| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Österreiche Polizei-Virus, Ihr Computer wurde gesperrt....Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.10.2012, 20:15
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... Ist das rein zufällig ein Büro-/Firmen-PC?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.10.2012, 20:29
| #17 |
 | Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... Ist mein Privat-PC. HAb noch nen Laptop den ich ab und zu Zuhause nutze. Aber der hat keine Probleme gemacht. Ich habe auch mal mit Malwarebytes nachgesehen und Avira, da gab es nichts.
__________________Also denke bzw. hoffe ich, dass der Laptop nicht betroffen ist. |
|
09.10.2012, 20:33
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Österreiche Polizei-Virus, Ihr Computer wurde gesperrt....Code:
ATTFilter 64bit- Professional
] - D:\Auto CAD 2007 -- [ NTFS ]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{962D7ECE-7235-4F98-9420-856C0B7BF104}: DhcpNameServer = 10.0.0.138
Wer verwendet privat im Netzwerk IP-Adressen aus dem 10er-Bereich?
__________________ |
|
09.10.2012, 20:41
| #19 |
| | Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... Hey AutoCAD 2007 nutzte ich als Student für mein Ingenieur-Studium. Ist aber eigentlich nicht mehr auf meinem Rechner, weil die Lizenz abgelaufen ist. Das mit dem IP-Adressen aus dem 10er-Bereich verstehe ich jetzt nicht wirklich. Wieso soll das keine Privat-IT-Adresse sein???? MFG Corny |
|
10.10.2012, 09:30
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Österreiche Polizei-Virus, Ihr Computer wurde gesperrt....Zitat:
Ich seh da immer noch Toolbar-Müll drin Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.10.2012, 10:19
| #21 |
| | Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... Hey Hier die Datei. Code:
ATTFilter # AdwCleaner v2.004 - Datei am 10/10/2012 um 11:15:03 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional (64 bits)
# Benutzer : Corny - CORNY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Corny\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v13.0 (de)
Profilname : default
Datei : C:\Users\Corny\AppData\Roaming\Mozilla\Firefox\Profiles\xbxeikb2.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v22.0.1229.92
Datei : C:\Users\Corny\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2601 octets] - [06/10/2012 17:05:49]
AdwCleaner[R2].txt - [2681 octets] - [06/10/2012 17:06:33]
AdwCleaner[R3].txt - [2741 octets] - [06/10/2012 17:06:53]
AdwCleaner[S1].txt - [3275 octets] - [06/10/2012 17:06:59]
AdwCleaner[R4].txt - [1952 octets] - [08/10/2012 15:21:50]
AdwCleaner[S2].txt - [1856 octets] - [08/10/2012 19:46:13]
AdwCleaner[R5].txt - [1239 octets] - [10/10/2012 11:15:03]
########## EOF - C:\AdwCleaner[R5].txt - [1299 octets] ##########
 Aso das mit der Windows Pro Version hat damit zu tun, das ich sie von der Uni als Student umsonst bekommen habe und mir dachte, warum home wenn man PRO haben kann. MFG Corny |
|
10.10.2012, 13:12
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... Das sind keine falschen Adresse! Nur eben ist eine solche Adresse zu Hause am Router unüblich! 10.0.0.0er Adressen verwendet man eher in Unis und Firmen, oft werden Teilbereiche der 10er-Netze auch für VPN-Zwecke oder DMZs verwendet. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-896563546-880670934-68609815-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-896563546-880670934-68609815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
[2012.04.17 19:34:44 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.06.01 18:27:30 | 000,000,950 | ---- | M] () -- C:\Users\Corny\AppData\Roaming\mozilla\firefox\profiles\xbxeikb2.default\searchplugins\icqplugin-1.xml
[2010.06.23 10:12:30 | 000,001,056 | ---- | M] () -- C:\Users\Corny\AppData\Roaming\mozilla\firefox\profiles\xbxeikb2.default\searchplugins\icqplugin.xml
O4 - HKU\S-1-5-21-896563546-880670934-68609815-1001..\Run: [Olcay] C:\Users\Corny\AppData\Roaming\Ycwua\xeuba.exe File not found
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 1261 bytes -> C:\Users\Corny\AppData\Local\CFKF1r0Z:09azVbyqHvFkYJ6SmOWl
:Files
C:\Users\Corny\AppData\Roaming\Ycwua
C:\ProgramData\tlkmwkixiorwtpa
C:\Users\All Users\tlkmwkixiorwtpa
C:\ProgramData\*.pad
C:\ProgramData\*.dat
C:\Users\Corny\AppData\Roaming\13001.045
C:\ProgramData\ylqtfxgsedudici
C:\Users\Corny\AppData\Roaming\xbxeikb2*
C:\ProgramData\Af4v34QO*
C:\Users\All Users\Af4v34QO*
C:\Users\Corny\AppData\Roaming\MafiaSetup.exe
C:\Users\Corny\AppData\Roaming\13001.*
C:\Users\Corny\AppData\Roaming\1300?
C:\Users\Corny\AppData\Roaming\kock
C:\Users\Corny\AppData\Roaming\UAs
C:\Users\Corny\AppData\Roaming\xmldm
C:\Users\Corny\AppData\Local\CFKF1r0Z
C:\Programme\Application Updater
C:\Programme\pdfforge Toolbar
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.10.2012, 14:52
| #23 |
| | Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... Hey Hat alles super geklappt. Hier die Datei, die mir nach dem Neustart angezeigt wurde. Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-896563546-880670934-68609815-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
HKU\S-1-5-21-896563546-880670934-68609815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: pdfforge@mybrowserbar.com:1.1.2 removed from extensions.enabledItems
Prefs.js: searchsettings@spigot.com:1.2.3 removed from extensions.enabledItems
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\Firefox\Profiles\xbxeikb2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\firefox\profiles\xbxeikb2.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Corny\AppData\Roaming\mozilla\firefox\profiles\xbxeikb2.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-896563546-880670934-68609815-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Olcay deleted successfully.
ADS C:\Windows:nlsPreferences deleted successfully.
ADS C:\Users\Corny\AppData\Local\CFKF1r0Z:09azVbyqHvFkYJ6SmOWl deleted successfully.
========== FILES ==========
C:\Users\Corny\AppData\Roaming\Ycwua folder moved successfully.
C:\ProgramData\tlkmwkixiorwtpa folder moved successfully.
File\Folder C:\Users\All Users\tlkmwkixiorwtpa not found.
File\Folder C:\ProgramData\*.pad not found.
C:\ProgramData\N6PCwPpjT.dat moved successfully.
C:\Users\Corny\AppData\Roaming\13001.045\components folder moved successfully.
C:\Users\Corny\AppData\Roaming\13001.045 folder moved successfully.
C:\ProgramData\ylqtfxgsedudici moved successfully.
C:\Users\Corny\AppData\Roaming\xbxeikb2.default.dat moved successfully.
C:\Users\Corny\AppData\Roaming\xbxeikb2.default.tmp moved successfully.
C:\ProgramData\Af4v34QO.exe.b moved successfully.
C:\ProgramData\Af4v34QO.exe_.b moved successfully.
File\Folder C:\Users\All Users\Af4v34QO* not found.
C:\Users\Corny\AppData\Roaming\MafiaSetup.exe moved successfully.
C:\Users\Corny\AppData\Roaming\13001.009\components folder moved successfully.
C:\Users\Corny\AppData\Roaming\13001.009 folder moved successfully.
C:\Users\Corny\AppData\Roaming\13001.011\components folder moved successfully.
C:\Users\Corny\AppData\Roaming\13001.011 folder moved successfully.
C:\Users\Corny\AppData\Roaming\13001.012\components folder moved successfully.
C:\Users\Corny\AppData\Roaming\13001.012 folder moved successfully.
C:\Users\Corny\AppData\Roaming\13001.013\components folder moved successfully.
C:\Users\Corny\AppData\Roaming\13001.013 folder moved successfully.
C:\Users\Corny\AppData\Roaming\13001.014\components folder moved successfully.
C:\Users\Corny\AppData\Roaming\13001.014 folder moved successfully.
C:\Users\Corny\AppData\Roaming\13003\components folder moved successfully.
C:\Users\Corny\AppData\Roaming\13003 folder moved successfully.
C:\Users\Corny\AppData\Roaming\13004\components folder moved successfully.
C:\Users\Corny\AppData\Roaming\13004 folder moved successfully.
C:\Users\Corny\AppData\Roaming\13005\components folder moved successfully.
C:\Users\Corny\AppData\Roaming\13005 folder moved successfully.
C:\Users\Corny\AppData\Roaming\13006\components folder moved successfully.
C:\Users\Corny\AppData\Roaming\13006 folder moved successfully.
C:\Users\Corny\AppData\Roaming\13007\components folder moved successfully.
C:\Users\Corny\AppData\Roaming\13007 folder moved successfully.
C:\Users\Corny\AppData\Roaming\13008\components folder moved successfully.
C:\Users\Corny\AppData\Roaming\13008 folder moved successfully.
C:\Users\Corny\AppData\Roaming\kock folder moved successfully.
C:\Users\Corny\AppData\Roaming\UAs folder moved successfully.
C:\Users\Corny\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Corny\AppData\Local\CFKF1r0Z folder moved successfully.
C:\Programme\Application Updater folder moved successfully.
C:\Programme\pdfforge Toolbar\SSFF\components folder moved successfully.
C:\Programme\pdfforge Toolbar\SSFF\chrome\skin folder moved successfully.
C:\Programme\pdfforge Toolbar\SSFF\chrome\locale\en-US folder moved successfully.
C:\Programme\pdfforge Toolbar\SSFF\chrome\locale folder moved successfully.
C:\Programme\pdfforge Toolbar\SSFF\chrome\content folder moved successfully.
C:\Programme\pdfforge Toolbar\SSFF\chrome folder moved successfully.
C:\Programme\pdfforge Toolbar\SSFF folder moved successfully.
C:\Programme\pdfforge Toolbar\Res folder moved successfully.
C:\Programme\pdfforge Toolbar\IE\1.1.2 folder moved successfully.
C:\Programme\pdfforge Toolbar\IE folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\components folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome\skin folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome\locale folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome\content folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Programme\pdfforge Toolbar\FF folder moved successfully.
C:\Programme\pdfforge Toolbar folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Corny\Desktop\cmd.bat deleted successfully.
C:\Users\Corny\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Corny
->Temp folder emptied: 386359079 bytes
->Temporary Internet Files folder emptied: 201018852 bytes
->Java cache emptied: 481 bytes
->FireFox cache emptied: 913232000 bytes
->Google Chrome cache emptied: 26445277 bytes
->Flash cache emptied: 65341 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1533399 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 604509044 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36031431 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2.069,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10102012_154340
Files\Folders moved on Reboot...
File\Folder C:\Users\Corny\AppData\Local\Temp\2011-09-01-1178053157_04-RG.PDF not found!
File\Folder C:\Users\Corny\AppData\Local\Temp\2011-11-02-1198815032_04-RG.PDF not found!
C:\Users\Corny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
10.10.2012, 15:27
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.10.2012, 15:46
| #25 |
| | Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... Okay Habe das zip-paket gerade hochgeladen. Virenscanner ist noch aus. Soll ich den jetzt wieder anschalten? MFG Corny |
|
10.10.2012, 15:52
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... Ok, danke Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.10.2012, 16:32
| #27 |
| | Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... Hey Hier der Report von Kaperski. Code:
ATTFilter 17:28:00.0256 0300 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:28:00.0433 0300 ============================================================
17:28:00.0433 0300 Current date / time: 2012/10/10 17:28:00.0433
17:28:00.0434 0300 SystemInfo:
17:28:00.0434 0300
17:28:00.0434 0300 OS Version: 6.1.7600 ServicePack: 0.0
17:28:00.0434 0300 Product type: Workstation
17:28:00.0434 0300 ComputerName: CORNY-PC
17:28:00.0434 0300 UserName: Corny
17:28:00.0434 0300 Windows directory: C:\Windows
17:28:00.0434 0300 System windows directory: C:\Windows
17:28:00.0434 0300 Running under WOW64
17:28:00.0434 0300 Processor architecture: Intel x64
17:28:00.0434 0300 Number of processors: 2
17:28:00.0434 0300 Page size: 0x1000
17:28:00.0434 0300 Boot type: Normal boot
17:28:00.0434 0300 ============================================================
17:28:01.0233 0300 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:28:01.0237 0300 ============================================================
17:28:01.0237 0300 \Device\Harddisk0\DR0:
17:28:01.0237 0300 MBR partitions:
17:28:01.0237 0300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
17:28:01.0246 0300 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x2E031A75
17:28:01.0246 0300 ============================================================
17:28:01.0262 0300 C: <-> \Device\Harddisk0\DR0\Partition1
17:28:01.0283 0300 D: <-> \Device\Harddisk0\DR0\Partition2
17:28:01.0283 0300 ============================================================
17:28:01.0283 0300 Initialize success
17:28:01.0283 0300 ============================================================
17:28:53.0745 1756 ============================================================
17:28:53.0745 1756 Scan started
17:28:53.0745 1756 Mode: Manual; SigCheck; TDLFS;
17:28:53.0745 1756 ============================================================
17:28:54.0119 1756 ================ Scan system memory ========================
17:28:54.0119 1756 System memory - ok
17:28:54.0119 1756 ================ Scan services =============================
17:28:54.0275 1756 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:28:54.0338 1756 1394ohci - ok
17:28:54.0353 1756 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
17:28:54.0369 1756 ACPI - ok
17:28:54.0385 1756 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
17:28:54.0447 1756 AcpiPmi - ok
17:28:54.0478 1756 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:28:54.0494 1756 adp94xx - ok
17:28:54.0509 1756 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:28:54.0525 1756 adpahci - ok
17:28:54.0541 1756 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:28:54.0556 1756 adpu320 - ok
17:28:54.0572 1756 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:28:54.0681 1756 AeLookupSvc - ok
17:28:54.0728 1756 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
17:28:54.0759 1756 AFD - ok
17:28:54.0775 1756 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
17:28:54.0775 1756 agp440 - ok
17:28:54.0931 1756 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
17:28:54.0931 1756 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
17:28:54.0931 1756 Akamai ( HiddenFile.Multi.Generic ) - warning
17:28:54.0931 1756 Akamai - detected HiddenFile.Multi.Generic (1)
17:28:54.0946 1756 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:28:54.0993 1756 ALG - ok
17:28:55.0009 1756 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
17:28:55.0024 1756 aliide - ok
17:28:55.0024 1756 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
17:28:55.0040 1756 amdide - ok
17:28:55.0055 1756 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:28:55.0087 1756 AmdK8 - ok
17:28:55.0102 1756 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:28:55.0133 1756 AmdPPM - ok
17:28:55.0180 1756 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:28:55.0180 1756 amdsata - ok
17:28:55.0196 1756 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:28:55.0211 1756 amdsbs - ok
17:28:55.0227 1756 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:28:55.0243 1756 amdxata - ok
17:28:55.0289 1756 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:28:55.0305 1756 AntiVirSchedulerService - ok
17:28:55.0352 1756 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:28:55.0367 1756 AntiVirService - ok
17:28:55.0399 1756 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
17:28:55.0461 1756 AppID - ok
17:28:55.0492 1756 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:28:55.0539 1756 AppIDSvc - ok
17:28:55.0555 1756 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
17:28:55.0586 1756 Appinfo - ok
17:28:55.0633 1756 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:28:55.0664 1756 AppMgmt - ok
17:28:55.0695 1756 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:28:55.0711 1756 arc - ok
17:28:55.0711 1756 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:28:55.0726 1756 arcsas - ok
17:28:55.0742 1756 astcc - ok
17:28:55.0757 1756 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:28:55.0789 1756 AsyncMac - ok
17:28:55.0804 1756 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
17:28:55.0804 1756 atapi - ok
17:28:55.0835 1756 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:28:55.0882 1756 AudioEndpointBuilder - ok
17:28:55.0898 1756 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:28:55.0929 1756 AudioSrv - ok
17:28:55.0960 1756 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:28:55.0960 1756 avgntflt - ok
17:28:55.0991 1756 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:28:55.0991 1756 avipbb - ok
17:28:56.0007 1756 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:28:56.0007 1756 avkmgr - ok
17:28:56.0038 1756 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:28:56.0101 1756 AxInstSV - ok
17:28:56.0116 1756 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:28:56.0163 1756 b06bdrv - ok
17:28:56.0179 1756 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:28:56.0210 1756 b57nd60a - ok
17:28:56.0272 1756 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
17:28:56.0319 1756 BCM43XX - ok
17:28:56.0319 1756 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:28:56.0350 1756 BDESVC - ok
17:28:56.0366 1756 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:28:56.0413 1756 Beep - ok
17:28:56.0459 1756 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
17:28:56.0491 1756 BFE - ok
17:28:56.0522 1756 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
17:28:56.0584 1756 BITS - ok
17:28:56.0600 1756 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:28:56.0615 1756 blbdrive - ok
17:28:56.0647 1756 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:28:56.0678 1756 bowser - ok
17:28:56.0693 1756 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:28:56.0725 1756 BrFiltLo - ok
17:28:56.0740 1756 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:28:56.0756 1756 BrFiltUp - ok
17:28:56.0771 1756 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
17:28:56.0803 1756 Browser - ok
17:28:56.0818 1756 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:28:56.0849 1756 Brserid - ok
17:28:56.0865 1756 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:28:56.0881 1756 BrSerWdm - ok
17:28:56.0896 1756 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:28:56.0927 1756 BrUsbMdm - ok
17:28:56.0927 1756 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:28:56.0959 1756 BrUsbSer - ok
17:28:56.0959 1756 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:28:56.0990 1756 BTHMODEM - ok
17:28:57.0021 1756 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:28:57.0052 1756 bthserv - ok
17:28:57.0068 1756 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:28:57.0099 1756 cdfs - ok
17:28:57.0115 1756 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:28:57.0130 1756 cdrom - ok
17:28:57.0161 1756 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
17:28:57.0193 1756 CertPropSvc - ok
17:28:57.0208 1756 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:28:57.0224 1756 circlass - ok
17:28:57.0255 1756 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:28:57.0271 1756 CLFS - ok
17:28:57.0317 1756 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:28:57.0333 1756 clr_optimization_v2.0.50727_32 - ok
17:28:57.0380 1756 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:28:57.0395 1756 clr_optimization_v2.0.50727_64 - ok
17:28:57.0458 1756 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:28:57.0458 1756 clr_optimization_v4.0.30319_32 - ok
17:28:57.0505 1756 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:28:57.0505 1756 clr_optimization_v4.0.30319_64 - ok
17:28:57.0520 1756 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:28:57.0551 1756 CmBatt - ok
17:28:57.0583 1756 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
17:28:57.0583 1756 cmdide - ok
17:28:57.0614 1756 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
17:28:57.0645 1756 CNG - ok
17:28:57.0661 1756 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:28:57.0661 1756 Compbatt - ok
17:28:57.0676 1756 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:28:57.0707 1756 CompositeBus - ok
17:28:57.0723 1756 COMSysApp - ok
17:28:57.0739 1756 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:28:57.0754 1756 crcdisk - ok
17:28:57.0785 1756 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:28:57.0817 1756 CryptSvc - ok
17:28:57.0848 1756 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
17:28:57.0895 1756 CSC - ok
17:28:57.0926 1756 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
17:28:57.0973 1756 CscService - ok
17:28:58.0004 1756 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
17:28:58.0004 1756 CVirtA - ok
17:28:58.0082 1756 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Programme\cvpnd.exe
17:28:58.0113 1756 CVPND - ok
17:28:58.0160 1756 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
17:28:58.0160 1756 CVPNDRVA - ok
17:28:58.0191 1756 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:28:58.0238 1756 DcomLaunch - ok
17:28:58.0269 1756 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:28:58.0316 1756 defragsvc - ok
17:28:58.0347 1756 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:28:58.0378 1756 DfsC - ok
17:28:58.0409 1756 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
17:28:58.0456 1756 Dhcp - ok
17:28:58.0487 1756 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:28:58.0534 1756 discache - ok
17:28:58.0550 1756 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:28:58.0550 1756 Disk - ok
17:28:58.0581 1756 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
17:28:58.0581 1756 DNE - ok
17:28:58.0628 1756 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:28:58.0659 1756 Dnscache - ok
17:28:58.0675 1756 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
17:28:58.0721 1756 dot3svc - ok
17:28:58.0737 1756 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
17:28:58.0768 1756 DPS - ok
17:28:58.0815 1756 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:28:58.0846 1756 drmkaud - ok
17:28:58.0877 1756 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:28:58.0893 1756 DXGKrnl - ok
17:28:58.0909 1756 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:28:58.0940 1756 EapHost - ok
17:28:59.0002 1756 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:28:59.0096 1756 ebdrv - ok
17:28:59.0127 1756 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
17:28:59.0158 1756 EFS - ok
17:28:59.0221 1756 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:28:59.0252 1756 ehRecvr - ok
17:28:59.0283 1756 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:28:59.0299 1756 ehSched - ok
17:28:59.0314 1756 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:28:59.0345 1756 elxstor - ok
17:28:59.0361 1756 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
17:28:59.0392 1756 ErrDev - ok
17:28:59.0439 1756 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:28:59.0470 1756 EventSystem - ok
17:28:59.0486 1756 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:28:59.0517 1756 exfat - ok
17:28:59.0533 1756 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:28:59.0579 1756 fastfat - ok
17:28:59.0595 1756 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
17:28:59.0642 1756 Fax - ok
17:28:59.0657 1756 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:28:59.0673 1756 fdc - ok
17:28:59.0673 1756 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:28:59.0704 1756 fdPHost - ok
17:28:59.0704 1756 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:28:59.0751 1756 FDResPub - ok
17:28:59.0767 1756 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:28:59.0767 1756 FileInfo - ok
17:28:59.0782 1756 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:28:59.0813 1756 Filetrace - ok
17:28:59.0876 1756 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:28:59.0907 1756 FLEXnet Licensing Service - ok
17:29:00.0001 1756 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
17:29:00.0032 1756 FLEXnet Licensing Service 64 - ok
17:29:00.0047 1756 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:29:00.0063 1756 flpydisk - ok
17:29:00.0094 1756 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:29:00.0094 1756 FltMgr - ok
17:29:00.0141 1756 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
17:29:00.0203 1756 FontCache - ok
17:29:00.0250 1756 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:29:00.0250 1756 FontCache3.0.0.0 - ok
17:29:00.0266 1756 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:29:00.0281 1756 FsDepends - ok
17:29:00.0297 1756 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:29:00.0297 1756 Fs_Rec - ok
17:29:00.0328 1756 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:29:00.0344 1756 fvevol - ok
17:29:00.0359 1756 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:29:00.0375 1756 gagp30kx - ok
17:29:00.0406 1756 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
17:29:00.0437 1756 gpsvc - ok
17:29:00.0515 1756 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:29:00.0531 1756 gupdate - ok
17:29:00.0562 1756 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:29:00.0578 1756 gupdatem - ok
17:29:00.0578 1756 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:29:00.0609 1756 hcw85cir - ok
17:29:00.0656 1756 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:29:00.0671 1756 HdAudAddService - ok
17:29:00.0687 1756 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:29:00.0718 1756 HDAudBus - ok
17:29:00.0734 1756 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:29:00.0749 1756 HidBatt - ok
17:29:00.0765 1756 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:29:00.0781 1756 HidBth - ok
17:29:00.0796 1756 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:29:00.0812 1756 HidIr - ok
17:29:00.0827 1756 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:29:00.0859 1756 hidserv - ok
17:29:00.0890 1756 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:29:00.0905 1756 HidUsb - ok
17:29:00.0937 1756 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:29:00.0968 1756 hkmsvc - ok
17:29:00.0983 1756 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:29:01.0015 1756 HomeGroupListener - ok
17:29:01.0046 1756 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:29:01.0061 1756 HomeGroupProvider - ok
17:29:01.0093 1756 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
17:29:01.0093 1756 HpSAMD - ok
17:29:01.0124 1756 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:29:01.0186 1756 HTTP - ok
17:29:01.0186 1756 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:29:01.0202 1756 hwpolicy - ok
17:29:01.0233 1756 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:29:01.0233 1756 i8042prt - ok
17:29:01.0264 1756 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:29:01.0280 1756 iaStorV - ok
17:29:01.0342 1756 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:29:01.0358 1756 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:29:01.0358 1756 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:29:01.0405 1756 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:29:01.0436 1756 idsvc - ok
17:29:01.0451 1756 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:29:01.0467 1756 iirsp - ok
17:29:01.0514 1756 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
17:29:01.0561 1756 IKEEXT - ok
17:29:01.0576 1756 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:29:01.0592 1756 intelide - ok
17:29:01.0607 1756 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:29:01.0623 1756 intelppm - ok
17:29:01.0639 1756 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:29:01.0670 1756 IPBusEnum - ok
17:29:01.0685 1756 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:29:01.0717 1756 IpFilterDriver - ok
17:29:01.0732 1756 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:29:01.0779 1756 iphlpsvc - ok
17:29:01.0795 1756 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:29:01.0810 1756 IPMIDRV - ok
17:29:01.0826 1756 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:29:01.0873 1756 IPNAT - ok
17:29:01.0888 1756 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:29:01.0904 1756 IRENUM - ok
17:29:01.0904 1756 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
17:29:01.0919 1756 isapnp - ok
17:29:01.0951 1756 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:29:01.0966 1756 iScsiPrt - ok
17:29:01.0982 1756 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:29:01.0997 1756 kbdclass - ok
17:29:01.0997 1756 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:29:02.0013 1756 kbdhid - ok
17:29:02.0029 1756 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
17:29:02.0044 1756 KeyIso - ok
17:29:02.0060 1756 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:29:02.0075 1756 KSecDD - ok
17:29:02.0091 1756 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:29:02.0107 1756 KSecPkg - ok
17:29:02.0122 1756 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:29:02.0153 1756 ksthunk - ok
17:29:02.0185 1756 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:29:02.0231 1756 KtmRm - ok
17:29:02.0263 1756 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
17:29:02.0278 1756 L1E - ok
17:29:02.0309 1756 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:29:02.0356 1756 LanmanServer - ok
17:29:02.0372 1756 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:29:02.0419 1756 LanmanWorkstation - ok
17:29:02.0465 1756 lirsgt - ok
17:29:02.0497 1756 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:29:02.0528 1756 lltdio - ok
17:29:02.0543 1756 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:29:02.0575 1756 lltdsvc - ok
17:29:02.0606 1756 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:29:02.0621 1756 lmhosts - ok
17:29:02.0653 1756 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:29:02.0668 1756 LSI_FC - ok
17:29:02.0668 1756 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:29:02.0684 1756 LSI_SAS - ok
17:29:02.0699 1756 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:29:02.0715 1756 LSI_SAS2 - ok
17:29:02.0715 1756 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:29:02.0731 1756 LSI_SCSI - ok
17:29:02.0746 1756 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:29:02.0777 1756 luafv - ok
17:29:02.0824 1756 [ EF2BE2F45D4F06410A3BD2A3467325B0 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
17:29:02.0824 1756 LVRS64 - ok
17:29:02.0933 1756 [ AC22F92C6078640FE8A70D662A2F3AD5 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
17:29:02.0996 1756 LVUVC64 - ok
17:29:03.0043 1756 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:29:03.0043 1756 Mcx2Svc - ok
17:29:03.0058 1756 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:29:03.0074 1756 megasas - ok
17:29:03.0089 1756 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:29:03.0105 1756 MegaSR - ok
17:29:03.0136 1756 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:29:03.0152 1756 Microsoft Office Groove Audit Service - ok
17:29:03.0183 1756 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:29:03.0230 1756 MMCSS - ok
17:29:03.0230 1756 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:29:03.0277 1756 Modem - ok
17:29:03.0292 1756 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:29:03.0308 1756 monitor - ok
17:29:03.0339 1756 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:29:03.0339 1756 mouclass - ok
17:29:03.0355 1756 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:29:03.0370 1756 mouhid - ok
17:29:03.0370 1756 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:29:03.0386 1756 mountmgr - ok
17:29:03.0433 1756 [ 6380FF81DD4D78B23398752D2F46EA43 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:29:03.0448 1756 MozillaMaintenance - ok
17:29:03.0464 1756 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
17:29:03.0464 1756 mpio - ok
17:29:03.0479 1756 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:29:03.0511 1756 mpsdrv - ok
17:29:03.0542 1756 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:29:03.0589 1756 MpsSvc - ok
17:29:03.0604 1756 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:29:03.0635 1756 MRxDAV - ok
17:29:03.0667 1756 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:29:03.0682 1756 mrxsmb - ok
17:29:03.0698 1756 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:29:03.0713 1756 mrxsmb10 - ok
17:29:03.0729 1756 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:29:03.0729 1756 mrxsmb20 - ok
17:29:03.0760 1756 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
17:29:03.0776 1756 msahci - ok
17:29:03.0776 1756 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
17:29:03.0791 1756 msdsm - ok
17:29:03.0807 1756 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:29:03.0901 1756 MSDTC - ok
17:29:03.0947 1756 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:29:03.0963 1756 Msfs - ok
17:29:04.0041 1756 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:29:04.0057 1756 mshidkmdf - ok
17:29:04.0072 1756 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
17:29:04.0072 1756 msisadrv - ok
17:29:04.0103 1756 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:29:04.0150 1756 MSiSCSI - ok
17:29:04.0150 1756 msiserver - ok
17:29:04.0166 1756 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:29:04.0213 1756 MSKSSRV - ok
17:29:04.0213 1756 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:29:04.0244 1756 MSPCLOCK - ok
17:29:04.0259 1756 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:29:04.0291 1756 MSPQM - ok
17:29:04.0306 1756 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:29:04.0322 1756 MsRPC - ok
17:29:04.0322 1756 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:29:04.0337 1756 mssmbios - ok
17:29:04.0353 1756 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:29:04.0384 1756 MSTEE - ok
17:29:04.0384 1756 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:29:04.0400 1756 MTConfig - ok
17:29:04.0447 1756 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
17:29:04.0478 1756 MTsensor - ok
17:29:04.0493 1756 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:29:04.0493 1756 Mup - ok
17:29:04.0525 1756 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
17:29:04.0571 1756 napagent - ok
17:29:04.0587 1756 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:29:04.0618 1756 NativeWifiP - ok
17:29:04.0681 1756 [ 5836B9E91863A00EC1B8E785EFD86ECB ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
17:29:04.0712 1756 NBService - ok
17:29:04.0743 1756 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:29:04.0774 1756 NDIS - ok
17:29:04.0774 1756 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:29:04.0805 1756 NdisCap - ok
17:29:04.0821 1756 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:29:04.0852 1756 NdisTapi - ok
17:29:04.0868 1756 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:29:04.0915 1756 Ndisuio - ok
17:29:04.0915 1756 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:29:04.0946 1756 NdisWan - ok
17:29:04.0961 1756 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:29:04.0993 1756 NDProxy - ok
17:29:05.0008 1756 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:29:05.0039 1756 NetBIOS - ok
17:29:05.0055 1756 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:29:05.0086 1756 NetBT - ok
17:29:05.0086 1756 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
17:29:05.0102 1756 Netlogon - ok
17:29:05.0133 1756 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:29:05.0180 1756 Netman - ok
17:29:05.0195 1756 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:29:05.0242 1756 netprofm - ok
17:29:05.0258 1756 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:29:05.0273 1756 NetTcpPortSharing - ok
17:29:05.0289 1756 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:29:05.0305 1756 nfrd960 - ok
17:29:05.0320 1756 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:29:05.0351 1756 NlaSvc - ok
17:29:05.0398 1756 nlsX86cc - ok
17:29:05.0445 1756 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
17:29:05.0461 1756 NMIndexingService - ok
17:29:05.0461 1756 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:29:05.0507 1756 Npfs - ok
17:29:05.0523 1756 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:29:05.0570 1756 nsi - ok
17:29:05.0570 1756 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:29:05.0617 1756 nsiproxy - ok
17:29:05.0663 1756 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:29:05.0695 1756 Ntfs - ok
17:29:05.0710 1756 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:29:05.0726 1756 Null - ok
17:29:05.0929 1756 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:29:06.0069 1756 nvlddmkm - ok
17:29:06.0100 1756 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:29:06.0100 1756 nvraid - ok
17:29:06.0131 1756 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:29:06.0147 1756 nvstor - ok
17:29:06.0163 1756 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
17:29:06.0178 1756 nv_agp - ok
17:29:06.0225 1756 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:29:06.0241 1756 odserv - ok
17:29:06.0256 1756 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:29:06.0272 1756 ohci1394 - ok
17:29:06.0334 1756 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:29:06.0350 1756 ose - ok
17:29:06.0381 1756 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:29:06.0412 1756 p2pimsvc - ok
17:29:06.0443 1756 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:29:06.0459 1756 p2psvc - ok
17:29:06.0475 1756 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:29:06.0490 1756 Parport - ok
17:29:06.0506 1756 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:29:06.0521 1756 partmgr - ok
17:29:06.0537 1756 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:29:06.0568 1756 PcaSvc - ok
17:29:06.0568 1756 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
17:29:06.0584 1756 pci - ok
17:29:06.0599 1756 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
17:29:06.0599 1756 pciide - ok
17:29:06.0615 1756 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:29:06.0631 1756 pcmcia - ok
17:29:06.0631 1756 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:29:06.0646 1756 pcw - ok
17:29:06.0662 1756 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:29:06.0709 1756 PEAUTH - ok
17:29:06.0755 1756 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:29:06.0818 1756 PeerDistSvc - ok
17:29:06.0833 1756 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:29:06.0865 1756 PerfHost - ok
17:29:06.0896 1756 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
17:29:06.0958 1756 pla - ok
17:29:06.0989 1756 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:29:07.0021 1756 PlugPlay - ok
17:29:07.0036 1756 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:29:07.0067 1756 PNRPAutoReg - ok
17:29:07.0083 1756 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:29:07.0099 1756 PNRPsvc - ok
17:29:07.0130 1756 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:29:07.0161 1756 PolicyAgent - ok
17:29:07.0192 1756 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:29:07.0239 1756 Power - ok
17:29:07.0270 1756 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:29:07.0301 1756 PptpMiniport - ok
17:29:07.0317 1756 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:29:07.0348 1756 Processor - ok
17:29:07.0348 1756 prodrv06 - ok
17:29:07.0473 1756 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
17:29:07.0489 1756 ProfSvc - ok
17:29:07.0489 1756 prohlp02 - ok
17:29:07.0520 1756 prosync1 - ok
17:29:07.0535 1756 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:29:07.0551 1756 ProtectedStorage - ok
17:29:07.0551 1756 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:29:07.0598 1756 Psched - ok
17:29:07.0629 1756 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:29:07.0676 1756 ql2300 - ok
17:29:07.0676 1756 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:29:07.0691 1756 ql40xx - ok
17:29:07.0707 1756 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:29:07.0723 1756 QWAVE - ok
17:29:07.0738 1756 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:29:07.0754 1756 QWAVEdrv - ok
17:29:07.0769 1756 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:29:07.0801 1756 RasAcd - ok
17:29:07.0832 1756 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:29:07.0863 1756 RasAgileVpn - ok
17:29:07.0863 1756 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:29:07.0894 1756 RasAuto - ok
17:29:07.0910 1756 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:29:07.0941 1756 Rasl2tp - ok
17:29:07.0957 1756 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
17:29:07.0988 1756 RasMan - ok
17:29:08.0003 1756 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:29:08.0019 1756 RasPppoe - ok
17:29:08.0035 1756 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:29:08.0066 1756 RasSstp - ok
17:29:08.0097 1756 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:29:08.0128 1756 rdbss - ok
17:29:08.0144 1756 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:29:08.0159 1756 rdpbus - ok
17:29:08.0159 1756 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:29:08.0191 1756 RDPCDD - ok
17:29:08.0206 1756 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:29:08.0253 1756 RDPDR - ok
17:29:08.0269 1756 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:29:08.0315 1756 RDPENCDD - ok
17:29:08.0315 1756 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:29:08.0347 1756 RDPREFMP - ok
17:29:08.0362 1756 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:29:08.0409 1756 RDPWD - ok
17:29:08.0425 1756 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:29:08.0425 1756 rdyboost - ok
17:29:08.0456 1756 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:29:08.0503 1756 RemoteAccess - ok
17:29:08.0518 1756 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:29:08.0549 1756 RemoteRegistry - ok
17:29:08.0581 1756 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:29:08.0612 1756 RpcEptMapper - ok
17:29:08.0643 1756 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:29:08.0659 1756 RpcLocator - ok
17:29:08.0674 1756 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
17:29:08.0705 1756 RpcSs - ok
17:29:08.0721 1756 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:29:08.0752 1756 rspndr - ok
17:29:08.0783 1756 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
17:29:08.0799 1756 s3cap - ok
17:29:08.0815 1756 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
17:29:08.0830 1756 SamSs - ok
17:29:08.0846 1756 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
17:29:08.0846 1756 sbp2port - ok
17:29:08.0861 1756 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:29:08.0908 1756 SCardSvr - ok
17:29:08.0908 1756 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:29:08.0955 1756 scfilter - ok
17:29:08.0986 1756 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
17:29:09.0033 1756 Schedule - ok
17:29:09.0049 1756 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:29:09.0064 1756 SCPolicySvc - ok
17:29:09.0111 1756 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:29:09.0189 1756 SDRSVC - ok
17:29:09.0267 1756 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:29:09.0298 1756 secdrv - ok
17:29:09.0314 1756 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
17:29:09.0345 1756 seclogon - ok
17:29:09.0361 1756 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:29:09.0392 1756 SENS - ok
17:29:09.0407 1756 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:29:09.0423 1756 SensrSvc - ok
17:29:09.0485 1756 [ 255476B54C82A89416EFDF09FD62F107 ] Sentinel64 C:\Windows\System32\Drivers\Sentinel64.sys
17:29:09.0485 1756 Sentinel64 - ok
17:29:09.0501 1756 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:29:09.0501 1756 Serenum - ok
17:29:09.0517 1756 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:29:09.0532 1756 Serial - ok
17:29:09.0548 1756 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:29:09.0548 1756 sermouse - ok
17:29:09.0579 1756 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
17:29:09.0595 1756 SessionEnv - ok
17:29:09.0610 1756 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:29:09.0626 1756 sffdisk - ok
17:29:09.0641 1756 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:29:09.0657 1756 sffp_mmc - ok
17:29:09.0673 1756 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:29:09.0688 1756 sffp_sd - ok
17:29:09.0704 1756 sfhlp01 - ok
17:29:09.0704 1756 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:29:09.0719 1756 sfloppy - ok
17:29:09.0735 1756 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:29:09.0782 1756 SharedAccess - ok
17:29:09.0813 1756 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:29:09.0844 1756 ShellHWDetection - ok
17:29:09.0860 1756 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:29:09.0875 1756 SiSRaid2 - ok
17:29:09.0891 1756 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:29:09.0891 1756 SiSRaid4 - ok
17:29:09.0953 1756 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:29:09.0953 1756 SkypeUpdate - ok
17:29:09.0969 1756 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:29:10.0000 1756 Smb - ok
17:29:10.0016 1756 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:29:10.0031 1756 SNMPTRAP - ok
17:29:10.0078 1756 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
17:29:10.0094 1756 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:29:10.0094 1756 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:29:10.0109 1756 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:29:10.0109 1756 spldr - ok
17:29:10.0141 1756 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
17:29:10.0187 1756 Spooler - ok
17:29:10.0250 1756 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
17:29:10.0328 1756 sppsvc - ok
17:29:10.0343 1756 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:29:10.0390 1756 sppuinotify - ok
17:29:10.0437 1756 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
17:29:10.0468 1756 sptd - ok
17:29:10.0499 1756 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:29:10.0531 1756 srv - ok
17:29:10.0546 1756 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:29:10.0562 1756 srv2 - ok
17:29:10.0593 1756 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:29:10.0624 1756 srvnet - ok
17:29:10.0655 1756 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:29:10.0687 1756 SSDPSRV - ok
17:29:10.0702 1756 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:29:10.0733 1756 SstpSvc - ok
17:29:10.0765 1756 StarOpen - ok
17:29:10.0780 1756 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:29:10.0780 1756 stexstor - ok
17:29:10.0811 1756 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
17:29:10.0843 1756 stisvc - ok
17:29:10.0874 1756 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
17:29:10.0874 1756 storflt - ok
17:29:10.0889 1756 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
17:29:10.0936 1756 StorSvc - ok
17:29:10.0952 1756 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
17:29:10.0952 1756 storvsc - ok
17:29:10.0952 1756 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:29:10.0967 1756 swenum - ok
17:29:10.0999 1756 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:29:11.0030 1756 swprv - ok
17:29:11.0061 1756 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
17:29:11.0123 1756 SysMain - ok
17:29:11.0139 1756 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:29:11.0155 1756 TabletInputService - ok
17:29:11.0170 1756 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
17:29:11.0217 1756 TapiSrv - ok
17:29:11.0233 1756 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:29:11.0248 1756 TBS - ok
17:29:11.0311 1756 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:29:11.0357 1756 Tcpip - ok
17:29:11.0404 1756 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:29:11.0435 1756 TCPIP6 - ok
17:29:11.0435 1756 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:29:11.0467 1756 tcpipreg - ok
17:29:11.0482 1756 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:29:11.0498 1756 TDPIPE - ok
17:29:11.0529 1756 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:29:11.0560 1756 TDTCP - ok
17:29:11.0576 1756 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:29:11.0607 1756 tdx - ok
17:29:11.0623 1756 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:29:11.0623 1756 TermDD - ok
17:29:11.0654 1756 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
17:29:11.0701 1756 TermService - ok
17:29:11.0716 1756 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:29:11.0732 1756 Themes - ok
17:29:11.0747 1756 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:29:11.0779 1756 THREADORDER - ok
17:29:11.0810 1756 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:29:11.0841 1756 TrkWks - ok
17:29:11.0888 1756 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:29:11.0919 1756 TrustedInstaller - ok
17:29:11.0919 1756 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:29:11.0966 1756 tssecsrv - ok
17:29:11.0981 1756 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:29:12.0028 1756 tunnel - ok
17:29:12.0044 1756 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:29:12.0059 1756 uagp35 - ok
17:29:12.0075 1756 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:29:12.0106 1756 udfs - ok
17:29:12.0122 1756 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:29:12.0137 1756 UI0Detect - ok
17:29:12.0169 1756 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
17:29:12.0169 1756 uliagpkx - ok
17:29:12.0200 1756 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:29:12.0231 1756 umbus - ok
17:29:12.0247 1756 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:29:12.0247 1756 UmPass - ok
17:29:12.0278 1756 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
17:29:12.0293 1756 UmRdpService - ok
17:29:12.0356 1756 [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
17:29:12.0371 1756 UMVPFSrv - ok
17:29:12.0387 1756 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:29:12.0418 1756 upnphost - ok
17:29:12.0449 1756 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:29:12.0465 1756 usbaudio - ok
17:29:12.0496 1756 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:29:12.0527 1756 usbccgp - ok
17:29:12.0543 1756 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:29:12.0559 1756 usbcir - ok
17:29:12.0590 1756 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:29:12.0605 1756 usbehci - ok
17:29:12.0637 1756 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:29:12.0668 1756 usbhub - ok
17:29:12.0683 1756 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:29:12.0715 1756 usbohci - ok
17:29:12.0730 1756 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:29:12.0746 1756 usbprint - ok
17:29:12.0777 1756 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:29:12.0808 1756 USBSTOR - ok
17:29:12.0824 1756 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:29:12.0839 1756 usbuhci - ok
17:29:12.0871 1756 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:29:12.0886 1756 UxSms - ok
17:29:12.0902 1756 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
17:29:12.0917 1756 VaultSvc - ok
17:29:12.0933 1756 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
17:29:12.0949 1756 vdrvroot - ok
17:29:12.0964 1756 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
17:29:12.0980 1756 vds - ok
17:29:12.0995 1756 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:29:12.0995 1756 vga - ok
17:29:13.0011 1756 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:29:13.0042 1756 VgaSave - ok
17:29:13.0074 1756 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
17:29:13.0089 1756 vhdmp - ok
17:29:13.0089 1756 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
17:29:13.0105 1756 viaide - ok
17:29:13.0120 1756 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
17:29:13.0136 1756 vmbus - ok
17:29:13.0152 1756 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
17:29:13.0167 1756 VMBusHID - ok
17:29:13.0198 1756 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
17:29:13.0230 1756 volmgr - ok
17:29:13.0245 1756 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:29:13.0261 1756 volmgrx - ok
17:29:13.0276 1756 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
17:29:13.0292 1756 volsnap - ok
17:29:13.0308 1756 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:29:13.0308 1756 vsmraid - ok
17:29:13.0354 1756 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
17:29:13.0401 1756 VSS - ok
17:29:13.0417 1756 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:29:13.0432 1756 vwifibus - ok
17:29:13.0464 1756 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:29:13.0495 1756 vwififlt - ok
17:29:13.0510 1756 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:29:13.0526 1756 vwifimp - ok
17:29:13.0542 1756 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:29:13.0573 1756 W32Time - ok
17:29:13.0588 1756 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:29:13.0604 1756 WacomPen - ok
17:29:13.0635 1756 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:29:13.0666 1756 WANARP - ok
17:29:13.0682 1756 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:29:13.0713 1756 Wanarpv6 - ok
17:29:13.0776 1756 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:29:13.0822 1756 WatAdminSvc - ok
17:29:13.0869 1756 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
17:29:13.0932 1756 wbengine - ok
17:29:13.0947 1756 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:29:13.0963 1756 WbioSrvc - ok
17:29:13.0994 1756 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:29:14.0025 1756 wcncsvc - ok
17:29:14.0025 1756 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:29:14.0056 1756 WcsPlugInService - ok
17:29:14.0056 1756 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:29:14.0072 1756 Wd - ok
17:29:14.0088 1756 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:29:14.0119 1756 Wdf01000 - ok
17:29:14.0119 1756 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:29:14.0150 1756 WdiServiceHost - ok
17:29:14.0150 1756 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:29:14.0166 1756 WdiSystemHost - ok
17:29:14.0197 1756 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
17:29:14.0212 1756 WebClient - ok
17:29:14.0228 1756 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:29:14.0275 1756 Wecsvc - ok
17:29:14.0322 1756 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:29:14.0353 1756 wercplsupport - ok
17:29:14.0368 1756 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:29:14.0400 1756 WerSvc - ok
17:29:14.0415 1756 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:29:14.0446 1756 WfpLwf - ok
17:29:14.0462 1756 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:29:14.0478 1756 WIMMount - ok
17:29:14.0493 1756 WinDefend - ok
17:29:14.0493 1756 WinHttpAutoProxySvc - ok
17:29:14.0540 1756 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:29:14.0571 1756 Winmgmt - ok
17:29:14.0618 1756 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
17:29:14.0696 1756 WinRM - ok
17:29:14.0758 1756 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:29:14.0758 1756 WinUsb - ok
17:29:14.0790 1756 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:29:14.0821 1756 Wlansvc - ok
17:29:14.0836 1756 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:29:14.0868 1756 WmiAcpi - ok
17:29:14.0899 1756 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:29:14.0914 1756 wmiApSrv - ok
17:29:14.0930 1756 WMPNetworkSvc - ok
17:29:14.0961 1756 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:29:14.0961 1756 WPCSvc - ok
17:29:14.0977 1756 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:29:15.0008 1756 WPDBusEnum - ok
17:29:15.0008 1756 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:29:15.0055 1756 ws2ifsl - ok
17:29:15.0055 1756 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
17:29:15.0086 1756 wscsvc - ok
17:29:15.0086 1756 WSearch - ok
17:29:15.0148 1756 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:29:15.0211 1756 wuauserv - ok
17:29:15.0226 1756 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:29:15.0258 1756 WudfPf - ok
17:29:15.0273 1756 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:29:15.0304 1756 WUDFRd - ok
17:29:15.0320 1756 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:29:15.0367 1756 wudfsvc - ok
17:29:15.0382 1756 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:29:15.0414 1756 WwanSvc - ok
17:29:15.0429 1756 ================ Scan global ===============================
17:29:15.0445 1756 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:29:15.0476 1756 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
17:29:15.0492 1756 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
17:29:15.0523 1756 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:29:15.0538 1756 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:29:15.0538 1756 [Global] - ok
17:29:15.0554 1756 ================ Scan MBR ==================================
17:29:15.0554 1756 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:29:15.0835 1756 \Device\Harddisk0\DR0 - ok
17:29:15.0835 1756 ================ Scan VBR ==================================
17:29:15.0835 1756 [ 57584D8ADE82DAE4BD5DA50A0D53F9E4 ] \Device\Harddisk0\DR0\Partition1
17:29:15.0835 1756 \Device\Harddisk0\DR0\Partition1 - ok
17:29:15.0835 1756 [ 6C2A59BEB25B7315F55CE509B816B25D ] \Device\Harddisk0\DR0\Partition2
17:29:15.0835 1756 \Device\Harddisk0\DR0\Partition2 - ok
17:29:15.0835 1756 ============================================================
17:29:15.0835 1756 Scan finished
17:29:15.0835 1756 ============================================================
17:29:15.0835 2156 Detected object count: 3
17:29:15.0835 2156 Actual detected object count: 3
17:30:10.0684 2156 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:30:10.0684 2156 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
17:30:10.0684 2156 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:30:10.0684 2156 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:30:10.0684 2156 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:30:10.0684 2156 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.10.2012, 16:34
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.10.2012, 16:55
| #29 |
| | Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... hey hier die Datei. GAb keine Probleme. Combofix Logfile: Code:
ATTFilter ComboFix 12-10-10.02 - Corny 10.10.2012 17:46:32.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.8191.6741 [GMT 2:00]
ausgeführt von:: c:\users\Corny\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Corny\AppData\Roaming\Microsoft\Installer\msupdates
c:\users\Corny\AppData\Roaming\srvblck5.tmp
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-10 bis 2012-10-10 ))))))))))))))))))))))))))))))
.
.
2012-10-10 15:50 . 2012-10-10 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 13:43 . 2012-10-10 14:38 -------- d-----w- C:\_OTL
2012-10-07 19:54 . 2012-10-07 19:54 -------- d-----w- c:\program files (x86)\ESET
2012-10-06 12:18 . 2012-10-06 12:18 -------- d-----w- c:\users\Corny\AppData\Roaming\Malwarebytes
2012-10-06 12:17 . 2012-10-06 12:17 -------- d-----w- c:\programdata\Malwarebytes
2012-10-06 12:17 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-06 12:17 . 2012-10-06 12:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-25 10:13 . 2012-09-25 10:13 -------- d-----w- c:\users\Corny\AppData\Roaming\Avira
2012-09-25 10:07 . 2012-09-07 18:26 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-25 10:07 . 2012-09-07 18:26 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-25 10:07 . 2012-09-07 18:26 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-25 10:07 . 2012-09-25 10:07 -------- d-----w- c:\program files (x86)\Avira
2012-09-25 07:28 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F54309F9-C656-46BE-995C-B14679F605DC}\mpengine.dll
2012-09-22 17:00 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll
2012-09-22 16:59 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
2012-09-22 16:59 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-09-22 16:59 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Corny\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 136176]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-20 1431888]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-07 113120]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-19 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-11 834544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-07 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-07 86224]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 35535699
*Deregistered* - 35535699
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 19:20]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 19:20]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-896563546-880670934-68609815-1001Core.job
- c:\users\Corny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 16:54]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-896563546-880670934-68609815-1001UA.job
- c:\users\Corny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 16:54]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~3\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Corny\AppData\Roaming\Mozilla\Firefox\Profiles\xbxeikb2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-DivXUpdate - c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-896563546-880670934-68609815-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:68,d0,72,14,23,ab,2a,a6,87,ee,21,38,64,c8,b4,2b,39,b8,a1,da,bf,28,15,
42,e6,d8,c2,47,89,ab,ea,3c,68,4f,8b,fa,e6,55,9a,15,7a,d8,14,3f,3f,3f,51,22,\
"??"=hex:e7,10,fa,77,03,47,f1,05,3e,26,ea,98,51,cb,9e,cf
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-10 17:51:50
ComboFix-quarantined-files.txt 2012-10-10 15:51
.
Vor Suchlauf: 16 Verzeichnis(se), 33.756.549.120 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 33.374.838.784 Bytes frei
.
- - End Of File - - A3006E1259BFFF0B6C4259899BA9B0E2
MFG Corny |
|
10.10.2012, 20:14
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... |
| abgesicherten, ahnung, alarm, betriebssystem, brauche, computer, datei, erreiche, erstell, erstellt, fehler, hoffe, installiert, löschen, modus, nutze, polizei-virus, programm, scan, scanne, scannen, schei, texte, trojaner, verschiedene, warum, win |
Linear-Darstellung
