| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Cybercrime Investigation VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.11.2012, 20:42
| #1 |
 |  Cybercrime Investigation Virus Nawas soll ich sagen....  Im abgesicherten Modus mit Netzwerktreibernkommt auch immer wieder diese fake -Meldung betr. Cybercrime. Ich habe bereits eine CD mit OTLPENet.exe gebrannt, aber jedesmal wenn ich via optical drive boote, stellt mir mein Windows 7 Laptop ab???? Geschätzte Trojaner-Board Helfer Ich weiss ich hätte zuerst einen eigenen Thread eröffnen sollen, bin aber leider etwas ungeduldig gewesen, gestern abend. In der Zwischenzeit ist es mir gelungen von der OTLPE CD zu booten und einen Scan durchzuführen.  Ich wäre sehr dankbar, wenn mir jemand weiter helfen könnte. Gruss M |
|
12.11.2012, 13:35
| #2 |
| /// Malware-holic   | Cybercrime Investigation Virus hi,
__________________wie soll das denn genau ohne die scan ergebnisse ablaufen? bitte poste sie, dann werden wir sicher was machen können.
__________________ |
|
12.11.2012, 15:25
| #3 |
| | Cybercrime Investigation Virus Hallo,
__________________Ich kann von meinem verseuchten Laptop nicht aufs Internet... Jetzt habe ich OTL.Txt auf einen USB Stick kopiert, aber wie poste ich nun das Log hier im Forum, von einem gesunden 2. Gerät? Lg mark Also in Zukunft versuche ich vor dem Fragen selber raus zu finden wie was gemacht wird!!!  Ich hoffe das ist richtig so: Code:
ATTFilter OTL logfile created on: 11/12/2012 3:09:22 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 74.34 Mb Free Space | 74.34% Space Free | Partition Type: NTFS
Drive D: | 111.69 Gb Total Space | 1.91 Gb Free Space | 1.71% Space Free | Partition Type: NTFS
Drive E: | 493.71 Mb Total Space | 308.21 Mb Free Space | 62.43% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/01 18:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/01 17:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/01 17:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/12 04:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/10 09:40:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/06 00:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto] -- D:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
========== Driver Services (SafeList) ==========
DRV - [2012/04/27 03:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/24 17:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 14:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/26 12:38:28 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2011/05/13 11:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot] -- D:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 11:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/05/10 01:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/17 08:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/03 09:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2007/11/02 06:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV - [2007/11/02 06:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s217obex.sys -- (s217obex)
DRV - [2007/11/02 06:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV - [2007/11/02 06:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007/11/02 06:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007/11/02 06:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007/05/11 10:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2007/05/11 10:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/11 10:30:04 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Mark_Bachmann_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.unhooked.ch/2008/spotguide/
IE - HKU\Mark_Bachmann_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKU\Mark_Bachmann_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 A0 EF 2D 22 0F CC 01 [binary data]
IE - HKU\Mark_Bachmann_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Mark_Bachmann_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: D:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
O1 HOSTS File: ([2012/05/31 05:33:57 | 000,000,027 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] D:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKU\Mark_Bachmann_ON_D..\Run: [OfficeSyncProcess] D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Mark_Bachmann_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} hxxp://chkr-web.ifolor.net/app_support/1/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Mark_Bachmann_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Mark_Bachmann_ON_D Winlogon: Shell - (C:\Users\Mark Bachmann\AppData\Roaming\msconfig.dat) - D:\Users\Mark Bachmann\AppData\Roaming\msconfig.dat ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/11/08 04:58:33 | 000,000,000 | ---D | C] -- D:\Users\Mark Bachmann\Documents\California 2012
[2011/05/14 07:07:28 | 000,399,736 | ---- | C] (BitTorrent, Inc.) -- D:\Program Files\uTorrent.exe
========== Files - Modified Within 30 Days ==========
[2012/11/12 00:57:58 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/11/12 00:57:54 | 000,000,047 | ---- | M] () -- D:\Users\Mark Bachmann\AppData\Roaming\msconfig.ini
[2012/11/12 00:53:55 | 1603,772,416 | -HS- | M] () -- D:\hiberfil.sys
[2012/11/12 00:12:57 | 000,001,108 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/11 14:16:43 | 000,014,640 | ---- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 14:16:42 | 000,014,640 | ---- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 10:59:11 | 000,001,112 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/09 03:08:56 | 000,002,320 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/05 07:48:50 | 000,657,676 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/11/05 07:48:50 | 000,618,912 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/11/05 07:48:50 | 000,131,016 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/11/05 07:48:50 | 000,107,232 | ---- | M] () -- D:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2012/11/10 10:29:11 | 000,000,047 | ---- | C] () -- D:\Users\Mark Bachmann\AppData\Roaming\msconfig.ini
[2012/06/04 04:13:11 | 000,000,024 | ---- | C] () -- D:\Windows\VWCMIM.INI
[2012/02/11 10:03:49 | 000,007,625 | ---- | C] () -- D:\Users\Mark Bachmann\AppData\Local\Resmon.ResmonCfg
[2012/01/12 08:55:34 | 000,003,259 | ---- | C] () -- D:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/01/11 06:00:16 | 000,053,248 | ---- | C] () -- D:\Users\Mark Bachmann\AppData\Roaming\msconfig.dat
[2011/08/01 06:09:38 | 000,003,584 | ---- | C] () -- D:\Users\Mark Bachmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/05 03:31:31 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2011/07/05 03:29:49 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2011/05/13 02:01:45 | 000,000,608 | -HS- | C] () -- D:\Windows\System32\winzvprt5.sys
[2011/05/13 02:01:45 | 000,000,222 | ---- | C] () -- D:\Windows\System32\hppfaxprinter5.ini
[2011/05/13 01:59:13 | 000,000,190 | ---- | C] () -- D:\Windows\System32\AddPort.ini
[2011/05/13 01:57:52 | 000,000,739 | ---- | C] () -- D:\Windows\hpntwksetup.ini
[2011/05/13 01:54:06 | 000,199,121 | ---- | C] () -- D:\Windows\hppins11.dat
[2011/05/13 01:54:06 | 000,005,707 | ---- | C] () -- D:\Windows\hppmdl11.dat
[2011/05/13 01:53:06 | 000,000,665 | ---- | C] () -- D:\Windows\System32\hppapr11.dat
[2011/05/10 09:28:14 | 000,000,000 | ---- | C] () -- D:\Windows\HPMProp.INI
[2011/05/10 08:48:34 | 000,140,288 | ---- | C] () -- D:\Windows\System32\igfxtvcx.dll
[2009/12/02 12:39:02 | 020,317,504 | ---- | C] () -- D:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/09/23 12:16:08 | 002,050,952 | ---- | C] () -- D:\Windows\System32\igkrng400.bin
[2009/07/14 03:47:43 | 000,657,676 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2009/07/14 03:47:43 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2009/07/14 03:47:43 | 000,131,016 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2009/07/14 03:47:43 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,481,240 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,618,912 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,232 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2007/05/11 09:12:54 | 000,057,126 | ---- | C] () -- D:\Windows\System32\lvcoinst.ini
[2001/07/06 21:00:00 | 000,003,254 | ---- | C] () -- D:\Windows\System32\HPTCPMON.INI
========== LOP Check ==========
[2011/07/27 10:15:50 | 000,000,000 | ---D | M] -- D:\ProgramData\Acoustica
[2011/05/10 08:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/05/31 08:44:17 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2011/12/11 10:29:36 | 000,000,000 | ---D | M] -- D:\ProgramData\bookfactory.ch
[2011/05/31 08:07:01 | 000,000,000 | ---D | M] -- D:\ProgramData\CREALOGIX
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/05/10 08:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/05/10 09:15:14 | 000,000,000 | ---D | M] -- D:\ProgramData\Downloaded Installations
[2011/05/10 08:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2011/05/10 08:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2011/05/11 10:09:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Swiss International Airlines
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/05/10 09:15:18 | 000,000,000 | ---D | M] -- D:\ProgramData\TrueSuite
[2011/05/10 08:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2011/05/12 15:46:32 | 000,000,000 | ---D | M] -- D:\ProgramData\WindSolutions
[2011/05/11 09:28:49 | 000,000,000 | ---D | M] -- D:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/13 23:53:46 | 000,031,876 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
 Gruss M |
|
12.11.2012, 18:08
| #4 |
| /// Malware-holic | Cybercrime Investigation Virus hi auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O20 - HKU\Mark_Bachmann_ON_D Winlogon: Shell - (C:\Users\Mark Bachmann\AppData\Roaming\msconfig.dat) - D:\Users\Mark Bachmann\AppData\Roaming\msconfig.dat
()
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.11.2012, 08:31
| #5 |
| | Cybercrime Investigation Virus Vielen Dank für die schnelle Antwort. Ich musste gestern abend nochmals aus dem Haus und habe das infiszierte Gerät ausgeschaltet. Nun bring ich es nicht mehr dazu von der CD hochzufahren.  Einmal hats mir Code:
ATTFilter File ohci 1394.sys caused an unexpected error (8192) at line 5964 in d:\xpsprtm\base\boot\setup\setup.c
Press any key to continue
Bei weiteren Versuchen startet zwar die CD und Starting Reatogo-X-PE... wird angezeigt, aber irgendwann, während des Prozesses, stellt die Kiste einfach ab.  Hast du ne Idee, wie ich den wieder ab CD booten kann; neue CD brennen oder so??? Gruss Beharrlichkeit zahlt sich aus  PC gebootet, nun warte ich auf den reboot und hoffe dann die neuen Logs posten zu können. So, Run Fix wurde ausgeführt, das automatische rebooten hat allerdings nicht so richtig geklappt. Nach einer Stunde habe ich abgeschaltet (5sec. Pwr switch) und dann konnte ich tatsächlich im abgesicherten modus mit Netzwerkreibern aufstarten. Leider hat es mir kein OTL.txt gezeigt. Allerdings habe ich nach dem Run Fix vor dem Ausschalten nochmals eine Scan gemacht mit folgendem Log: Code:
ATTFilter OTL logfile created on: 11/13/2012 10:02:22 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 74.34 Mb Free Space | 74.34% Space Free | Partition Type: NTFS
Drive D: | 111.69 Gb Total Space | 1.94 Gb Free Space | 1.73% Space Free | Partition Type: NTFS
Drive E: | 493.71 Mb Total Space | 308.16 Mb Free Space | 62.42% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/01 18:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/01 17:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/01 17:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/12 04:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/10 09:40:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/06 00:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto] -- D:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
========== Driver Services (SafeList) ==========
DRV - [2012/04/27 03:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/24 17:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 14:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/26 12:38:28 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2011/05/13 11:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot] -- D:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 11:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/05/10 01:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/17 08:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/03 09:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2007/11/02 06:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV - [2007/11/02 06:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s217obex.sys -- (s217obex)
DRV - [2007/11/02 06:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV - [2007/11/02 06:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007/11/02 06:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007/11/02 06:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007/05/11 10:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2007/05/11 10:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/11 10:30:04 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Mark_Bachmann_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.unhooked.ch/2008/spotguide/
IE - HKU\Mark_Bachmann_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKU\Mark_Bachmann_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 A0 EF 2D 22 0F CC 01 [binary data]
IE - HKU\Mark_Bachmann_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Mark_Bachmann_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: D:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
O1 HOSTS File: ([2012/05/31 05:33:57 | 000,000,027 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] D:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKU\Mark_Bachmann_ON_D..\Run: [OfficeSyncProcess] D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Mark_Bachmann_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} hxxp://chkr-web.ifolor.net/app_support/1/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Mark_Bachmann_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/11/13 09:20:37 | 002,237,440 | R--- | C] (OldTimer Tools) -- D:\OTLPE.exe
[2012/11/13 09:20:30 | 000,000,000 | ---D | C] -- D:\_OTL
[2012/11/08 04:58:33 | 000,000,000 | ---D | C] -- D:\Users\Mark Bachmann\Documents\California 2012
[2011/05/14 07:07:28 | 000,399,736 | ---- | C] (BitTorrent, Inc.) -- D:\Program Files\uTorrent.exe
========== Files - Modified Within 30 Days ==========
[2012/11/13 02:54:36 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/11/13 02:54:36 | 000,000,047 | ---- | M] () -- D:\Users\Mark Bachmann\AppData\Roaming\msconfig.ini
[2012/11/13 02:36:40 | 000,657,676 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/11/13 02:36:40 | 000,618,912 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/11/13 02:36:40 | 000,131,016 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/11/13 02:36:40 | 000,107,232 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/11/13 02:35:26 | 000,001,108 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/13 02:32:29 | 1603,772,416 | -HS- | M] () -- D:\hiberfil.sys
[2012/11/11 14:16:43 | 000,014,640 | ---- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 14:16:42 | 000,014,640 | ---- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 10:59:11 | 000,001,112 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
========== Files Created - No Company Name ==========
[2012/11/10 10:29:11 | 000,000,047 | ---- | C] () -- D:\Users\Mark Bachmann\AppData\Roaming\msconfig.ini
[2012/06/04 04:13:11 | 000,000,024 | ---- | C] () -- D:\Windows\VWCMIM.INI
[2012/02/11 10:03:49 | 000,007,625 | ---- | C] () -- D:\Users\Mark Bachmann\AppData\Local\Resmon.ResmonCfg
[2012/01/12 08:55:34 | 000,003,259 | ---- | C] () -- D:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/08/01 06:09:38 | 000,003,584 | ---- | C] () -- D:\Users\Mark Bachmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/05 03:31:31 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2011/07/05 03:29:49 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2011/05/13 02:01:45 | 000,000,608 | -HS- | C] () -- D:\Windows\System32\winzvprt5.sys
[2011/05/13 02:01:45 | 000,000,222 | ---- | C] () -- D:\Windows\System32\hppfaxprinter5.ini
[2011/05/13 01:59:13 | 000,000,190 | ---- | C] () -- D:\Windows\System32\AddPort.ini
[2011/05/13 01:57:52 | 000,000,739 | ---- | C] () -- D:\Windows\hpntwksetup.ini
[2011/05/13 01:54:06 | 000,199,121 | ---- | C] () -- D:\Windows\hppins11.dat
[2011/05/13 01:54:06 | 000,005,707 | ---- | C] () -- D:\Windows\hppmdl11.dat
[2011/05/13 01:53:06 | 000,000,665 | ---- | C] () -- D:\Windows\System32\hppapr11.dat
[2011/05/10 09:28:14 | 000,000,000 | ---- | C] () -- D:\Windows\HPMProp.INI
[2011/05/10 08:48:34 | 000,140,288 | ---- | C] () -- D:\Windows\System32\igfxtvcx.dll
[2009/12/02 12:39:02 | 020,317,504 | ---- | C] () -- D:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/09/23 12:16:08 | 002,050,952 | ---- | C] () -- D:\Windows\System32\igkrng400.bin
[2009/07/14 03:47:43 | 000,657,676 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2009/07/14 03:47:43 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2009/07/14 03:47:43 | 000,131,016 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2009/07/14 03:47:43 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,481,240 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,618,912 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,232 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2007/05/11 09:12:54 | 000,057,126 | ---- | C] () -- D:\Windows\System32\lvcoinst.ini
[2001/07/06 21:00:00 | 000,003,254 | ---- | C] () -- D:\Windows\System32\HPTCPMON.INI
========== LOP Check ==========
[2011/07/27 10:15:50 | 000,000,000 | ---D | M] -- D:\ProgramData\Acoustica
[2011/05/10 08:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/05/31 08:44:17 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2011/12/11 10:29:36 | 000,000,000 | ---D | M] -- D:\ProgramData\bookfactory.ch
[2011/05/31 08:07:01 | 000,000,000 | ---D | M] -- D:\ProgramData\CREALOGIX
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/05/10 08:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/05/10 09:15:14 | 000,000,000 | ---D | M] -- D:\ProgramData\Downloaded Installations
[2011/05/10 08:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2011/05/10 08:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2011/05/11 10:09:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Swiss International Airlines
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/05/10 09:15:18 | 000,000,000 | ---D | M] -- D:\ProgramData\TrueSuite
[2011/05/10 08:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2011/05/12 15:46:32 | 000,000,000 | ---D | M] -- D:\ProgramData\WindSolutions
[2011/05/11 09:28:49 | 000,000,000 | ---D | M] -- D:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/13 23:53:46 | 000,032,380 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
LG M Hallo Ich habe in der Zwischenzeit Malwarebytes Anti-Maleware installiert, einen Scan gemacht und folgendes Log erhalten: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.13.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Mark Bachmann :: MARKBACHMANN-PC [Administrator] 13.11.2012 16:49:15 mbam-log-2012-11-13 (16-49-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 202383 Laufzeit: 10 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent) -> Daten: explorer.exe,C:\Users\Mark Bachmann\AppData\Roaming\msconfig.dat -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Mark Bachmann\0.8200605970315423.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Die Datei 'C:\Users\Mark Bachmann\0.8200605970315423.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.KD.785039' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53042ee0.qua' verschoben!
 Besten Dank im voraus |
|
13.11.2012, 22:19
| #6 |
| /// Malware-holic | Cybercrime Investigation Virus hab ich irgendwas von nem avira scan geschrieben? mach ausschließlich das, was hier steht. starte mal in den normalen modus, sollte wieder gehen. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Cybercrime Investigation Virus |
|
14.11.2012, 07:22
| #7 |
| | Cybercrime Investigation Virus Sorry wegen AVIRA  Hier das TDSS Killer Log: Code:
ATTFilter 07:16:04.0706 3344 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:16:04.0955 3344 ============================================================
07:16:04.0955 3344 Current date / time: 2012/11/14 07:16:04.0955
07:16:04.0955 3344 SystemInfo:
07:16:04.0955 3344
07:16:04.0955 3344 OS Version: 6.1.7601 ServicePack: 1.0
07:16:04.0955 3344 Product type: Workstation
07:16:04.0955 3344 ComputerName: MARKBACHMANN-PC
07:16:04.0955 3344 UserName: Mark Bachmann
07:16:04.0955 3344 Windows directory: C:\Windows
07:16:04.0955 3344 System windows directory: C:\Windows
07:16:04.0955 3344 Processor architecture: Intel x86
07:16:04.0955 3344 Number of processors: 2
07:16:04.0955 3344 Page size: 0x1000
07:16:04.0955 3344 Boot type: Normal boot
07:16:04.0955 3344 ============================================================
07:16:06.0297 3344 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:16:06.0297 3344 ============================================================
07:16:06.0297 3344 \Device\Harddisk0\DR0:
07:16:06.0297 3344 MBR partitions:
07:16:06.0297 3344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:16:06.0297 3344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
07:16:06.0297 3344 ============================================================
07:16:06.0312 3344 C: <-> \Device\Harddisk0\DR0\Partition2
07:16:06.0312 3344 ============================================================
07:16:06.0312 3344 Initialize success
07:16:06.0312 3344 ============================================================
07:18:10.0489 0352 ============================================================
07:18:10.0489 0352 Scan started
07:18:10.0489 0352 Mode: Manual; SigCheck; TDLFS;
07:18:10.0489 0352 ============================================================
07:18:10.0707 0352 ================ Scan system memory ========================
07:18:10.0707 0352 System memory - ok
07:18:10.0707 0352 ================ Scan services =============================
07:18:10.0941 0352 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:18:11.0019 0352 1394ohci - ok
07:18:11.0050 0352 [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
07:18:11.0066 0352 Accelerometer - ok
07:18:11.0144 0352 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:18:11.0191 0352 ACPI - ok
07:18:11.0206 0352 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:18:11.0222 0352 AcpiPmi - ok
07:18:11.0316 0352 [ FB9ECE3F7B8A03E474E611031AD4CD23 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
07:18:11.0362 0352 ADIHdAudAddService - ok
07:18:11.0409 0352 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:18:11.0425 0352 adp94xx - ok
07:18:11.0472 0352 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:18:11.0487 0352 adpahci - ok
07:18:11.0503 0352 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:18:11.0518 0352 adpu320 - ok
07:18:11.0534 0352 [ 12D23758621B00B8D3134095EC3325FD ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
07:18:11.0550 0352 AEADIFilters - ok
07:18:11.0581 0352 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:18:11.0596 0352 AeLookupSvc - ok
07:18:11.0690 0352 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
07:18:11.0721 0352 AFD - ok
07:18:11.0799 0352 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
07:18:11.0846 0352 AgereSoftModem - ok
07:18:11.0908 0352 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
07:18:11.0940 0352 agp440 - ok
07:18:11.0971 0352 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
07:18:11.0986 0352 aic78xx - ok
07:18:12.0049 0352 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
07:18:12.0080 0352 ALG - ok
07:18:12.0142 0352 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
07:18:12.0174 0352 aliide - ok
07:18:12.0236 0352 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
07:18:12.0267 0352 amdagp - ok
07:18:12.0283 0352 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
07:18:12.0298 0352 amdide - ok
07:18:12.0361 0352 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:18:12.0376 0352 AmdK8 - ok
07:18:12.0376 0352 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:18:12.0392 0352 AmdPPM - ok
07:18:12.0454 0352 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:18:12.0486 0352 amdsata - ok
07:18:12.0501 0352 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:18:12.0517 0352 amdsbs - ok
07:18:12.0532 0352 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:18:12.0548 0352 amdxata - ok
07:18:12.0642 0352 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
07:18:12.0673 0352 AntiVirSchedulerService - ok
07:18:12.0735 0352 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
07:18:12.0751 0352 AntiVirService - ok
07:18:12.0766 0352 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
07:18:12.0798 0352 AntiVirWebService - ok
07:18:12.0876 0352 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
07:18:12.0922 0352 AppID - ok
07:18:12.0969 0352 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:18:13.0000 0352 AppIDSvc - ok
07:18:13.0047 0352 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
07:18:13.0125 0352 Appinfo - ok
07:18:13.0203 0352 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:18:13.0219 0352 Apple Mobile Device - ok
07:18:13.0266 0352 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
07:18:13.0312 0352 AppMgmt - ok
07:18:13.0328 0352 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
07:18:13.0344 0352 arc - ok
07:18:13.0359 0352 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:18:13.0375 0352 arcsas - ok
07:18:13.0390 0352 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:18:13.0422 0352 AsyncMac - ok
07:18:13.0484 0352 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
07:18:13.0515 0352 atapi - ok
07:18:13.0562 0352 [ BEFE54E9BC648A3C79C917A63B6EE7DA ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
07:18:13.0593 0352 ATSwpWDF - ok
07:18:13.0671 0352 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:18:13.0718 0352 AudioEndpointBuilder - ok
07:18:13.0734 0352 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
07:18:13.0765 0352 Audiosrv - ok
07:18:13.0812 0352 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
07:18:13.0827 0352 avgntflt - ok
07:18:13.0890 0352 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
07:18:13.0905 0352 avipbb - ok
07:18:13.0936 0352 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
07:18:13.0952 0352 avkmgr - ok
07:18:14.0014 0352 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:18:14.0061 0352 AxInstSV - ok
07:18:14.0108 0352 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
07:18:14.0124 0352 b06bdrv - ok
07:18:14.0155 0352 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
07:18:14.0186 0352 b57nd60x - ok
07:18:14.0217 0352 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
07:18:14.0233 0352 BDESVC - ok
07:18:14.0264 0352 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
07:18:14.0295 0352 Beep - ok
07:18:14.0373 0352 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
07:18:14.0420 0352 BFE - ok
07:18:14.0498 0352 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
07:18:14.0545 0352 BITS - ok
07:18:14.0560 0352 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:18:14.0576 0352 blbdrive - ok
07:18:14.0638 0352 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:18:14.0670 0352 Bonjour Service - ok
07:18:14.0701 0352 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:18:14.0716 0352 bowser - ok
07:18:14.0748 0352 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:18:14.0763 0352 BrFiltLo - ok
07:18:14.0763 0352 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:18:14.0779 0352 BrFiltUp - ok
07:18:14.0857 0352 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
07:18:14.0904 0352 BridgeMP - ok
07:18:14.0950 0352 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
07:18:14.0997 0352 Browser - ok
07:18:14.0997 0352 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:18:15.0013 0352 Brserid - ok
07:18:15.0044 0352 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:18:15.0060 0352 BrSerWdm - ok
07:18:15.0060 0352 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:18:15.0091 0352 BrUsbMdm - ok
07:18:15.0106 0352 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:18:15.0122 0352 BrUsbSer - ok
07:18:15.0200 0352 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
07:18:15.0231 0352 BthEnum - ok
07:18:15.0247 0352 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:18:15.0262 0352 BTHMODEM - ok
07:18:15.0294 0352 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
07:18:15.0309 0352 BthPan - ok
07:18:15.0372 0352 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
07:18:15.0418 0352 BTHPORT - ok
07:18:15.0481 0352 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
07:18:15.0528 0352 bthserv - ok
07:18:15.0637 0352 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
07:18:15.0668 0352 BTHUSB - ok
07:18:15.0793 0352 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:18:15.0840 0352 cdfs - ok
07:18:16.0027 0352 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
07:18:16.0074 0352 cdrom - ok
07:18:16.0120 0352 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
07:18:16.0152 0352 CertPropSvc - ok
07:18:16.0183 0352 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:18:16.0198 0352 circlass - ok
07:18:16.0245 0352 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
07:18:16.0261 0352 CLFS - ok
07:18:16.0339 0352 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:18:16.0370 0352 clr_optimization_v2.0.50727_32 - ok
07:18:16.0464 0352 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:18:16.0495 0352 clr_optimization_v4.0.30319_32 - ok
07:18:16.0526 0352 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:18:16.0542 0352 CmBatt - ok
07:18:16.0588 0352 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:18:16.0620 0352 cmdide - ok
07:18:16.0682 0352 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
07:18:16.0729 0352 CNG - ok
07:18:16.0744 0352 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:18:16.0760 0352 Compbatt - ok
07:18:16.0838 0352 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:18:16.0885 0352 CompositeBus - ok
07:18:16.0885 0352 COMSysApp - ok
07:18:16.0916 0352 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:18:16.0932 0352 crcdisk - ok
07:18:17.0010 0352 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:18:17.0041 0352 CryptSvc - ok
07:18:17.0103 0352 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
07:18:17.0150 0352 CSC - ok
07:18:17.0212 0352 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
07:18:17.0244 0352 CscService - ok
07:18:17.0290 0352 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
07:18:17.0322 0352 DcomLaunch - ok
07:18:17.0337 0352 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
07:18:17.0368 0352 defragsvc - ok
07:18:17.0415 0352 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:18:17.0462 0352 DfsC - ok
07:18:17.0540 0352 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
07:18:17.0602 0352 Dhcp - ok
07:18:17.0649 0352 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
07:18:17.0680 0352 discache - ok
07:18:17.0758 0352 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:18:17.0790 0352 Disk - ok
07:18:17.0821 0352 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:18:17.0836 0352 Dnscache - ok
07:18:17.0883 0352 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
07:18:17.0914 0352 dot3svc - ok
07:18:17.0977 0352 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
07:18:18.0008 0352 DPS - ok
07:18:18.0024 0352 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:18:18.0039 0352 drmkaud - ok
07:18:18.0086 0352 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:18:18.0117 0352 DXGKrnl - ok
07:18:18.0164 0352 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
07:18:18.0195 0352 EapHost - ok
07:18:18.0414 0352 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
07:18:18.0460 0352 ebdrv - ok
07:18:18.0538 0352 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
07:18:18.0570 0352 EFS - ok
07:18:18.0663 0352 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:18:18.0694 0352 ehRecvr - ok
07:18:18.0726 0352 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
07:18:18.0741 0352 ehSched - ok
07:18:18.0804 0352 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:18:18.0835 0352 elxstor - ok
07:18:18.0850 0352 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:18:18.0866 0352 ErrDev - ok
07:18:18.0913 0352 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
07:18:18.0944 0352 EventSystem - ok
07:18:18.0975 0352 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
07:18:19.0006 0352 exfat - ok
07:18:19.0022 0352 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:18:19.0053 0352 fastfat - ok
07:18:19.0147 0352 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
07:18:19.0194 0352 Fax - ok
07:18:19.0209 0352 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:18:19.0225 0352 fdc - ok
07:18:19.0272 0352 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
07:18:19.0287 0352 fdPHost - ok
07:18:19.0303 0352 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
07:18:19.0334 0352 FDResPub - ok
07:18:19.0365 0352 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:18:19.0365 0352 FileInfo - ok
07:18:19.0381 0352 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:18:19.0412 0352 Filetrace - ok
07:18:19.0428 0352 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:18:19.0443 0352 flpydisk - ok
07:18:19.0459 0352 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:18:19.0474 0352 FltMgr - ok
07:18:19.0521 0352 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
07:18:19.0537 0352 FontCache - ok
07:18:19.0615 0352 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:18:19.0646 0352 FontCache3.0.0.0 - ok
07:18:19.0677 0352 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:18:19.0708 0352 FsDepends - ok
07:18:19.0755 0352 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:18:19.0771 0352 Fs_Rec - ok
07:18:19.0833 0352 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:18:19.0849 0352 fvevol - ok
07:18:19.0896 0352 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:18:19.0911 0352 gagp30kx - ok
07:18:19.0958 0352 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:18:19.0974 0352 GEARAspiWDM - ok
07:18:20.0036 0352 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
07:18:20.0083 0352 gpsvc - ok
07:18:20.0176 0352 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:18:20.0208 0352 gupdate - ok
07:18:20.0208 0352 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:18:20.0223 0352 gupdatem - ok
07:18:20.0286 0352 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:18:20.0301 0352 gusvc - ok
07:18:20.0332 0352 [ E19BC597A0B13BBE6A7E3612F6F8D8A6 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
07:18:20.0348 0352 HBtnKey - ok
07:18:20.0379 0352 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:18:20.0395 0352 hcw85cir - ok
07:18:20.0473 0352 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:18:20.0520 0352 HdAudAddService - ok
07:18:20.0598 0352 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:18:20.0629 0352 HDAudBus - ok
07:18:20.0629 0352 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:18:20.0644 0352 HidBatt - ok
07:18:20.0660 0352 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:18:20.0676 0352 HidBth - ok
07:18:20.0707 0352 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:18:20.0722 0352 HidIr - ok
07:18:20.0738 0352 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
07:18:20.0769 0352 hidserv - ok
07:18:20.0847 0352 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
07:18:20.0878 0352 HidUsb - ok
07:18:20.0941 0352 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:18:20.0988 0352 hkmsvc - ok
07:18:21.0050 0352 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:18:21.0081 0352 HomeGroupListener - ok
07:18:21.0128 0352 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:18:21.0144 0352 HomeGroupProvider - ok
07:18:21.0206 0352 [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
07:18:21.0206 0352 hpdskflt - ok
07:18:21.0315 0352 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
07:18:21.0331 0352 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
07:18:21.0331 0352 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
07:18:21.0346 0352 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
07:18:21.0346 0352 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
07:18:21.0346 0352 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
07:18:21.0409 0352 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:18:21.0456 0352 HpSAMD - ok
07:18:21.0471 0352 [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv C:\Windows\system32\Hpservice.exe
07:18:21.0487 0352 hpsrv - ok
07:18:21.0565 0352 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:18:21.0612 0352 HTTP - ok
07:18:21.0658 0352 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:18:21.0690 0352 hwpolicy - ok
07:18:21.0752 0352 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:18:21.0783 0352 i8042prt - ok
07:18:21.0861 0352 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:18:21.0892 0352 iaStorV - ok
07:18:22.0017 0352 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:18:22.0048 0352 idsvc - ok
07:18:22.0298 0352 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
07:18:22.0376 0352 igfx - ok
07:18:22.0485 0352 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:18:22.0516 0352 iirsp - ok
07:18:22.0610 0352 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
07:18:22.0657 0352 IKEEXT - ok
07:18:22.0719 0352 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
07:18:22.0735 0352 intelide - ok
07:18:22.0782 0352 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:18:22.0797 0352 intelppm - ok
07:18:22.0813 0352 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:18:22.0844 0352 IPBusEnum - ok
07:18:22.0860 0352 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:18:22.0891 0352 IpFilterDriver - ok
07:18:22.0969 0352 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:18:23.0016 0352 iphlpsvc - ok
07:18:23.0062 0352 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:18:23.0094 0352 IPMIDRV - ok
07:18:23.0109 0352 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:18:23.0140 0352 IPNAT - ok
07:18:23.0218 0352 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:18:23.0250 0352 iPod Service - ok
07:18:23.0281 0352 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:18:23.0296 0352 IRENUM - ok
07:18:23.0359 0352 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:18:23.0390 0352 isapnp - ok
07:18:23.0452 0352 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:18:23.0484 0352 iScsiPrt - ok
07:18:23.0515 0352 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
07:18:23.0530 0352 kbdclass - ok
07:18:23.0562 0352 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
07:18:23.0577 0352 kbdhid - ok
07:18:23.0608 0352 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
07:18:23.0624 0352 KeyIso - ok
07:18:23.0671 0352 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:18:23.0702 0352 KSecDD - ok
07:18:23.0764 0352 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:18:23.0780 0352 KSecPkg - ok
07:18:23.0827 0352 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
07:18:23.0858 0352 KtmRm - ok
07:18:23.0889 0352 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
07:18:23.0920 0352 LanmanServer - ok
07:18:23.0952 0352 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:18:23.0983 0352 LanmanWorkstation - ok
07:18:24.0030 0352 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:18:24.0061 0352 lltdio - ok
07:18:24.0092 0352 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:18:24.0123 0352 lltdsvc - ok
07:18:24.0154 0352 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
07:18:24.0186 0352 lmhosts - ok
07:18:24.0217 0352 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:18:24.0232 0352 LSI_FC - ok
07:18:24.0232 0352 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:18:24.0248 0352 LSI_SAS - ok
07:18:24.0264 0352 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:18:24.0279 0352 LSI_SAS2 - ok
07:18:24.0295 0352 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:18:24.0310 0352 LSI_SCSI - ok
07:18:24.0342 0352 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
07:18:24.0373 0352 luafv - ok
07:18:24.0513 0352 [ B0456B8A332135C1216FF2374B584161 ] lvpopflt C:\Windows\system32\DRIVERS\lvpopflt.sys
07:18:24.0560 0352 lvpopflt - ok
07:18:24.0638 0352 [ F7E15F2FE7790733DF86E95A76556389 ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
07:18:24.0654 0352 LVUSBSta - ok
07:18:24.0841 0352 [ 92D03DC19EAE9D0A86735705E374FDAD ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
07:18:24.0919 0352 LVUVC - ok
07:18:24.0981 0352 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
07:18:25.0012 0352 MBAMProtector - ok
07:18:25.0122 0352 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:18:25.0168 0352 MBAMScheduler - ok
07:18:25.0215 0352 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:18:25.0246 0352 MBAMService - ok
07:18:25.0293 0352 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:18:25.0340 0352 Mcx2Svc - ok
07:18:25.0356 0352 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:18:25.0371 0352 megasas - ok
07:18:25.0402 0352 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:18:25.0418 0352 MegaSR - ok
07:18:25.0480 0352 Microsoft SharePoint Workspace Audit Service - ok
07:18:25.0496 0352 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
07:18:25.0527 0352 MMCSS - ok
07:18:25.0543 0352 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
07:18:25.0558 0352 Modem - ok
07:18:25.0590 0352 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:18:25.0605 0352 monitor - ok
07:18:25.0668 0352 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
07:18:25.0699 0352 mouclass - ok
07:18:25.0730 0352 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:18:25.0746 0352 mouhid - ok
07:18:25.0808 0352 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:18:25.0824 0352 mountmgr - ok
07:18:25.0870 0352 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
07:18:25.0886 0352 mpio - ok
07:18:25.0902 0352 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:18:25.0917 0352 mpsdrv - ok
07:18:25.0995 0352 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:18:26.0058 0352 MpsSvc - ok
07:18:26.0104 0352 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:18:26.0151 0352 MRxDAV - ok
07:18:26.0214 0352 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:18:26.0245 0352 mrxsmb - ok
07:18:26.0292 0352 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:18:26.0323 0352 mrxsmb10 - ok
07:18:26.0354 0352 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:18:26.0370 0352 mrxsmb20 - ok
07:18:26.0432 0352 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
07:18:26.0463 0352 msahci - ok
07:18:26.0510 0352 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:18:26.0541 0352 msdsm - ok
07:18:26.0588 0352 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
07:18:26.0604 0352 MSDTC - ok
07:18:26.0682 0352 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:18:26.0713 0352 Msfs - ok
07:18:26.0728 0352 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:18:26.0760 0352 mshidkmdf - ok
07:18:26.0775 0352 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:18:26.0791 0352 msisadrv - ok
07:18:26.0853 0352 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:18:26.0884 0352 MSiSCSI - ok
07:18:26.0884 0352 msiserver - ok
07:18:26.0931 0352 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:18:26.0962 0352 MSKSSRV - ok
07:18:26.0978 0352 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:18:27.0009 0352 MSPCLOCK - ok
07:18:27.0009 0352 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:18:27.0040 0352 MSPQM - ok
07:18:27.0072 0352 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:18:27.0087 0352 MsRPC - ok
07:18:27.0134 0352 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:18:27.0150 0352 mssmbios - ok
07:18:27.0181 0352 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:18:27.0212 0352 MSTEE - ok
07:18:27.0212 0352 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:18:27.0228 0352 MTConfig - ok
07:18:27.0259 0352 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
07:18:27.0274 0352 Mup - ok
07:18:27.0337 0352 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
07:18:27.0368 0352 napagent - ok
07:18:27.0415 0352 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:18:27.0430 0352 NativeWifiP - ok
07:18:27.0524 0352 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:18:27.0555 0352 NDIS - ok
07:18:27.0586 0352 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:18:27.0618 0352 NdisCap - ok
07:18:27.0649 0352 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:18:27.0680 0352 NdisTapi - ok
07:18:27.0727 0352 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:18:27.0774 0352 Ndisuio - ok
07:18:27.0836 0352 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:18:27.0883 0352 NdisWan - ok
07:18:27.0914 0352 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:18:27.0961 0352 NDProxy - ok
07:18:28.0008 0352 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
07:18:28.0008 0352 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:18:28.0008 0352 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:18:28.0054 0352 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
07:18:28.0086 0352 Netaapl - ok
07:18:28.0132 0352 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:18:28.0179 0352 NetBIOS - ok
07:18:28.0226 0352 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:18:28.0288 0352 NetBT - ok
07:18:28.0304 0352 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
07:18:28.0320 0352 Netlogon - ok
07:18:28.0366 0352 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
07:18:28.0398 0352 Netman - ok
07:18:28.0413 0352 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
07:18:28.0460 0352 netprofm - ok
07:18:28.0507 0352 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:18:28.0522 0352 NetTcpPortSharing - ok
07:18:28.0710 0352 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
07:18:28.0788 0352 netw5v32 - ok
07:18:28.0834 0352 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:18:28.0850 0352 nfrd960 - ok
07:18:28.0897 0352 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:18:28.0959 0352 NlaSvc - ok
07:18:28.0975 0352 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:18:29.0006 0352 Npfs - ok
07:18:29.0022 0352 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
07:18:29.0053 0352 nsi - ok
07:18:29.0068 0352 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:18:29.0100 0352 nsiproxy - ok
07:18:29.0224 0352 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:18:29.0271 0352 Ntfs - ok
07:18:29.0287 0352 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
07:18:29.0318 0352 Null - ok
07:18:29.0349 0352 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:18:29.0365 0352 nvraid - ok
07:18:29.0427 0352 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:18:29.0458 0352 nvstor - ok
07:18:29.0505 0352 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:18:29.0521 0352 nv_agp - ok
07:18:29.0583 0352 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:18:29.0599 0352 ohci1394 - ok
07:18:29.0661 0352 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:18:29.0677 0352 ose - ok
07:18:29.0911 0352 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:18:30.0020 0352 osppsvc - ok
07:18:30.0051 0352 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:18:30.0082 0352 p2pimsvc - ok
07:18:30.0098 0352 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
07:18:30.0114 0352 p2psvc - ok
07:18:30.0160 0352 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:18:30.0176 0352 Parport - ok
07:18:30.0223 0352 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:18:30.0238 0352 partmgr - ok
07:18:30.0254 0352 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
07:18:30.0270 0352 Parvdm - ok
07:18:30.0285 0352 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:18:30.0301 0352 PcaSvc - ok
07:18:30.0363 0352 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
07:18:30.0394 0352 pci - ok
07:18:30.0410 0352 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
07:18:30.0426 0352 pciide - ok
07:18:30.0441 0352 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:18:30.0457 0352 pcmcia - ok
07:18:30.0472 0352 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
07:18:30.0488 0352 pcw - ok
07:18:30.0535 0352 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:18:30.0582 0352 PEAUTH - ok
07:18:30.0644 0352 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
07:18:30.0691 0352 PeerDistSvc - ok
07:18:30.0831 0352 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
07:18:30.0894 0352 pla - ok
07:18:30.0956 0352 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:18:30.0972 0352 PlugPlay - ok
07:18:30.0987 0352 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
07:18:30.0987 0352 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:18:30.0987 0352 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:18:31.0018 0352 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:18:31.0034 0352 PNRPAutoReg - ok
07:18:31.0050 0352 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:18:31.0081 0352 PNRPsvc - ok
07:18:31.0143 0352 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:18:31.0190 0352 PolicyAgent - ok
07:18:31.0237 0352 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
07:18:31.0268 0352 Power - ok
07:18:31.0315 0352 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:18:31.0362 0352 PptpMiniport - ok
07:18:31.0377 0352 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:18:31.0393 0352 Processor - ok
07:18:31.0455 0352 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
07:18:31.0502 0352 ProfSvc - ok
07:18:31.0518 0352 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:18:31.0533 0352 ProtectedStorage - ok
07:18:31.0564 0352 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:18:31.0596 0352 Psched - ok
07:18:31.0674 0352 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:18:31.0705 0352 ql2300 - ok
07:18:31.0736 0352 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:18:31.0752 0352 ql40xx - ok
07:18:31.0798 0352 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
07:18:31.0830 0352 QWAVE - ok
07:18:31.0861 0352 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:18:31.0876 0352 QWAVEdrv - ok
07:18:31.0876 0352 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:18:31.0908 0352 RasAcd - ok
07:18:31.0954 0352 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:18:31.0986 0352 RasAgileVpn - ok
07:18:32.0001 0352 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
07:18:32.0032 0352 RasAuto - ok
07:18:32.0048 0352 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:18:32.0079 0352 Rasl2tp - ok
07:18:32.0142 0352 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
07:18:32.0204 0352 RasMan - ok
07:18:32.0220 0352 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:18:32.0251 0352 RasPppoe - ok
07:18:32.0266 0352 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:18:32.0298 0352 RasSstp - ok
07:18:32.0360 0352 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:18:32.0407 0352 rdbss - ok
07:18:32.0422 0352 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:18:32.0454 0352 rdpbus - ok
07:18:32.0500 0352 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:18:32.0532 0352 RDPCDD - ok
07:18:32.0578 0352 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
07:18:32.0625 0352 RDPDR - ok
07:18:32.0641 0352 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:18:32.0672 0352 RDPENCDD - ok
07:18:32.0688 0352 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:18:32.0719 0352 RDPREFMP - ok
07:18:32.0766 0352 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:18:32.0812 0352 RDPWD - ok
07:18:32.0875 0352 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:18:32.0906 0352 rdyboost - ok
07:18:32.0937 0352 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
07:18:32.0968 0352 RemoteAccess - ok
07:18:33.0000 0352 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:18:33.0031 0352 RemoteRegistry - ok
07:18:33.0078 0352 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
07:18:33.0093 0352 RFCOMM - ok
07:18:33.0093 0352 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:18:33.0140 0352 RpcEptMapper - ok
07:18:33.0140 0352 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
07:18:33.0171 0352 RpcLocator - ok
07:18:33.0187 0352 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
07:18:33.0218 0352 RpcSs - ok
07:18:33.0265 0352 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:18:33.0312 0352 rspndr - ok
07:18:33.0343 0352 [ 0266151DE3F36429F6AC3C4B28085061 ] s217bus C:\Windows\system32\DRIVERS\s217bus.sys
07:18:33.0358 0352 s217bus - ok
07:18:33.0374 0352 [ A43C0AF0E46BE7EF0C7E8CCF0F058600 ] s217mdfl C:\Windows\system32\DRIVERS\s217mdfl.sys
07:18:33.0390 0352 s217mdfl - ok
07:18:33.0405 0352 [ 005F5DED1ED8F8A9D2399D765EAD20F1 ] s217mdm C:\Windows\system32\DRIVERS\s217mdm.sys
07:18:33.0421 0352 s217mdm - ok
07:18:33.0452 0352 [ 11CC5D7F992799E7E75D018E9C018563 ] s217nd5 C:\Windows\system32\DRIVERS\s217nd5.sys
07:18:33.0468 0352 s217nd5 - ok
07:18:33.0499 0352 [ 0F9F4045799AFB66B85EEF999D0609EC ] s217obex C:\Windows\system32\DRIVERS\s217obex.sys
07:18:33.0530 0352 s217obex - ok
07:18:33.0546 0352 [ 1C91E1023F07B6407D84B5A43537D984 ] s217unic C:\Windows\system32\DRIVERS\s217unic.sys
07:18:33.0561 0352 s217unic - ok
07:18:33.0608 0352 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
07:18:33.0639 0352 s3cap - ok
07:18:33.0670 0352 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
07:18:33.0686 0352 SamSs - ok
07:18:33.0717 0352 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:18:33.0733 0352 sbp2port - ok
07:18:33.0764 0352 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:18:33.0795 0352 SCardSvr - ok
07:18:33.0811 0352 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:18:33.0842 0352 scfilter - ok
07:18:33.0936 0352 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
07:18:33.0982 0352 Schedule - ok
07:18:33.0998 0352 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
07:18:34.0029 0352 SCPolicySvc - ok
07:18:34.0076 0352 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:18:34.0123 0352 SDRSVC - ok
07:18:34.0154 0352 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:18:34.0185 0352 secdrv - ok
07:18:34.0216 0352 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
07:18:34.0279 0352 seclogon - ok
07:18:34.0279 0352 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
07:18:34.0310 0352 SENS - ok
07:18:34.0357 0352 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:18:34.0372 0352 SensrSvc - ok
07:18:34.0388 0352 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:18:34.0404 0352 Serenum - ok
07:18:34.0419 0352 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:18:34.0435 0352 Serial - ok
07:18:34.0466 0352 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:18:34.0482 0352 sermouse - ok
07:18:34.0544 0352 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
07:18:34.0606 0352 SessionEnv - ok
07:18:34.0638 0352 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:18:34.0653 0352 sffdisk - ok
07:18:34.0669 0352 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:18:34.0684 0352 sffp_mmc - ok
07:18:34.0684 0352 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:18:34.0700 0352 sffp_sd - ok
07:18:34.0747 0352 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:18:34.0762 0352 sfloppy - ok
07:18:34.0794 0352 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:18:34.0840 0352 SharedAccess - ok
07:18:34.0903 0352 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:18:34.0950 0352 ShellHWDetection - ok
07:18:34.0965 0352 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
07:18:34.0981 0352 sisagp - ok
07:18:35.0012 0352 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:18:35.0028 0352 SiSRaid2 - ok
07:18:35.0043 0352 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:18:35.0059 0352 SiSRaid4 - ok
07:18:35.0137 0352 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:18:35.0168 0352 SkypeUpdate - ok
07:18:35.0215 0352 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:18:35.0262 0352 Smb - ok
07:18:35.0293 0352 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:18:35.0308 0352 SNMPTRAP - ok
07:18:35.0355 0352 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
07:18:35.0371 0352 spldr - ok
07:18:35.0418 0352 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
07:18:35.0449 0352 Spooler - ok
07:18:35.0605 0352 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
07:18:35.0683 0352 sppsvc - ok
07:18:35.0730 0352 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:18:35.0761 0352 sppuinotify - ok
07:18:35.0823 0352 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:18:35.0839 0352 srv - ok
07:18:35.0870 0352 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:18:35.0886 0352 srv2 - ok
07:18:35.0901 0352 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:18:35.0917 0352 srvnet - ok
07:18:35.0948 0352 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:18:35.0979 0352 SSDPSRV - ok
07:18:36.0026 0352 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
07:18:36.0042 0352 ssmdrv - ok
07:18:36.0042 0352 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:18:36.0073 0352 SstpSvc - ok
07:18:36.0120 0352 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:18:36.0135 0352 stexstor - ok
07:18:36.0166 0352 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
07:18:36.0182 0352 StillCam - ok
07:18:36.0244 0352 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
07:18:36.0276 0352 StiSvc - ok
07:18:36.0322 0352 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
07:18:36.0354 0352 storflt - ok
07:18:36.0385 0352 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
07:18:36.0400 0352 StorSvc - ok
07:18:36.0432 0352 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
07:18:36.0463 0352 storvsc - ok
07:18:36.0525 0352 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
07:18:36.0556 0352 swenum - ok
07:18:36.0603 0352 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
07:18:36.0634 0352 swprv - ok
07:18:36.0744 0352 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
07:18:36.0790 0352 SysMain - ok
07:18:36.0853 0352 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:18:36.0900 0352 TabletInputService - ok
07:18:36.0962 0352 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
07:18:36.0993 0352 TapiSrv - ok
07:18:37.0040 0352 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
07:18:37.0087 0352 TBS - ok
07:18:37.0196 0352 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:18:37.0243 0352 Tcpip - ok
07:18:37.0274 0352 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:18:37.0321 0352 TCPIP6 - ok
07:18:37.0368 0352 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:18:37.0414 0352 tcpipreg - ok
07:18:37.0461 0352 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:18:37.0492 0352 TDPIPE - ok
07:18:37.0555 0352 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:18:37.0570 0352 TDTCP - ok
07:18:37.0617 0352 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:18:37.0680 0352 tdx - ok
07:18:37.0695 0352 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
07:18:37.0711 0352 TermDD - ok
07:18:37.0773 0352 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
07:18:37.0820 0352 TermService - ok
07:18:37.0851 0352 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
07:18:37.0867 0352 Themes - ok
07:18:37.0882 0352 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
07:18:37.0914 0352 THREADORDER - ok
07:18:37.0945 0352 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
07:18:37.0960 0352 TPM - ok
07:18:37.0976 0352 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
07:18:38.0007 0352 TrkWks - ok
07:18:38.0101 0352 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:18:38.0148 0352 TrustedInstaller - ok
07:18:38.0194 0352 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:18:38.0226 0352 tssecsrv - ok
07:18:38.0304 0352 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:18:38.0335 0352 TsUsbFlt - ok
07:18:38.0413 0352 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:18:38.0460 0352 tunnel - ok
07:18:38.0491 0352 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:18:38.0506 0352 uagp35 - ok
07:18:38.0569 0352 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:18:38.0616 0352 udfs - ok
07:18:38.0647 0352 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:18:38.0662 0352 UI0Detect - ok
07:18:38.0725 0352 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:18:38.0756 0352 uliagpkx - ok
07:18:38.0772 0352 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
07:18:38.0787 0352 umbus - ok
07:18:38.0818 0352 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:18:38.0834 0352 UmPass - ok
07:18:38.0881 0352 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
07:18:38.0912 0352 UmRdpService - ok
07:18:38.0943 0352 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
07:18:38.0990 0352 upnphost - ok
07:18:39.0021 0352 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
07:18:39.0037 0352 USBAAPL - ok
07:18:39.0099 0352 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
07:18:39.0130 0352 usbaudio - ok
07:18:39.0146 0352 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
07:18:39.0162 0352 usbccgp - ok
07:18:39.0208 0352 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:18:39.0240 0352 usbcir - ok
07:18:39.0255 0352 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:18:39.0271 0352 usbehci - ok
07:18:39.0302 0352 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:18:39.0333 0352 usbhub - ok
07:18:39.0333 0352 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:18:39.0349 0352 usbohci - ok
07:18:39.0380 0352 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:18:39.0411 0352 usbprint - ok
07:18:39.0458 0352 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:18:39.0474 0352 USBSTOR - ok
07:18:39.0520 0352 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
07:18:39.0536 0352 usbuhci - ok
07:18:39.0567 0352 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
07:18:39.0583 0352 UxSms - ok
07:18:39.0598 0352 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
07:18:39.0614 0352 VaultSvc - ok
07:18:39.0630 0352 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:18:39.0645 0352 vdrvroot - ok
07:18:39.0692 0352 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
07:18:39.0739 0352 vds - ok
07:18:39.0770 0352 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:18:39.0786 0352 vga - ok
07:18:39.0801 0352 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
07:18:39.0832 0352 VgaSave - ok
07:18:39.0879 0352 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:18:39.0895 0352 vhdmp - ok
07:18:39.0926 0352 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
07:18:39.0942 0352 viaagp - ok
07:18:39.0957 0352 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
07:18:39.0973 0352 ViaC7 - ok
07:18:40.0020 0352 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
07:18:40.0035 0352 viaide - ok
07:18:40.0082 0352 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
07:18:40.0113 0352 vmbus - ok
07:18:40.0129 0352 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
07:18:40.0144 0352 VMBusHID - ok
07:18:40.0160 0352 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:18:40.0176 0352 volmgr - ok
07:18:40.0207 0352 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:18:40.0222 0352 volmgrx - ok
07:18:40.0238 0352 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:18:40.0254 0352 volsnap - ok
07:18:40.0285 0352 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:18:40.0300 0352 vsmraid - ok
07:18:40.0394 0352 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
07:18:40.0441 0352 VSS - ok
07:18:40.0456 0352 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
07:18:40.0472 0352 vwifibus - ok
07:18:40.0534 0352 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
07:18:40.0566 0352 W32Time - ok
07:18:40.0597 0352 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:18:40.0612 0352 WacomPen - ok
07:18:40.0690 0352 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:18:40.0737 0352 WANARP - ok
07:18:40.0753 0352 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:18:40.0784 0352 Wanarpv6 - ok
07:18:40.0893 0352 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:18:40.0924 0352 WatAdminSvc - ok
07:18:41.0034 0352 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
07:18:41.0080 0352 wbengine - ok
07:18:41.0127 0352 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:18:41.0158 0352 WbioSrvc - ok
07:18:41.0221 0352 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:18:41.0252 0352 wcncsvc - ok
07:18:41.0283 0352 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:18:41.0299 0352 WcsPlugInService - ok
07:18:41.0330 0352 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:18:41.0346 0352 Wd - ok
07:18:41.0377 0352 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:18:41.0408 0352 Wdf01000 - ok
07:18:41.0439 0352 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:18:41.0455 0352 WdiServiceHost - ok
07:18:41.0455 0352 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:18:41.0486 0352 WdiSystemHost - ok
07:18:41.0533 0352 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
07:18:41.0564 0352 WebClient - ok
07:18:41.0580 0352 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:18:41.0611 0352 Wecsvc - ok
07:18:41.0611 0352 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:18:41.0642 0352 wercplsupport - ok
07:18:41.0674 0352 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
07:18:41.0705 0352 WerSvc - ok
07:18:41.0737 0352 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:18:41.0752 0352 WfpLwf - ok
07:18:41.0768 0352 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:18:41.0783 0352 WIMMount - ok
07:18:41.0861 0352 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
07:18:41.0908 0352 WinDefend - ok
07:18:41.0924 0352 WinHttpAutoProxySvc - ok
07:18:41.0986 0352 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:18:42.0033 0352 Winmgmt - ok
07:18:42.0158 0352 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
07:18:42.0205 0352 WinRM - ok
07:18:42.0298 0352 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:18:42.0329 0352 WinUsb - ok
07:18:42.0392 0352 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:18:42.0439 0352 Wlansvc - ok
07:18:42.0485 0352 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:18:42.0532 0352 WmiAcpi - ok
07:18:42.0563 0352 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:18:42.0579 0352 wmiApSrv - ok
07:18:42.0688 0352 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
07:18:42.0735 0352 WMPNetworkSvc - ok
07:18:42.0766 0352 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:18:42.0782 0352 WPCSvc - ok
07:18:42.0829 0352 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:18:42.0860 0352 WPDBusEnum - ok
07:18:42.0891 0352 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:18:42.0922 0352 ws2ifsl - ok
07:18:42.0938 0352 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
07:18:42.0953 0352 wscsvc - ok
07:18:42.0985 0352 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
07:18:43.0000 0352 WSDPrintDevice - ok
07:18:43.0000 0352 WSearch - ok
07:18:43.0125 0352 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
07:18:43.0172 0352 wuauserv - ok
07:18:43.0234 0352 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:18:43.0297 0352 WudfPf - ok
07:18:43.0343 0352 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:18:43.0421 0352 WUDFRd - ok
07:18:43.0453 0352 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:18:43.0484 0352 wudfsvc - ok
07:18:43.0515 0352 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
07:18:43.0562 0352 WwanSvc - ok
07:18:43.0640 0352 ================ Scan global ===============================
07:18:43.0702 0352 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
07:18:43.0749 0352 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
07:18:43.0780 0352 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
07:18:43.0811 0352 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
07:18:43.0858 0352 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
07:18:43.0858 0352 [Global] - ok
07:18:43.0858 0352 ================ Scan MBR ==================================
07:18:43.0874 0352 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:18:44.0170 0352 \Device\Harddisk0\DR0 - ok
07:18:44.0170 0352 ================ Scan VBR ==================================
07:18:44.0170 0352 [ CE491615B4C7214F08FEF38A76EC1503 ] \Device\Harddisk0\DR0\Partition1
07:18:44.0170 0352 \Device\Harddisk0\DR0\Partition1 - ok
07:18:44.0217 0352 [ CA8B0DFDED686013FFBAE896772428A1 ] \Device\Harddisk0\DR0\Partition2
07:18:44.0217 0352 \Device\Harddisk0\DR0\Partition2 - ok
07:18:44.0217 0352 ============================================================
07:18:44.0217 0352 Scan finished
07:18:44.0217 0352 ============================================================
07:18:44.0217 4368 Detected object count: 4
07:18:44.0217 4368 Actual detected object count: 4
07:19:29.0582 4368 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
07:19:29.0582 4368 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:19:29.0582 4368 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:19:29.0582 4368 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:19:29.0582 4368 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
07:19:29.0582 4368 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:19:29.0597 4368 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
07:19:29.0597 4368 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
16.11.2012, 11:48
| #8 |
| | Cybercrime Investigation Virus Hallo Ich kann mir ja vorstellen, dass ihr viel zu tun habt, wenn ich so im Forum rumschaue, trotzdem wäre ich sehr froh, wenn ich einen neuen Vorschlag erhalten würde, wie ich weiter verfahren soll.... Besten Dank |
|
16.11.2012, 12:37
| #9 | |
| /// Malware-holic | Cybercrime Investigation Virus Hi sieht schon mal gut aus. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.11.2012, 18:35
| #10 |
| | Cybercrime Investigation Virus Hi Anbei das ComboFix Log: Code:
ATTFilter ComboFix 12-11-16.02 - Mark Bachmann 17.11.2012 18:08:23.5.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.41.1031.18.2039.957 [GMT 1:00]
ausgeführt von:: c:\users\Mark Bachmann\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-17 bis 2012-11-17 ))))))))))))))))))))))))))))))
.
.
2012-11-17 17:20 . 2012-11-17 17:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-17 17:20 . 2012-11-17 17:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-13 15:48 . 2012-11-13 15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-13 15:48 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 15:44 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD759742-1DD7-4830-9FE1-6A89C41BB516}\mpengine.dll
2012-11-13 14:20 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2012-11-13 14:20 . 2012-11-13 14:20 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 18:28 . 2012-10-11 09:43 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-11 02:14 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-11 02:10 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-11 02:10 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 16:57 . 2012-10-11 09:44 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59 . 2012-09-24 12:15 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-24 12:15 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-24 12:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 12:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 12:15 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-24 12:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 09:59 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 09:59 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 09:59 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 09:59 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 05:36 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:40 . 2012-10-11 09:43 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40 . 2012-10-11 09:43 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37 . 2012-10-11 09:43 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 17:32 . 2012-10-11 09:43 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:33 . 2012-10-11 09:43 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33 . 2012-10-11 09:43 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-11 09:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-11 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-14 12:07 . 2011-05-14 12:07 399736 ----a-w- c:\program files\uTorrent.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Color LaserJet CM1312 MFP Series Fax"="c:\program files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe" [2009-09-22 2453504]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-16 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CrewLink Offline HUB.appref-ms [2012-1-12 354]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - SASDIFSV
*Deregistered* - SASKUTIL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 16:15]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 16:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.unhooked.ch/2008/spotguide/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} - hxxp://chkr-web.ifolor.net/app_support/1/ActiveX/IfolorUploader_chkr.cab
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-17 18:23:09
ComboFix-quarantined-files.txt 2012-11-17 17:23
ComboFix2.txt 2012-11-17 16:54
.
Vor Suchlauf: 2'843'172'864 Bytes frei
Nach Suchlauf: 2'665'394'176 Bytes frei
.
- - End Of File - - CA4861ECCC482A151706C81F772297D9
|
|
19.11.2012, 17:45
| #11 |
| /// Malware-holic | Cybercrime Investigation Virus hi lade den CCleaner standard: CCleaner Download - CCleaner 3.24.1850 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.11.2012, 13:48
| #12 |
| | Cybercrime Investigation Virus CCleaner .txt: Bei den notwendigen bin ich sicher, dass ich sie brauche, bei den unbekannten kenne ich mich zuwenig gut aus um genau zu wissen, was ich davon brauche und was nicht.... Code:
ATTFilter Acoustica Effects Pack Acoustica, Inc 04.06.2012 3.0 UNBEKANNT
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 19.06.2012 6.00MB 11.3.300.257 NOTWENDIG
Apple Application Support Apple Inc. 02.05.2012 60.9MB 2.1.7 UNBEKANNT
Apple Mobile Device Support Apple Inc. 02.05.2012 24.1MB 5.1.1.4 UNBEKANNT
Apple Software Update Apple Inc. 27.06.2011 2.25MB 2.1.3.127 UNBEKANNT
AuthenTec TrueSuite AuthenTec, Inc. 10.05.2011 6.54MB 2.0.0.57 UNBEKANNT
Avira Free Antivirus Avira 17.11.2012 124MB 12.1.9.1236 NOTWENDIG
Avira SearchFree Toolbar plus Web Protection Ask.com 27.05.2012 3.78MB 1.15.1.0 UNBEKANNT
Bonjour Apple Inc. 24.10.2011 1.02MB 3.0.0.10 UNBEKANNT
CCleaner Piriform 24.10.2012 3.24
CLX.PayMaker CREALOGIX 31.05.2011 155MB 1.7.32.0 NOTWENDIG
Crewlink-Offline Swiss International Airlines 31.05.2012 1.2.3103.30 NOTWENDIG
Google Chrome Google Inc. 19.06.2012 23.0.1271.64 UNBEKANNT
Google Toolbar for Internet Explorer Google Inc. 19.09.2012 7.4.3230.2052 UNBEKANNT
HP Color LaserJet CM1312 MFP Series 5.1 HP 04.06.2012 5.1 NOTWENDIG
HP Imaging Device Functions 10.0 HP 04.06.2012 10.0 NOTWENDIG
Intel(R) Graphics Media Accelerator Driver Intel Corporation 04.06.2012 54.2MB 8.15.10.1930 NOTWENDIG
Intel(R) TV Wizard Intel Corporation 04.06.2012 UNBEKANNT
iTunes Apple Inc. 02.05.2012 157MB 10.6.1.7 NOTWENDIG
Java(TM) 7 Update 5 Oracle 18.06.2012 99.3MB 7.0.50 UNBEKANNT
JavaFX 2.1.1 Oracle Corporation 18.06.2012 20.8MB 2.1.1 UNBEKANNT
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 04.06.2012 38.8MB 4.0.30319 UNBEKANNT
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 04.06.2012 2.93MB 4.0.30319 UNBEKANNT
Microsoft Office Professional Plus 2010 Microsoft Corporation 04.06.2012 14.0.6029.1000 NOTWENDIG
Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Corporation 12.01.2012 3.39MB 3.5.8080.0 UNBEKANNT
Microsoft Sync Framework 2.1 Core Components (x86) ENU Microsoft Corporation 12.01.2012 0.98MB 2.1.1648.0 UNBEKANNT
Microsoft Sync Framework 2.1 Database Providers (x86) ENU Microsoft Corporation 12.01.2012 1.04MB 3.1.1648.0 UNBEKANNT
Microsoft Sync Framework 2.1 Provider Services (x86) ENU Microsoft Corporation 12.01.2012 2.27MB 2.1.1648.0 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10.05.2011 596KB 9.0.30729.4148 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 600KB 9.0.30729.6161 UNBEKANNT
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 13.01.2012 15.0MB 10.0.40219 UNBEKANNT
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 02.06.2011 35.0KB 4.20.9870.0 UNBEKANNT
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 02.06.2011 1.33MB 4.20.9876.0 UNBEKANNT
Opera 12.02 Opera Software ASA 12.09.2012 12.02.1578 NOTWENDIG
PDF-Viewer Tracker Software Products Ltd 18.06.2012 39.0MB 2.5.201.0 NOTWENDIG
Private Tax 2010 Abraxas Informatik AG 04.06.2012 1.1.4.587 NOTWENDIG
Private Tax 2011 1.3 Information Factory AG 04.06.2012 1.3 NOTWENDIG
QuickTime Apple Inc. 09.09.2011 73.0MB 7.70.80.34 UNBEKANNT
Skype Toolbars Skype Technologies S.A. 23.07.2011 7.50MB 5.5.7896 UNBEKANNT
Skype™ 5.10 Skype Technologies S.A. 02.09.2012 19.4MB 5.10.116 NOTWENDIG
SoundMAX Analog Devices 07.08.2011 6.10.1.5240 UNBEKANNT
TuneAid 3.76 DigiDNA 16.05.2011 10.1MB 3.76 UNBEKANNT
WinRAR 4.11 (32-Bit) win.rar GmbH 04.06.2012 4.11.0 UNBEKANNT
µTorrent 04.06.2012 2.2.1 UNBEKANNT
|
|
20.11.2012, 20:25
| #13 |
| /// Malware-holic | Cybercrime Investigation Virus Deinstaliere: Avira SearchFree Google : alle Java: alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Skype Toolbars µTorrent öffne ccleaner, analysieren starten. PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.11.2012, 18:32
| #14 |
| | Cybercrime Investigation Virus Die angegebenen Programme sind gelöscht, Java neu installiert, CCleaner hat analysiert. CCleaner meldet Code:
ATTFilter ANALYSE komplett - (416.345 Sek)
----------------------------------------------------------------------------------------------------
406MB zu entfernen. (Ungefähre Größe)
----------------------------------------------------------------------------------------------------
Details der zu löschenden Dateien (Hinweis: Es wurden noch keine Dateien gelöscht)
----------------------------------------------------------------------------------------------------
Soll ich jetzt STARTE CCleaner drücken oder eben einfach den Compi neu starten???  |
|
21.11.2012, 19:11
| #15 |
| /// Malware-holic | Cybercrime Investigation Virus Hi Starte ccleaner, klicken, abwarten bis er durch ist, pc neustarten. und dann weiter mit AdwCleaner
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Cybercrime Investigation Virus |
| .exe, abgesicherte, abgesicherten, abgesicherten modus, bereits, cybercrime, drive, fake, immer wieder, investigation, jedesmal, laptop, modus, netzwerk, netzwerktreiber, otlpe, otlpenet.exe, trojaner-board, virus, windows, windows 7 |
Linear-Darstellung
