 0500 ProfSvc - ok
14:27:25.0288 0500 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:27:25.0303 0500 ProtectedStorage - ok
14:27:25.0366 0500 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:27:25.0428 0500 Psched - ok
14:27:25.0475 0500 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
14:27:25.0491 0500 PSI_SVC_2 - ok
14:27:25.0569 0500 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:27:25.0615 0500 ql2300 - ok
14:27:25.0709 0500 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:27:25.0725 0500 ql40xx - ok
14:27:25.0771 0500 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:27:25.0818 0500 QWAVE - ok
14:27:25.0834 0500 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:27:25.0881 0500 QWAVEdrv - ok
14:27:25.0896 0500 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:27:25.0943 0500 RasAcd - ok
14:27:25.0974 0500 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:27:26.0037 0500 RasAgileVpn - ok
14:27:26.0068 0500 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:27:26.0115 0500 RasAuto - ok
14:27:26.0146 0500 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:27:26.0208 0500 Rasl2tp - ok
14:27:26.0255 0500 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:27:26.0317 0500 RasMan - ok
14:27:26.0349 0500 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:27:26.0395 0500 RasPppoe - ok
14:27:26.0411 0500 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:27:26.0473 0500 RasSstp - ok
14:27:26.0520 0500 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:27:26.0598 0500 rdbss - ok
14:27:26.0629 0500 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:27:26.0661 0500 rdpbus - ok
14:27:26.0692 0500 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:27:26.0739 0500 RDPCDD - ok
14:27:26.0754 0500 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:27:26.0801 0500 RDPENCDD - ok
14:27:26.0801 0500 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:27:26.0863 0500 RDPREFMP - ok
14:27:26.0895 0500 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:27:26.0957 0500 RDPWD - ok
14:27:27.0019 0500 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:27:27.0051 0500 rdyboost - ok
14:27:27.0082 0500 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:27:27.0144 0500 RemoteAccess - ok
14:27:27.0175 0500 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:27:27.0222 0500 RemoteRegistry - ok
14:27:27.0363 0500 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
14:27:27.0378 0500 RichVideo ( UnsignedFile.Multi.Generic ) - warning
14:27:27.0378 0500 RichVideo - detected UnsignedFile.Multi.Generic (1)
14:27:27.0409 0500 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:27:27.0487 0500 RpcEptMapper - ok
14:27:27.0519 0500 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:27:27.0550 0500 RpcLocator - ok
14:27:27.0581 0500 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:27:27.0628 0500 RpcSs - ok
14:27:27.0690 0500 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:27:27.0753 0500 rspndr - ok
14:27:27.0799 0500 RSUSBSTOR (44ed82612403021e36998e1ecb1198f1) C:\Windows\System32\Drivers\RtsUStor.sys
14:27:27.0831 0500 RSUSBSTOR - ok
14:27:27.0877 0500 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:27:27.0924 0500 RTL8167 - ok
14:27:27.0987 0500 rtl8192se (8e843c0340c30994161c10fba87eea18) C:\Windows\system32\DRIVERS\rtl8192se.sys
14:27:28.0033 0500 rtl8192se - ok
14:27:28.0080 0500 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:27:28.0080 0500 SamSs - ok
14:27:28.0127 0500 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:27:28.0158 0500 sbp2port - ok
14:27:28.0189 0500 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:27:28.0252 0500 SCardSvr - ok
14:27:28.0283 0500 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:27:28.0361 0500 scfilter - ok
14:27:28.0423 0500 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:27:28.0501 0500 Schedule - ok
14:27:28.0533 0500 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:27:28.0595 0500 SCPolicySvc - ok
14:27:28.0626 0500 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:27:28.0704 0500 SDRSVC - ok
14:27:28.0751 0500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:27:28.0829 0500 secdrv - ok
14:27:28.0860 0500 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:27:28.0891 0500 seclogon - ok
14:27:28.0938 0500 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:27:29.0001 0500 SENS - ok
14:27:29.0016 0500 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:27:29.0032 0500 SensrSvc - ok
14:27:29.0079 0500 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:27:29.0125 0500 Serenum - ok
14:27:29.0172 0500 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:27:29.0219 0500 Serial - ok
14:27:29.0266 0500 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:27:29.0313 0500 sermouse - ok
14:27:29.0359 0500 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:27:29.0437 0500 SessionEnv - ok
14:27:29.0515 0500 sesvc (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
14:27:29.0547 0500 sesvc ( UnsignedFile.Multi.Generic ) - warning
14:27:29.0547 0500 sesvc - detected UnsignedFile.Multi.Generic (1)
14:27:29.0578 0500 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:27:29.0656 0500 sffdisk - ok
14:27:29.0671 0500 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:27:29.0718 0500 sffp_mmc - ok
14:27:29.0718 0500 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:27:29.0749 0500 sffp_sd - ok
14:27:29.0781 0500 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:27:29.0812 0500 sfloppy - ok
14:27:29.0843 0500 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:27:29.0921 0500 SharedAccess - ok
14:27:29.0952 0500 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:27:30.0046 0500 ShellHWDetection - ok
14:27:30.0077 0500 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:27:30.0093 0500 SiSRaid2 - ok
14:27:30.0124 0500 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:27:30.0155 0500 SiSRaid4 - ok
14:27:30.0233 0500 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:27:30.0264 0500 SkypeUpdate - ok
14:27:30.0311 0500 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:27:30.0389 0500 Smb - ok
14:27:30.0420 0500 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:27:30.0451 0500 SNMPTRAP - ok
14:27:30.0451 0500 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:27:30.0467 0500 spldr - ok
14:27:30.0514 0500 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:27:30.0561 0500 Spooler - ok
14:27:30.0701 0500 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:27:30.0826 0500 sppsvc - ok
14:27:30.0919 0500 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:27:30.0982 0500 sppuinotify - ok
14:27:31.0060 0500 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
14:27:31.0091 0500 SRTSP - ok
14:27:31.0107 0500 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
14:27:31.0122 0500 SRTSPX - ok
14:27:31.0169 0500 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:27:31.0231 0500 srv - ok
14:27:31.0263 0500 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:27:31.0294 0500 srv2 - ok
14:27:31.0309 0500 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:27:31.0341 0500 srvnet - ok
14:27:31.0372 0500 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:27:31.0434 0500 SSDPSRV - ok
14:27:31.0450 0500 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:27:31.0528 0500 SstpSvc - ok
14:27:31.0684 0500 StarMoney 8.0 OnlineUpdate (e4aea6fc64a979375149b86882ca2100) C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
14:27:31.0731 0500 StarMoney 8.0 OnlineUpdate - ok
14:27:31.0762 0500 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:27:31.0777 0500 stexstor - ok
14:27:31.0855 0500 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:27:31.0918 0500 stisvc - ok
14:27:31.0949 0500 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:27:31.0980 0500 swenum - ok
14:27:32.0011 0500 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:27:32.0089 0500 swprv - ok
14:27:32.0089 0500 Symantec SymSnap VSS Provider - ok
14:27:32.0183 0500 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS
14:27:32.0214 0500 SymDS - ok
14:27:32.0277 0500 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS
14:27:32.0323 0500 SymEFA - ok
14:27:32.0386 0500 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:27:32.0417 0500 SymEvent - ok
14:27:32.0464 0500 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
14:27:32.0495 0500 SymIRON - ok
14:27:32.0526 0500 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
14:27:32.0557 0500 SymNetS - ok
14:27:32.0589 0500 symsnap (2d9b2746f7dea46d1572b84a06311566) C:\Windows\system32\DRIVERS\symsnap.sys
14:27:32.0620 0500 symsnap - ok
14:27:32.0791 0500 SymSnapService (ea1a479651ca2e0409c29d586c91901d) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
14:27:32.0854 0500 SymSnapService - ok
14:27:32.0979 0500 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
14:27:33.0010 0500 SynTP - ok
14:27:33.0088 0500 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:27:33.0135 0500 SysMain - ok
14:27:33.0228 0500 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:27:33.0275 0500 TabletInputService - ok
14:27:33.0306 0500 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:27:33.0384 0500 TapiSrv - ok
14:27:33.0415 0500 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:27:33.0462 0500 TBS - ok
14:27:33.0587 0500 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:27:33.0649 0500 Tcpip - ok
14:27:33.0805 0500 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:27:33.0837 0500 TCPIP6 - ok
14:27:33.0899 0500 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:27:33.0961 0500 tcpipreg - ok
14:27:33.0993 0500 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:27:34.0039 0500 TDPIPE - ok
14:27:34.0071 0500 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:27:34.0102 0500 TDTCP - ok
14:27:34.0133 0500 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:27:34.0180 0500 tdx - ok
14:27:34.0305 0500 TeamViewer6 (839e88db24d2d8f05b72e12b175951ca) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
14:27:34.0367 0500 TeamViewer6 - ok
14:27:34.0570 0500 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:27:34.0632 0500 TeamViewer7 - ok
14:27:34.0741 0500 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:27:34.0773 0500 TermDD - ok
14:27:34.0835 0500 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:27:34.0913 0500 TermService - ok
14:27:34.0944 0500 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:27:34.0991 0500 Themes - ok
14:27:35.0007 0500 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:27:35.0053 0500 THREADORDER - ok
14:27:35.0147 0500 TrdCap64 (023317b4cb35e1e87fc12d43b7ba4864) C:\Windows\system32\DRIVERS\TrdCap64.sys
14:27:35.0194 0500 TrdCap64 - ok
14:27:35.0287 0500 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:27:35.0334 0500 TrkWks - ok
14:27:35.0412 0500 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:27:35.0475 0500 TrustedInstaller - ok
14:27:35.0521 0500 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:27:35.0599 0500 tssecsrv - ok
14:27:35.0662 0500 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:27:35.0709 0500 TsUsbFlt - ok
14:27:35.0865 0500 TuneUp.UtilitiesSvc (811a229718c85356bc81eb20f35eb7f6) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
14:27:35.0911 0500 TuneUp.UtilitiesSvc - ok
14:27:36.0021 0500 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
14:27:36.0036 0500 TuneUpUtilitiesDrv - ok
14:27:36.0192 0500 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:27:36.0255 0500 tunnel - ok
14:27:36.0286 0500 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:27:36.0301 0500 uagp35 - ok
14:27:36.0333 0500 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:27:36.0395 0500 udfs - ok
14:27:36.0426 0500 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:27:36.0473 0500 UI0Detect - ok
14:27:36.0520 0500 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:27:36.0535 0500 uliagpkx - ok
14:27:36.0567 0500 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:27:36.0613 0500 umbus - ok
14:27:36.0645 0500 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:27:36.0676 0500 UmPass - ok
14:27:36.0832 0500 UNS (af905f4966cfc8b973623ab150cd4b2b) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:27:36.0894 0500 UNS - ok
14:27:37.0003 0500 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:27:37.0066 0500 upnphost - ok
14:27:37.0144 0500 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:27:37.0191 0500 usbccgp - ok
14:27:37.0206 0500 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:27:37.0237 0500 usbcir - ok
14:27:37.0253 0500 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:27:37.0269 0500 usbehci - ok
14:27:37.0300 0500 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:27:37.0331 0500 usbhub - ok
14:27:37.0362 0500 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:27:37.0378 0500 usbohci - ok
14:27:37.0409 0500 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:27:37.0440 0500 usbprint - ok
14:27:37.0471 0500 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:27:37.0518 0500 USBSTOR - ok
14:27:37.0549 0500 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:27:37.0581 0500 usbuhci - ok
14:27:37.0659 0500 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:27:37.0690 0500 usbvideo - ok
14:27:37.0721 0500 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:27:37.0768 0500 UxSms - ok
14:27:37.0815 0500 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:27:37.0846 0500 VaultSvc - ok
14:27:37.0877 0500 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:27:37.0893 0500 vdrvroot - ok
14:27:37.0955 0500 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:27:38.0017 0500 vds - ok
14:27:38.0049 0500 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:27:38.0080 0500 vga - ok
14:27:38.0095 0500 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:27:38.0189 0500 VgaSave - ok
14:27:38.0220 0500 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:27:38.0236 0500 vhdmp - ok
14:27:38.0267 0500 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:27:38.0283 0500 viaide - ok
14:27:38.0329 0500 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:27:38.0361 0500 volmgr - ok
14:27:38.0392 0500 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:27:38.0407 0500 volmgrx - ok
14:27:38.0439 0500 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:27:38.0454 0500 volsnap - ok
14:27:38.0470 0500 VProEventMonitor (8b7454930230db4bc4ba35a467be09aa) C:\Windows\system32\DRIVERS\vproeventmonitor.sys
14:27:38.0485 0500 VProEventMonitor - ok
14:27:38.0532 0500 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:27:38.0563 0500 vsmraid - ok
14:27:38.0641 0500 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:27:38.0719 0500 VSS - ok
14:27:38.0797 0500 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:27:38.0829 0500 vwifibus - ok
14:27:38.0844 0500 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:27:38.0875 0500 vwififlt - ok
14:27:38.0907 0500 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:27:38.0922 0500 vwifimp - ok
14:27:38.0953 0500 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:27:39.0000 0500 W32Time - ok
14:27:39.0031 0500 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:27:39.0047 0500 WacomPen - ok
14:27:39.0109 0500 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:27:39.0172 0500 WANARP - ok
14:27:39.0172 0500 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:27:39.0219 0500 Wanarpv6 - ok
14:27:39.0281 0500 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:27:39.0359 0500 wbengine - ok
14:27:39.0437 0500 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:27:39.0468 0500 WbioSrvc - ok
14:27:39.0515 0500 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:27:39.0546 0500 wcncsvc - ok
14:27:39.0577 0500 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:27:39.0640 0500 WcsPlugInService - ok
14:27:39.0687 0500 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:27:39.0718 0500 Wd - ok
14:27:39.0765 0500 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:27:39.0780 0500 Wdf01000 - ok
14:27:39.0827 0500 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:27:39.0921 0500 WdiServiceHost - ok
14:27:39.0921 0500 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:27:39.0952 0500 WdiSystemHost - ok
14:27:39.0983 0500 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:27:40.0014 0500 WebClient - ok
14:27:40.0030 0500 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:27:40.0092 0500 Wecsvc - ok
14:27:40.0108 0500 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:27:40.0155 0500 wercplsupport - ok
14:27:40.0170 0500 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:27:40.0201 0500 WerSvc - ok
14:27:40.0279 0500 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:27:40.0342 0500 WfpLwf - ok
14:27:40.0373 0500 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
14:27:40.0389 0500 WimFltr - ok
14:27:40.0404 0500 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:27:40.0420 0500 WIMMount - ok
14:27:40.0467 0500 WinDefend - ok
14:27:40.0467 0500 WinHttpAutoProxySvc - ok
14:27:40.0529 0500 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:27:40.0607 0500 Winmgmt - ok
14:27:40.0701 0500 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:27:40.0779 0500 WinRM - ok
14:27:40.0903 0500 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:27:40.0950 0500 WinUsb - ok
14:27:40.0997 0500 WisLMSvc (4c69a8e2e159c1c59bc4b688e9dd7f8c) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
14:27:41.0028 0500 WisLMSvc - ok
14:27:41.0075 0500 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:27:41.0122 0500 Wlansvc - ok
14:27:41.0200 0500 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:27:41.0215 0500 wlcrasvc - ok
14:27:41.0371 0500 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:27:41.0434 0500 wlidsvc - ok
14:27:41.0543 0500 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:27:41.0574 0500 WmiAcpi - ok
14:27:41.0637 0500 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:27:41.0668 0500 wmiApSrv - ok
14:27:41.0715 0500 WMPNetworkSvc - ok
14:27:41.0746 0500 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:27:41.0793 0500 WPCSvc - ok
14:27:41.0824 0500 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:27:41.0839 0500 WPDBusEnum - ok
14:27:41.0871 0500 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:27:41.0933 0500 ws2ifsl - ok
14:27:41.0949 0500 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:27:41.0980 0500 wscsvc - ok
14:27:41.0980 0500 WSearch - ok
14:27:42.0073 0500 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:27:42.0167 0500 wuauserv - ok
14:27:42.0276 0500 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:27:42.0339 0500 WudfPf - ok
14:27:42.0370 0500 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:27:42.0417 0500 WUDFRd - ok
14:27:42.0448 0500 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:27:42.0541 0500 wudfsvc - ok
14:27:42.0573 0500 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:27:42.0619 0500 WwanSvc - ok
14:27:42.0666 0500 X10Hid (baa813a76f5db6cc3c2ceab7d82b6972) C:\Windows\System32\Drivers\x10hid.sys
14:27:42.0697 0500 X10Hid - ok
14:27:42.0760 0500 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
14:27:42.0791 0500 x10nets ( UnsignedFile.Multi.Generic ) - warning
14:27:42.0791 0500 x10nets - detected UnsignedFile.Multi.Generic (1)
14:27:42.0822 0500 XUIF (a4b2a8751a8f96134be6063b8a759116) C:\Windows\System32\Drivers\x10ufx2.sys
14:27:42.0853 0500 XUIF - ok
14:27:42.0900 0500 MBR (0x1B8) (8b790a79784018d2b00dc944072570f8) \Device\Harddisk0\DR0
14:27:45.0225 0500 \Device\Harddisk0\DR0 - ok
14:27:45.0225 0500 Boot (0x1200) (df0a5f15b0d2bd459d141162d87652bb) \Device\Harddisk0\DR0\Partition0
14:27:45.0240 0500 \Device\Harddisk0\DR0\Partition0 - ok
14:27:45.0271 0500 Boot (0x1200) (7ad2168ef754372bedb27de016f9039d) \Device\Harddisk0\DR0\Partition1
14:27:45.0271 0500 \Device\Harddisk0\DR0\Partition1 - ok
14:27:45.0303 0500 Boot (0x1200) (1468261406a3b7f63be7e920f56b5aa6) \Device\Harddisk0\DR0\Partition2
14:27:45.0303 0500 \Device\Harddisk0\DR0\Partition2 - ok
14:27:45.0303 0500 ============================================================
14:27:45.0303 0500 Scan finished
14:27:45.0303 0500 ============================================================
14:27:45.0318 5308 Detected object count: 5
14:27:45.0318 5308 Actual detected object count: 5
14:28:27.0267 5308 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:28:27.0282 5308 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:28:27.0282 5308 NxpCap64 ( UnsignedFile.Multi.Generic ) - skipped by user
14:28:27.0282 5308 NxpCap64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:28:27.0282 5308 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
14:28:27.0282 5308 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:28:27.0282 5308 sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:28:27.0282 5308 sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:28:27.0282 5308 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
14:28:27.0282 5308 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
Marcel |
|
06.08.2012, 20:03
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
06.08.2012, 21:23
| #19 |
| | Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A Hallo, Combo-Fix lief durch. Ich bin mir aber nicht sicher, ob ich alles richtig gemacht habe. Norton Internet Security hatte ich (dachte ich zumindest) deaktiviert (Firewall und Anti-Virus Autoprotect). Combo-Fix warnte mit Hinweis, dass der Real-Time-Scanner immer noch aktiv sei, diesen habe ich dann (versucht) zu deaktivieren, ich habe auch etwas in den Norton Einstellungen deaktiviert (Antispyware, Systemschutz), doch ein neues Warnfenster erschien mit Hinweis, dass der Real-Time-Scanner immer noch aktiv wäre und die weitere Durchführung auf eigene Gefahr geschehe. Dann habe ich ängstlicherweise nicht auf "ok", sondern auf den "Schliessen/Abbrechen" Button (das X-Zeichen oben rechts) geklickt, doch Combo-Fix lief einfach und unbekümmert weiter (?) und führte hoffentlich alles korrekt durch. Anbei das Log: Code:
ATTFilter ComboFix 12-08-05.02 - Ernst 06.08.2012 21:37:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3893.2283 [GMT 2:00]
ausgeführt von:: c:\users\Ernst\Downloads\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-06 bis 2012-08-06 ))))))))))))))))))))))))))))))
.
.
2012-08-06 09:48 . 2012-08-06 09:48 -------- d-----w- C:\_OTL
2012-08-04 20:29 . 2012-08-04 20:29 -------- d-----w- c:\users\Ernst\AppData\Roaming\www.shadowexplorer.com
2012-08-04 20:28 . 2012-08-04 20:28 -------- d-----w- c:\program files (x86)\ShadowExplorer
2012-08-04 19:53 . 2012-08-04 19:53 -------- d-----w- c:\users\Ernst\AppData\Roaming\MusicNet
2012-08-04 17:50 . 2012-08-04 17:50 -------- d-----w- c:\program files (x86)\ESET
2012-07-31 16:13 . 2012-07-31 16:13 -------- d-----w- c:\users\Ernst\AppData\Roaming\Malwarebytes
2012-07-31 16:12 . 2012-07-31 16:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-31 16:12 . 2012-07-31 16:12 -------- d-----w- c:\programdata\Malwarebytes
2012-07-31 16:12 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 12:36 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-31 12:36 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-31 10:50 . 2012-07-31 10:50 -------- d-----w- c:\program files (x86)\Stellar Phoenix Excel Recovery
2012-07-31 10:40 . 2012-07-31 10:40 -------- d-----w- c:\program files (x86)\MunSoft
2012-07-30 09:39 . 2012-08-06 09:45 -------- d-----w- c:\program files (x86)\StarMoney 8.0 S-Edition
2012-07-29 11:53 . 2012-07-29 11:53 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-29 11:53 . 2012-07-29 11:53 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-29 11:51 . 2012-07-29 11:51 -------- d-----w- c:\program files (x86)\NirSoft
2012-07-29 11:45 . 2012-07-29 11:45 -------- d-----w- c:\program files (x86)\MetaGeek
2012-07-28 19:39 . 2012-07-28 19:39 -------- d-----w- c:\program files (x86)\MSECache
2012-07-11 14:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 14:07 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-11 11:17 . 2012-07-29 14:29 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-11 11:17 . 2012-07-29 11:53 624608 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-07-11 11:17 . 2012-07-29 11:53 43488 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-07-11 11:17 . 2012-07-29 11:53 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-11 11:17 . 2012-07-29 11:53 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-09 17:59 . 2012-05-29 11:09 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-07-09 17:59 . 2012-05-29 11:09 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-07-09 17:59 . 2012-05-29 11:09 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-07-09 17:58 . 2012-07-09 17:58 -------- d-----w- c:\users\Ernst\AppData\Roaming\TuneUp Software
2012-07-09 17:58 . 2012-07-09 17:59 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-07-09 17:57 . 2012-07-09 17:59 -------- d-----w- c:\programdata\TuneUp Software
2012-07-09 17:57 . 2012-07-09 17:57 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-09 17:57 . 2012-07-09 17:57 -------- d--h--w- c:\programdata\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 19:09 . 2012-04-03 11:29 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 19:08 . 2011-07-13 09:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 14:10 . 2010-07-07 15:49 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-20 17:16 . 2012-06-20 17:16 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-19 08:55 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 08:56 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 08:56 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 08:56 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 08:55 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 08:56 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 08:55 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 08:55 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 08:55 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-22 39408]
"Duden Korrektor SysTray"="c:\program files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-07-14 332432]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe" [2010-06-21 436264]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2010-10-29 136488]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-03 2598760]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-07-14 332432]
.
c:\users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\users\Ernst\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe [2011-2-26 80896]
Versandhelfer.lnk - c:\program files (x86)\Versandhelfer\Versandhelfer.exe [2012-3-30 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2012-06-28 692432]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 460800]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-02-12 2227216]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 136176]
R3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys [2011-07-02 25344]
R3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys [2011-07-02 104576]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mod7764;Tv Tuner device;c:\windows\system32\DRIVERS\mod77-64.sys [2009-09-24 913888]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-29 113120]
R3 NxpCap64;CTX capture service;c:\windows\system32\DRIVERS\NxpCap64.sys [2010-02-04 1888864]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 TrdCap64;CTX's capture service;c:\windows\system32\DRIVERS\TrdCap64.sys [2010-06-09 1887528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120803.002\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 88888]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe [2011-01-02 9216]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-10-29 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-30 138912]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2010-02-12 66608]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1100320]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-02-11 2963960]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 15896]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f]
2011-07-01 09:38 153232 ---ha-w- c:\programdata\Duden\DKReg.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:09]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 13:25]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 13:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11548264]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-03 2181224]
"EPSON Stylus Photo R240 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIAHE.EXE" [2005-04-25 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = fritz.box
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: FRITZ!Box Dial - c:\program files\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm
IE: FRITZ!Box Dial\Contexts - 16 (0x10)
IE: FRITZ!Box Dial\Flags
IE: Mit FRITZ!Box Anrufen - c:\program files (x86)\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm
IE: Mit FRITZ!Box Anrufen\Contexts - 16 (0x10)
IE: Mit FRITZ!Box Anrufen\Flags
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105F} - {CC68A724-B5F7-4bd3-865C-7D97141A140F} - c:\program files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{FCF223E4-6851-4D0D-80CE-07174429BE50}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\ege1cdzn.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Norton Ghost\Agent\VProSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\progra~2\COMMON~1\X10\Common\x10nets.exe
c:\program files (x86)\TuneUp Utilities 2012\TuneUpSystemStatusCheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-06 21:56:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-06 19:56
.
Vor Suchlauf: 8 Verzeichnis(se), 474.036.363.264 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 473.858.764.800 Bytes frei
.
- - End Of File - - 0BC2306A664414E44CD187109C2553B8
Marcel |
|
07.08.2012, 15:51
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.08.2012, 21:17
| #21 |
| | Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A Hallo, GMER hat nichts gefunden und somit nichts im LOG protokolliert. OSAM-Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:58:18 on 07.08.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 13.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "SYMLIVE" - "Symantec Corporation" - C:\Program Files (x86)\Symantec\LiveUpdate\S32LUCP2.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys "BHDrvx64" (BHDrvx64) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx64.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "CTX capture service" (NxpCap64) - "NXP Semiconductors Germany GmbH" - C:\Windows\System32\DRIVERS\NxpCap64.sys "EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys "IDSVia64" (IDSVia64) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120803.002\IDSvia64.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120806.002\ENG64.SYS "NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120806.002\EX64.SYS "Norton Internet Security Settings Manager" (ccSet_NIS) - "Symantec Corporation" - C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys "Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\NISx64\1307010.005\SYMDS64.SYS "Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys "Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NISx64\1307010.005\SYMEFA64.SYS "Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS "Symantec Network Security WFP Driver" (SymNetS) - "Symantec Corporation" - C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS "Symantec Real Time Storage Protection (PEL) x64" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS "Symantec Real Time Storage Protection x64" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS "SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT64x86.SYS "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- 6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f "StubPath" - "Expert System S.p.A." - C:\ProgramData\Duden\dkreg.exe /dktray=on /csapi=on /ALLUSERS -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {8EF5DC20-419C-4E43-A088-DE5B5625CA47} "{8EF5DC20-419C-4E43-A088-DE5B5625CA47}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll {DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-win32.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) ITBar7Height64 "ITBar7Height64" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout64" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) {CC68A724-B5F7-4bd3-865C-7D97141A140F} "FRITZ!Box AddOn" - "AVM Berlin" - C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL {C0C86BBE-9509-4296-8459-FDBFDAF4B673} "SplitButtonBHO Class" - "AVM Berlin" - C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\StCenter.exe (Shortcut exists | File exists) "Versandhelfer.lnk" - ? - C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Duden Korrektor SysTray" - "Expert System S.p.A." - C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe "Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun "swg" - "Google Inc." - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AVMWlanClient" - "AVM Berlin" - C:\Program Files (x86)\avmwlanstick\wlangui.exe "CLMLServer" - "CyberLink" - "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "HotkeyApp" - "Wistron" - "C:\Program Files (x86)\Launch Manager\HotkeyApp.exe" "LMgrVolOSD" - "Wistron Corp." - "C:\Program Files (x86)\Launch Manager\OSD.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "Norton Ghost 15.0" - "Symantec Corporation" - "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe" "NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "Wbutton" - "Wistron Corp." - "C:\Program Files (x86)\Launch Manager\Wbutton.exe" "YouCam Mirage" - "CyberLink" - "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE "AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe "GenericMount Helper Service" (GenericMount Helper Service) - "Symantec" - C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Norton Ghost" (Norton Ghost) - "Symantec Corporation" - C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe "Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe "ShadowExplorer Service" (sesvc) - "www.shadowexplorer.com" - C:\Program Files (x86)\ShadowExplorer\sesvc.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "StarMoney 8.0 OnlineUpdate" (StarMoney 8.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe "SymSnapService" (SymSnapService) - "Symantec" - C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe "TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe "TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files (x86)\Launch Manager\WisLMSvc.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru hier der Inhalt der aswMBR-txt-Datei: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-07 22:08:40
-----------------------------
22:08:40.357 OS Version: Windows x64 6.1.7601 Service Pack 1
22:08:40.357 Number of processors: 4 586 0x2505
22:08:40.357 ComputerName: ERNST-PC UserName: Ernst
22:08:41.044 Initialize success
22:08:45.739 AVAST engine defs: 12080700
22:09:02.728 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:09:02.728 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
22:09:02.759 Disk 0 MBR read successfully
22:09:02.775 Disk 0 MBR scan
22:09:02.775 Disk 0 unknown MBR code
22:09:02.790 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:09:02.806 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 559355 MB offset 206848
22:09:02.868 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 50000 MB offset 1145765888
22:09:02.868 Disk 0 Partition 4 00 12 Compaq diag NTFS 1023 MB offset 1248165888
22:09:02.915 Disk 0 scanning C:\Windows\system32\drivers
22:09:15.099 Service scanning
22:09:42.321 Modules scanning
22:09:42.352 Disk 0 trace - called modules:
22:09:42.383 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:09:42.383 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004248060]
22:09:42.383 3 CLASSPNP.SYS[fffff88001c5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003f80050]
22:09:42.399 Scan finished successfully
22:10:01.337 Disk 0 MBR has been saved successfully to "C:\Users\Ernst\Downloads\Desktop\MBR.dat"
22:10:01.353 The log file has been saved successfully to "C:\Users\Ernst\Downloads\Desktop\aswMBR.txt"
Viele Grüße Marcel |
|
08.08.2012, 20:08
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.08.2012, 19:27
| #23 |
| | Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A Hallo, anbei das Log nach dem MBR-fix: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-07 22:08:40
-----------------------------
22:08:40.357 OS Version: Windows x64 6.1.7601 Service Pack 1
22:08:40.357 Number of processors: 4 586 0x2505
22:08:40.357 ComputerName: ERNST-PC UserName: Ernst
22:08:41.044 Initialize success
22:08:45.739 AVAST engine defs: 12080700
22:09:02.728 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:09:02.728 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
22:09:02.759 Disk 0 MBR read successfully
22:09:02.775 Disk 0 MBR scan
22:09:02.775 Disk 0 unknown MBR code
22:09:02.790 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:09:02.806 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 559355 MB offset 206848
22:09:02.868 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 50000 MB offset 1145765888
22:09:02.868 Disk 0 Partition 4 00 12 Compaq diag NTFS 1023 MB offset 1248165888
22:09:02.915 Disk 0 scanning C:\Windows\system32\drivers
22:09:15.099 Service scanning
22:09:42.321 Modules scanning
22:09:42.352 Disk 0 trace - called modules:
22:09:42.383 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:09:42.383 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004248060]
22:09:42.383 3 CLASSPNP.SYS[fffff88001c5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003f80050]
22:09:42.399 Scan finished successfully
22:10:01.337 Disk 0 MBR has been saved successfully to "C:\Users\Ernst\Downloads\Desktop\MBR.dat"
22:10:01.353 The log file has been saved successfully to "C:\Users\Ernst\Downloads\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-09 20:19:49
-----------------------------
20:19:49.583 OS Version: Windows x64 6.1.7601 Service Pack 1
20:19:49.583 Number of processors: 4 586 0x2505
20:19:49.583 ComputerName: ERNST-PC UserName: Ernst
20:19:50.113 Initialize success
20:19:55.277 AVAST engine defs: 12080900
20:20:00.331 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:20:00.331 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
20:20:00.347 Disk 0 MBR read successfully
20:20:00.362 Disk 0 MBR scan
20:20:00.362 Disk 0 Windows 7 default MBR code
20:20:00.378 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:20:00.394 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 559355 MB offset 206848
20:20:00.425 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 50000 MB offset 1145765888
20:20:00.440 Disk 0 Partition 4 00 12 Compaq diag NTFS 1023 MB offset 1248165888
20:20:00.487 Disk 0 scanning C:\Windows\system32\drivers
20:20:16.337 Service scanning
20:20:42.982 Modules scanning
20:20:42.982 Disk 0 trace - called modules:
20:20:42.997 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:20:43.013 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004619060]
20:20:43.013 3 CLASSPNP.SYS[fffff88001db543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003f94050]
20:20:43.013 Scan finished successfully
20:21:08.940 Disk 0 MBR has been saved successfully to "C:\Users\Ernst\Downloads\Desktop\MBR.dat"
20:21:08.971 The log file has been saved successfully to "C:\Users\Ernst\Downloads\Desktop\aswMBR.txt"
Marcel |
|
10.08.2012, 21:13
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.08.2012, 13:12
| #25 |
| | Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A Hallo, anbei wieder die LOG-Inhalte Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.11.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ernst :: ERNST-PC [Administrator] Schutz: Aktiviert 11.08.2012 07:30:50 mbam-log-2012-08-11 (07-30-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 407532 Laufzeit: 58 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/11/2012 at 01:39 PM
Application Version : 5.5.1012
Core Rules Database Version : 9044
Trace Rules Database Version: 6856
Scan type : Complete Scan
Total Scan Time : 02:30:50
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 569
Memory threats detected : 0
Registry items scanned : 68407
Registry threats detected : 0
File items scanned : 209947
File threats detected : 15
Adware.Tracking Cookie
.amazon-adsystem.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.ip-phone-forum.de [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww251.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww251.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Marcel |
|
11.08.2012, 18:23
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.ACode:
ATTFilter UAC On - Limited User
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.08.2012, 21:21
| #27 |
| | Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A Ups sorry,  hab es nochmal durchlaufen lassen, als Admin. Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/11/2012 at 09:59 PM
Application Version : 5.5.1012
Core Rules Database Version : 9044
Trace Rules Database Version: 6856
Scan type : Complete Scan
Total Scan Time : 02:10:13
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 649
Memory threats detected : 0
Registry items scanned : 68549
Registry threats detected : 0
File items scanned : 210461
File threats detected : 81
Adware.Tracking Cookie
.amazon-adsystem.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.ip-phone-forum.de [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww251.smartadserver.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox-affiliate.de [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.zanox-affiliate.de [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.autoscout24.112.2o7.net [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad4.adfarm1.adition.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quartermedia.de [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quartermedia.de [ C:\USERS\ERNST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EGE1CDZN.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EGE1CDZN.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EGE1CDZN.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EGE1CDZN.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ERNST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EGE1CDZN.DEFAULT\COOKIES.SQLITE ]
|
|
11.08.2012, 21:54
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A Schön ok  Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.08.2012, 08:04
| #29 |
| | Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A Hallo, das System läuft. Beim ersten Hochfahren dauerts zwar eine Weile, aber wenn er dann fertig ist, dann geht es. Danke für die Tipps (MVPS Hosts File und CookieCuller). Habe abschließend noch ein paar Fragen: Der Laptop wird für Onlinebanking genutzt. Kann er ihn (ohne Neuaufsetzen) "bedenkenlos" weiter nutzen? Kann zum "wilden Surfen" der Bitbox-Browser verwendet werden oder ist die Variante über Sandboxie sicherer? Zum Schutz vor Viren verwendet er Norton Internet Security 2012. Kann eine weitere Software neben NIS zum Schutz eingesetzt werden und wenn ja welche kannst Du empfehlen? Oder sollte er komplett auf ein anderes Anti-Viren-Programm/Firewall umsteigen? Wenn ja welches? Was hälst Du von Wartungs-Programmen wie TuneUp oder CCleaner um Wartungsarbeiten durchführen zu lassen (z.B. Registrierung reinigen, Defekte Verknüpfungen löschen, temporäre Dateien löschen, etc.). Oder gibt es hier auch empfehlenswerte Alternativen um das System "sauber" und "schnell" zu halten? Viele Grüße Marcel Geändert von Mardoro (12.08.2012 um 08:35 Uhr) |
|
12.08.2012, 13:43
| #30 | ||||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.AZitat:
Evtl wäre auch das etwas => http://www.trojaner-board.de/109844-...tml#post772593 Zitat:
Zitat:
Zitat:
Der CCleaner ist ok, aber lass die Finger von der Registry!! Finger weg von Registry-Cleanern!! Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen. Zerstörst Du die Registry, zerstörst Du Windows.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A |
| autorun, bho, document, dsl, e-mail, error, excel, feedback, firefox, flash player, google earth, helper, home, iexplore.exe, install.exe, intranet, launch, logfile, msiinstaller, nicht sicher, ntdll.dll, object, plug-in, programm, realtek, registry, rundll, scan, security, software, starmoney, stick, svchost.exe, symantec, trojan.maljava, usb 2.0, usb 3.0, windows, wlan |
Linear-Darstellung
