| |
| |||||||
Log-Analyse und Auswertung: GUV Verschlüsselungs-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.01.2013, 11:56
| #1 |
 |  GUV Verschlüsselungs-Trojaner Hallo zusammen, ich habe offensichtlich einen GUV Trojaner auf meinem Rechner. Leider lässt sich der Rechner auch nicht im abgesicherten Modus hochfahren, er fährt dann beim Erscheinen des Desktop wieder runter. Ich habe mir eine CD mit OTLPENet.exe erstellt und den Rechner damit gestartet. Dann OTLpe ausgeführt, mit Run Scan. Nach dem Scan wurde ein Fenster mit der OTL.txt geöffnet. Diese habe ich gespeichert und füge sie meiner Nachricht bei. Weiter habe ich noch nichts unternommen. Bin auch kein Experte und hoffe das ihr mir weiter helfen könnt. Danke und Grüße Andreas |
|
14.01.2013, 13:01
| #2 |
| | GUV Verschlüsselungs-Trojaner Sorry, ich hatte überlesen, daß die txt als Code-Tag gesendet werden soll.
__________________Grüße Andreas OTL Logfile: Code:
ATTFilter OTL logfile created on: 1/13/2013 11:10:01 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.76 Gb Total Space | 75.40 Gb Free Space | 33.25% Space Free | Partition Type: NTFS
Drive D: | 226.00 Gb Total Space | 225.91 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (Winmgmt)
SRV - [2012/11/29 03:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/08 12:52:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 12:52:40 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/08 06:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/05 04:54:50 | 000,311,296 | ---- | M] () [Auto] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2009/01/30 04:07:00 | 000,282,624 | ---- | M] (Marvell) [Auto] -- C:\Windows\System32\ykx32mpcoinst.dll -- (yksvc)
SRV - [2008/03/17 22:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/15 19:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2012/12/26 10:46:49 | 000,030,616 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2012/05/08 12:52:41 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 12:52:41 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 10:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/05/18 03:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/08 10:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/12 11:25:28 | 004,386,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/20 20:22:24 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VMC326.sys -- (VMC326)
DRV - [2008/11/03 23:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/11 21:03:20 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2008/03/20 22:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/08/14 18:00:00 | 000,567,936 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fxusbase.sys -- (fxusbase)
DRV - [2007/08/14 18:00:00 | 000,064,512 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Scherer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\Scherer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Scherer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\Scherer_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Scherer_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\Scherer_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\Scherer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\System32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/28 09:34:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/24 05:15:28 | 000,000,000 | ---D | M]
[2012/12/28 09:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/24 05:15:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/11/29 03:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 04:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/11/29 04:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 04:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/11/29 04:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/11/29 04:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/11/29 04:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Scherer_ON_C..\Run: [avupdate] File not found
O4 - HKU\Scherer_ON_C..\Run: [L1QtW710QzepO1Z] File not found
O4 - Startup: Error locating startup folders.
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Scherer_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Scherer_ON_C Winlogon: Shell - (C:\Users\Scherer\AppData\Roaming\skype.dat) - C:\Users\Scherer\AppData\Roaming\skype.dat ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/03 14:16:09 | 000,000,000 | ---D | C] -- C:\Users\Scherer\Documents\Ethnicraft stonecut oak tv board
[2013/01/01 15:41:49 | 000,000,000 | ---D | C] -- C:\Users\Scherer\AppData\Local\Macromedia
[2013/01/01 15:39:47 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/28 09:30:35 | 019,232,984 | ---- | C] (Mozilla) -- C:\Users\Scherer\Desktop\Firefox_Setup_17.0.1.exe
[2012/12/26 20:02:25 | 000,213,640 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2012/12/26 20:02:25 | 000,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2012/12/26 20:02:25 | 000,079,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2012/12/26 20:02:25 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2012/12/26 20:02:25 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2012/12/26 20:02:25 | 000,034,216 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2012/12/26 20:02:24 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmProv.dll
[2012/12/26 20:02:24 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmCl.dll
[2012/12/26 17:45:26 | 000,000,000 | ---D | C] -- C:\Users\Scherer\AppData\Roaming\Malwarebytes
[2012/12/26 17:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/26 17:44:33 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Scherer\Desktop\mbam-setup.exe
[2012/12/26 17:09:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/26 17:06:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Scherer\Desktop\OTL.exe
[2012/12/26 10:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/12/26 03:10:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/12/25 18:12:30 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\rkill.com
[2012/12/25 18:05:26 | 000,000,000 | ---D | C] -- C:\Users\Scherer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2012/12/25 17:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\9EA1536869B7623500009EA0B4CE68E9
[2012/12/18 15:15:15 | 000,000,000 | ---D | C] -- C:\Users\Scherer\Desktop\fotobuch 2012_mcf-Dateien
[2012/12/15 16:00:31 | 000,000,000 | ---D | C] -- C:\Users\Scherer\AppData\Local\Nik Software
[1 C:\Users\Scherer\AppData\Roaming\*.tmp files -> C:\Users\Scherer\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/13 13:50:09 | 000,000,004 | ---- | M] () -- C:\Users\Scherer\AppData\Roaming\skype.ini
[2013/01/13 13:50:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/13 13:50:02 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8ABE1372-F6EF-4A57-8A93-2F3EBBB833DE}.job
[2013/01/13 13:49:42 | 000,372,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/13 13:49:39 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 13:49:38 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 13:48:52 | 3184,119,808 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/12 18:18:44 | 000,019,968 | ---- | M] () -- C:\Users\Scherer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/12 16:47:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/05 15:12:35 | 000,052,240 | ---- | M] () -- C:\Users\Scherer\Documents\Fotowelt-Datei 2011.mcf
[2013/01/05 15:12:02 | 000,052,240 | ---- | M] () -- C:\Users\Scherer\Documents\Fotowelt-Datei 2011.mcf~
[2013/01/01 15:59:38 | 000,004,121 | ---- | M] () -- C:\Users\Scherer\Documents\musik.rtf
[2013/01/01 15:39:47 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/01 15:39:47 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/31 04:51:03 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2012/12/28 09:34:22 | 000,000,870 | ---- | M] () -- C:\Users\Scherer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/28 09:34:22 | 000,000,858 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/12/28 09:32:36 | 019,232,984 | ---- | M] (Mozilla) -- C:\Users\Scherer\Desktop\Firefox_Setup_17.0.1.exe
[2012/12/26 17:17:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012/12/26 11:31:44 | 000,550,017 | ---- | M] () -- C:\Users\Scherer\Desktop\adwcleaner.exe
[2012/12/26 11:31:44 | 000,550,017 | ---- | M] () -- C:\adwcleaner.exe
[2012/12/26 11:26:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scherer\Desktop\OTL.exe
[2012/12/26 10:46:49 | 000,030,616 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro37.sys
[2012/12/26 05:01:38 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Scherer\Desktop\mbam-setup.exe
[2012/12/26 03:23:24 | 000,684,726 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/12/26 03:23:24 | 000,642,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/26 03:23:24 | 000,149,396 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/12/26 03:23:24 | 000,120,982 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/26 03:10:57 | 101,531,662 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/25 18:55:59 | 000,003,201 | ---- | M] () -- C:\ProgramData\0tbpw.js
[2012/12/25 18:07:48 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\rkill.com
[2012/12/19 15:09:25 | 000,174,015 | ---- | M] () -- C:\Users\Scherer\Desktop\fotobuch 2012.mcf
[2012/12/18 16:07:45 | 000,104,525 | ---- | M] () -- C:\Users\Scherer\Desktop\fotobuch 2012.mcf~
[2012/12/18 14:49:35 | 001,566,704 | ---- | M] () -- C:\Users\Scherer\Desktop\setup_Mein_CEWE_FOTOBUCH.exe
[2012/12/17 15:21:45 | 000,250,300 | ---- | M] () -- C:\Users\Scherer\Desktop\gimpfx-foundry-2.6-1.zip
[1 C:\Users\Scherer\AppData\Roaming\*.tmp files -> C:\Users\Scherer\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/13 13:48:52 | 3184,119,808 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/12 18:27:16 | 000,000,004 | ---- | C] () -- C:\Users\Scherer\AppData\Roaming\skype.ini
[2013/01/05 14:44:47 | 000,052,240 | ---- | C] () -- C:\Users\Scherer\Documents\Fotowelt-Datei 2011.mcf~
[2013/01/05 14:44:47 | 000,052,240 | ---- | C] () -- C:\Users\Scherer\Documents\Fotowelt-Datei 2011.mcf
[2012/12/28 09:34:22 | 000,000,870 | ---- | C] () -- C:\Users\Scherer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/26 20:02:25 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2012/12/26 18:14:22 | 000,550,017 | ---- | C] () -- C:\adwcleaner.exe
[2012/12/26 17:57:05 | 000,550,017 | ---- | C] () -- C:\Users\Scherer\Desktop\adwcleaner.exe
[2012/12/26 10:46:49 | 000,030,616 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro37.sys
[2012/12/26 03:10:38 | 101,531,662 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/12/25 18:55:59 | 000,003,201 | ---- | C] () -- C:\ProgramData\0tbpw.js
[2012/12/25 18:55:48 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012/12/18 15:15:15 | 000,174,015 | ---- | C] () -- C:\Users\Scherer\Desktop\fotobuch 2012.mcf
[2012/12/18 15:15:15 | 000,104,525 | ---- | C] () -- C:\Users\Scherer\Desktop\fotobuch 2012.mcf~
[2012/12/18 14:49:30 | 001,566,704 | ---- | C] () -- C:\Users\Scherer\Desktop\setup_Mein_CEWE_FOTOBUCH.exe
[2012/12/17 15:21:45 | 000,250,300 | ---- | C] () -- C:\Users\Scherer\Desktop\gimpfx-foundry-2.6-1.zip
[2012/10/12 17:20:16 | 000,000,536 | ---- | C] () -- C:\Users\Scherer\AppData\Roaming\.gmic_sources.cimgz
[2012/05/12 08:31:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Examples
[2012/05/12 08:31:53 | 000,000,268 | RH-- | C] () -- C:\Users\Scherer\AppData\Roaming\Enhance Timing
[2012/05/12 08:31:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/05/12 08:31:52 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Error Handlers
[2012/05/12 08:31:52 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Equalizer
[2012/05/12 08:31:52 | 000,000,268 | RH-- | C] () -- C:\Users\Scherer\AppData\Roaming\Electric Piano
[2012/05/12 08:31:52 | 000,000,268 | RH-- | C] () -- C:\Users\Scherer\AppData\Roaming\Electric Clav
[2012/05/12 08:31:52 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/05/12 08:31:52 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/03/15 18:21:03 | 000,000,048 | ---- | C] () -- C:\Users\Scherer\AppData\Roaming\blckdom.res
[2012/02/25 04:52:10 | 000,000,680 | ---- | C] () -- C:\Users\Scherer\AppData\Local\d3d9caps.dat
[2012/02/17 16:20:19 | 000,019,968 | ---- | C] () -- C:\Users\Scherer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/14 02:42:30 | 000,000,294 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/07/12 15:19:13 | 000,000,454 | ---- | C] () -- C:\Users\Scherer\AppData\Roaming\.gmic_faves
[2011/06/05 16:40:03 | 000,013,264 | -HS- | C] () -- C:\Users\Scherer\AppData\Local\d14v7w72vysgy
[2011/06/05 16:40:03 | 000,013,264 | -HS- | C] () -- C:\ProgramData\d14v7w72vysgy
[2011/05/31 13:15:34 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/03/27 12:39:21 | 000,000,103 | ---- | C] () -- C:\Windows\wiso.ini
[2011/02/09 12:05:33 | 000,058,880 | ---- | C] () -- C:\Users\Scherer\AppData\Roaming\skype.dat
[2009/12/23 04:57:04 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2009/06/12 12:42:24 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/06/11 22:08:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/06/11 22:05:00 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2009/06/11 21:28:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/11 21:28:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/11 20:58:24 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009/06/11 20:58:24 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009/06/11 20:53:10 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2009/06/11 20:51:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2009/06/11 20:51:49 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2009/06/11 20:51:34 | 000,003,990 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009/06/11 06:15:20 | 000,684,726 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/06/11 06:15:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/06/11 06:15:20 | 000,149,396 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/06/11 06:15:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/06/11 06:07:03 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/06/11 06:06:50 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/11 06:06:50 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/06/11 06:06:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/06/11 06:06:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/02/09 11:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007/02/26 02:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\imagine digital freedom.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,372,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,642,094 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,120,982 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2012/03/15 18:21:23 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\01014
[2012/03/16 15:44:11 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\01015
[2012/02/11 14:26:57 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\Buhl Data Service
[2011/08/07 04:39:44 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\DVDVideoSoft
[2011/08/07 04:39:31 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/11/21 08:31:53 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\Eumex 400
[2012/05/14 15:00:27 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\FreeFileSync
[2013/01/12 11:38:27 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\gtk-2.0
[2011/10/14 02:45:14 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\Imusol
[2012/08/17 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\IrfanView
[2012/03/15 18:20:41 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\kock
[2011/06/19 10:04:54 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\Mirillis
[2012/02/29 16:07:33 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\NeatImage SL 32
[2012/08/30 13:55:41 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\Nikon
[2012/02/02 17:21:44 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\Nuvi
[2011/07/22 01:23:30 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\PC Suite
[2012/10/21 08:04:14 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\Picturenaut
[2011/12/28 09:35:02 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\RavensburgerTipToi
[2012/03/15 17:43:41 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\TeamViewer
[2012/03/25 16:49:38 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\UAs
[2012/03/25 16:50:25 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\xmldm
[2011/10/14 02:29:52 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\Ybcigy
[2012/02/03 19:29:39 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\Zusu
[2011/05/03 14:19:26 | 000,000,000 | ---D | M] -- C:\Users\Scherer\AppData\Roaming\Zuyqer
[2012/12/25 17:50:56 | 000,000,000 | ---D | M] -- C:\ProgramData\9EA1536869B7623500009EA0B4CE68E9
[2009/09/21 13:35:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/02/11 14:27:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2010/08/05 06:22:13 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2012/05/12 08:31:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Documentation
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/09/21 13:35:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/05/12 08:31:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Electric Clav
[2012/05/12 08:31:53 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp
[2012/05/12 08:31:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Extensions
[2009/09/21 13:35:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/12/26 10:46:05 | 000,000,000 | ---D | M] -- C:\ProgramData\HitmanPro
[2011/06/19 10:04:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Mirillis
[2012/05/12 08:25:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon
[2011/09/08 04:19:50 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2012/03/16 15:54:28 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2011/11/16 15:15:02 | 000,000,000 | ---D | M] -- C:\ProgramData\PhotoME
[2012/12/28 06:42:24 | 000,000,000 | ---D | M] -- C:\ProgramData\RavensburgerTipToi
[2009/06/11 22:10:28 | 000,000,000 | ---D | M] -- C:\ProgramData\SAMSUNG
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/09/21 13:35:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2013/01/05 14:30:53 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2012/05/12 08:31:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15
[2009/09/21 13:35:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/03/18 20:07:48 | 000,000,000 | ---D | M] -- C:\ProgramData\WinClon
[2012/02/06 16:30:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Windows
[2009/11/13 17:03:35 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2013/01/12 16:47:14 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/01/13 13:50:02 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8ABE1372-F6EF-4A57-8A93-2F3EBBB833DE}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\Scherer\Documents\CIMG0191.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Scherer\Documents\CIMG0190.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Scherer\Documents\CIMG0156.AVI:TOC.WMV
< End of report >
[/CODE] |
|
16.01.2013, 08:35
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GUV Verschlüsselungs-Trojaner Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKU\Scherer_ON_C..\Run: [avupdate] File not found
O4 - HKU\Scherer_ON_C..\Run: [L1QtW710QzepO1Z] File not found
O20 - HKU\Scherer_ON_C Winlogon: Shell - (C:\Users\Scherer\AppData\Roaming\skype.dat) - C:\Users\Scherer\AppData\Roaming\skype.dat ()
:Files
C:\Users\Scherer\AppData\Roaming\01014
C:\Users\Scherer\AppData\Roaming\01015
C:\Users\Scherer\AppData\Roaming\kock
C:\Users\Scherer\AppData\Roaming\UAs
C:\Users\Scherer\AppData\Roaming\xmldm
C:\Users\Scherer\AppData\Roaming\Ybcigy
C:\Users\Scherer\AppData\Roaming\Zusu
C:\Users\Scherer\AppData\Roaming\Zuyqer
C:\ProgramData\9EA1536869B7623500009EA0B4CE68E9
C:\Users\Scherer\AppData\Roaming\skype.dat
C:\Users\Scherer\AppData\Roaming\skype.ini
C:\Users\Scherer\AppData\Local\d14v7w72vysgy
C:\ProgramData\d14v7w72vysgy
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLev.DAT
C:\ProgramData\0tbpw.js
C:\ProgramData\0tbpw.pad
C:\Users\Scherer\AppData\Roaming\blckdom.res
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ |
|
16.01.2013, 09:34
| #4 |
| | GUV Verschlüsselungs-Trojaner Hallo Cosinuns, vielen Dank für die Hilfe, der Rechner fährt wieder "normal" hoch. Das Logfile sende ich als Anlage. Soll ich einen Scan mit Malwarebytes und dem adwcleaner machen? Grüße Andreas |
|
16.01.2013, 10:04
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Verschlüsselungs-Trojaner Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.01.2013, 12:07
| #6 |
| | GUV Verschlüsselungs-Trojaner Erledigt. Erster Scan: Malware Found: 8, Logfile: mbar-log-2013-01-16 (11-24-31).txt Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.09.01
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Scherer :: SCHERER-PC [administrator]
16.01.2013 11:24:31
mbar-log-2013-01-16 (11-24-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27958
Time elapsed: 11 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
c:\$Recycle.Bin\S-1-5-21-326891830-3036340036-2452681849-1003\$9579f6821fdb988c8b83cc51a3e96cb6\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-326891830-3036340036-2452681849-1003\$9579f6821fdb988c8b83cc51a3e96cb6\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-326891830-3036340036-2452681849-1003\$9579f6821fdb988c8b83cc51a3e96cb6 (Trojan.Siredef.C) -> Delete on reboot.
Files Detected: 4
c:\$Recycle.Bin\S-1-5-21-326891830-3036340036-2452681849-1003\$9579f6821fdb988c8b83cc51a3e96cb6\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-326891830-3036340036-2452681849-1003\$9579f6821fdb988c8b83cc51a3e96cb6\U\00000001.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-326891830-3036340036-2452681849-1003\$9579f6821fdb988c8b83cc51a3e96cb6\U\80000000.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-326891830-3036340036-2452681849-1003\$9579f6821fdb988c8b83cc51a3e96cb6\U\800000cb.@ (Trojan.Siredef.C) -> Delete on reboot.
(end)
Zweiter Scan: Nichts gefunden, Logfile: mbar-log-2013-01-16 (11-58-12).txt Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.09.01
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Scherer :: SCHERER-PC [administrator]
16.01.2013 11:58:12
mbar-log-2013-01-16 (11-58-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27963
Time elapsed: 12 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
16.01.2013, 16:01
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Verschlüsselungs-Trojaner Hast auch noch einen ZeroAcess  Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.01.2013, 20:30
| #8 |
| | GUV Verschlüsselungs-Trojaner Hallo, hier die txt-Datei. Ich habe vorher den Avira-Antivirus Scan deaktiviert. Reichte das aus? Das Avira Symbol unten rechts habe ich nicht weg bekommen. ComboFix.txt Code:
ATTFilter Combofix Logfile: |
|
17.01.2013, 14:16
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Verschlüsselungs-Trojaner Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.01.2013, 23:53
| #10 |
| | GUV Verschlüsselungs-Trojaner Sorry, bin etwas spät Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-17 18:13:15
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Scherer\AppData\Local\Temp\kwdirfow.sys
---- System - GMER 2.0 ----
SSDT 8D16BE26 ZwCreateSection
SSDT 8D16BE30 ZwRequestWaitReplyPort
SSDT 8D16BE2B ZwSetContextThread
SSDT 8D16BE35 ZwSetSecurityObject
SSDT 8D16BE3A ZwSystemDebugControl
SSDT 8D16BDC7 ZwTerminateProcess
---- Kernel code sections - GMER 2.0 ----
.text ntoskrnl.exe!KeInsertQueue + 405 8247C9CC 4 Bytes [26, BE, 16, 8D]
.text ntoskrnl.exe!KeInsertQueue + 729 8247CCF0 4 Bytes [30, BE, 16, 8D]
.text ntoskrnl.exe!KeInsertQueue + 75D 8247CD24 4 Bytes [2B, BE, 16, 8D]
.text ntoskrnl.exe!KeInsertQueue + 7C1 8247CD88 4 Bytes [35, BE, 16, 8D]
.text ntoskrnl.exe!KeInsertQueue + 809 8247CDD0 4 Bytes [3A, BE, 16, 8D]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E401000, 0x258606, 0xE8000020]
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e276d4
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e276d8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e2770b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e279d5
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e276d4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e276d8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e2770b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e279d5 (not active ControlSet)
---- EOF - GMER 2.0 ----
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-17 23:37:18
-----------------------------
23:37:18.795 OS Version: Windows 6.0.6001 Service Pack 1
23:37:18.795 Number of processors: 2 586 0x170A
23:37:18.795 ComputerName: SCHERER-PC UserName: Scherer
23:38:10.057 Initialize success
23:38:30.867 AVAST engine defs: 13011700
23:39:58.087 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:39:58.087 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
23:39:58.118 Disk 0 MBR read successfully
23:39:58.118 Disk 0 MBR scan
23:39:58.118 Disk 0 unknown MBR code
23:39:58.134 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
23:39:58.149 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 232200 MB offset 27265024
23:39:58.181 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 231426 MB offset 502810624
23:39:58.196 Disk 0 scanning sectors +976771072
23:39:58.337 Disk 0 scanning C:\Windows\system32\drivers
23:40:16.699 Service scanning
23:40:48.772 Modules scanning
23:41:15.870 Disk 0 trace - called modules:
23:41:16.400 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:41:16.416 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ae33e8]
23:41:16.416 3 CLASSPNP.SYS[8a411745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84fcf028]
23:41:16.431 Scan finished successfully
23:41:50.000 Disk 0 MBR has been saved successfully to "C:\Users\Scherer\Desktop\MBR.dat"
23:41:50.016 The log file has been saved successfully to "C:\Users\Scherer\Desktop\aswMBR.txt"
|
|
18.01.2013, 12:39
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Verschlüsselungs-Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.01.2013, 18:53
| #12 |
| | GUV Verschlüsselungs-Trojaner Hallo, 3 Funde, habe alles auf "skip" gelassen und dann beendet. Code:
ATTFilter 18:48:23.0676 1372 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:48:24.0207 1372 ============================================================
18:48:24.0207 1372 Current date / time: 2013/01/18 18:48:24.0207
18:48:24.0207 1372 SystemInfo:
18:48:24.0207 1372
18:48:24.0207 1372 OS Version: 6.0.6001 ServicePack: 1.0
18:48:24.0207 1372 Product type: Workstation
18:48:24.0207 1372 ComputerName: SCHERER-PC
18:48:24.0207 1372 UserName: Scherer
18:48:24.0207 1372 Windows directory: C:\Windows
18:48:24.0207 1372 System windows directory: C:\Windows
18:48:24.0207 1372 Processor architecture: Intel x86
18:48:24.0207 1372 Number of processors: 2
18:48:24.0207 1372 Page size: 0x1000
18:48:24.0207 1372 Boot type: Normal boot
18:48:24.0207 1372 ============================================================
18:48:24.0971 1372 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:48:24.0971 1372 ============================================================
18:48:24.0971 1372 \Device\Harddisk0\DR0:
18:48:24.0971 1372 MBR partitions:
18:48:24.0971 1372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x1C584000
18:48:24.0971 1372 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DF84800, BlocksNum 0x1C401000
18:48:24.0971 1372 ============================================================
18:48:25.0080 1372 C: <-> \Device\Harddisk0\DR0\Partition1
18:48:25.0112 1372 D: <-> \Device\Harddisk0\DR0\Partition2
18:48:25.0112 1372 ============================================================
18:48:25.0112 1372 Initialize success
18:48:25.0112 1372 ============================================================
18:48:36.0936 3652 ============================================================
18:48:36.0936 3652 Scan started
18:48:36.0936 3652 Mode: Manual; SigCheck; TDLFS;
18:48:36.0936 3652 ============================================================
18:48:37.0451 3652 ================ Scan system memory ========================
18:48:37.0451 3652 System memory - ok
18:48:37.0451 3652 ================ Scan services =============================
18:48:37.0826 3652 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
18:48:37.0997 3652 ACPI - ok
18:48:38.0044 3652 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:48:38.0075 3652 adp94xx - ok
18:48:38.0138 3652 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:48:38.0169 3652 adpahci - ok
18:48:38.0200 3652 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:48:38.0216 3652 adpu160m - ok
18:48:38.0262 3652 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:48:38.0278 3652 adpu320 - ok
18:48:38.0372 3652 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:48:38.0528 3652 AeLookupSvc - ok
18:48:38.0637 3652 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
18:48:38.0730 3652 AFD - ok
18:48:38.0777 3652 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
18:48:38.0840 3652 AgereModemAudio - ok
18:48:38.0918 3652 [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
18:48:39.0011 3652 AgereSoftModem - ok
18:48:39.0105 3652 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:48:39.0120 3652 agp440 - ok
18:48:39.0152 3652 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:48:39.0183 3652 aic78xx - ok
18:48:39.0198 3652 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:48:39.0261 3652 ALG - ok
18:48:39.0276 3652 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:48:39.0308 3652 aliide - ok
18:48:39.0339 3652 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:48:39.0354 3652 amdagp - ok
18:48:39.0386 3652 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:48:39.0386 3652 amdide - ok
18:48:39.0417 3652 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:48:39.0495 3652 AmdK7 - ok
18:48:39.0526 3652 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:48:39.0604 3652 AmdK8 - ok
18:48:39.0744 3652 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:48:39.0760 3652 AntiVirSchedulerService - ok
18:48:39.0854 3652 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:48:39.0869 3652 AntiVirService - ok
18:48:39.0947 3652 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:48:40.0025 3652 Appinfo - ok
18:48:40.0119 3652 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:48:40.0150 3652 arc - ok
18:48:40.0197 3652 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:48:40.0212 3652 arcsas - ok
18:48:40.0259 3652 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:48:40.0322 3652 AsyncMac - ok
18:48:40.0368 3652 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys
18:48:40.0384 3652 atapi - ok
18:48:40.0462 3652 [ 99D78248BFD454BFA9B5BEC37350FADE ] athr C:\Windows\system32\DRIVERS\athr.sys
18:48:40.0587 3652 athr - ok
18:48:40.0634 3652 [ DB338C400CC9F5CEB568899D664FF335 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
18:48:40.0712 3652 Ati External Event Utility - ok
18:48:41.0242 3652 [ 45C45796CAAD4F3354496530329A7B10 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:48:41.0476 3652 atikmdag - ok
18:48:41.0507 3652 [ C49972BB5DC0AD5BF11074CD8F5B3265 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:48:41.0570 3652 AudioEndpointBuilder - ok
18:48:41.0585 3652 [ C49972BB5DC0AD5BF11074CD8F5B3265 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:48:41.0601 3652 Audiosrv - ok
18:48:41.0679 3652 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:48:41.0726 3652 avgntflt - ok
18:48:41.0788 3652 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:48:41.0788 3652 avipbb - ok
18:48:41.0882 3652 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:48:41.0928 3652 avkmgr - ok
18:48:42.0006 3652 [ 5685E9F471135E6675D981D5D45C9935 ] AVMCOWAN C:\Windows\system32\DRIVERS\AVMCOWAN.sys
18:48:42.0053 3652 AVMCOWAN - ok
18:48:42.0147 3652 [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
18:48:42.0303 3652 bcm4sbxp - ok
18:48:42.0396 3652 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
18:48:42.0412 3652 BcmSqlStartupSvc - ok
18:48:42.0474 3652 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:48:42.0521 3652 Beep - ok
18:48:42.0615 3652 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
18:48:42.0755 3652 BFE - ok
18:48:42.0833 3652 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\system32\qmgr.dll
18:48:42.0911 3652 BITS - ok
18:48:42.0958 3652 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:48:43.0036 3652 blbdrive - ok
18:48:43.0067 3652 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:48:43.0130 3652 bowser - ok
18:48:43.0176 3652 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:48:43.0239 3652 BrFiltLo - ok
18:48:43.0270 3652 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:48:43.0332 3652 BrFiltUp - ok
18:48:43.0395 3652 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:48:43.0473 3652 Browser - ok
18:48:43.0535 3652 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:48:43.0613 3652 Brserid - ok
18:48:43.0629 3652 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:48:43.0769 3652 BrSerWdm - ok
18:48:43.0816 3652 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:48:43.0910 3652 BrUsbMdm - ok
18:48:43.0956 3652 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:48:44.0081 3652 BrUsbSer - ok
18:48:44.0128 3652 [ C7065FA296C91BF054F421B0EBF93461 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
18:48:44.0222 3652 BthEnum - ok
18:48:44.0253 3652 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:48:44.0331 3652 BTHMODEM - ok
18:48:44.0393 3652 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:48:44.0456 3652 BthPan - ok
18:48:44.0487 3652 [ 1712D956E5A96F866D6791869E99B1D6 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
18:48:44.0518 3652 BTHPORT - ok
18:48:44.0549 3652 [ 58EE7F5E68310BC8D4E7CEBD8358C12E ] BthServ C:\Windows\System32\bthserv.dll
18:48:44.0596 3652 BthServ - ok
18:48:44.0627 3652 [ 66088E161E769D11C3134BC23D0E6144 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:48:44.0674 3652 BTHUSB - ok
18:48:44.0705 3652 catchme - ok
18:48:44.0721 3652 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:48:44.0814 3652 cdfs - ok
18:48:44.0846 3652 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:48:44.0908 3652 cdrom - ok
18:48:44.0939 3652 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
18:48:45.0002 3652 CertPropSvc - ok
18:48:45.0017 3652 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:48:45.0080 3652 circlass - ok
18:48:45.0111 3652 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
18:48:45.0126 3652 CLFS - ok
18:48:45.0251 3652 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:48:45.0282 3652 clr_optimization_v2.0.50727_32 - ok
18:48:45.0345 3652 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:48:45.0360 3652 clr_optimization_v4.0.30319_32 - ok
18:48:45.0392 3652 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:48:45.0454 3652 CmBatt - ok
18:48:45.0485 3652 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:48:45.0501 3652 cmdide - ok
18:48:45.0532 3652 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:48:45.0579 3652 Compbatt - ok
18:48:45.0594 3652 COMSysApp - ok
18:48:45.0626 3652 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:48:45.0641 3652 crcdisk - ok
18:48:45.0672 3652 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:48:45.0719 3652 Crusoe - ok
18:48:45.0782 3652 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:48:45.0828 3652 CryptSvc - ok
18:48:45.0891 3652 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:48:45.0953 3652 DcomLaunch - ok
18:48:46.0016 3652 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:48:46.0094 3652 DfsC - ok
18:48:46.0328 3652 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
18:48:46.0468 3652 DFSR - ok
18:48:46.0562 3652 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:48:46.0655 3652 Dhcp - ok
18:48:46.0686 3652 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
18:48:46.0702 3652 disk - ok
18:48:46.0764 3652 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:48:46.0811 3652 Dnscache - ok
18:48:46.0842 3652 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
18:48:46.0905 3652 dot3svc - ok
18:48:46.0952 3652 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:48:46.0998 3652 Dot4 - ok
18:48:47.0045 3652 [ A84D8A9006B1AE515CC7B6B3586C295A ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys
18:48:47.0092 3652 Dot4Scan - ok
18:48:47.0139 3652 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:48:47.0217 3652 dot4usb - ok
18:48:47.0248 3652 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:48:47.0295 3652 DPS - ok
18:48:47.0342 3652 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:48:47.0420 3652 drmkaud - ok
18:48:47.0513 3652 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:48:47.0607 3652 DXGKrnl - ok
18:48:47.0669 3652 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:48:47.0716 3652 E1G60 - ok
18:48:47.0778 3652 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:48:47.0856 3652 EapHost - ok
18:48:47.0903 3652 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:48:47.0919 3652 Ecache - ok
18:48:47.0981 3652 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:48:48.0044 3652 ehRecvr - ok
18:48:48.0075 3652 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:48:48.0168 3652 ehSched - ok
18:48:48.0200 3652 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:48:48.0262 3652 ehstart - ok
18:48:48.0309 3652 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:48:48.0356 3652 elxstor - ok
18:48:48.0543 3652 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:48:48.0668 3652 EMDMgmt - ok
18:48:48.0730 3652 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:48:48.0777 3652 ErrDev - ok
18:48:48.0839 3652 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
18:48:48.0902 3652 EventSystem - ok
18:48:48.0948 3652 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
18:48:48.0980 3652 exfat - ok
18:48:49.0058 3652 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:48:49.0167 3652 fastfat - ok
18:48:49.0198 3652 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:48:49.0260 3652 fdc - ok
18:48:49.0307 3652 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:48:49.0385 3652 fdPHost - ok
18:48:49.0416 3652 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:48:49.0494 3652 FDResPub - ok
18:48:49.0526 3652 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:48:49.0541 3652 FileInfo - ok
18:48:49.0588 3652 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:48:49.0682 3652 Filetrace - ok
18:48:49.0791 3652 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:48:49.0853 3652 flpydisk - ok
18:48:49.0884 3652 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:48:49.0900 3652 FltMgr - ok
18:48:50.0025 3652 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:48:50.0040 3652 FontCache3.0.0.0 - ok
18:48:50.0072 3652 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:48:50.0118 3652 Fs_Rec - ok
18:48:50.0259 3652 [ 4A51F6DE41CF9FE72A5893D80504E998 ] fxusbase C:\Windows\system32\DRIVERS\fxusbase.sys
18:48:50.0337 3652 fxusbase - ok
18:48:50.0368 3652 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:48:50.0399 3652 gagp30kx - ok
18:48:50.0555 3652 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
18:48:50.0696 3652 gpsvc - ok
18:48:50.0742 3652 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:48:50.0836 3652 HdAudAddService - ok
18:48:50.0867 3652 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:48:50.0898 3652 HDAudBus - ok
18:48:50.0961 3652 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:48:51.0054 3652 HidBth - ok
18:48:51.0101 3652 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:48:51.0210 3652 HidIr - ok
18:48:51.0257 3652 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\System32\hidserv.dll
18:48:51.0351 3652 hidserv - ok
18:48:51.0382 3652 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:48:51.0444 3652 HidUsb - ok
18:48:51.0507 3652 [ 7EAB073BF5949ED639660787A01B623D ] hitmanpro37 C:\Windows\system32\drivers\hitmanpro37.sys
18:48:51.0538 3652 hitmanpro37 - ok
18:48:51.0585 3652 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:48:51.0663 3652 hkmsvc - ok
18:48:51.0725 3652 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:48:51.0756 3652 HpCISSs - ok
18:48:51.0803 3652 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:48:51.0866 3652 HTTP - ok
18:48:51.0897 3652 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:48:51.0928 3652 i2omp - ok
18:48:51.0990 3652 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:48:52.0006 3652 i8042prt - ok
18:48:52.0100 3652 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
18:48:52.0224 3652 ialm - ok
18:48:52.0318 3652 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:48:52.0365 3652 iaStor - ok
18:48:52.0380 3652 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:48:52.0427 3652 iaStorV - ok
18:48:52.0568 3652 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:48:52.0630 3652 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:48:52.0630 3652 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:48:52.0739 3652 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:48:52.0786 3652 idsvc - ok
18:48:52.0817 3652 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:48:52.0848 3652 iirsp - ok
18:48:52.0973 3652 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
18:48:53.0082 3652 IKEEXT - ok
18:48:53.0207 3652 [ B4FD14F7B231E358BEC6C71D1A6C2845 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:48:53.0457 3652 IntcAzAudAddService - ok
18:48:53.0535 3652 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:48:53.0550 3652 intelide - ok
18:48:53.0566 3652 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:48:53.0644 3652 intelppm - ok
18:48:53.0706 3652 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:48:53.0800 3652 IPBusEnum - ok
18:48:53.0816 3652 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:48:53.0862 3652 IpFilterDriver - ok
18:48:53.0909 3652 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:48:53.0987 3652 iphlpsvc - ok
18:48:53.0987 3652 IpInIp - ok
18:48:54.0034 3652 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:48:54.0128 3652 IPMIDRV - ok
18:48:54.0174 3652 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:48:54.0237 3652 IPNAT - ok
18:48:54.0284 3652 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:48:54.0346 3652 IRENUM - ok
18:48:54.0377 3652 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:48:54.0393 3652 isapnp - ok
18:48:54.0440 3652 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:48:54.0455 3652 iScsiPrt - ok
18:48:54.0502 3652 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:48:54.0533 3652 iteatapi - ok
18:48:54.0549 3652 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:48:54.0564 3652 iteraid - ok
18:48:54.0564 3652 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:48:54.0580 3652 kbdclass - ok
18:48:54.0642 3652 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:48:54.0736 3652 kbdhid - ok
18:48:54.0783 3652 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
18:48:54.0845 3652 KeyIso - ok
18:48:54.0876 3652 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys
18:48:54.0908 3652 KMDFMEMIO - ok
18:48:54.0923 3652 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:48:54.0954 3652 KSecDD - ok
18:48:55.0001 3652 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:48:55.0095 3652 KtmRm - ok
18:48:55.0157 3652 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:48:55.0251 3652 LanmanServer - ok
18:48:55.0313 3652 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:48:55.0360 3652 LanmanWorkstation - ok
18:48:55.0407 3652 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:48:55.0454 3652 lltdio - ok
18:48:55.0516 3652 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:48:55.0578 3652 lltdsvc - ok
18:48:55.0610 3652 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:48:55.0672 3652 lmhosts - ok
18:48:55.0766 3652 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:48:55.0812 3652 LSI_FC - ok
18:48:55.0859 3652 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:48:55.0875 3652 LSI_SAS - ok
18:48:55.0922 3652 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:48:55.0953 3652 LSI_SCSI - ok
18:48:55.0968 3652 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:48:56.0015 3652 luafv - ok
18:48:56.0062 3652 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:48:56.0093 3652 Mcx2Svc - ok
18:48:56.0140 3652 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:48:56.0156 3652 megasas - ok
18:48:56.0296 3652 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:48:56.0390 3652 MegaSR - ok
18:48:56.0452 3652 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:48:56.0483 3652 MMCSS - ok
18:48:56.0514 3652 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:48:56.0577 3652 Modem - ok
18:48:56.0655 3652 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:48:56.0702 3652 monitor - ok
18:48:56.0717 3652 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:48:56.0733 3652 mouclass - ok
18:48:56.0780 3652 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:48:56.0826 3652 mouhid - ok
18:48:56.0873 3652 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:48:56.0889 3652 MountMgr - ok
18:48:57.0014 3652 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:48:57.0029 3652 MozillaMaintenance - ok
18:48:57.0092 3652 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:48:57.0107 3652 mpio - ok
18:48:57.0154 3652 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:48:57.0232 3652 mpsdrv - ok
18:48:57.0294 3652 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
18:48:57.0341 3652 MpsSvc - ok
18:48:57.0372 3652 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:48:57.0388 3652 Mraid35x - ok
18:48:57.0404 3652 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:48:57.0450 3652 MRxDAV - ok
18:48:57.0482 3652 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:48:57.0544 3652 mrxsmb - ok
18:48:57.0622 3652 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:48:57.0653 3652 mrxsmb10 - ok
18:48:57.0669 3652 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:48:57.0700 3652 mrxsmb20 - ok
18:48:57.0731 3652 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
18:48:57.0747 3652 msahci - ok
18:48:57.0762 3652 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:48:57.0778 3652 msdsm - ok
18:48:57.0809 3652 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:48:57.0872 3652 MSDTC - ok
18:48:57.0903 3652 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:48:57.0950 3652 Msfs - ok
18:48:57.0981 3652 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:48:58.0012 3652 msisadrv - ok
18:48:58.0059 3652 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:48:58.0106 3652 MSiSCSI - ok
18:48:58.0106 3652 msiserver - ok
18:48:58.0152 3652 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:48:58.0215 3652 MSKSSRV - ok
18:48:58.0262 3652 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:48:58.0324 3652 MSPCLOCK - ok
18:48:58.0340 3652 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:48:58.0402 3652 MSPQM - ok
18:48:58.0449 3652 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:48:58.0464 3652 MsRPC - ok
18:48:58.0511 3652 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:48:58.0527 3652 mssmbios - ok
18:48:58.0605 3652 MSSQL$MSSMLBIZ - ok
18:48:58.0698 3652 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:48:58.0714 3652 MSSQLServerADHelper - ok
18:48:58.0745 3652 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:48:58.0792 3652 MSTEE - ok
18:48:58.0823 3652 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
18:48:58.0839 3652 Mup - ok
18:48:58.0917 3652 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
18:48:58.0979 3652 napagent - ok
18:48:59.0026 3652 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:48:59.0073 3652 NativeWifiP - ok
18:48:59.0104 3652 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:48:59.0166 3652 NDIS - ok
18:48:59.0229 3652 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:48:59.0276 3652 NdisTapi - ok
18:48:59.0307 3652 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:48:59.0354 3652 Ndisuio - ok
18:48:59.0400 3652 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:48:59.0432 3652 NdisWan - ok
18:48:59.0463 3652 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:48:59.0494 3652 NDProxy - ok
18:48:59.0510 3652 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:48:59.0541 3652 NetBIOS - ok
18:48:59.0588 3652 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:48:59.0681 3652 netbt - ok
18:48:59.0697 3652 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
18:48:59.0712 3652 Netlogon - ok
18:48:59.0759 3652 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:48:59.0822 3652 Netman - ok
18:48:59.0853 3652 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:48:59.0931 3652 netprofm - ok
18:48:59.0993 3652 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:49:00.0009 3652 NetTcpPortSharing - ok
18:49:00.0243 3652 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
18:49:00.0461 3652 NETw3v32 - ok
18:49:00.0492 3652 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:49:00.0508 3652 nfrd960 - ok
18:49:00.0586 3652 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:49:00.0648 3652 NlaSvc - ok
18:49:00.0695 3652 [ CFE3462A9E94A57DCD9676F6B7FE7F67 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
18:49:00.0758 3652 nmwcd - ok
18:49:00.0773 3652 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:49:00.0820 3652 Npfs - ok
18:49:00.0882 3652 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:49:00.0945 3652 nsi - ok
18:49:00.0992 3652 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:49:01.0070 3652 nsiproxy - ok
18:49:01.0132 3652 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:49:01.0210 3652 Ntfs - ok
18:49:01.0304 3652 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:49:01.0428 3652 ntrigdigi - ok
18:49:01.0444 3652 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:49:01.0506 3652 Null - ok
18:49:01.0522 3652 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:49:01.0538 3652 nvraid - ok
18:49:01.0600 3652 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:49:01.0616 3652 nvstor - ok
18:49:01.0631 3652 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:49:01.0662 3652 nv_agp - ok
18:49:01.0662 3652 NwlnkFlt - ok
18:49:01.0678 3652 NwlnkFwd - ok
18:49:01.0803 3652 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:49:01.0818 3652 odserv - ok
18:49:01.0850 3652 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:49:01.0928 3652 ohci1394 - ok
18:49:01.0974 3652 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:49:01.0990 3652 ose - ok
18:49:02.0115 3652 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:49:02.0240 3652 p2pimsvc - ok
18:49:02.0240 3652 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
18:49:02.0286 3652 p2psvc - ok
18:49:02.0318 3652 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:49:02.0396 3652 Parport - ok
18:49:02.0442 3652 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:49:02.0458 3652 partmgr - ok
18:49:02.0489 3652 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:49:02.0583 3652 Parvdm - ok
18:49:02.0630 3652 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:49:02.0661 3652 PcaSvc - ok
18:49:02.0723 3652 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:49:02.0770 3652 pccsmcfd - ok
18:49:02.0801 3652 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
18:49:02.0817 3652 pci - ok
18:49:02.0864 3652 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
18:49:02.0879 3652 pciide - ok
18:49:02.0926 3652 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:49:02.0957 3652 pcmcia - ok
18:49:03.0004 3652 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:49:03.0129 3652 PEAUTH - ok
18:49:03.0347 3652 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:49:03.0456 3652 pla - ok
18:49:03.0503 3652 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:49:03.0550 3652 PlugPlay - ok
18:49:03.0675 3652 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:49:03.0737 3652 PNRPAutoReg - ok
18:49:03.0753 3652 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:49:03.0784 3652 PNRPsvc - ok
18:49:03.0893 3652 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:49:04.0018 3652 PolicyAgent - ok
18:49:04.0080 3652 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:49:04.0112 3652 PptpMiniport - ok
18:49:04.0174 3652 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:49:04.0236 3652 Processor - ok
18:49:04.0330 3652 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
18:49:04.0392 3652 ProfSvc - ok
18:49:04.0439 3652 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:49:04.0455 3652 ProtectedStorage - ok
18:49:04.0502 3652 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:49:04.0580 3652 PSched - ok
18:49:04.0689 3652 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:49:04.0782 3652 ql2300 - ok
18:49:04.0845 3652 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:49:04.0876 3652 ql40xx - ok
18:49:04.0954 3652 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:49:05.0016 3652 QWAVE - ok
18:49:05.0048 3652 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:49:05.0079 3652 QWAVEdrv - ok
18:49:05.0094 3652 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:49:05.0157 3652 RasAcd - ok
18:49:05.0172 3652 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:49:05.0219 3652 RasAuto - ok
18:49:05.0282 3652 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:49:05.0375 3652 Rasl2tp - ok
18:49:05.0453 3652 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
18:49:05.0516 3652 RasMan - ok
18:49:05.0547 3652 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:49:05.0609 3652 RasPppoe - ok
18:49:05.0625 3652 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:49:05.0703 3652 RasSstp - ok
18:49:05.0796 3652 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:49:05.0906 3652 rdbss - ok
18:49:05.0937 3652 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:49:05.0984 3652 RDPCDD - ok
18:49:06.0108 3652 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:49:06.0155 3652 rdpdr - ok
18:49:06.0186 3652 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:49:06.0249 3652 RDPENCDD - ok
18:49:06.0311 3652 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:49:06.0405 3652 RDPWD - ok
18:49:06.0452 3652 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:49:06.0498 3652 RemoteAccess - ok
18:49:06.0545 3652 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:49:06.0592 3652 RemoteRegistry - ok
18:49:06.0654 3652 [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip C:\Windows\SYSTEM32\Rezip.exe
18:49:06.0701 3652 Rezip ( UnsignedFile.Multi.Generic ) - warning
18:49:06.0701 3652 Rezip - detected UnsignedFile.Multi.Generic (1)
18:49:06.0748 3652 [ 10536B0AD6F416FC7F1149977C28CCDC ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:49:06.0795 3652 RFCOMM - ok
18:49:06.0826 3652 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:49:06.0873 3652 RpcLocator - ok
18:49:06.0935 3652 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
18:49:06.0966 3652 RpcSs - ok
18:49:07.0044 3652 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:49:07.0107 3652 rspndr - ok
18:49:07.0138 3652 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
18:49:07.0154 3652 SamSs - ok
18:49:07.0247 3652 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:49:07.0263 3652 sbp2port - ok
18:49:07.0310 3652 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:49:07.0356 3652 SCardSvr - ok
18:49:07.0403 3652 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
18:49:07.0466 3652 Schedule - ok
18:49:07.0497 3652 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
18:49:07.0544 3652 SCPolicySvc - ok
18:49:07.0606 3652 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:49:07.0653 3652 sdbus - ok
18:49:07.0700 3652 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:49:07.0762 3652 SDRSVC - ok
18:49:07.0793 3652 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:49:07.0887 3652 secdrv - ok
18:49:07.0918 3652 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:49:07.0965 3652 seclogon - ok
18:49:07.0980 3652 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
18:49:08.0043 3652 SENS - ok
18:49:08.0090 3652 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:49:08.0168 3652 Serenum - ok
18:49:08.0214 3652 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:49:08.0292 3652 Serial - ok
18:49:08.0324 3652 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:49:08.0355 3652 sermouse - ok
18:49:08.0589 3652 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:49:08.0636 3652 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
18:49:08.0636 3652 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
18:49:08.0682 3652 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:49:08.0729 3652 SessionEnv - ok
18:49:08.0792 3652 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:49:08.0838 3652 sffdisk - ok
18:49:08.0870 3652 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:49:08.0948 3652 sffp_mmc - ok
18:49:08.0979 3652 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:49:09.0041 3652 sffp_sd - ok
18:49:09.0072 3652 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:49:09.0166 3652 sfloppy - ok
18:49:09.0197 3652 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:49:09.0275 3652 SharedAccess - ok
18:49:09.0322 3652 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:49:09.0384 3652 ShellHWDetection - ok
18:49:09.0416 3652 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:49:09.0431 3652 sisagp - ok
18:49:09.0462 3652 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:49:09.0478 3652 SiSRaid2 - ok
18:49:09.0509 3652 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:49:09.0540 3652 SiSRaid4 - ok
18:49:09.0650 3652 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
18:49:09.0852 3652 slsvc - ok
18:49:09.0915 3652 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:49:09.0962 3652 SLUINotify - ok
18:49:09.0993 3652 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:49:10.0040 3652 Smb - ok
18:49:10.0071 3652 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:49:10.0086 3652 SNMPTRAP - ok
18:49:10.0133 3652 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:49:10.0133 3652 spldr - ok
18:49:10.0196 3652 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
18:49:10.0258 3652 Spooler - ok
18:49:10.0305 3652 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:49:10.0320 3652 SQLBrowser - ok
18:49:10.0383 3652 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:49:10.0398 3652 SQLWriter - ok
18:49:10.0554 3652 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:49:10.0586 3652 srv - ok
18:49:10.0648 3652 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:49:10.0710 3652 srv2 - ok
18:49:10.0742 3652 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:49:10.0788 3652 srvnet - ok
18:49:10.0851 3652 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:49:10.0898 3652 SSDPSRV - ok
18:49:10.0960 3652 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:49:11.0116 3652 ssmdrv - ok
18:49:11.0178 3652 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:49:11.0256 3652 SstpSvc - ok
18:49:11.0303 3652 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
18:49:11.0366 3652 stisvc - ok
18:49:11.0428 3652 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:49:11.0459 3652 swenum - ok
18:49:11.0506 3652 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
18:49:11.0568 3652 swprv - ok
18:49:11.0615 3652 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:49:11.0631 3652 Symc8xx - ok
18:49:11.0646 3652 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:49:11.0662 3652 Sym_hi - ok
18:49:11.0678 3652 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:49:11.0693 3652 Sym_u3 - ok
18:49:11.0740 3652 [ 71837FBCE3FD8143953444B3FF7938DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:49:11.0756 3652 SynTP - ok
18:49:11.0787 3652 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
18:49:11.0849 3652 SysMain - ok
18:49:11.0865 3652 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:49:11.0943 3652 TabletInputService - ok
18:49:11.0974 3652 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
18:49:12.0021 3652 TapiSrv - ok
18:49:12.0068 3652 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:49:12.0114 3652 TBS - ok
18:49:12.0270 3652 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:49:12.0348 3652 Tcpip - ok
18:49:12.0458 3652 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:49:12.0504 3652 Tcpip6 - ok
18:49:12.0551 3652 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:49:12.0629 3652 tcpipreg - ok
18:49:12.0645 3652 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:49:12.0738 3652 TDPIPE - ok
18:49:12.0754 3652 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:49:12.0832 3652 TDTCP - ok
18:49:12.0863 3652 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:49:12.0941 3652 tdx - ok
18:49:12.0988 3652 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:49:13.0004 3652 TermDD - ok
18:49:13.0066 3652 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
18:49:13.0160 3652 TermService - ok
18:49:13.0191 3652 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
18:49:13.0222 3652 Themes - ok
18:49:13.0253 3652 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:49:13.0300 3652 THREADORDER - ok
18:49:13.0347 3652 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:49:13.0409 3652 TrkWks - ok
18:49:13.0472 3652 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:49:13.0518 3652 TrustedInstaller - ok
18:49:13.0534 3652 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:49:13.0596 3652 tssecsrv - ok
18:49:13.0628 3652 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:49:13.0690 3652 tunmp - ok
18:49:13.0721 3652 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:49:13.0752 3652 tunnel - ok
18:49:13.0784 3652 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:49:13.0799 3652 uagp35 - ok
18:49:13.0846 3652 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:49:13.0940 3652 udfs - ok
18:49:14.0002 3652 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:49:14.0064 3652 UI0Detect - ok
18:49:14.0096 3652 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:49:14.0111 3652 uliagpkx - ok
18:49:14.0142 3652 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:49:14.0158 3652 uliahci - ok
18:49:14.0189 3652 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:49:14.0220 3652 UlSata - ok
18:49:14.0252 3652 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:49:14.0267 3652 ulsata2 - ok
18:49:14.0298 3652 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:49:14.0361 3652 umbus - ok
18:49:14.0423 3652 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:49:14.0501 3652 upnphost - ok
18:49:14.0548 3652 [ AFB10A231254A1920C3BB4A0D02E1CA6 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:49:14.0610 3652 usbccgp - ok
18:49:14.0626 3652 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:49:14.0720 3652 usbcir - ok
18:49:14.0751 3652 [ 44245742C4ED2EAFD69020583424455B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:49:14.0766 3652 usbehci - ok
18:49:14.0860 3652 [ DB39B3F83AF77BCA019D7DF6AADDBDAE ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:49:14.0907 3652 usbhub - ok
18:49:14.0938 3652 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:49:15.0016 3652 usbohci - ok
18:49:15.0047 3652 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:49:15.0094 3652 usbprint - ok
18:49:15.0125 3652 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:49:15.0188 3652 USBSTOR - ok
18:49:15.0203 3652 [ 587809974E43CFAD0CA0EF6E1D940CA9 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:49:15.0250 3652 usbuhci - ok
18:49:15.0297 3652 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:49:15.0375 3652 usbvideo - ok
18:49:15.0406 3652 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
18:49:15.0468 3652 UxSms - ok
18:49:15.0500 3652 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
18:49:15.0578 3652 vds - ok
18:49:15.0609 3652 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:49:15.0671 3652 vga - ok
18:49:15.0718 3652 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:49:15.0765 3652 VgaSave - ok
18:49:15.0812 3652 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:49:15.0858 3652 viaagp - ok
18:49:15.0874 3652 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:49:15.0921 3652 ViaC7 - ok
18:49:15.0936 3652 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:49:15.0968 3652 viaide - ok
18:49:15.0999 3652 [ 20A559A25C4AE3F9B35F8229636EE5A7 ] VMC326 C:\Windows\system32\Drivers\VMC326.sys
18:49:16.0046 3652 VMC326 - ok
18:49:16.0077 3652 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:49:16.0092 3652 volmgr - ok
18:49:16.0108 3652 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:49:16.0124 3652 volmgrx - ok
18:49:16.0139 3652 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:49:16.0170 3652 volsnap - ok
18:49:16.0186 3652 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:49:16.0217 3652 vsmraid - ok
18:49:16.0264 3652 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
18:49:16.0326 3652 VSS - ok
18:49:16.0373 3652 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
18:49:16.0498 3652 W32Time - ok
18:49:16.0529 3652 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:49:16.0638 3652 WacomPen - ok
18:49:16.0670 3652 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:49:16.0701 3652 Wanarp - ok
18:49:16.0701 3652 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:49:16.0732 3652 Wanarpv6 - ok
18:49:16.0794 3652 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:49:16.0857 3652 wcncsvc - ok
18:49:16.0888 3652 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:49:16.0966 3652 WcsPlugInService - ok
18:49:17.0013 3652 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:49:17.0028 3652 Wd - ok
18:49:17.0200 3652 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:49:17.0262 3652 Wdf01000 - ok
18:49:17.0294 3652 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:49:17.0356 3652 WdiServiceHost - ok
18:49:17.0356 3652 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:49:17.0403 3652 WdiSystemHost - ok
18:49:17.0465 3652 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
18:49:17.0512 3652 WebClient - ok
18:49:17.0574 3652 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:49:17.0621 3652 Wecsvc - ok
18:49:17.0652 3652 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:49:17.0684 3652 wercplsupport - ok
18:49:17.0730 3652 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
18:49:17.0777 3652 WerSvc - ok
18:49:17.0871 3652 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:49:17.0902 3652 WinDefend - ok
18:49:17.0902 3652 WinHttpAutoProxySvc - ok
18:49:18.0136 3652 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:49:18.0183 3652 Winmgmt - ok
18:49:18.0495 3652 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:49:18.0588 3652 WinRM - ok
18:49:18.0854 3652 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:49:18.0932 3652 Wlansvc - ok
18:49:19.0010 3652 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:49:19.0056 3652 WmiAcpi - ok
18:49:19.0150 3652 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:49:19.0228 3652 wmiApSrv - ok
18:49:19.0415 3652 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:49:19.0478 3652 WMPNetworkSvc - ok
18:49:19.0524 3652 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:49:19.0602 3652 WPCSvc - ok
18:49:19.0634 3652 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:49:19.0712 3652 WPDBusEnum - ok
18:49:19.0758 3652 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:49:19.0805 3652 WpdUsb - ok
18:49:19.0914 3652 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:49:19.0961 3652 WPFFontCache_v0400 - ok
18:49:19.0992 3652 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:49:20.0055 3652 ws2ifsl - ok
18:49:20.0102 3652 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\system32\wscsvc.dll
18:49:20.0117 3652 wscsvc - ok
18:49:20.0133 3652 WSearch - ok
18:49:20.0273 3652 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
18:49:20.0351 3652 wuauserv - ok
18:49:20.0414 3652 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:49:20.0492 3652 WUDFRd - ok
18:49:20.0523 3652 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:49:20.0570 3652 wudfsvc - ok
18:49:20.0648 3652 [ 3541E083BE976294DA5E644DB122A9A7 ] yksvc C:\Windows\System32\ykx32mpcoinst.dll
18:49:20.0710 3652 yksvc - ok
18:49:20.0741 3652 [ 6D16A5C05D4FA06FADE1D97580986803 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
18:49:20.0788 3652 yukonwlh - ok
18:49:20.0835 3652 ================ Scan global ===============================
18:49:20.0850 3652 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:49:20.0944 3652 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
18:49:20.0960 3652 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
18:49:21.0038 3652 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
18:49:21.0038 3652 [Global] - ok
18:49:21.0038 3652 ================ Scan MBR ==================================
18:49:21.0084 3652 [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
18:49:21.0615 3652 \Device\Harddisk0\DR0 - ok
18:49:21.0615 3652 ================ Scan VBR ==================================
18:49:21.0646 3652 [ 68E65693FFCFD3E8AE526CCD5ABF1588 ] \Device\Harddisk0\DR0\Partition1
18:49:21.0662 3652 \Device\Harddisk0\DR0\Partition1 - ok
18:49:21.0677 3652 [ 7AE8CEAA12279B97B197CB3391D905BC ] \Device\Harddisk0\DR0\Partition2
18:49:21.0677 3652 \Device\Harddisk0\DR0\Partition2 - ok
18:49:21.0677 3652 ============================================================
18:49:21.0677 3652 Scan finished
18:49:21.0677 3652 ============================================================
18:49:21.0693 4064 Detected object count: 3
18:49:21.0693 4064 Actual detected object count: 3
18:49:56.0060 4064 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:56.0060 4064 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:56.0060 4064 Rezip ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:56.0060 4064 Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:56.0060 4064 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:56.0060 4064 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:50:23.0192 0364 Deinitialize success
|
|
20.01.2013, 19:00
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Verschlüsselungs-Trojaner Die Dinger sind ok adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2013, 14:00
| #14 |
| | GUV Verschlüsselungs-Trojaner Hallo, hier die adwcleaner.txt Code:
ATTFilter # AdwCleaner v2.106 - Datei am 21/01/2013 um 13:53:51 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : Scherer - SCHERER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Scherer\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6001.18639
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Scherer\AppData\Roaming\Mozilla\Firefox\Profiles\inqqxxmk.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R2].txt - [22568 octets] - [27/12/2012 00:14:31]
AdwCleaner[R3].txt - [1063 octets] - [27/12/2012 00:18:30]
AdwCleaner[R4].txt - [861 octets] - [21/01/2013 13:53:51]
AdwCleaner[S1].txt - [22429 octets] - [27/12/2012 00:15:12]
########## EOF - C:\AdwCleaner[R4].txt - [981 octets] ##########
|
|
21.01.2013, 14:06
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Verschlüsselungs-Trojaner Sieht ok aus. Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GUV Verschlüsselungs-Trojaner |
| .exe, abgesicherte, abgesicherten, abgesicherten modus, ausgeführt, desktop, erscheine, erscheinen, erstell, erstellt, experte, fenster, gespeichert, hallo zusammen, hochfahren, hoffe, modus, nachricht, nichts, otl.txt, otlpe, otlpenet.exe, troja, trojaner, zusammen |
Linear-Darstellung
