| |
| |||||||
Log-Analyse und Auswertung: Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.10.2012, 10:10
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.10.2012, 10:23
| #17 |
 | Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? Hallo,
__________________hier ist das Log: Code:
ATTFilter 11:23:55.0176 7704 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:23:55.0376 7704 ============================================================
11:23:55.0376 7704 Current date / time: 2012/10/22 11:23:55.0376
11:23:55.0376 7704 SystemInfo:
11:23:55.0376 7704
11:23:55.0376 7704 OS Version: 6.1.7601 ServicePack: 1.0
11:23:55.0376 7704 Product type: Workstation
11:23:55.0376 7704 ComputerName: ANDA-TOSH
11:23:55.0376 7704 UserName: Anda
11:23:55.0376 7704 Windows directory: C:\windows
11:23:55.0376 7704 System windows directory: C:\windows
11:23:55.0376 7704 Running under WOW64
11:23:55.0376 7704 Processor architecture: Intel x64
11:23:55.0376 7704 Number of processors: 4
11:23:55.0376 7704 Page size: 0x1000
11:23:55.0376 7704 Boot type: Normal boot
11:23:55.0376 7704 ============================================================
11:23:55.0706 7704 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:23:55.0706 7704 Drive \Device\Harddisk1\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:23:55.0716 7704 ============================================================
11:23:55.0716 7704 \Device\Harddisk0\DR0:
11:23:55.0716 7704 MBR partitions:
11:23:55.0716 7704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1D7E8800
11:23:55.0726 7704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DAD7800, BlocksNum 0x1A85D800
11:23:55.0726 7704 \Device\Harddisk1\DR2:
11:23:55.0726 7704 MBR partitions:
11:23:55.0726 7704 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x2542D681
11:23:55.0726 7704 ============================================================
11:23:55.0766 7704 C: <-> \Device\Harddisk0\DR0\Partition1
11:23:55.0776 7704 G: <-> \Device\Harddisk1\DR2\Partition1
11:23:55.0806 7704 E: <-> \Device\Harddisk0\DR0\Partition2
11:23:55.0806 7704 ============================================================
11:23:55.0806 7704 Initialize success
11:23:55.0806 7704 ============================================================
11:24:00.0927 7844 ============================================================
11:24:00.0927 7844 Scan started
11:24:00.0927 7844 Mode: Manual; SigCheck; TDLFS;
11:24:00.0927 7844 ============================================================
11:24:01.0239 7844 ================ Scan system memory ========================
11:24:01.0239 7844 System memory - ok
11:24:01.0239 7844 ================ Scan services =============================
11:24:01.0473 7844 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
11:24:01.0535 7844 1394ohci - ok
11:24:01.0582 7844 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
11:24:01.0613 7844 ACPI - ok
11:24:01.0613 7844 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
11:24:01.0629 7844 AcpiPmi - ok
11:24:01.0753 7844 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:24:01.0769 7844 AdobeARMservice - ok
11:24:01.0956 7844 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:24:01.0972 7844 AdobeFlashPlayerUpdateSvc - ok
11:24:02.0019 7844 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
11:24:02.0050 7844 adp94xx - ok
11:24:02.0097 7844 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
11:24:02.0128 7844 adpahci - ok
11:24:02.0159 7844 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
11:24:02.0175 7844 adpu320 - ok
11:24:02.0206 7844 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
11:24:02.0253 7844 AeLookupSvc - ok
11:24:02.0299 7844 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
11:24:02.0331 7844 AFD - ok
11:24:02.0346 7844 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
11:24:02.0362 7844 agp440 - ok
11:24:02.0393 7844 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
11:24:02.0409 7844 ALG - ok
11:24:02.0424 7844 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
11:24:02.0440 7844 aliide - ok
11:24:02.0471 7844 [ 2437C0697BA89FC5FCF2ADE491BDC2B3 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
11:24:02.0518 7844 AMD External Events Utility - ok
11:24:02.0518 7844 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
11:24:02.0533 7844 amdide - ok
11:24:02.0565 7844 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
11:24:02.0580 7844 AmdK8 - ok
11:24:02.0799 7844 [ 184F11D8B76FACFE16390C4C47D32B5D ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
11:24:02.0923 7844 amdkmdag - ok
11:24:02.0986 7844 [ 54BC6F0E471033D8B22FB5E5BEA343EE ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
11:24:03.0017 7844 amdkmdap - ok
11:24:03.0033 7844 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
11:24:03.0064 7844 AmdPPM - ok
11:24:03.0095 7844 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
11:24:03.0111 7844 amdsata - ok
11:24:03.0126 7844 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
11:24:03.0142 7844 amdsbs - ok
11:24:03.0157 7844 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
11:24:03.0173 7844 amdxata - ok
11:24:03.0235 7844 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:24:03.0251 7844 AntiVirSchedulerService - ok
11:24:03.0267 7844 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:24:03.0282 7844 AntiVirService - ok
11:24:03.0282 7844 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
11:24:03.0329 7844 AppID - ok
11:24:03.0360 7844 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
11:24:03.0376 7844 AppIDSvc - ok
11:24:03.0391 7844 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
11:24:03.0423 7844 Appinfo - ok
11:24:03.0454 7844 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
11:24:03.0469 7844 arc - ok
11:24:03.0469 7844 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
11:24:03.0469 7844 arcsas - ok
11:24:03.0485 7844 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
11:24:03.0516 7844 AsyncMac - ok
11:24:03.0532 7844 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
11:24:03.0532 7844 atapi - ok
11:24:03.0594 7844 [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
11:24:03.0625 7844 AtiHDAudioService - ok
11:24:03.0657 7844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:24:03.0703 7844 AudioEndpointBuilder - ok
11:24:03.0719 7844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
11:24:03.0750 7844 AudioSrv - ok
11:24:03.0800 7844 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
11:24:03.0820 7844 avgntflt - ok
11:24:03.0850 7844 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
11:24:03.0860 7844 avipbb - ok
11:24:03.0880 7844 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
11:24:03.0890 7844 avkmgr - ok
11:24:03.0950 7844 [ 7692F4B242E45870873CAF4CB85CF769 ] AxAutoMntSrv C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
11:24:03.0970 7844 AxAutoMntSrv - ok
11:24:04.0010 7844 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
11:24:04.0040 7844 AxInstSV - ok
11:24:04.0070 7844 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
11:24:04.0080 7844 b06bdrv - ok
11:24:04.0130 7844 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
11:24:04.0160 7844 b57nd60a - ok
11:24:04.0180 7844 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
11:24:04.0190 7844 BDESVC - ok
11:24:04.0210 7844 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
11:24:04.0250 7844 Beep - ok
11:24:04.0290 7844 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
11:24:04.0320 7844 BFE - ok
11:24:04.0360 7844 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
11:24:04.0390 7844 BITS - ok
11:24:04.0420 7844 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
11:24:04.0430 7844 blbdrive - ok
11:24:04.0460 7844 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
11:24:04.0470 7844 bowser - ok
11:24:04.0480 7844 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
11:24:04.0490 7844 BrFiltLo - ok
11:24:04.0510 7844 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
11:24:04.0520 7844 BrFiltUp - ok
11:24:04.0550 7844 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
11:24:04.0560 7844 Browser - ok
11:24:04.0590 7844 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
11:24:04.0600 7844 Brserid - ok
11:24:04.0610 7844 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
11:24:04.0620 7844 BrSerWdm - ok
11:24:04.0640 7844 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
11:24:04.0650 7844 BrUsbMdm - ok
11:24:04.0660 7844 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
11:24:04.0670 7844 BrUsbSer - ok
11:24:04.0710 7844 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
11:24:04.0720 7844 BthEnum - ok
11:24:04.0740 7844 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
11:24:04.0750 7844 BTHMODEM - ok
11:24:04.0770 7844 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
11:24:04.0780 7844 BthPan - ok
11:24:04.0830 7844 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
11:24:04.0850 7844 BTHPORT - ok
11:24:04.0890 7844 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
11:24:04.0910 7844 bthserv - ok
11:24:04.0930 7844 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
11:24:04.0940 7844 BTHUSB - ok
11:24:04.0950 7844 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
11:24:04.0980 7844 cdfs - ok
11:24:04.0990 7844 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
11:24:05.0000 7844 cdrom - ok
11:24:05.0030 7844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
11:24:05.0060 7844 CertPropSvc - ok
11:24:05.0070 7844 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
11:24:05.0080 7844 circlass - ok
11:24:05.0120 7844 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
11:24:05.0150 7844 CLFS - ok
11:24:05.0240 7844 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:24:05.0260 7844 clr_optimization_v2.0.50727_32 - ok
11:24:05.0320 7844 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:24:05.0330 7844 clr_optimization_v2.0.50727_64 - ok
11:24:05.0400 7844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:24:05.0420 7844 clr_optimization_v4.0.30319_32 - ok
11:24:05.0470 7844 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:24:05.0490 7844 clr_optimization_v4.0.30319_64 - ok
11:24:05.0510 7844 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
11:24:05.0520 7844 CmBatt - ok
11:24:05.0540 7844 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
11:24:05.0550 7844 cmdide - ok
11:24:05.0590 7844 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
11:24:05.0610 7844 CNG - ok
11:24:05.0630 7844 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
11:24:05.0630 7844 Compbatt - ok
11:24:05.0660 7844 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
11:24:05.0670 7844 CompositeBus - ok
11:24:05.0670 7844 COMSysApp - ok
11:24:05.0690 7844 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
11:24:05.0690 7844 crcdisk - ok
11:24:05.0730 7844 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
11:24:05.0740 7844 CryptSvc - ok
11:24:05.0770 7844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
11:24:05.0840 7844 DcomLaunch - ok
11:24:05.0870 7844 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
11:24:05.0890 7844 defragsvc - ok
11:24:05.0910 7844 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
11:24:05.0930 7844 DfsC - ok
11:24:05.0950 7844 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
11:24:05.0980 7844 Dhcp - ok
11:24:05.0990 7844 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
11:24:06.0020 7844 discache - ok
11:24:06.0030 7844 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
11:24:06.0040 7844 Disk - ok
11:24:06.0070 7844 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
11:24:06.0080 7844 Dnscache - ok
11:24:06.0090 7844 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
11:24:06.0120 7844 dot3svc - ok
11:24:06.0120 7844 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
11:24:06.0150 7844 DPS - ok
11:24:06.0190 7844 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
11:24:06.0200 7844 drmkaud - ok
11:24:06.0220 7844 [ 85DBF6EC7BDFA6187F4A1EC8F3145CD0 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
11:24:06.0240 7844 DXGKrnl - ok
11:24:06.0270 7844 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
11:24:06.0296 7844 EapHost - ok
11:24:06.0343 7844 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
11:24:06.0374 7844 ebdrv - ok
11:24:06.0405 7844 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
11:24:06.0405 7844 EFS - ok
11:24:06.0467 7844 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
11:24:06.0483 7844 ehRecvr - ok
11:24:06.0499 7844 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
11:24:06.0514 7844 ehSched - ok
11:24:06.0545 7844 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
11:24:06.0561 7844 elxstor - ok
11:24:06.0561 7844 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
11:24:06.0577 7844 ErrDev - ok
11:24:06.0639 7844 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
11:24:06.0670 7844 EventSystem - ok
11:24:06.0701 7844 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
11:24:06.0717 7844 exfat - ok
11:24:06.0748 7844 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
11:24:06.0764 7844 fastfat - ok
11:24:06.0795 7844 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
11:24:06.0811 7844 Fax - ok
11:24:06.0826 7844 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
11:24:06.0826 7844 fdc - ok
11:24:06.0857 7844 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
11:24:06.0889 7844 fdPHost - ok
11:24:06.0935 7844 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
11:24:06.0951 7844 FDResPub - ok
11:24:06.0998 7844 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
11:24:07.0013 7844 FileInfo - ok
11:24:07.0029 7844 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
11:24:07.0045 7844 Filetrace - ok
11:24:07.0076 7844 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
11:24:07.0076 7844 flpydisk - ok
11:24:07.0091 7844 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
11:24:07.0107 7844 FltMgr - ok
11:24:07.0138 7844 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
11:24:07.0169 7844 FontCache - ok
11:24:07.0232 7844 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:24:07.0263 7844 FontCache3.0.0.0 - ok
11:24:07.0294 7844 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
11:24:07.0310 7844 FsDepends - ok
11:24:07.0357 7844 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
11:24:07.0372 7844 Fs_Rec - ok
11:24:07.0435 7844 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
11:24:07.0450 7844 fvevol - ok
11:24:07.0481 7844 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
11:24:07.0481 7844 gagp30kx - ok
11:24:07.0528 7844 [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe
11:24:07.0528 7844 GFNEXSrv - ok
11:24:07.0575 7844 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
11:24:07.0606 7844 gpsvc - ok
11:24:07.0622 7844 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
11:24:07.0637 7844 hcw85cir - ok
11:24:07.0669 7844 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:24:07.0684 7844 HdAudAddService - ok
11:24:07.0700 7844 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
11:24:07.0715 7844 HDAudBus - ok
11:24:07.0715 7844 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
11:24:07.0731 7844 HidBatt - ok
11:24:07.0762 7844 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
11:24:07.0778 7844 HidBth - ok
11:24:07.0793 7844 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
11:24:07.0809 7844 HidIr - ok
11:24:07.0840 7844 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
11:24:07.0871 7844 hidserv - ok
11:24:07.0871 7844 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
11:24:07.0887 7844 HidUsb - ok
11:24:07.0903 7844 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
11:24:07.0934 7844 hkmsvc - ok
11:24:07.0949 7844 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:24:07.0965 7844 HomeGroupListener - ok
11:24:07.0996 7844 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:24:08.0006 7844 HomeGroupProvider - ok
11:24:08.0026 7844 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
11:24:08.0026 7844 HpSAMD - ok
11:24:08.0076 7844 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
11:24:08.0126 7844 HTTP - ok
11:24:08.0146 7844 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
11:24:08.0156 7844 hwpolicy - ok
11:24:08.0166 7844 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
11:24:08.0176 7844 i8042prt - ok
11:24:08.0206 7844 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
11:24:08.0216 7844 iaStor - ok
11:24:08.0236 7844 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
11:24:08.0246 7844 iaStorV - ok
11:24:08.0296 7844 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:24:08.0306 7844 idsvc - ok
11:24:08.0336 7844 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
11:24:08.0336 7844 iirsp - ok
11:24:08.0456 7844 [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
11:24:08.0476 7844 IJPLMSVC - ok
11:24:08.0526 7844 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
11:24:08.0576 7844 IKEEXT - ok
11:24:08.0666 7844 [ F242E36CDA231701CFA702641C20FAEC ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
11:24:08.0726 7844 IntcAzAudAddService - ok
11:24:08.0736 7844 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
11:24:08.0736 7844 intelide - ok
11:24:08.0766 7844 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
11:24:08.0776 7844 intelppm - ok
11:24:08.0806 7844 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
11:24:08.0826 7844 IPBusEnum - ok
11:24:08.0846 7844 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
11:24:08.0876 7844 IpFilterDriver - ok
11:24:08.0916 7844 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
11:24:08.0946 7844 iphlpsvc - ok
11:24:08.0946 7844 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
11:24:08.0956 7844 IPMIDRV - ok
11:24:08.0966 7844 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
11:24:08.0996 7844 IPNAT - ok
11:24:09.0046 7844 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
11:24:09.0086 7844 IRENUM - ok
11:24:09.0116 7844 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
11:24:09.0136 7844 isapnp - ok
11:24:09.0146 7844 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
11:24:09.0166 7844 iScsiPrt - ok
11:24:09.0206 7844 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\windows\system32\DRIVERS\iusb3hcs.sys
11:24:09.0216 7844 iusb3hcs - ok
11:24:09.0256 7844 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\windows\system32\DRIVERS\iusb3hub.sys
11:24:09.0266 7844 iusb3hub - ok
11:24:09.0296 7844 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\windows\system32\DRIVERS\iusb3xhc.sys
11:24:09.0316 7844 iusb3xhc - ok
11:24:09.0326 7844 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
11:24:09.0336 7844 kbdclass - ok
11:24:09.0366 7844 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
11:24:09.0366 7844 kbdhid - ok
11:24:09.0376 7844 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
11:24:09.0386 7844 KeyIso - ok
11:24:09.0416 7844 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
11:24:09.0426 7844 KSecDD - ok
11:24:09.0436 7844 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
11:24:09.0446 7844 KSecPkg - ok
11:24:09.0456 7844 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
11:24:09.0486 7844 ksthunk - ok
11:24:09.0506 7844 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
11:24:09.0536 7844 KtmRm - ok
11:24:09.0576 7844 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
11:24:09.0596 7844 LanmanServer - ok
11:24:09.0616 7844 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:24:09.0646 7844 LanmanWorkstation - ok
11:24:09.0656 7844 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
11:24:09.0676 7844 lltdio - ok
11:24:09.0706 7844 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
11:24:09.0736 7844 lltdsvc - ok
11:24:09.0746 7844 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
11:24:09.0776 7844 lmhosts - ok
11:24:09.0816 7844 [ AB41542FA180CB3317F597ED7E7D5C5D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:24:09.0826 7844 LMS - ok
11:24:09.0856 7844 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
11:24:09.0866 7844 LSI_FC - ok
11:24:09.0896 7844 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
11:24:09.0896 7844 LSI_SAS - ok
11:24:09.0916 7844 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
11:24:09.0926 7844 LSI_SAS2 - ok
11:24:09.0936 7844 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
11:24:09.0946 7844 LSI_SCSI - ok
11:24:09.0976 7844 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
11:24:09.0996 7844 luafv - ok
11:24:10.0056 7844 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
11:24:10.0076 7844 MBAMProtector - ok
11:24:10.0156 7844 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:24:10.0196 7844 MBAMScheduler - ok
11:24:10.0226 7844 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
11:24:10.0246 7844 MBAMService - ok
11:24:10.0276 7844 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
11:24:10.0306 7844 Mcx2Svc - ok
11:24:10.0336 7844 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
11:24:10.0366 7844 megasas - ok
11:24:10.0386 7844 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
11:24:10.0406 7844 MegaSR - ok
11:24:10.0426 7844 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
11:24:10.0436 7844 MEIx64 - ok
11:24:10.0466 7844 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
11:24:10.0486 7844 MMCSS - ok
11:24:10.0496 7844 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
11:24:10.0526 7844 Modem - ok
11:24:10.0556 7844 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
11:24:10.0566 7844 monitor - ok
11:24:10.0576 7844 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
11:24:10.0586 7844 mouclass - ok
11:24:10.0586 7844 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
11:24:10.0596 7844 mouhid - ok
11:24:10.0606 7844 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
11:24:10.0616 7844 mountmgr - ok
11:24:10.0676 7844 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:24:10.0686 7844 MozillaMaintenance - ok
11:24:10.0726 7844 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
11:24:10.0736 7844 mpio - ok
11:24:10.0756 7844 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
11:24:10.0786 7844 mpsdrv - ok
11:24:10.0816 7844 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
11:24:10.0856 7844 MpsSvc - ok
11:24:10.0866 7844 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
11:24:10.0876 7844 MRxDAV - ok
11:24:10.0906 7844 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
11:24:10.0916 7844 mrxsmb - ok
11:24:10.0936 7844 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
11:24:10.0946 7844 mrxsmb10 - ok
11:24:10.0976 7844 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
11:24:10.0986 7844 mrxsmb20 - ok
11:24:10.0986 7844 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
11:24:10.0996 7844 msahci - ok
11:24:11.0006 7844 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
11:24:11.0016 7844 msdsm - ok
11:24:11.0046 7844 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
11:24:11.0056 7844 MSDTC - ok
11:24:11.0086 7844 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
11:24:11.0116 7844 Msfs - ok
11:24:11.0136 7844 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
11:24:11.0166 7844 mshidkmdf - ok
11:24:11.0186 7844 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
11:24:11.0196 7844 msisadrv - ok
11:24:11.0236 7844 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
11:24:11.0266 7844 MSiSCSI - ok
11:24:11.0266 7844 msiserver - ok
11:24:11.0286 7844 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
11:24:11.0306 7844 MSKSSRV - ok
11:24:11.0326 7844 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
11:24:11.0346 7844 MSPCLOCK - ok
11:24:11.0366 7844 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
11:24:11.0386 7844 MSPQM - ok
11:24:11.0406 7844 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
11:24:11.0416 7844 MsRPC - ok
11:24:11.0436 7844 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
11:24:11.0436 7844 mssmbios - ok
11:24:11.0456 7844 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
11:24:11.0486 7844 MSTEE - ok
11:24:11.0506 7844 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
11:24:11.0506 7844 MTConfig - ok
11:24:11.0536 7844 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
11:24:11.0546 7844 Mup - ok
11:24:11.0576 7844 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
11:24:11.0606 7844 napagent - ok
11:24:11.0626 7844 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
11:24:11.0646 7844 NativeWifiP - ok
11:24:11.0676 7844 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
11:24:11.0696 7844 NDIS - ok
11:24:11.0706 7844 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
11:24:11.0736 7844 NdisCap - ok
11:24:11.0776 7844 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
11:24:11.0806 7844 NdisTapi - ok
11:24:11.0846 7844 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
11:24:11.0876 7844 Ndisuio - ok
11:24:11.0886 7844 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
11:24:11.0916 7844 NdisWan - ok
11:24:11.0956 7844 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
11:24:11.0986 7844 NDProxy - ok
11:24:11.0986 7844 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
11:24:12.0016 7844 NetBIOS - ok
11:24:12.0026 7844 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
11:24:12.0056 7844 NetBT - ok
11:24:12.0076 7844 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
11:24:12.0086 7844 Netlogon - ok
11:24:12.0116 7844 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
11:24:12.0146 7844 Netman - ok
11:24:12.0156 7844 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
11:24:12.0186 7844 netprofm - ok
11:24:12.0216 7844 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:24:12.0226 7844 NetTcpPortSharing - ok
11:24:12.0256 7844 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
11:24:12.0266 7844 nfrd960 - ok
11:24:12.0286 7844 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
11:24:12.0316 7844 NlaSvc - ok
11:24:12.0336 7844 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
11:24:12.0366 7844 Npfs - ok
11:24:12.0376 7844 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
11:24:12.0396 7844 nsi - ok
11:24:12.0416 7844 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
11:24:12.0436 7844 nsiproxy - ok
11:24:12.0496 7844 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
11:24:12.0516 7844 Ntfs - ok
11:24:12.0546 7844 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
11:24:12.0576 7844 Null - ok
11:24:12.0586 7844 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
11:24:12.0596 7844 nvraid - ok
11:24:12.0616 7844 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
11:24:12.0626 7844 nvstor - ok
11:24:12.0636 7844 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
11:24:12.0646 7844 nv_agp - ok
11:24:12.0666 7844 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
11:24:12.0676 7844 ohci1394 - ok
11:24:12.0696 7844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
11:24:12.0716 7844 p2pimsvc - ok
11:24:12.0726 7844 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
11:24:12.0746 7844 p2psvc - ok
11:24:12.0776 7844 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
11:24:12.0786 7844 Parport - ok
11:24:12.0816 7844 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
11:24:12.0816 7844 partmgr - ok
11:24:12.0836 7844 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
11:24:12.0846 7844 PcaSvc - ok
11:24:12.0876 7844 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
11:24:12.0876 7844 pci - ok
11:24:12.0906 7844 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
11:24:12.0916 7844 pciide - ok
11:24:12.0936 7844 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
11:24:12.0946 7844 pcmcia - ok
11:24:12.0956 7844 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
11:24:12.0966 7844 pcw - ok
11:24:12.0996 7844 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
11:24:13.0026 7844 PEAUTH - ok
11:24:13.0076 7844 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
11:24:13.0086 7844 PerfHost - ok
11:24:13.0126 7844 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
11:24:13.0136 7844 PGEffect - ok
11:24:13.0176 7844 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
11:24:13.0206 7844 pla - ok
11:24:13.0236 7844 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
11:24:13.0246 7844 PlugPlay - ok
11:24:13.0256 7844 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
11:24:13.0266 7844 PNRPAutoReg - ok
11:24:13.0276 7844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
11:24:13.0296 7844 PNRPsvc - ok
11:24:13.0326 7844 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
11:24:13.0356 7844 PolicyAgent - ok
11:24:13.0376 7844 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
11:24:13.0386 7844 Power - ok
11:24:13.0416 7844 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
11:24:13.0446 7844 PptpMiniport - ok
11:24:13.0466 7844 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
11:24:13.0476 7844 Processor - ok
11:24:13.0496 7844 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
11:24:13.0506 7844 ProfSvc - ok
11:24:13.0526 7844 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
11:24:13.0526 7844 ProtectedStorage - ok
11:24:13.0566 7844 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
11:24:13.0586 7844 Psched - ok
11:24:13.0636 7844 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
11:24:13.0666 7844 ql2300 - ok
11:24:13.0676 7844 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
11:24:13.0686 7844 ql40xx - ok
11:24:13.0716 7844 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
11:24:13.0736 7844 QWAVE - ok
11:24:13.0756 7844 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
11:24:13.0766 7844 QWAVEdrv - ok
11:24:13.0786 7844 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
11:24:13.0806 7844 RasAcd - ok
11:24:13.0846 7844 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
11:24:13.0866 7844 RasAgileVpn - ok
11:24:13.0886 7844 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
11:24:13.0916 7844 RasAuto - ok
11:24:13.0946 7844 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
11:24:13.0976 7844 Rasl2tp - ok
11:24:13.0996 7844 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
11:24:14.0016 7844 RasMan - ok
11:24:14.0036 7844 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
11:24:14.0066 7844 RasPppoe - ok
11:24:14.0076 7844 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
11:24:14.0106 7844 RasSstp - ok
11:24:14.0126 7844 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
11:24:14.0156 7844 rdbss - ok
11:24:14.0186 7844 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
11:24:14.0196 7844 rdpbus - ok
11:24:14.0216 7844 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
11:24:14.0236 7844 RDPCDD - ok
11:24:14.0256 7844 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
11:24:14.0276 7844 RDPENCDD - ok
11:24:14.0286 7844 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
11:24:14.0316 7844 RDPREFMP - ok
11:24:14.0346 7844 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
11:24:14.0356 7844 RDPWD - ok
11:24:14.0386 7844 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
11:24:14.0396 7844 rdyboost - ok
11:24:14.0416 7844 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
11:24:14.0446 7844 RemoteAccess - ok
11:24:14.0476 7844 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
11:24:14.0496 7844 RemoteRegistry - ok
11:24:14.0546 7844 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
11:24:14.0556 7844 RFCOMM - ok
11:24:14.0576 7844 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
11:24:14.0596 7844 RpcEptMapper - ok
11:24:14.0616 7844 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
11:24:14.0626 7844 RpcLocator - ok
11:24:14.0636 7844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
11:24:14.0686 7844 RpcSs - ok
11:24:14.0716 7844 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
11:24:14.0746 7844 rspndr - ok
11:24:14.0796 7844 [ BB1C3DF1D6CC0972E9C7268A19E62D2E ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
11:24:14.0806 7844 RSUSBSTOR - ok
11:24:14.0836 7844 [ B708BBAB80C60EE613DEE52A1A0A8538 ] RtkBtFilter C:\windows\system32\DRIVERS\RtkBtfilter.sys
11:24:14.0836 7844 RtkBtFilter - ok
11:24:14.0876 7844 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
11:24:14.0886 7844 RTL8167 - ok
11:24:14.0946 7844 [ 8328468053CEDFD7198BEE178C501989 ] RTL8192Ce C:\windows\system32\DRIVERS\rtwlane.sys
11:24:14.0956 7844 RTL8192Ce - ok
11:24:14.0976 7844 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
11:24:14.0986 7844 SamSs - ok
11:24:15.0006 7844 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
11:24:15.0016 7844 sbp2port - ok
11:24:15.0036 7844 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
11:24:15.0066 7844 SCardSvr - ok
11:24:15.0096 7844 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
11:24:15.0116 7844 scfilter - ok
11:24:15.0146 7844 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
11:24:15.0186 7844 Schedule - ok
11:24:15.0206 7844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
11:24:15.0236 7844 SCPolicySvc - ok
11:24:15.0256 7844 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
11:24:15.0266 7844 SDRSVC - ok
11:24:15.0306 7844 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
11:24:15.0326 7844 secdrv - ok
11:24:15.0356 7844 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
11:24:15.0376 7844 seclogon - ok
11:24:15.0396 7844 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
11:24:15.0426 7844 SENS - ok
11:24:15.0446 7844 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
11:24:15.0456 7844 SensrSvc - ok
11:24:15.0476 7844 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
11:24:15.0486 7844 Serenum - ok
11:24:15.0516 7844 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
11:24:15.0526 7844 Serial - ok
11:24:15.0536 7844 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
11:24:15.0546 7844 sermouse - ok
11:24:15.0566 7844 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
11:24:15.0596 7844 SessionEnv - ok
11:24:15.0616 7844 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
11:24:15.0626 7844 sffdisk - ok
11:24:15.0636 7844 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
11:24:15.0646 7844 sffp_mmc - ok
11:24:15.0656 7844 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
11:24:15.0666 7844 sffp_sd - ok
11:24:15.0666 7844 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
11:24:15.0676 7844 sfloppy - ok
11:24:15.0716 7844 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
11:24:15.0746 7844 SharedAccess - ok
11:24:15.0776 7844 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:24:15.0806 7844 ShellHWDetection - ok
11:24:15.0836 7844 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
11:24:15.0846 7844 SiSRaid2 - ok
11:24:15.0856 7844 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
11:24:15.0866 7844 SiSRaid4 - ok
11:24:15.0916 7844 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:24:15.0926 7844 SkypeUpdate - ok
11:24:15.0946 7844 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
11:24:15.0976 7844 Smb - ok
11:24:16.0006 7844 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
11:24:16.0016 7844 SNMPTRAP - ok
11:24:16.0046 7844 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
11:24:16.0056 7844 spldr - ok
11:24:16.0086 7844 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
11:24:16.0106 7844 Spooler - ok
11:24:16.0176 7844 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
11:24:16.0236 7844 sppsvc - ok
11:24:16.0266 7844 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
11:24:16.0286 7844 sppuinotify - ok
11:24:16.0336 7844 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\windows\System32\Drivers\sptd.sys
11:24:16.0356 7844 sptd - ok
11:24:16.0416 7844 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
11:24:16.0426 7844 srv - ok
11:24:16.0436 7844 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
11:24:16.0446 7844 srv2 - ok
11:24:16.0466 7844 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
11:24:16.0476 7844 srvnet - ok
11:24:16.0506 7844 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
11:24:16.0536 7844 SSDPSRV - ok
11:24:16.0556 7844 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
11:24:16.0576 7844 SstpSvc - ok
11:24:16.0666 7844 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
11:24:16.0666 7844 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
11:24:16.0666 7844 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
11:24:16.0706 7844 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
11:24:16.0716 7844 stexstor - ok
11:24:16.0746 7844 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
11:24:16.0766 7844 stisvc - ok
11:24:16.0786 7844 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
11:24:16.0796 7844 swenum - ok
11:24:16.0826 7844 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
11:24:16.0856 7844 swprv - ok
11:24:16.0896 7844 [ B868E292FBA5B62B9FC71572A5FAEF5C ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
11:24:16.0906 7844 SynTP - ok
11:24:16.0946 7844 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
11:24:16.0966 7844 SysMain - ok
11:24:16.0996 7844 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
11:24:17.0006 7844 TabletInputService - ok
11:24:17.0016 7844 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
11:24:17.0046 7844 TapiSrv - ok
11:24:17.0066 7844 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
11:24:17.0086 7844 TBS - ok
11:24:17.0156 7844 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
11:24:17.0206 7844 Tcpip - ok
11:24:17.0226 7844 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
11:24:17.0256 7844 TCPIP6 - ok
11:24:17.0296 7844 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
11:24:17.0316 7844 tcpipreg - ok
11:24:17.0376 7844 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
11:24:17.0396 7844 tdcmdpst - ok
11:24:17.0446 7844 TDEIO - ok
11:24:17.0466 7844 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
11:24:17.0496 7844 TDPIPE - ok
11:24:17.0526 7844 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
11:24:17.0536 7844 TDTCP - ok
11:24:17.0586 7844 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
11:24:17.0636 7844 tdx - ok
11:24:17.0712 7844 [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
11:24:17.0728 7844 TemproMonitoringService - ok
11:24:17.0728 7844 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
11:24:17.0759 7844 TermDD - ok
11:24:17.0790 7844 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
11:24:17.0821 7844 TermService - ok
11:24:17.0837 7844 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
11:24:17.0852 7844 Themes - ok
11:24:17.0868 7844 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
11:24:17.0888 7844 THREADORDER - ok
11:24:17.0998 7844 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
11:24:18.0008 7844 TMachInfo - ok
11:24:18.0038 7844 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
11:24:18.0048 7844 TODDSrv - ok
11:24:18.0158 7844 [ 4AE80C5F7772C4FB2A762F70AD4A111E ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:24:18.0188 7844 TosCoSrv - ok
11:24:18.0228 7844 [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
11:24:18.0258 7844 TOSHIBA Bluetooth Service - ok
11:24:18.0308 7844 [ 6E2330FB032ED3EBEFC1349AD7081A98 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
11:24:18.0328 7844 TOSHIBA eco Utility Service - ok
11:24:18.0398 7844 [ 9338C2DEB14CA2804BCB3276CB7EB4FD ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:24:18.0408 7844 TOSHIBA HDD SSD Alert Service - ok
11:24:18.0438 7844 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\windows\system32\DRIVERS\tosporte.sys
11:24:18.0448 7844 tosporte - ok
11:24:18.0488 7844 [ B9FA0498F6CC596FFA5CF47A04CD1785 ] tosrfbd C:\windows\system32\DRIVERS\tosrfbd.sys
11:24:18.0498 7844 tosrfbd - ok
11:24:18.0528 7844 [ 90F0B1745ABF13F44C2A6ED79F7CE9FB ] tosrfbnp C:\windows\system32\Drivers\tosrfbnp.sys
11:24:18.0538 7844 tosrfbnp - ok
11:24:18.0548 7844 [ 9E4E65EA51E34647340BD6007467AC54 ] Tosrfcom C:\windows\system32\Drivers\tosrfcom.sys
11:24:18.0558 7844 Tosrfcom - ok
11:24:18.0598 7844 [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
11:24:18.0598 7844 tosrfec - ok
11:24:18.0628 7844 [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid C:\windows\system32\DRIVERS\Tosrfhid.sys
11:24:18.0628 7844 Tosrfhid - ok
11:24:18.0668 7844 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\windows\system32\DRIVERS\tosrfnds.sys
11:24:18.0668 7844 tosrfnds - ok
11:24:18.0698 7844 [ 7052B10E54B48AF12BD5606596A8E039 ] TosRfSnd C:\windows\system32\drivers\tosrfsnd.sys
11:24:18.0708 7844 TosRfSnd - ok
11:24:18.0738 7844 [ AF8A0D2E2A41043A77CA77CCBDB8D9C2 ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
11:24:18.0748 7844 Tosrfusb - ok
11:24:18.0788 7844 [ 36CDD894395BEC46EFB14F49D77D3D82 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
11:24:18.0808 7844 TPCHSrv - ok
11:24:18.0828 7844 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
11:24:18.0858 7844 TrkWks - ok
11:24:18.0918 7844 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:24:18.0948 7844 TrustedInstaller - ok
11:24:18.0978 7844 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
11:24:18.0998 7844 tssecsrv - ok
11:24:19.0018 7844 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
11:24:19.0028 7844 TsUsbFlt - ok
11:24:19.0058 7844 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
11:24:19.0058 7844 TsUsbGD - ok
11:24:19.0078 7844 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
11:24:19.0108 7844 tunnel - ok
11:24:19.0138 7844 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
11:24:19.0148 7844 TVALZ - ok
11:24:19.0178 7844 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
11:24:19.0178 7844 TVALZFL - ok
11:24:19.0198 7844 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
11:24:19.0198 7844 uagp35 - ok
11:24:19.0238 7844 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
11:24:19.0268 7844 udfs - ok
11:24:19.0298 7844 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
11:24:19.0308 7844 UI0Detect - ok
11:24:19.0318 7844 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
11:24:19.0328 7844 uliagpkx - ok
11:24:19.0338 7844 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
11:24:19.0348 7844 umbus - ok
11:24:19.0368 7844 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
11:24:19.0378 7844 UmPass - ok
11:24:19.0398 7844 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
11:24:19.0428 7844 upnphost - ok
11:24:19.0458 7844 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
11:24:19.0468 7844 usbccgp - ok
11:24:19.0488 7844 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
11:24:19.0498 7844 usbcir - ok
11:24:19.0518 7844 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
11:24:19.0528 7844 usbehci - ok
11:24:19.0568 7844 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
11:24:19.0578 7844 usbhub - ok
11:24:19.0598 7844 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
11:24:19.0608 7844 usbohci - ok
11:24:19.0628 7844 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
11:24:19.0638 7844 usbprint - ok
11:24:19.0668 7844 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
11:24:19.0678 7844 usbscan - ok
11:24:19.0708 7844 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
11:24:19.0718 7844 USBSTOR - ok
11:24:19.0728 7844 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
11:24:19.0738 7844 usbuhci - ok
11:24:19.0768 7844 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
11:24:19.0778 7844 usbvideo - ok
11:24:19.0818 7844 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\windows\system32\drivers\usb8023x.sys
11:24:19.0818 7844 usb_rndisx - ok
11:24:19.0848 7844 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
11:24:19.0878 7844 UxSms - ok
11:24:19.0888 7844 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
11:24:19.0898 7844 VaultSvc - ok
11:24:19.0918 7844 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
11:24:19.0928 7844 vdrvroot - ok
11:24:19.0938 7844 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
11:24:19.0968 7844 vds - ok
11:24:19.0998 7844 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
11:24:19.0998 7844 vga - ok
11:24:20.0014 7844 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
11:24:20.0045 7844 VgaSave - ok
11:24:20.0060 7844 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
11:24:20.0060 7844 vhdmp - ok
11:24:20.0076 7844 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
11:24:20.0092 7844 viaide - ok
11:24:20.0107 7844 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
11:24:20.0107 7844 volmgr - ok
11:24:20.0123 7844 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
11:24:20.0138 7844 volmgrx - ok
11:24:20.0154 7844 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
11:24:20.0170 7844 volsnap - ok
11:24:20.0201 7844 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
11:24:20.0201 7844 vsmraid - ok
11:24:20.0279 7844 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
11:24:20.0326 7844 VSS - ok
11:24:20.0341 7844 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
11:24:20.0357 7844 vwifibus - ok
11:24:20.0372 7844 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
11:24:20.0388 7844 vwififlt - ok
11:24:20.0404 7844 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
11:24:20.0435 7844 W32Time - ok
11:24:20.0466 7844 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
11:24:20.0466 7844 WacomPen - ok
11:24:20.0482 7844 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
11:24:20.0513 7844 WANARP - ok
11:24:20.0513 7844 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
11:24:20.0544 7844 Wanarpv6 - ok
11:24:20.0606 7844 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
11:24:20.0622 7844 WatAdminSvc - ok
11:24:20.0684 7844 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
11:24:20.0716 7844 wbengine - ok
11:24:20.0731 7844 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
11:24:20.0747 7844 WbioSrvc - ok
11:24:20.0747 7844 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
11:24:20.0762 7844 wcncsvc - ok
11:24:20.0794 7844 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:24:20.0794 7844 WcsPlugInService - ok
11:24:20.0825 7844 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
11:24:20.0825 7844 Wd - ok
11:24:20.0840 7844 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
11:24:20.0856 7844 Wdf01000 - ok
11:24:20.0872 7844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
11:24:20.0887 7844 WdiServiceHost - ok
11:24:20.0887 7844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
11:24:20.0903 7844 WdiSystemHost - ok
11:24:20.0918 7844 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
11:24:20.0934 7844 WebClient - ok
11:24:20.0950 7844 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
11:24:20.0981 7844 Wecsvc - ok
11:24:20.0996 7844 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
11:24:21.0028 7844 wercplsupport - ok
11:24:21.0043 7844 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
11:24:21.0074 7844 WerSvc - ok
11:24:21.0090 7844 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
11:24:21.0121 7844 WfpLwf - ok
11:24:21.0152 7844 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
11:24:21.0152 7844 WIMMount - ok
11:24:21.0208 7844 WinDefend - ok
11:24:21.0208 7844 WinHttpAutoProxySvc - ok
11:24:21.0268 7844 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
11:24:21.0338 7844 Winmgmt - ok
11:24:21.0378 7844 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
11:24:21.0428 7844 WinRM - ok
11:24:21.0498 7844 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
11:24:21.0538 7844 Wlansvc - ok
11:24:21.0558 7844 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
11:24:21.0558 7844 WmiAcpi - ok
11:24:21.0578 7844 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
11:24:21.0588 7844 wmiApSrv - ok
11:24:21.0628 7844 WMPNetworkSvc - ok
11:24:21.0658 7844 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
11:24:21.0678 7844 WPCSvc - ok
11:24:21.0698 7844 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
11:24:21.0718 7844 WPDBusEnum - ok
11:24:21.0748 7844 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
11:24:21.0778 7844 ws2ifsl - ok
11:24:21.0788 7844 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
11:24:21.0808 7844 wscsvc - ok
11:24:21.0808 7844 WSearch - ok
11:24:21.0898 7844 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
11:24:21.0938 7844 wuauserv - ok
11:24:21.0968 7844 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
11:24:21.0998 7844 WudfPf - ok
11:24:22.0028 7844 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
11:24:22.0058 7844 WUDFRd - ok
11:24:22.0078 7844 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
11:24:22.0108 7844 wudfsvc - ok
11:24:22.0118 7844 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\windows\System32\wwansvc.dll
11:24:22.0128 7844 WwanSvc - ok
11:24:22.0158 7844 ================ Scan global ===============================
11:24:22.0198 7844 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
11:24:22.0228 7844 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
11:24:22.0238 7844 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
11:24:22.0258 7844 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
11:24:22.0278 7844 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
11:24:22.0288 7844 [Global] - ok
11:24:22.0288 7844 ================ Scan MBR ==================================
11:24:22.0298 7844 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
11:24:22.0548 7844 \Device\Harddisk0\DR0 - ok
11:24:22.0548 7844 [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk1\DR2
11:24:22.0838 7844 \Device\Harddisk1\DR2 - ok
11:24:22.0838 7844 ================ Scan VBR ==================================
11:24:22.0868 7844 [ F0A4C44DD544C7D86F001BBFA00E9B95 ] \Device\Harddisk0\DR0\Partition1
11:24:22.0868 7844 \Device\Harddisk0\DR0\Partition1 - ok
11:24:22.0898 7844 [ 0038EBB469A45248B440505F0FFB7F66 ] \Device\Harddisk0\DR0\Partition2
11:24:22.0898 7844 \Device\Harddisk0\DR0\Partition2 - ok
11:24:22.0908 7844 [ F615F39C16195D4BB067B24C92D57CF5 ] \Device\Harddisk1\DR2\Partition1
11:24:22.0908 7844 \Device\Harddisk1\DR2\Partition1 - ok
11:24:22.0908 7844 ============================================================
11:24:22.0908 7844 Scan finished
11:24:22.0908 7844 ============================================================
11:24:22.0928 7896 Detected object count: 1
11:24:22.0928 7896 Actual detected object count: 1
11:24:26.0117 7896 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:26.0117 7896 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.10.2012, 11:39
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
22.10.2012, 12:05
| #19 |
| | Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? Hallo, hier das Log: Was mich aber interessiert, warum löscht das Programm dieses Bild von mir? Siehe Log. Code:
ATTFilter ComboFix 12-10-21.02 - Anda 22.10.2012 12:56:51.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4056.2850 [GMT 2:00]
ausgeführt von:: c:\users\Anda\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\OLYMPUS Master 2\20110404230712
c:\users\OLYMPUS Master 2\20110404230712\Rosenhain.jpg
G:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-22 bis 2012-10-22 ))))))))))))))))))))))))))))))
.
.
2012-10-22 10:59 . 2012-10-22 10:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-20 13:26 . 2012-10-20 13:26 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-20 13:26 . 2012-10-20 13:26 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-19 13:52 . 2012-10-19 13:53 -------- d-----w- c:\users\Untertags
2012-10-19 12:11 . 2012-10-19 20:22 -------- d-----w- c:\users\Anda\AppData\Local\Microsoft Games
2012-10-19 09:46 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-19 09:45 . 2012-10-19 09:49 -------- d-----w- c:\programdata\AVAST Software
2012-10-19 09:39 . 2012-10-19 09:39 -------- d-----w- c:\program files\Defraggler
2012-10-19 08:40 . 2012-10-19 08:40 -------- d-----w- c:\users\Anda\AppData\Local\Toshiba Corporation
2012-10-19 08:31 . 2012-10-19 08:31 -------- d-----w- c:\programdata\TOSHIBA Tempro
2012-10-19 08:31 . 2012-10-19 08:31 -------- d-----w- c:\programdata\IsolatedStorage
2012-10-19 00:24 . 2012-10-19 00:24 -------- d-----w- c:\windows\SysWow64\Wat
2012-10-19 00:24 . 2012-10-19 00:24 -------- d-----w- c:\windows\system32\Wat
2012-10-19 00:09 . 2012-09-27 22:18 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-18 23:50 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-10-18 23:28 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-18 23:28 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-18 23:28 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-18 23:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-18 23:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-18 23:19 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-10-18 23:19 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-10-18 23:19 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-10-18 23:19 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-10-18 23:19 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-10-18 23:19 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-18 23:16 . 2012-08-20 18:48 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-10-18 23:12 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-18 23:11 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-18 23:09 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-10-18 23:09 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-18 23:09 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-18 23:09 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-10-18 23:09 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-10-18 23:09 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-10-18 23:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-10-18 23:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-10-18 23:09 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-10-18 23:09 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-18 23:09 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-18 23:03 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-10-18 23:03 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-10-18 22:55 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-10-18 22:55 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-10-18 22:55 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-10-18 22:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-18 22:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-18 22:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-18 22:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-18 22:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-18 22:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-18 22:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-10-18 22:48 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-18 22:48 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-10-18 22:10 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-18 21:39 . 2012-10-18 21:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-10-18 20:28 . 2012-10-18 20:27 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-18 19:57 . 2012-10-18 19:57 -------- d-----w- c:\windows\Sun
2012-10-18 19:35 . 2012-10-18 19:35 -------- d-----w- c:\program files\Enigma Software Group
2012-10-18 18:54 . 2012-10-18 18:54 -------- d-----w- c:\users\Anda\AppData\Roaming\Malwarebytes
2012-10-18 18:54 . 2012-10-18 18:54 -------- d-----w- c:\programdata\Malwarebytes
2012-10-17 15:10 . 2012-10-19 08:27 -------- d-----r- c:\users\Anda\Dropbox
2012-10-17 15:08 . 2012-10-19 08:29 -------- d-----w- c:\users\Anda\AppData\Roaming\Dropbox
2012-10-10 11:07 . 2012-10-10 11:40 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-09-29 07:46 . 2012-09-29 07:46 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-26 20:06 . 2012-09-26 20:07 -------- d-----w- c:\users\Anda\AppData\Local\Nero
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-19 10:28 . 2012-02-17 05:19 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-19 10:28 . 2012-02-17 05:19 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-18 20:27 . 2012-02-17 05:14 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-04 19:53 . 2012-09-04 19:53 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-08-20 17:38 . 2012-10-18 23:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Anda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Anda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Anda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2012-01-05 75624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-20 343168]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Untertags\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 250808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-20 115168]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys [2012-01-05 21096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-19 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R4 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-01-05 75624]
R4 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-01-20 235520]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-01-20 10731520]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-01-20 328192]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-17 251496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtwlane.sys [2012-01-17 1082472]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 41930125
*NewlyCreated* - 97501668
*Deregistered* - 41930125
*Deregistered* - 97501668
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-17 10:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Anda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Anda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Anda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Anda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-01 12446824]
"SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-02-06 2165120]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Anda\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Anda\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Anda\AppData\Roaming\Mozilla\Firefox\Profiles\8g0urw25.default-1349795840589\
FF - ExtSQL: 2012-10-18 23:12; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Anda\AppData\Roaming\Mozilla\Firefox\Profiles\8g0urw25.default-1349795840589\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2012-10-18 23:13; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Anda\AppData\Roaming\Mozilla\Firefox\Profiles\8g0urw25.default-1349795840589\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-10-18 23:13; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Anda\AppData\Roaming\Mozilla\Firefox\Profiles\8g0urw25.default-1349795840589\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-22 13:01:03
ComboFix-quarantined-files.txt 2012-10-22 11:01
.
Vor Suchlauf: 8 Verzeichnis(se), 218.647.781.376 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 218.252.869.632 Bytes frei
.
- - End Of File - - 9943C59B935420FDD2AD098DDEA61B97
|
|
22.10.2012, 12:27
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? Kopier das Bild zurück, zu finden in C:Qoobox... Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 13:33
| #21 |
| | Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? Hallo, hier die Logs: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-22 14:01:55
Windows 6.1.7601 Service Pack 1
Running: o3ug2umh.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\9cb70db154ca (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x36 0x35 0x77 0x4C ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA6 0x23 0x94 0x7A ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6C 0x94 0xE5 0x88 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:09:16 on 22.10.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 16.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "AxSWindCx64.cpl" - "Alcohol Soft Development Team" - C:\windows\system32\AxSWindCx64.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a8kgyh19" (a8kgyh19) - "Intel Corporation" - C:\windows\system32\drivers\a8kgyh19.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbam.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\windows\System32\Drivers\sptd.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth" - ? - (File not found | COM-object registry key not found) {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} "{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Anda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "USB3MON" - "Intel Corporation" - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe "TMachInfo" (TMachInfo) - "TOSHIBA Corporation" - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe "TOSHIBA eco Utility Service" (TOSHIBA eco Utility Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TECO\TecoService.exe "TOSHIBA HDD SSD Alert Service" (TOSHIBA HDD SSD Alert Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe "TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\windows\system32\TODDSrv.exe "TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe "TPCH Service" (TPCHSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-22 14:09:35
-----------------------------
14:09:35.198 OS Version: Windows x64 6.1.7601 Service Pack 1
14:09:35.198 Number of processors: 4 586 0x2A07
14:09:35.198 ComputerName: ANDA-TOSH UserName: Anda
14:09:35.931 Initialize success
14:25:23.515 AVAST engine defs: 12102200
14:25:48.405 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:25:48.405 Disk 0 Vendor: TOSHIBA_ GT00 Size: 476940MB BusType: 3
14:25:48.425 Disk 0 MBR read successfully
14:25:48.425 Disk 0 MBR scan
14:25:48.475 Disk 0 Windows VISTA default MBR code
14:25:48.495 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:25:48.515 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 241617 MB offset 3074048
14:25:48.525 Disk 0 Partition - 00 0F Extended LBA 217276 MB offset 497905664
14:25:48.565 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 16546 MB offset 942886912
14:25:48.605 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 217275 MB offset 497907712
14:25:48.645 Disk 0 scanning C:\windows\system32\drivers
14:25:58.785 Service scanning
14:26:36.861 Modules scanning
14:26:37.211 Disk 0 trace - called modules:
14:26:37.271 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
14:26:37.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005053790]
14:26:37.281 3 CLASSPNP.SYS[fffff88001d8643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005056050]
14:26:38.121 AVAST engine scan C:\windows
14:26:41.201 AVAST engine scan C:\windows\system32
14:30:08.812 AVAST engine scan C:\windows\system32\drivers
14:30:21.492 AVAST engine scan C:\Users\Anda
14:32:31.473 Disk 0 MBR has been saved successfully to "C:\Users\Anda\Desktop\MBR.dat"
14:32:31.473 The log file has been saved successfully to "C:\Users\Anda\Desktop\aswMBR.txt"
|
|
22.10.2012, 14:26
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 15:43
| #23 |
| | Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? Hallo, hier die Logs: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/22/2012 at 04:38 PM
Application Version : 5.6.1012
Core Rules Database Version : 9448
Trace Rules Database Version: 7260
Scan type : Complete Scan
Total Scan Time : 00:49:11
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 709
Memory threats detected : 0
Registry items scanned : 76251
Registry threats detected : 0
File items scanned : 55857
File threats detected : 66
Adware.Tracking Cookie
C:\Users\Anda\AppData\Roaming\Microsoft\Windows\Cookies\JQN5JWXF.txt [ /atdmt.com ]
C:\Users\Anda\AppData\Roaming\Microsoft\Windows\Cookies\MCK9OALU.txt [ /apmebf.com ]
C:\Users\Anda\AppData\Roaming\Microsoft\Windows\Cookies\VOA5TZ1X.txt [ /mediaplex.com ]
C:\Users\Anda\AppData\Roaming\Microsoft\Windows\Cookies\MTWVA7IP.txt [ /c.atdmt.com ]
C:\Users\Anda\AppData\Roaming\Microsoft\Windows\Cookies\0MTIQAT5.txt [ /fastclick.net ]
C:\USERS\ANDA\Cookies\JQN5JWXF.txt [ Cookie:anda@atdmt.com/ ]
C:\USERS\ANDA\Cookies\VOA5TZ1X.txt [ Cookie:anda@mediaplex.com/ ]
C:\USERS\ANDA\Cookies\0MTIQAT5.txt [ Cookie:anda@fastclick.net/ ]
.doubleclick.net [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.tele2.112.2o7.net [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
www.findmyhome.at [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.autoscout24.112.2o7.net [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
tracking.mobile.de [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
www.findmyhome.at [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.hellporno.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ads2.zeusclicks.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.enoratraffic.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ads.trafficjunky.net [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ads.crakmedia.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ads.pornerbros.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
panzertraffic.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
livestat.derstandard.at [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
Code:
ATTFilter 2012/10/22 10:21:24 +0200 ANDA-TOSH Anda IP-BLOCK 88.208.33.4 (Type: outgoing, Port: 54602, Process: firefox.exe)
2012/10/22 10:21:24 +0200 ANDA-TOSH Anda IP-BLOCK 204.160.98.253 (Type: outgoing, Port: 54625, Process: firefox.exe)
2012/10/22 10:24:21 +0200 ANDA-TOSH Anda IP-BLOCK 8.27.4.126 (Type: outgoing, Port: 54929, Process: firefox.exe)
2012/10/22 10:24:49 +0200 ANDA-TOSH Anda MESSAGE Starting database refresh
2012/10/22 10:24:49 +0200 ANDA-TOSH Anda MESSAGE Stopping IP protection
2012/10/22 10:24:49 +0200 ANDA-TOSH Anda MESSAGE IP Protection stopped successfully
2012/10/22 10:24:51 +0200 ANDA-TOSH Anda MESSAGE Database refreshed successfully
2012/10/22 10:24:51 +0200 ANDA-TOSH Anda MESSAGE Starting IP protection
2012/10/22 10:24:52 +0200 ANDA-TOSH Anda MESSAGE IP Protection started successfully
2012/10/22 10:34:57 +0200 ANDA-TOSH Anda IP-BLOCK 88.208.33.4 (Type: outgoing, Port: 56121, Process: firefox.exe)
2012/10/22 11:06:05 +0200 ANDA-TOSH Anda MESSAGE Executing scheduled update: Daily
2012/10/22 11:06:10 +0200 ANDA-TOSH Anda MESSAGE Scheduled update executed successfully: database updated from version v2012.10.21.08 to version v2012.10.22.01
2012/10/22 11:06:10 +0200 ANDA-TOSH Anda MESSAGE Starting database refresh
2012/10/22 11:06:10 +0200 ANDA-TOSH Anda MESSAGE Stopping IP protection
2012/10/22 11:06:10 +0200 ANDA-TOSH Anda MESSAGE IP Protection stopped successfully
2012/10/22 11:06:12 +0200 ANDA-TOSH Anda MESSAGE Database refreshed successfully
2012/10/22 11:06:12 +0200 ANDA-TOSH Anda MESSAGE Starting IP protection
2012/10/22 11:06:13 +0200 ANDA-TOSH Anda MESSAGE IP Protection started successfully
2012/10/22 11:23:48 +0200 ANDA-TOSH Anda MESSAGE Stopping protection
2012/10/22 11:23:48 +0200 ANDA-TOSH Anda MESSAGE Protection stopped successfully
2012/10/22 11:23:48 +0200 ANDA-TOSH Anda MESSAGE Stopping IP protection
2012/10/22 11:23:49 +0200 ANDA-TOSH Anda MESSAGE IP Protection stopped successfully
2012/10/22 11:23:49 +0200 ANDA-TOSH Anda MESSAGE Protection stopped
|
|
22.10.2012, 15:47
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? Das ist jetzt aber kein Scan-Log von Malwarebytes, das wäre ein Protection-Log.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 16:01
| #25 |
| | Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? Hallo, entschuldige, ich hab mich in der Zeile vertan, hier bitte. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.22.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Anda :: ANDA-TOSH [Administrator] Schutz: Deaktiviert 22.10.2012 15:45:56 mbam-log-2012-10-22 (15-45-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 344888 Laufzeit: 56 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
22.10.2012, 16:03
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg?Code:
ATTFilter UAC On - Limited User
Bitte so wie es in der Anleitung steht auch ausführen! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 17:21
| #27 |
| | Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? Hallo, das kann ich dir jetzt leider nicht mehr sagen mhm, ich hab nochmal gemacht und per Rechtsklick und "Als Administratro ausführen" gestartet. Hier das Log: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/22/2012 at 06:19 PM
Application Version : 5.6.1012
Core Rules Database Version : 9448
Trace Rules Database Version: 7260
Scan type : Complete Scan
Total Scan Time : 00:27:19
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 709
Memory threats detected : 0
Registry items scanned : 76251
Registry threats detected : 0
File items scanned : 55536
File threats detected : 66
Adware.Tracking Cookie
C:\Users\Anda\AppData\Roaming\Microsoft\Windows\Cookies\JQN5JWXF.txt [ /atdmt.com ]
C:\Users\Anda\AppData\Roaming\Microsoft\Windows\Cookies\MCK9OALU.txt [ /apmebf.com ]
C:\Users\Anda\AppData\Roaming\Microsoft\Windows\Cookies\VOA5TZ1X.txt [ /mediaplex.com ]
C:\Users\Anda\AppData\Roaming\Microsoft\Windows\Cookies\MTWVA7IP.txt [ /c.atdmt.com ]
C:\Users\Anda\AppData\Roaming\Microsoft\Windows\Cookies\0MTIQAT5.txt [ /fastclick.net ]
C:\USERS\ANDA\Cookies\JQN5JWXF.txt [ Cookie:anda@atdmt.com/ ]
C:\USERS\ANDA\Cookies\VOA5TZ1X.txt [ Cookie:anda@mediaplex.com/ ]
C:\USERS\ANDA\Cookies\0MTIQAT5.txt [ Cookie:anda@fastclick.net/ ]
.doubleclick.net [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.tele2.112.2o7.net [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
www.findmyhome.at [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.autoscout24.112.2o7.net [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
tracking.mobile.de [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
www.findmyhome.at [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.hellporno.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ads2.zeusclicks.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.enoratraffic.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ads.trafficjunky.net [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ads.crakmedia.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ads.pornerbros.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
panzertraffic.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
livestat.derstandard.at [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\ANDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8G0URW25.DEFAULT-1349795840589\COOKIES.SQLITE ]
|
|
22.10.2012, 20:15
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 20:41
| #29 |
| | Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? Hallo, danke für die Infos, ich arbeite mich morgen mal durch. Nein, das System läuft tadellos. Vielen Dank für die Hilfe!! Gruß Andreas |
|
23.10.2012, 16:06
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg? |
| andreas, avira, exedatei, explorer.exe, files, funde, gefunde, gelöscht, grafiken, keine funde, ordner, polizei, program, programmes, schonmal, system, textdatei, titel, troja, trojaner, ukash, unsicher, verzeichnis, wirklich |
Linear-Darstellung
