| |
| |||||||
Log-Analyse und Auswertung: Virus beseitigungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.05.2013, 17:10
| #1 |
| |  Virus beseitigung Guten Tag, Ich habe gestern Abend eine Meldung von der Windows-Firewall erhalten dass ein Programm im Temp-Verzeichniss zugriff auf das Netzwerk haben möchte. Das hat mich stutzig gemacht vorallem weil das Programm den Namen winhglf.exe trug. Ich hatte den Verdacht das ich mir etwas eingefangen habe also habe ich mit der offensichtlichsten Möglichkeit angefungen und mir einmal die versteckten Dateien anzeigen lassen. Ich habe auf allen meinen Festplatten eine *.exe Datei gefunden mit zugehöriger Verdächtiger Autorun.inf. Als ich dann heute den Rechner anstellte wollte aufeinmal OpenOffice ins Netzwerk. das habe ich natürlich nicht zugelassen und habe OpenOffice beendet. Danach wollten alle meine Programme der Reihe nach Internet Zugriff(Ich habe jedesmal verneint und das Programm geschlossen). Ich vermute der Virus hat sich jedesmal ein anderes Programm zum reinklinken gesucht. Wie aus den Logs auch hervorgeht habe ich es versäumt einen Virenscanner zu installieren. Die Frage ist jetzt: Wie bereinige ich mein System? und welchen Virenscanner soll ich danach installieren? |
|
04.05.2013, 23:03
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus beseitigung Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.05.2013, 14:02
| #3 |
| | Malwarebytes Logs Hier ist erstmal der log von Malwarebytes:
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.05.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 05.05.2013 13:03:06 MBAM-log-2013-05-05 (14-55-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1383369 Laufzeit: 57 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 18 C:\$Recycle.Bin\S-1-5-21-2024084861-1788145079-704121185-1000\$RNB5F3K.7z (Malware.Packer.Gen) -> Keine Aktion durchgeführt. D:\beabf.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt. D:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$R1ENBIF.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt. D:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$R3XFUYT.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt. D:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RGV2M1H.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt. E:\offt.pif (Malware.Packer.Gen) -> Keine Aktion durchgeführt. E:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RS1XNNN.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt. E:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RT649K3.pif (Malware.Packer.Gen) -> Keine Aktion durchgeführt. E:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RZI8C42.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt. E:\ProgramData\Skype\Plugins\Local Cache\86B67BC476C5410CA9C1F0FE1D97BEB2_more.jpg (Extension.Mismatch) -> Keine Aktion durchgeführt. F:\giyfg.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt. F:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$R5T611S.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt. F:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RDF9MMT.pif (Malware.Packer.Gen) -> Keine Aktion durchgeführt. F:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RDS9VLY.pif (Malware.Packer.Gen) -> Keine Aktion durchgeführt. F:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RI3L8NB.pif (Malware.Packer.Gen) -> Keine Aktion durchgeführt. F:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RKHFYO6.pif (Malware.Packer.Gen) -> Keine Aktion durchgeführt. F:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RKVDX20.pif (Malware.Packer.Gen) -> Keine Aktion durchgeführt. F:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RM0OL8T.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt. (Ende) |
|
06.05.2013, 09:23
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus beseitigung Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.05.2013, 19:30
| #5 |
| | Virus beseitigung mbar.exe - system-log Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_37
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 8569864192, free: 3607683072
------------ Kernel report ------------
05/06/2013 19:39:32
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\hcw88aud.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\hcw88vid.sys
\SystemRoot\system32\drivers\STREAM.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\hcw88tse.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\HCW88BAR.sys
\SystemRoot\system32\drivers\hcw88bda.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8007533060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
Lower Device Object: 0xfffffa8007322060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8007532060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-4\
Lower Device Object: 0xfffffa800732e4e0
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007531060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-5\
Lower Device Object: 0xfffffa800733b680
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007530060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa8007308060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.05.06.07
Downloaded database version: v2013.05.01.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007530060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007530b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007530060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007308060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a008e6ec00, 0xfffffa8007530060, 0xfffffa8007038790
Lower DeviceData: 0xfffff8a009c40d10, 0xfffffa8007308060, 0xfffffa800a22d3d0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 659AA457
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 234231808
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 120034123776 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-234421648-234441648)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007531060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007531b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007531060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800733b680, DeviceName: \Device\Ide\IdeDeviceP5T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00c9fb9d0, 0xfffffa8007531060, 0xfffffa800718a790
Lower DeviceData: 0xfffff8a002f8e5b0, 0xfffffa800733b680, 0xfffffa800c1da090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1EC31EC2
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 312576000
Partition file system is NTFS
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 160041885696 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8007532060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007532b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007532060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800732e4e0, DeviceName: \Device\Ide\IdeDeviceP4T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a009c5eb10, 0xfffffa8007532060, 0xfffffa800720a090
Lower DeviceData: 0xfffff8a009c5e980, 0xfffffa800732e4e0, 0xfffffa8006f0b750
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C0204B8A
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3907024896
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa8007533060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007533b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007533060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006d27e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007322060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00a02d8e0, 0xfffffa8007533060, 0xfffffa80086fb290
Lower DeviceData: 0xfffff8a009650200, 0xfffffa8007322060, 0xfffffa800bf7d8c0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4F2AEE19
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3907024896
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Infected: c:\Users\***\AppData\Local\Temp\winxeyj.exe --> [Trojan.Downloader]
Infected: c:\Users\***\AppData\Local\Temp\winxeyj.exe --> [Trojan.Downloader]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_37
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 8569864192, free: 7670947840
Removal queue found; removal started
Removing c:\Users\***\AppData\Local\Temp\winxeyj.exe...
Removal finished
=======================================
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.06.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [administrator]
06.05.2013 19:44:47
mbar-log-2013-05-06 (19-44-47).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30282
Time elapsed: 3 minute(s), 9 second(s)
Memory Processes Detected: 1
c:\Users\***\AppData\Local\Temp\winxeyj.exe (Trojan.Downloader) -> 2644 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Users\***\AppData\Local\Temp\winxeyj.exe (Trojan.Downloader) -> Delete on reboot.
(end)
Code:
ATTFilter 20:10:54.0225 4792 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:10:54.0762 4792 ============================================================
20:10:54.0762 4792 Current date / time: 2013/05/06 20:10:54.0762
20:10:54.0762 4792 SystemInfo:
20:10:54.0762 4792
20:10:54.0762 4792 OS Version: 6.1.7601 ServicePack: 1.0
20:10:54.0762 4792 Product type: Workstation
20:10:54.0762 4792 ComputerName: ***-PC
20:10:54.0763 4792 UserName: ***
20:10:54.0763 4792 Windows directory: C:\Windows
20:10:54.0763 4792 System windows directory: C:\Windows
20:10:54.0763 4792 Running under WOW64
20:10:54.0763 4792 Processor architecture: Intel x64
20:10:54.0763 4792 Number of processors: 4
20:10:54.0763 4792 Page size: 0x1000
20:10:54.0763 4792 Boot type: Normal boot
20:10:54.0763 4792 ============================================================
20:10:54.0910 4792 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:10:54.0926 4792 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:10:54.0935 4792 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:10:54.0967 4792 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:10:54.0970 4792 ============================================================
20:10:54.0970 4792 \Device\Harddisk0\DR0:
20:10:54.0971 4792 MBR partitions:
20:10:54.0971 4792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:10:54.0971 4792 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
20:10:54.0971 4792 \Device\Harddisk3\DR3:
20:10:54.0971 4792 MBR partitions:
20:10:54.0971 4792 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
20:10:54.0971 4792 \Device\Harddisk2\DR2:
20:10:54.0971 4792 MBR partitions:
20:10:54.0971 4792 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
20:10:54.0971 4792 \Device\Harddisk1\DR1:
20:10:54.0971 4792 MBR partitions:
20:10:54.0971 4792 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
20:10:54.0971 4792 ============================================================
20:10:54.0972 4792 C: <-> \Device\Harddisk0\DR0\Partition2
20:10:54.0999 4792 D: <-> \Device\Harddisk1\DR1\Partition1
20:10:55.0021 4792 E: <-> \Device\Harddisk3\DR3\Partition1
20:10:55.0038 4792 F: <-> \Device\Harddisk2\DR2\Partition1
20:10:55.0038 4792 ============================================================
20:10:55.0038 4792 Initialize success
20:10:55.0038 4792 ============================================================
20:11:18.0434 4028 ============================================================
20:11:18.0434 4028 Scan started
20:11:18.0434 4028 Mode: Manual; SigCheck; TDLFS;
20:11:18.0434 4028 ============================================================
20:11:18.0649 4028 ================ Scan system memory ========================
20:11:18.0649 4028 System memory - ok
20:11:18.0649 4028 ================ Scan services =============================
20:11:18.0689 4028 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:11:18.0728 4028 1394ohci - ok
20:11:18.0733 4028 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:11:18.0743 4028 ACPI - ok
20:11:18.0746 4028 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:11:18.0760 4028 AcpiPmi - ok
20:11:18.0764 4028 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:11:18.0770 4028 AdobeARMservice - ok
20:11:18.0795 4028 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:11:18.0804 4028 AdobeFlashPlayerUpdateSvc - ok
20:11:18.0810 4028 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:11:18.0821 4028 adp94xx - ok
20:11:18.0826 4028 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:11:18.0836 4028 adpahci - ok
20:11:18.0839 4028 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:11:18.0846 4028 adpu320 - ok
20:11:18.0850 4028 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:11:18.0893 4028 AeLookupSvc - ok
20:11:18.0899 4028 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:11:18.0912 4028 AFD - ok
20:11:18.0921 4028 [ B20C64A91C08A992B1C70B290477A2B0 ] Agile1Password C:\Program Files (x86)\1Password\Agile1pService.exe
20:11:18.0933 4028 Agile1Password - ok
20:11:18.0936 4028 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:11:18.0942 4028 agp440 - ok
20:11:18.0945 4028 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:11:18.0955 4028 ALG - ok
20:11:18.0957 4028 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:11:18.0962 4028 aliide - ok
20:11:18.0965 4028 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:11:18.0970 4028 amdide - ok
20:11:18.0972 4028 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:11:18.0980 4028 AmdK8 - ok
20:11:18.0982 4028 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:11:18.0990 4028 AmdPPM - ok
20:11:18.0993 4028 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:11:18.0999 4028 amdsata - ok
20:11:19.0002 4028 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:11:19.0010 4028 amdsbs - ok
20:11:19.0013 4028 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:11:19.0018 4028 amdxata - ok
20:11:19.0020 4028 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:11:19.0065 4028 AppID - ok
20:11:19.0068 4028 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:11:19.0089 4028 AppIDSvc - ok
20:11:19.0091 4028 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:11:19.0112 4028 Appinfo - ok
20:11:19.0116 4028 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:11:19.0121 4028 Apple Mobile Device - ok
20:11:19.0124 4028 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
20:11:19.0130 4028 arc - ok
20:11:19.0132 4028 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:11:19.0139 4028 arcsas - ok
20:11:19.0150 4028 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:11:19.0158 4028 aspnet_state - ok
20:11:19.0160 4028 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:11:19.0180 4028 AsyncMac - ok
20:11:19.0183 4028 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:11:19.0188 4028 atapi - ok
20:11:19.0196 4028 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:11:19.0222 4028 AudioEndpointBuilder - ok
20:11:19.0229 4028 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:11:19.0253 4028 AudioSrv - ok
20:11:19.0256 4028 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:11:19.0267 4028 AxInstSV - ok
20:11:19.0273 4028 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:11:19.0284 4028 b06bdrv - ok
20:11:19.0289 4028 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:11:19.0298 4028 b57nd60a - ok
20:11:19.0302 4028 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:11:19.0310 4028 BDESVC - ok
20:11:19.0312 4028 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:11:19.0333 4028 Beep - ok
20:11:19.0340 4028 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:11:19.0367 4028 BFE - ok
20:11:19.0375 4028 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:11:19.0405 4028 BITS - ok
20:11:19.0407 4028 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:11:19.0414 4028 blbdrive - ok
20:11:19.0420 4028 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:11:19.0430 4028 Bonjour Service - ok
20:11:19.0433 4028 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:11:19.0440 4028 bowser - ok
20:11:19.0442 4028 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:11:19.0451 4028 BrFiltLo - ok
20:11:19.0453 4028 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:11:19.0461 4028 BrFiltUp - ok
20:11:19.0464 4028 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:11:19.0472 4028 Browser - ok
20:11:19.0476 4028 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:11:19.0487 4028 Brserid - ok
20:11:19.0489 4028 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:11:19.0498 4028 BrSerWdm - ok
20:11:19.0500 4028 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:11:19.0508 4028 BrUsbMdm - ok
20:11:19.0510 4028 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:11:19.0517 4028 BrUsbSer - ok
20:11:19.0519 4028 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:11:19.0528 4028 BTHMODEM - ok
20:11:19.0532 4028 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:11:19.0553 4028 bthserv - ok
20:11:19.0556 4028 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:11:19.0577 4028 cdfs - ok
20:11:19.0580 4028 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:11:19.0588 4028 cdrom - ok
20:11:19.0591 4028 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:11:19.0612 4028 CertPropSvc - ok
20:11:19.0614 4028 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
20:11:19.0623 4028 circlass - ok
20:11:19.0628 4028 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:11:19.0638 4028 CLFS - ok
20:11:19.0642 4028 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:11:19.0648 4028 clr_optimization_v2.0.50727_32 - ok
20:11:19.0653 4028 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:11:19.0659 4028 clr_optimization_v2.0.50727_64 - ok
20:11:19.0668 4028 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:11:19.0678 4028 clr_optimization_v4.0.30319_32 - ok
20:11:19.0681 4028 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:11:19.0688 4028 clr_optimization_v4.0.30319_64 - ok
20:11:19.0691 4028 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
20:11:19.0697 4028 CmBatt - ok
20:11:19.0700 4028 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:11:19.0705 4028 cmdide - ok
20:11:19.0711 4028 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:11:19.0726 4028 CNG - ok
20:11:19.0729 4028 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:11:19.0734 4028 Compbatt - ok
20:11:19.0736 4028 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:11:19.0745 4028 CompositeBus - ok
20:11:19.0747 4028 COMSysApp - ok
20:11:19.0749 4028 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:11:19.0756 4028 crcdisk - ok
20:11:19.0760 4028 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:11:19.0768 4028 CryptSvc - ok
20:11:19.0775 4028 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:11:19.0800 4028 DcomLaunch - ok
20:11:19.0805 4028 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:11:19.0829 4028 defragsvc - ok
20:11:19.0832 4028 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:11:19.0853 4028 DfsC - ok
20:11:19.0857 4028 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:11:19.0881 4028 Dhcp - ok
20:11:19.0883 4028 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:11:19.0904 4028 discache - ok
20:11:19.0907 4028 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
20:11:19.0913 4028 Disk - ok
20:11:19.0916 4028 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:11:19.0926 4028 Dnscache - ok
20:11:19.0930 4028 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:11:19.0952 4028 dot3svc - ok
20:11:19.0955 4028 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:11:19.0977 4028 DPS - ok
20:11:19.0979 4028 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:11:19.0987 4028 drmkaud - ok
20:11:19.0997 4028 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:11:20.0012 4028 DXGKrnl - ok
20:11:20.0015 4028 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:11:20.0037 4028 EapHost - ok
20:11:20.0063 4028 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:11:20.0099 4028 ebdrv - ok
20:11:20.0102 4028 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:11:20.0110 4028 EFS - ok
20:11:20.0118 4028 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:11:20.0133 4028 ehRecvr - ok
20:11:20.0136 4028 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:11:20.0145 4028 ehSched - ok
20:11:20.0151 4028 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:11:20.0162 4028 elxstor - ok
20:11:20.0164 4028 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:11:20.0171 4028 ErrDev - ok
20:11:20.0178 4028 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:11:20.0202 4028 EventSystem - ok
20:11:20.0206 4028 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:11:20.0228 4028 exfat - ok
20:11:20.0232 4028 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:11:20.0255 4028 fastfat - ok
20:11:20.0262 4028 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:11:20.0276 4028 Fax - ok
20:11:20.0278 4028 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
20:11:20.0285 4028 fdc - ok
20:11:20.0287 4028 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:11:20.0307 4028 fdPHost - ok
20:11:20.0310 4028 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:11:20.0331 4028 FDResPub - ok
20:11:20.0333 4028 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:11:20.0339 4028 FileInfo - ok
20:11:20.0341 4028 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:11:20.0362 4028 Filetrace - ok
20:11:20.0364 4028 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:11:20.0371 4028 flpydisk - ok
20:11:20.0375 4028 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:11:20.0383 4028 FltMgr - ok
20:11:20.0394 4028 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
20:11:20.0426 4028 FontCache - ok
20:11:20.0429 4028 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:11:20.0434 4028 FontCache3.0.0.0 - ok
20:11:20.0436 4028 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:11:20.0442 4028 FsDepends - ok
20:11:20.0444 4028 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:11:20.0449 4028 Fs_Rec - ok
20:11:20.0453 4028 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:11:20.0462 4028 fvevol - ok
20:11:20.0465 4028 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:11:20.0471 4028 gagp30kx - ok
20:11:20.0473 4028 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:11:20.0477 4028 GEARAspiWDM - ok
20:11:20.0485 4028 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:11:20.0512 4028 gpsvc - ok
20:11:20.0516 4028 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:20.0521 4028 gupdate - ok
20:11:20.0524 4028 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:20.0528 4028 gupdatem - ok
20:11:20.0530 4028 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:11:20.0537 4028 hcw85cir - ok
20:11:20.0540 4028 [ 7760B09A8CD0045B926157C1939DCABD ] HCW88AUD C:\Windows\system32\drivers\hcw88aud.sys
20:11:20.0547 4028 HCW88AUD - ok
20:11:20.0550 4028 [ 179D17EFDBCBCFDE082C8D7ABB120A18 ] hcw88bda C:\Windows\system32\drivers\hcw88bda.sys
20:11:20.0559 4028 hcw88bda - ok
20:11:20.0564 4028 [ 97436988B521CB9CEF87D8F1197AD497 ] HCW88TSE C:\Windows\system32\drivers\hcw88tse.sys
20:11:20.0573 4028 HCW88TSE - ok
20:11:20.0578 4028 [ 3DA6F77699C258A59FC1CE6A288976EA ] hcw88vid C:\Windows\system32\drivers\hcw88vid.sys
20:11:20.0589 4028 hcw88vid - ok
20:11:20.0591 4028 [ AEE8CD58999455A3B8CECFE086FAD8A6 ] HCW88XBAR C:\Windows\system32\drivers\HCW88BAR.sys
20:11:20.0597 4028 HCW88XBAR - ok
20:11:20.0602 4028 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:11:20.0613 4028 HdAudAddService - ok
20:11:20.0616 4028 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:11:20.0625 4028 HDAudBus - ok
20:11:20.0628 4028 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:11:20.0634 4028 HidBatt - ok
20:11:20.0637 4028 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:11:20.0646 4028 HidBth - ok
20:11:20.0649 4028 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:11:20.0657 4028 HidIr - ok
20:11:20.0660 4028 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:11:20.0681 4028 hidserv - ok
20:11:20.0683 4028 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:11:20.0690 4028 HidUsb - ok
20:11:20.0692 4028 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:11:20.0714 4028 hkmsvc - ok
20:11:20.0718 4028 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:11:20.0727 4028 HomeGroupListener - ok
20:11:20.0731 4028 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:11:20.0740 4028 HomeGroupProvider - ok
20:11:20.0743 4028 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:11:20.0749 4028 HpSAMD - ok
20:11:20.0757 4028 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:11:20.0784 4028 HTTP - ok
20:11:20.0786 4028 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:11:20.0791 4028 hwpolicy - ok
20:11:20.0794 4028 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:11:20.0801 4028 i8042prt - ok
20:11:20.0806 4028 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:11:20.0816 4028 iaStorV - ok
20:11:20.0825 4028 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:11:20.0840 4028 idsvc - ok
20:11:20.0842 4028 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:11:20.0848 4028 iirsp - ok
20:11:20.0857 4028 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:11:20.0884 4028 IKEEXT - ok
20:11:20.0887 4028 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:11:20.0893 4028 intelide - ok
20:11:20.0895 4028 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:11:20.0902 4028 intelppm - ok
20:11:20.0905 4028 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:11:20.0926 4028 IPBusEnum - ok
20:11:20.0929 4028 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:11:20.0950 4028 IpFilterDriver - ok
20:11:20.0956 4028 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:11:20.0981 4028 iphlpsvc - ok
20:11:20.0984 4028 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:11:20.0991 4028 IPMIDRV - ok
20:11:20.0994 4028 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:11:21.0016 4028 IPNAT - ok
20:11:21.0025 4028 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:11:21.0040 4028 iPod Service - ok
20:11:21.0042 4028 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:11:21.0052 4028 IRENUM - ok
20:11:21.0054 4028 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:11:21.0059 4028 isapnp - ok
20:11:21.0064 4028 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:11:21.0072 4028 iScsiPrt - ok
20:11:21.0075 4028 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:11:21.0080 4028 kbdclass - ok
20:11:21.0082 4028 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:11:21.0089 4028 kbdhid - ok
20:11:21.0091 4028 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:11:21.0097 4028 KeyIso - ok
20:11:21.0100 4028 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:11:21.0106 4028 KSecDD - ok
20:11:21.0109 4028 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:11:21.0116 4028 KSecPkg - ok
20:11:21.0118 4028 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:11:21.0139 4028 ksthunk - ok
20:11:21.0144 4028 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:11:21.0168 4028 KtmRm - ok
20:11:21.0172 4028 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:11:21.0195 4028 LanmanServer - ok
20:11:21.0198 4028 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:11:21.0220 4028 LanmanWorkstation - ok
20:11:21.0223 4028 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:11:21.0244 4028 lltdio - ok
20:11:21.0249 4028 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:11:21.0272 4028 lltdsvc - ok
20:11:21.0275 4028 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:11:21.0296 4028 lmhosts - ok
20:11:21.0299 4028 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:11:21.0306 4028 LSI_FC - ok
20:11:21.0309 4028 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:11:21.0315 4028 LSI_SAS - ok
20:11:21.0317 4028 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:11:21.0324 4028 LSI_SAS2 - ok
20:11:21.0326 4028 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:11:21.0333 4028 LSI_SCSI - ok
20:11:21.0336 4028 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:11:21.0358 4028 luafv - ok
20:11:21.0361 4028 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:11:21.0368 4028 Mcx2Svc - ok
20:11:21.0371 4028 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:11:21.0376 4028 megasas - ok
20:11:21.0381 4028 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:11:21.0390 4028 MegaSR - ok
20:11:21.0392 4028 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:11:21.0413 4028 MMCSS - ok
20:11:21.0416 4028 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:11:21.0437 4028 Modem - ok
20:11:21.0439 4028 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:11:21.0448 4028 monitor - ok
20:11:21.0450 4028 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:11:21.0455 4028 mouclass - ok
20:11:21.0457 4028 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:11:21.0464 4028 mouhid - ok
20:11:21.0467 4028 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:11:21.0473 4028 mountmgr - ok
20:11:21.0476 4028 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:11:21.0482 4028 MozillaMaintenance - ok
20:11:21.0486 4028 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:11:21.0493 4028 mpio - ok
20:11:21.0496 4028 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:11:21.0516 4028 mpsdrv - ok
20:11:21.0525 4028 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:11:21.0552 4028 MpsSvc - ok
20:11:21.0556 4028 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:11:21.0567 4028 MRxDAV - ok
20:11:21.0571 4028 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:11:21.0579 4028 mrxsmb - ok
20:11:21.0583 4028 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:11:21.0592 4028 mrxsmb10 - ok
20:11:21.0595 4028 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:11:21.0602 4028 mrxsmb20 - ok
20:11:21.0604 4028 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:11:21.0610 4028 msahci - ok
20:11:21.0613 4028 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:11:21.0619 4028 msdsm - ok
20:11:21.0622 4028 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:11:21.0631 4028 MSDTC - ok
20:11:21.0635 4028 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:11:21.0655 4028 Msfs - ok
20:11:21.0657 4028 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:11:21.0678 4028 mshidkmdf - ok
20:11:21.0680 4028 MSICDSetup - ok
20:11:21.0682 4028 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:11:21.0688 4028 msisadrv - ok
20:11:21.0691 4028 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:11:21.0713 4028 MSiSCSI - ok
20:11:21.0715 4028 msiserver - ok
20:11:21.0717 4028 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:11:21.0738 4028 MSKSSRV - ok
20:11:21.0740 4028 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:11:21.0761 4028 MSPCLOCK - ok
20:11:21.0763 4028 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:11:21.0783 4028 MSPQM - ok
20:11:21.0788 4028 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:11:21.0798 4028 MsRPC - ok
20:11:21.0801 4028 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:11:21.0807 4028 mssmbios - ok
20:11:21.0809 4028 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:11:21.0831 4028 MSTEE - ok
20:11:21.0833 4028 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:11:21.0839 4028 MTConfig - ok
20:11:21.0842 4028 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:11:21.0847 4028 Mup - ok
20:11:21.0853 4028 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:11:21.0878 4028 napagent - ok
20:11:21.0883 4028 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:11:21.0895 4028 NativeWifiP - ok
20:11:21.0905 4028 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:11:21.0922 4028 NDIS - ok
20:11:21.0924 4028 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:11:21.0945 4028 NdisCap - ok
20:11:21.0947 4028 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:11:21.0967 4028 NdisTapi - ok
20:11:21.0970 4028 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:11:21.0991 4028 Ndisuio - ok
20:11:21.0994 4028 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:11:22.0016 4028 NdisWan - ok
20:11:22.0018 4028 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:11:22.0038 4028 NDProxy - ok
20:11:22.0041 4028 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:11:22.0062 4028 NetBIOS - ok
20:11:22.0066 4028 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:11:22.0088 4028 NetBT - ok
20:11:22.0090 4028 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:11:22.0096 4028 Netlogon - ok
20:11:22.0101 4028 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:11:22.0126 4028 Netman - ok
20:11:22.0129 4028 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:22.0136 4028 NetMsmqActivator - ok
20:11:22.0138 4028 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:22.0144 4028 NetPipeActivator - ok
20:11:22.0149 4028 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:11:22.0175 4028 netprofm - ok
20:11:22.0178 4028 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:22.0183 4028 NetTcpActivator - ok
20:11:22.0185 4028 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:22.0191 4028 NetTcpPortSharing - ok
20:11:22.0193 4028 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:11:22.0199 4028 nfrd960 - ok
20:11:22.0203 4028 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:11:22.0227 4028 NlaSvc - ok
20:11:22.0230 4028 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
20:11:22.0236 4028 NPF - ok
20:11:22.0239 4028 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:11:22.0260 4028 Npfs - ok
20:11:22.0262 4028 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:11:22.0283 4028 nsi - ok
20:11:22.0285 4028 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:11:22.0306 4028 nsiproxy - ok
20:11:22.0322 4028 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:11:22.0348 4028 Ntfs - ok
20:11:22.0351 4028 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:11:22.0371 4028 Null - ok
20:11:22.0375 4028 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
20:11:22.0381 4028 NVHDA - ok
20:11:22.0501 4028 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:11:22.0607 4028 nvlddmkm - ok
20:11:22.0613 4028 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:11:22.0620 4028 nvraid - ok
20:11:22.0623 4028 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:11:22.0630 4028 nvstor - ok
20:11:22.0639 4028 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:11:22.0654 4028 nvsvc - ok
20:11:22.0666 4028 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:11:22.0685 4028 nvUpdatusService - ok
20:11:22.0688 4028 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:11:22.0695 4028 nv_agp - ok
20:11:22.0697 4028 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:11:22.0705 4028 ohci1394 - ok
20:11:22.0709 4028 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:11:22.0720 4028 p2pimsvc - ok
20:11:22.0725 4028 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:11:22.0736 4028 p2psvc - ok
20:11:22.0739 4028 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:11:22.0747 4028 Parport - ok
20:11:22.0749 4028 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:11:22.0755 4028 partmgr - ok
20:11:22.0759 4028 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:11:22.0771 4028 PcaSvc - ok
20:11:22.0774 4028 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:11:22.0782 4028 pci - ok
20:11:22.0784 4028 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:11:22.0789 4028 pciide - ok
20:11:22.0793 4028 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:11:22.0801 4028 pcmcia - ok
20:11:22.0803 4028 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:11:22.0809 4028 pcw - ok
20:11:22.0815 4028 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:11:22.0843 4028 PEAUTH - ok
20:11:22.0866 4028 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:11:22.0873 4028 PerfHost - ok
20:11:22.0888 4028 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:11:22.0922 4028 pla - ok
20:11:22.0928 4028 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:11:22.0940 4028 PlugPlay - ok
20:11:22.0942 4028 PnkBstrA - ok
20:11:22.0945 4028 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:11:22.0951 4028 PNRPAutoReg - ok
20:11:22.0955 4028 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:11:22.0963 4028 PNRPsvc - ok
20:11:22.0970 4028 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:11:22.0994 4028 PolicyAgent - ok
20:11:22.0999 4028 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:11:23.0021 4028 Power - ok
20:11:23.0024 4028 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:11:23.0045 4028 PptpMiniport - ok
20:11:23.0048 4028 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
20:11:23.0055 4028 Processor - ok
20:11:23.0058 4028 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
20:11:23.0081 4028 ProfSvc - ok
20:11:23.0083 4028 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:11:23.0089 4028 ProtectedStorage - ok
20:11:23.0092 4028 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:11:23.0113 4028 Psched - ok
20:11:23.0127 4028 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:11:23.0150 4028 ql2300 - ok
20:11:23.0153 4028 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:11:23.0161 4028 ql40xx - ok
20:11:23.0165 4028 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:11:23.0177 4028 QWAVE - ok
20:11:23.0179 4028 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:11:23.0190 4028 QWAVEdrv - ok
20:11:23.0192 4028 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:11:23.0213 4028 RasAcd - ok
20:11:23.0216 4028 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:11:23.0236 4028 RasAgileVpn - ok
20:11:23.0239 4028 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:11:23.0262 4028 RasAuto - ok
20:11:23.0265 4028 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:11:23.0285 4028 Rasl2tp - ok
20:11:23.0290 4028 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:11:23.0313 4028 RasMan - ok
20:11:23.0316 4028 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:11:23.0337 4028 RasPppoe - ok
20:11:23.0340 4028 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:11:23.0362 4028 RasSstp - ok
20:11:23.0367 4028 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:11:23.0390 4028 rdbss - ok
20:11:23.0392 4028 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
20:11:23.0400 4028 rdpbus - ok
20:11:23.0402 4028 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:11:23.0423 4028 RDPCDD - ok
20:11:23.0426 4028 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:11:23.0446 4028 RDPENCDD - ok
20:11:23.0449 4028 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:11:23.0469 4028 RDPREFMP - ok
20:11:23.0473 4028 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:11:23.0481 4028 RDPWD - ok
20:11:23.0485 4028 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:11:23.0493 4028 rdyboost - ok
20:11:23.0496 4028 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:11:23.0520 4028 RemoteAccess - ok
20:11:23.0523 4028 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:11:23.0546 4028 RemoteRegistry - ok
20:11:23.0550 4028 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
20:11:23.0556 4028 rpcapd - ok
20:11:23.0558 4028 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:11:23.0579 4028 RpcEptMapper - ok
20:11:23.0582 4028 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:11:23.0589 4028 RpcLocator - ok
20:11:23.0595 4028 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:11:23.0618 4028 RpcSs - ok
20:11:23.0621 4028 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:11:23.0642 4028 rspndr - ok
20:11:23.0648 4028 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:11:23.0657 4028 RTL8167 - ok
20:11:23.0660 4028 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:11:23.0666 4028 SamSs - ok
20:11:23.0669 4028 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:11:23.0675 4028 sbp2port - ok
20:11:23.0679 4028 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:11:23.0702 4028 SCardSvr - ok
20:11:23.0704 4028 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:11:23.0725 4028 scfilter - ok
20:11:23.0735 4028 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:11:23.0767 4028 Schedule - ok
20:11:23.0770 4028 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:11:23.0790 4028 SCPolicySvc - ok
20:11:23.0794 4028 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:11:23.0803 4028 SDRSVC - ok
20:11:23.0805 4028 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:11:23.0826 4028 secdrv - ok
20:11:23.0828 4028 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:11:23.0849 4028 seclogon - ok
20:11:23.0852 4028 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:11:23.0874 4028 SENS - ok
20:11:23.0876 4028 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:11:23.0884 4028 SensrSvc - ok
20:11:23.0886 4028 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:11:23.0893 4028 Serenum - ok
20:11:23.0896 4028 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:11:23.0903 4028 Serial - ok
20:11:23.0906 4028 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:11:23.0913 4028 sermouse - ok
20:11:23.0919 4028 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:11:23.0941 4028 SessionEnv - ok
20:11:23.0943 4028 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:11:23.0952 4028 sffdisk - ok
20:11:23.0954 4028 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:11:23.0962 4028 sffp_mmc - ok
20:11:23.0964 4028 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:11:23.0972 4028 sffp_sd - ok
20:11:23.0975 4028 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:11:23.0982 4028 sfloppy - ok
20:11:23.0987 4028 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:11:24.0012 4028 SharedAccess - ok
20:11:24.0017 4028 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:11:24.0042 4028 ShellHWDetection - ok
20:11:24.0045 4028 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:11:24.0050 4028 SiSRaid2 - ok
20:11:24.0053 4028 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:11:24.0059 4028 SiSRaid4 - ok
20:11:24.0063 4028 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:11:24.0069 4028 SkypeUpdate - ok
20:11:24.0072 4028 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:11:24.0094 4028 Smb - ok
20:11:24.0099 4028 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:11:24.0106 4028 SNMPTRAP - ok
20:11:24.0108 4028 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:11:24.0114 4028 spldr - ok
20:11:24.0120 4028 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
20:11:24.0146 4028 Spooler - ok
20:11:24.0177 4028 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:11:24.0233 4028 sppsvc - ok
20:11:24.0236 4028 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:11:24.0258 4028 sppuinotify - ok
20:11:24.0264 4028 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:11:24.0275 4028 srv - ok
20:11:24.0281 4028 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:11:24.0291 4028 srv2 - ok
20:11:24.0295 4028 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:11:24.0303 4028 srvnet - ok
20:11:24.0306 4028 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:11:24.0329 4028 SSDPSRV - ok
20:11:24.0332 4028 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:11:24.0354 4028 SstpSvc - ok
20:11:24.0357 4028 Steam Client Service - ok
20:11:24.0362 4028 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:11:24.0371 4028 Stereo Service - ok
20:11:24.0374 4028 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:11:24.0379 4028 stexstor - ok
20:11:24.0386 4028 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:11:24.0402 4028 stisvc - ok
20:11:24.0404 4028 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:11:24.0410 4028 swenum - ok
20:11:24.0415 4028 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:11:24.0442 4028 swprv - ok
20:11:24.0458 4028 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:11:24.0484 4028 SysMain - ok
20:11:24.0487 4028 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:11:24.0498 4028 TabletInputService - ok
20:11:24.0503 4028 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:11:24.0527 4028 TapiSrv - ok
20:11:24.0529 4028 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:11:24.0550 4028 TBS - ok
20:11:24.0571 4028 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:11:24.0600 4028 Tcpip - ok
20:11:24.0619 4028 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:11:24.0641 4028 TCPIP6 - ok
20:11:24.0645 4028 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:11:24.0665 4028 tcpipreg - ok
20:11:24.0668 4028 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:11:24.0675 4028 TDPIPE - ok
20:11:24.0677 4028 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:11:24.0683 4028 TDTCP - ok
20:11:24.0686 4028 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:11:24.0706 4028 tdx - ok
20:11:24.0709 4028 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:11:24.0714 4028 TermDD - ok
20:11:24.0722 4028 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:11:24.0749 4028 TermService - ok
20:11:24.0753 4028 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:11:24.0763 4028 Themes - ok
20:11:24.0766 4028 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:11:24.0786 4028 THREADORDER - ok
20:11:24.0789 4028 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:11:24.0811 4028 TrkWks - ok
20:11:24.0815 4028 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:11:24.0836 4028 TrustedInstaller - ok
20:11:24.0839 4028 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:11:24.0859 4028 tssecsrv - ok
20:11:24.0862 4028 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:11:24.0869 4028 TsUsbFlt - ok
20:11:24.0871 4028 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:11:24.0877 4028 TsUsbGD - ok
20:11:24.0880 4028 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:11:24.0901 4028 tunnel - ok
20:11:24.0903 4028 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:11:24.0909 4028 uagp35 - ok
20:11:24.0914 4028 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:11:24.0937 4028 udfs - ok
20:11:24.0941 4028 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:11:24.0949 4028 UI0Detect - ok
20:11:24.0951 4028 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:11:24.0957 4028 uliagpkx - ok
20:11:24.0960 4028 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:11:24.0967 4028 umbus - ok
20:11:24.0969 4028 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:11:24.0976 4028 UmPass - ok
20:11:24.0981 4028 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:11:25.0006 4028 upnphost - ok
20:11:25.0009 4028 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:11:25.0016 4028 USBAAPL64 - ok
20:11:25.0019 4028 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:11:25.0028 4028 usbaudio - ok
20:11:25.0031 4028 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:11:25.0038 4028 usbccgp - ok
20:11:25.0041 4028 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:11:25.0050 4028 usbcir - ok
20:11:25.0052 4028 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:11:25.0059 4028 usbehci - ok
20:11:25.0064 4028 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:11:25.0074 4028 usbhub - ok
20:11:25.0076 4028 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:11:25.0083 4028 usbohci - ok
20:11:25.0085 4028 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:11:25.0094 4028 usbprint - ok
20:11:25.0096 4028 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:11:25.0104 4028 USBSTOR - ok
20:11:25.0106 4028 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:11:25.0114 4028 usbuhci - ok
20:11:25.0117 4028 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:11:25.0127 4028 usbvideo - ok
20:11:25.0130 4028 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:11:25.0152 4028 UxSms - ok
20:11:25.0154 4028 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:11:25.0161 4028 VaultSvc - ok
20:11:25.0163 4028 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:11:25.0168 4028 vdrvroot - ok
20:11:25.0175 4028 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:11:25.0201 4028 vds - ok
20:11:25.0203 4028 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:11:25.0211 4028 vga - ok
20:11:25.0213 4028 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:11:25.0234 4028 VgaSave - ok
20:11:25.0238 4028 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:11:25.0246 4028 vhdmp - ok
20:11:25.0248 4028 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:11:25.0254 4028 viaide - ok
20:11:25.0256 4028 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:11:25.0263 4028 volmgr - ok
20:11:25.0267 4028 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:11:25.0277 4028 volmgrx - ok
20:11:25.0281 4028 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:11:25.0290 4028 volsnap - ok
20:11:25.0293 4028 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:11:25.0301 4028 vsmraid - ok
20:11:25.0314 4028 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:11:25.0350 4028 VSS - ok
20:11:25.0352 4028 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:11:25.0361 4028 vwifibus - ok
20:11:25.0366 4028 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:11:25.0390 4028 W32Time - ok
20:11:25.0394 4028 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:11:25.0401 4028 WacomPen - ok
20:11:25.0403 4028 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:11:25.0424 4028 WANARP - ok
20:11:25.0426 4028 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:11:25.0446 4028 Wanarpv6 - ok
20:11:25.0460 4028 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:11:25.0482 4028 wbengine - ok
20:11:25.0485 4028 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:11:25.0497 4028 WbioSrvc - ok
20:11:25.0502 4028 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:11:25.0516 4028 wcncsvc - ok
20:11:25.0518 4028 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:11:25.0526 4028 WcsPlugInService - ok
20:11:25.0528 4028 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
20:11:25.0533 4028 Wd - ok
20:11:25.0540 4028 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:11:25.0553 4028 Wdf01000 - ok
20:11:25.0556 4028 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:11:25.0578 4028 WdiServiceHost - ok
20:11:25.0580 4028 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:11:25.0590 4028 WdiSystemHost - ok
20:11:25.0594 4028 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:11:25.0606 4028 WebClient - ok
20:11:25.0610 4028 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:11:25.0634 4028 Wecsvc - ok
20:11:25.0637 4028 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:11:25.0659 4028 wercplsupport - ok
20:11:25.0661 4028 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:11:25.0683 4028 WerSvc - ok
20:11:25.0685 4028 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:11:25.0705 4028 WfpLwf - ok
20:11:25.0708 4028 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:11:25.0713 4028 WIMMount - ok
20:11:25.0714 4028 WinDefend - ok
20:11:25.0718 4028 WinHttpAutoProxySvc - ok
20:11:25.0725 4028 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:11:25.0747 4028 Winmgmt - ok
20:11:25.0765 4028 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:11:25.0803 4028 WinRM - ok
20:11:25.0808 4028 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:11:25.0816 4028 WinUsb - ok
20:11:25.0825 4028 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:11:25.0844 4028 Wlansvc - ok
20:11:25.0846 4028 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:11:25.0852 4028 WmiAcpi - ok
20:11:25.0857 4028 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:11:25.0866 4028 wmiApSrv - ok
20:11:25.0867 4028 WMPNetworkSvc - ok
20:11:25.0870 4028 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:11:25.0877 4028 WPCSvc - ok
20:11:25.0880 4028 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:11:25.0888 4028 WPDBusEnum - ok
20:11:25.0891 4028 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:11:25.0911 4028 ws2ifsl - ok
20:11:25.0914 4028 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:11:25.0925 4028 wscsvc - ok
20:11:25.0927 4028 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
20:11:25.0935 4028 WSDPrintDevice - ok
20:11:25.0937 4028 WSearch - ok
20:11:25.0960 4028 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:11:25.0994 4028 wuauserv - ok
20:11:25.0997 4028 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:11:26.0018 4028 WudfPf - ok
20:11:26.0022 4028 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:11:26.0043 4028 WUDFRd - ok
20:11:26.0046 4028 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:11:26.0067 4028 wudfsvc - ok
20:11:26.0071 4028 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:11:26.0083 4028 WwanSvc - ok
20:11:26.0086 4028 ================ Scan global ===============================
20:11:26.0088 4028 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:11:26.0092 4028 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:11:26.0097 4028 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:11:26.0100 4028 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:11:26.0105 4028 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:11:26.0108 4028 [Global] - ok
20:11:26.0108 4028 ================ Scan MBR ==================================
20:11:26.0110 4028 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:11:26.0216 4028 \Device\Harddisk0\DR0 - ok
20:11:26.0218 4028 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
20:11:26.0264 4028 \Device\Harddisk3\DR3 - ok
20:11:26.0266 4028 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
20:11:26.0314 4028 \Device\Harddisk2\DR2 - ok
20:11:26.0320 4028 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:11:26.0448 4028 \Device\Harddisk1\DR1 - ok
20:11:26.0449 4028 ================ Scan VBR ==================================
20:11:26.0452 4028 [ C2B6D49819D82D967F2454EE37621107 ] \Device\Harddisk0\DR0\Partition1
20:11:26.0454 4028 \Device\Harddisk0\DR0\Partition1 - ok
20:11:26.0455 4028 [ 2EAA5D60427984F42D1965CAD5141068 ] \Device\Harddisk0\DR0\Partition2
20:11:26.0457 4028 \Device\Harddisk0\DR0\Partition2 - ok
20:11:26.0458 4028 [ 9513F74D205621C1F412A251DB6683B9 ] \Device\Harddisk3\DR3\Partition1
20:11:26.0460 4028 \Device\Harddisk3\DR3\Partition1 - ok
20:11:26.0462 4028 [ EFFF9AEB5F4F3B66AA62DD21637D7AB5 ] \Device\Harddisk2\DR2\Partition1
20:11:26.0463 4028 \Device\Harddisk2\DR2\Partition1 - ok
20:11:26.0465 4028 [ ED5FBE4FE0488AE80B4F6D932F825702 ] \Device\Harddisk1\DR1\Partition1
20:11:26.0466 4028 \Device\Harddisk1\DR1\Partition1 - ok
20:11:26.0467 4028 ============================================================
20:11:26.0467 4028 Scan finished
20:11:26.0467 4028 ============================================================
20:11:26.0473 4532 Detected object count: 0
20:11:26.0473 4532 Actual detected object count: 0
20:13:04.0846 3444 Deinitialize success
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-06 19:52:38
-----------------------------
19:52:38.564 OS Version: Windows x64 6.1.7601 Service Pack 1
19:52:38.564 Number of processors: 4 586 0x2A07
19:52:38.564 ComputerName: ***-PC UserName: ***
19:52:38.904 Initialize success
20:04:14.583 AVAST engine defs: 13050501
20:05:56.387 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:05:56.390 Disk 0 Vendor: MKNSSDCR120GB 502ABBF0 Size: 114473MB BusType: 11
20:05:56.392 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
20:05:56.395 Disk 1 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 11
20:05:56.398 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-4
20:05:56.400 Disk 2 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
20:05:56.404 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-3
20:05:56.407 Disk 3 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
20:05:56.415 Disk 0 MBR read successfully
20:05:56.420 Disk 0 MBR scan
20:05:56.423 Disk 0 Windows 7 default MBR code
20:05:56.425 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:05:56.428 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
20:05:56.436 Disk 0 scanning C:\Windows\system32\drivers
20:05:58.298 Service scanning
20:06:03.434 Modules scanning
20:06:03.441 Disk 0 trace - called modules:
20:06:03.448 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:06:03.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007530060]
20:06:03.458 3 CLASSPNP.SYS[fffff880018ca43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007309680]
20:06:03.730 AVAST engine scan C:\Windows
20:06:04.182 AVAST engine scan C:\Windows\system32
20:06:52.434 AVAST engine scan C:\Windows\system32\drivers
20:06:54.730 AVAST engine scan C:\Users\***
20:06:57.904 File: C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O59L5QVH\InstallMonetizer-PriceGong_v2[1].exe **INFECTED** Win32:SaliCode
20:06:58.084 File: C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBAYL85N\crush_vsti_5805[1].exe **INFECTED** Win32:SaliCode
20:07:05.325 File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrA.exe **INFECTED** Win32:SaliCode
20:07:05.349 File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrB.exe **INFECTED** Win32:SaliCode
20:07:05.439 File: C:\Users\***\AppData\Local\Temp\0038258A_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.491 File: C:\Users\***\AppData\Local\Temp\00385457_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:05.537 File: C:\Users\***\AppData\Local\Temp\0041120A_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:05.582 File: C:\Users\***\AppData\Local\Temp\00414FC5_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.627 File: C:\Users\***\AppData\Local\Temp\0044D02B_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.671 File: C:\Users\***\AppData\Local\Temp\0044FE8A_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.715 File: C:\Users\***\AppData\Local\Temp\00895E19_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.760 File: C:\Users\***\AppData\Local\Temp\00898651_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.830 File: C:\Users\***\AppData\Local\Temp\0109F01D_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.873 File: C:\Users\***\AppData\Local\Temp\010BBC80_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.918 File: C:\Users\***\AppData\Local\Temp\0112E093_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.966 File: C:\Users\***\AppData\Local\Temp\0143C660_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.032 File: C:\Users\***\AppData\Local\Temp\01454408_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.099 File: C:\Users\***\AppData\Local\Temp\01455EC8_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:06.162 File: C:\Users\***\AppData\Local\Temp\014797F1_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.226 File: C:\Users\***\AppData\Local\Temp\015136CF_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.293 File: C:\Users\***\AppData\Local\Temp\0156F6E2_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:06.336 File: C:\Users\***\AppData\Local\Temp\01571931_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.381 File: C:\Users\***\AppData\Local\Temp\01655B11_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:06.426 File: C:\Users\***\AppData\Local\Temp\0165A099_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.473 File: C:\Users\***\AppData\Local\Temp\016C017D_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.519 File: C:\Users\***\AppData\Local\Temp\017007F3_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.564 File: C:\Users\***\AppData\Local\Temp\0176265B_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.610 File: C:\Users\***\AppData\Local\Temp\0178DC90_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.656 File: C:\Users\***\AppData\Local\Temp\01B0B717_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:06.707 File: C:\Users\***\AppData\Local\Temp\01B474F9_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.755 File: C:\Users\***\AppData\Local\Temp\01E2F926_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.829 File: C:\Users\***\AppData\Local\Temp\01E318A8_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.879 File: C:\Users\***\AppData\Local\Temp\01E6A202_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.927 File: C:\Users\***\AppData\Local\Temp\020EC980_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.975 File: C:\Users\***\AppData\Local\Temp\02105E21_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:07.022 File: C:\Users\***\AppData\Local\Temp\02113250_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:07.067 File: C:\Users\***\AppData\Local\Temp\0219B841_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:07.122 File: C:\Users\***\AppData\Local\Temp\02B76796_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:07.174 File: C:\Users\***\AppData\Local\Temp\02B78C07_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:07.225 File: C:\Users\***\AppData\Local\Temp\0318F823_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:07.279 File: C:\Users\***\AppData\Local\Temp\03191CC3_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:07.359 File: C:\Users\***\AppData\Local\Temp\032055AE_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:07.414 File: C:\Users\***\AppData\Local\Temp\0326D2AA_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:07.478 File: C:\Users\***\AppData\Local\Temp\0332C64B_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:07.895 File: C:\Users\***\AppData\Local\Temp\oi_5PXETZwuYP\OIAssistWTD.exe **INFECTED** Win32:SaliCode
20:07:08.566 File: C:\Users\***\AppData\Local\Temp\Temp1_depends22_x86.zip\depends.exe **INFECTED** Win32:SaliCode
20:07:08.629 File: C:\Users\***\AppData\Local\Temp\Temp1_nethack-343-win.zip\NetHack.exe **INFECTED** Win32:SaliCode
20:07:08.710 File: C:\Users\***\AppData\Local\Temp\windaodjc.exe **INFECTED** Win32:Sality-GR
20:07:08.727 File: C:\Users\***\AppData\Local\Temp\winrjea.exe **INFECTED** Win32:Sality-GR
20:07:08.746 File: C:\Users\***\AppData\Local\Temp\winvveu.exe **INFECTED** Win32:Sality-GR
20:07:14.076 File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe **INFECTED** Win32:SaliCode
20:07:14.099 File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe **INFECTED** Win32:SaliCode
20:07:15.820 File: C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe **INFECTED** Win32:SaliCode
20:07:17.409 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper-console.exe **INFECTED** Win32:SaliCode
20:07:17.424 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper.exe **INFECTED** Win32:Sality
20:07:17.528 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkscape.exe **INFECTED** Win32:SaliCode
20:07:17.582 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkview.exe **INFECTED** Win32:SaliCode
20:07:20.091 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.0.exe **INFECTED** Win32:SaliCode
20:07:20.105 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.exe **INFECTED** Win32:SaliCode
20:07:20.120 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-7.1.exe **INFECTED** Win32:SaliCode
20:07:20.136 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-8.0.exe **INFECTED** Win32:SaliCode
20:07:20.161 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-9.0.exe **INFECTED** Win32:Sality
20:07:21.632 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\pythonw.exe **INFECTED** Win32:Sality
20:07:25.296 File: C:\Users\***\Desktop\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe **INFECTED** Win32:SaliCode
20:07:31.586 File: C:\Users\***\Desktop\Minecraft.exe **INFECTED** Win32:SaliCode
20:07:31.776 File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\CONFIG.exe **INFECTED** Win32:SaliCode
20:07:31.836 File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\game.exe **INFECTED** Win32:Sality
20:07:31.925 File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\Updater.exe **INFECTED** Win32:SaliCode
20:07:36.009 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\dlsdump.exe **INFECTED** Win32:SaliCode
20:07:36.027 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigdump.exe **INFECTED** Win32:SaliCode
20:07:36.060 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigextract.exe **INFECTED** Win32:Sality
20:07:37.123 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\rifftree.exe **INFECTED** Win32:SaliCode
20:07:38.047 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\qsampler.exe **INFECTED** Win32:Sality
20:07:38.142 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\uninstall.exe **INFECTED** Win32:SaliCode
20:07:38.414 AVAST engine scan C:\ProgramData
20:07:39.766 Scan finished successfully
20:10:10.073 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
20:10:10.077 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
|
|
06.05.2013, 21:09
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus beseitigung Hm...aswMBR zeigt den Sality an, das ist ein fieser Schädling, der auch andere Dateien befällt (fileinfector) - falls sich das bestätigt wirst du alles löschen und neu installieren müssen! Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Virus beseitigung |
|
07.05.2013, 15:48
| #7 |
| | Virus beseitigung Hier das Combofix log: Code:
ATTFilter ComboFix 13-05-07.02 - *** 07.05.2013 16:36:21.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8173.6533 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\fraps.exe
c:\program files (x86)\fraps32.dll
c:\program files (x86)\fraps64.dat
c:\program files (x86)\fraps64.dll
c:\program files (x86)\frapslcd.dll
c:\program files (x86)\Uninstall.exe
c:\windows\SysWow64\frapsvid.dll
D:\Autorun.inf
E:\autorun.inf
F:\Autorun.inf
F:\rqhlf.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-07 bis 2013-05-07 ))))))))))))))))))))))))))))))
.
.
2013-05-05 09:53 . 2013-05-05 09:53 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-05-05 09:53 . 2013-05-05 09:53 -------- d-----w- c:\programdata\Malwarebytes
2013-05-05 09:53 . 2013-05-05 09:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-05 09:53 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-03 12:16 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FA1773B-B7C5-47BE-9B2B-08BAA53C94A3}\mpengine.dll
2013-05-02 20:38 . 2013-05-02 20:52 -------- d-----w- c:\users\***\AppData\Roaming\Syncios
2013-05-02 20:38 . 2013-05-02 20:38 -------- d-----w- c:\program files (x86)\Syncios
2013-05-02 20:29 . 2013-05-02 20:29 -------- d-----w- c:\users\***\AppData\Local\Geckofx
2013-05-02 20:29 . 2013-05-02 20:29 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2013-04-30 22:03 . 2013-04-30 22:03 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-04-30 21:59 . 2013-04-30 21:59 -------- d-----w- c:\windows\PSTools
2013-04-30 21:41 . 2013-04-30 21:42 -------- d-----w- c:\users\Admin
2013-04-26 16:14 . 2013-04-26 16:14 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-04-26 16:14 . 2013-04-26 16:14 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-04-26 16:14 . 2013-04-26 16:14 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-04-26 16:14 . 2013-04-26 16:14 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-04-26 16:14 . 2013-04-26 16:14 113440 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2013-04-26 16:14 . 2013-04-26 16:14 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2013-04-26 16:14 . 2013-04-26 16:14 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2013-04-26 16:14 . 2013-04-26 16:14 -------- d-----w- c:\windows\symbols
2013-04-26 16:14 . 2013-04-26 16:14 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2013-04-26 16:14 . 2013-04-26 16:14 -------- d-----w- c:\program files\Microsoft Help Viewer
2013-04-26 16:14 . 2013-04-26 16:14 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2013-04-26 16:12 . 2013-04-26 16:14 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-04-26 16:11 . 2013-04-26 16:11 -------- d-----w- c:\windows\PCHEALTH
2013-04-24 11:13 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 20:05 . 2013-04-23 20:05 -------- d-----w- C:\Python
2013-04-21 20:20 . 2013-04-21 20:20 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-04-20 19:46 . 2013-04-20 19:46 -------- d-----w- c:\program files (x86)\Microsoft Games
2013-04-15 16:24 . 2013-04-16 17:05 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-04-10 12:26 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 12:26 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 12:26 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 12:26 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 12:26 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 12:26 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-10 12:26 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 12:26 . 2013-04-10 12:26 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-10 12:21 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 12:21 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 12:21 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 12:21 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 12:21 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 12:21 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-28 10:02 . 2012-10-28 16:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-28 10:02 . 2012-10-28 16:51 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-06 18:30 . 2013-04-06 18:30 3919872 ----a-w- c:\windows\system32\python33.dll
2013-04-06 18:29 . 2013-04-06 18:29 94208 ----a-w- c:\windows\pyw.exe
2013-04-06 18:29 . 2013-04-06 18:29 93184 ----a-w- c:\windows\py.exe
2013-03-01 16:14 . 2013-03-01 16:14 270408 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-03-01 16:14 . 2013-02-27 20:11 270408 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2012-10-28 11:47 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 245872 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-28 11:47 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-02-12 04:12 . 2013-03-16 10:21 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-09 09:54 . 2013-01-12 20:04 1593096 ----a-w- c:\windows\SysWow64\ChilkatCrypt2.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]
"Hobbyist Software VLC Streamer"="c:\program files (x86)\VLC Streamer\VLC Streamer Configuration.exe" [2013-01-09 1647128]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"Agile1pAgent"="c:\program files (x86)\1Password\Agile1pAgent.exe" [2013-04-02 2220784]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 MSICDSetup;MSICDSetup;G:\CDriver64.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2008-04-18 15744]
S2 Agile1Password;1Password;c:\program files (x86)\1Password\Agile1pService.exe [2013-04-02 768752]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 hcw88bda;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2008-04-18 214528]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2008-04-18 338304]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2008-04-18 437888]
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [2008-04-18 21120]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 17:42 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 10:02]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-31 20:47]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-31 20:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\k4m8hmo7.default\
FF - user.js: extensions.autoDisableScopes - 10
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Browser Infrastructure Helper - c:\users\***\AppData\Local\Smartbar\Application\QuickShare.exe
AddRemove-Crash Free VSTI plugin - c:\program files (x86)\Crash Free VSTI plugin\uninstall.exe
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-07 16:39:23
ComboFix-quarantined-files.txt 2013-05-07 14:39
.
Vor Suchlauf: 8 Verzeichnis(se), 12.182.274.048 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 12.711.424.000 Bytes frei
.
- - End Of File - - 4EFB1A0332FDDCC1FE8F4F01E956B9AF
|
|
07.05.2013, 15:52
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus beseitigung Ok, lade aswMBR bitte neu runter und führ es nochmal aus
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2013, 17:15
| #9 |
| | Virus beseitigung Hier der aswMBR log... Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-06 19:52:38
-----------------------------
19:52:38.564 OS Version: Windows x64 6.1.7601 Service Pack 1
19:52:38.564 Number of processors: 4 586 0x2A07
19:52:38.564 ComputerName: ***-PC UserName: ***
19:52:38.904 Initialize success
20:04:14.583 AVAST engine defs: 13050501
20:05:56.387 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:05:56.390 Disk 0 Vendor: MKNSSDCR120GB 502ABBF0 Size: 114473MB BusType: 11
20:05:56.392 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
20:05:56.395 Disk 1 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 11
20:05:56.398 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-4
20:05:56.400 Disk 2 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
20:05:56.404 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-3
20:05:56.407 Disk 3 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
20:05:56.415 Disk 0 MBR read successfully
20:05:56.420 Disk 0 MBR scan
20:05:56.423 Disk 0 Windows 7 default MBR code
20:05:56.425 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:05:56.428 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
20:05:56.436 Disk 0 scanning C:\Windows\system32\drivers
20:05:58.298 Service scanning
20:06:03.434 Modules scanning
20:06:03.441 Disk 0 trace - called modules:
20:06:03.448 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:06:03.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007530060]
20:06:03.458 3 CLASSPNP.SYS[fffff880018ca43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007309680]
20:06:03.730 AVAST engine scan C:\Windows
20:06:04.182 AVAST engine scan C:\Windows\system32
20:06:52.434 AVAST engine scan C:\Windows\system32\drivers
20:06:54.730 AVAST engine scan C:\Users\***
20:06:57.904 File: C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O59L5QVH\InstallMonetizer-PriceGong_v2[1].exe **INFECTED** Win32:SaliCode
20:06:58.084 File: C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBAYL85N\crush_vsti_5805[1].exe **INFECTED** Win32:SaliCode
20:07:05.325 File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrA.exe **INFECTED** Win32:SaliCode
20:07:05.349 File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrB.exe **INFECTED** Win32:SaliCode
20:07:05.439 File: C:\Users\***\AppData\Local\Temp\0038258A_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.491 File: C:\Users\***\AppData\Local\Temp\00385457_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:05.537 File: C:\Users\***\AppData\Local\Temp\0041120A_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:05.582 File: C:\Users\***\AppData\Local\Temp\00414FC5_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.627 File: C:\Users\***\AppData\Local\Temp\0044D02B_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.671 File: C:\Users\***\AppData\Local\Temp\0044FE8A_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.715 File: C:\Users\***\AppData\Local\Temp\00895E19_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.760 File: C:\Users\***\AppData\Local\Temp\00898651_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.830 File: C:\Users\***\AppData\Local\Temp\0109F01D_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.873 File: C:\Users\***\AppData\Local\Temp\010BBC80_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.918 File: C:\Users\***\AppData\Local\Temp\0112E093_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:05.966 File: C:\Users\***\AppData\Local\Temp\0143C660_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.032 File: C:\Users\***\AppData\Local\Temp\01454408_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.099 File: C:\Users\***\AppData\Local\Temp\01455EC8_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:06.162 File: C:\Users\***\AppData\Local\Temp\014797F1_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.226 File: C:\Users\***\AppData\Local\Temp\015136CF_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.293 File: C:\Users\***\AppData\Local\Temp\0156F6E2_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:06.336 File: C:\Users\***\AppData\Local\Temp\01571931_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.381 File: C:\Users\***\AppData\Local\Temp\01655B11_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:06.426 File: C:\Users\***\AppData\Local\Temp\0165A099_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.473 File: C:\Users\***\AppData\Local\Temp\016C017D_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.519 File: C:\Users\***\AppData\Local\Temp\017007F3_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.564 File: C:\Users\***\AppData\Local\Temp\0176265B_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.610 File: C:\Users\***\AppData\Local\Temp\0178DC90_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.656 File: C:\Users\***\AppData\Local\Temp\01B0B717_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:06.707 File: C:\Users\***\AppData\Local\Temp\01B474F9_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.755 File: C:\Users\***\AppData\Local\Temp\01E2F926_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.829 File: C:\Users\***\AppData\Local\Temp\01E318A8_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.879 File: C:\Users\***\AppData\Local\Temp\01E6A202_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.927 File: C:\Users\***\AppData\Local\Temp\020EC980_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:06.975 File: C:\Users\***\AppData\Local\Temp\02105E21_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:07.022 File: C:\Users\***\AppData\Local\Temp\02113250_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:07.067 File: C:\Users\***\AppData\Local\Temp\0219B841_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:07.122 File: C:\Users\***\AppData\Local\Temp\02B76796_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:07.174 File: C:\Users\***\AppData\Local\Temp\02B78C07_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:07.225 File: C:\Users\***\AppData\Local\Temp\0318F823_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:07.279 File: C:\Users\***\AppData\Local\Temp\03191CC3_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:07.359 File: C:\Users\***\AppData\Local\Temp\032055AE_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:07.414 File: C:\Users\***\AppData\Local\Temp\0326D2AA_Rar\legoria3.exe **INFECTED** Win32:SaliCode
20:07:07.478 File: C:\Users\***\AppData\Local\Temp\0332C64B_Rar\legoria3.exe **INFECTED** Win32:Sality
20:07:07.895 File: C:\Users\***\AppData\Local\Temp\oi_5PXETZwuYP\OIAssistWTD.exe **INFECTED** Win32:SaliCode
20:07:08.566 File: C:\Users\***\AppData\Local\Temp\Temp1_depends22_x86.zip\depends.exe **INFECTED** Win32:SaliCode
20:07:08.629 File: C:\Users\***\AppData\Local\Temp\Temp1_nethack-343-win.zip\NetHack.exe **INFECTED** Win32:SaliCode
20:07:08.710 File: C:\Users\***\AppData\Local\Temp\windaodjc.exe **INFECTED** Win32:Sality-GR
20:07:08.727 File: C:\Users\***\AppData\Local\Temp\winrjea.exe **INFECTED** Win32:Sality-GR
20:07:08.746 File: C:\Users\***\AppData\Local\Temp\winvveu.exe **INFECTED** Win32:Sality-GR
20:07:14.076 File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe **INFECTED** Win32:SaliCode
20:07:14.099 File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe **INFECTED** Win32:SaliCode
20:07:15.820 File: C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe **INFECTED** Win32:SaliCode
20:07:17.409 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper-console.exe **INFECTED** Win32:SaliCode
20:07:17.424 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper.exe **INFECTED** Win32:Sality
20:07:17.528 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkscape.exe **INFECTED** Win32:SaliCode
20:07:17.582 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkview.exe **INFECTED** Win32:SaliCode
20:07:20.091 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.0.exe **INFECTED** Win32:SaliCode
20:07:20.105 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.exe **INFECTED** Win32:SaliCode
20:07:20.120 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-7.1.exe **INFECTED** Win32:SaliCode
20:07:20.136 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-8.0.exe **INFECTED** Win32:SaliCode
20:07:20.161 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-9.0.exe **INFECTED** Win32:Sality
20:07:21.632 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\pythonw.exe **INFECTED** Win32:Sality
20:07:25.296 File: C:\Users\***\Desktop\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe **INFECTED** Win32:SaliCode
20:07:31.586 File: C:\Users\***\Desktop\Minecraft.exe **INFECTED** Win32:SaliCode
20:07:31.776 File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\CONFIG.exe **INFECTED** Win32:SaliCode
20:07:31.836 File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\game.exe **INFECTED** Win32:Sality
20:07:31.925 File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\Updater.exe **INFECTED** Win32:SaliCode
20:07:36.009 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\dlsdump.exe **INFECTED** Win32:SaliCode
20:07:36.027 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigdump.exe **INFECTED** Win32:SaliCode
20:07:36.060 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigextract.exe **INFECTED** Win32:Sality
20:07:37.123 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\rifftree.exe **INFECTED** Win32:SaliCode
20:07:38.047 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\qsampler.exe **INFECTED** Win32:Sality
20:07:38.142 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\uninstall.exe **INFECTED** Win32:SaliCode
20:07:38.414 AVAST engine scan C:\ProgramData
20:07:39.766 Scan finished successfully
20:10:10.073 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
20:10:10.077 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-07 17:42:25
-----------------------------
17:42:25.239 OS Version: Windows x64 6.1.7601 Service Pack 1
17:42:25.239 Number of processors: 4 586 0x2A07
17:42:25.240 ComputerName: ***-PC UserName: ***
17:42:25.539 Initialize success
17:54:06.080 AVAST engine defs: 13050700
17:54:11.173 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:54:11.176 Disk 0 Vendor: MKNSSDCR120GB 502ABBF0 Size: 114473MB BusType: 11
17:54:11.179 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
17:54:11.181 Disk 1 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 11
17:54:11.184 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-4
17:54:11.186 Disk 2 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
17:54:11.190 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-3
17:54:11.193 Disk 3 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
17:54:11.202 Disk 0 MBR read successfully
17:54:11.206 Disk 0 MBR scan
17:54:11.212 Disk 0 Windows 7 default MBR code
17:54:11.214 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:54:11.218 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
17:54:11.227 Disk 0 scanning C:\Windows\system32\drivers
17:54:13.097 Service scanning
17:54:18.135 Modules scanning
17:54:18.142 Disk 0 trace - called modules:
17:54:18.150 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:54:18.155 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007530060]
17:54:18.160 3 CLASSPNP.SYS[fffff8800187c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800730c060]
17:54:18.477 AVAST engine scan C:\Windows
17:54:19.082 AVAST engine scan C:\Windows\system32
17:55:08.325 AVAST engine scan C:\Windows\system32\drivers
17:55:10.642 AVAST engine scan C:\Users\***
17:55:20.718 File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrA.exe **INFECTED** Win32:SaliCode
17:55:20.740 File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrB.exe **INFECTED** Win32:SaliCode
17:55:25.981 File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe **INFECTED** Win32:SaliCode
17:55:26.007 File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe **INFECTED** Win32:SaliCode
17:55:27.294 File: C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe **INFECTED** Win32:SaliCode
17:55:28.740 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper-console.exe **INFECTED** Win32:SaliCode
17:55:28.754 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper.exe **INFECTED** Win32:Sality
17:55:28.857 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkscape.exe **INFECTED** Win32:SaliCode
17:55:28.908 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkview.exe **INFECTED** Win32:SaliCode
17:55:31.427 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.0.exe **INFECTED** Win32:SaliCode
17:55:31.441 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.exe **INFECTED** Win32:SaliCode
17:55:31.465 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-7.1.exe **INFECTED** Win32:SaliCode
17:55:31.483 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-8.0.exe **INFECTED** Win32:SaliCode
17:55:31.516 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-9.0.exe **INFECTED** Win32:Sality
17:55:33.296 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\pythonw.exe **INFECTED** Win32:Sality
17:55:37.942 File: C:\Users\***\Desktop\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe **INFECTED** Win32:SaliCode
17:55:46.328 File: C:\Users\***\Desktop\Minecraft.exe **INFECTED** Win32:SaliCode
17:55:46.528 File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\CONFIG.exe **INFECTED** Win32:SaliCode
17:55:46.593 File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\game.exe **INFECTED** Win32:Sality
17:55:46.677 File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\Updater.exe **INFECTED** Win32:SaliCode
17:55:51.206 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\dlsdump.exe **INFECTED** Win32:SaliCode
17:55:51.228 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigdump.exe **INFECTED** Win32:SaliCode
17:55:51.263 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigextract.exe **INFECTED** Win32:Sality
17:55:52.308 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\rifftree.exe **INFECTED** Win32:SaliCode
17:55:53.346 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\qsampler.exe **INFECTED** Win32:Sality
17:55:53.455 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\uninstall.exe **INFECTED** Win32:SaliCode
17:55:53.765 AVAST engine scan C:\ProgramData
17:55:55.166 Scan finished successfully
18:13:55.499 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
18:13:55.502 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Hier das richtige log: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-07 17:42:25
-----------------------------
17:42:25.239 OS Version: Windows x64 6.1.7601 Service Pack 1
17:42:25.239 Number of processors: 4 586 0x2A07
17:42:25.240 ComputerName: ***-PC UserName: ***
17:42:25.539 Initialize success
17:54:06.080 AVAST engine defs: 13050700
17:54:11.173 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:54:11.176 Disk 0 Vendor: MKNSSDCR120GB 502ABBF0 Size: 114473MB BusType: 11
17:54:11.179 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
17:54:11.181 Disk 1 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 11
17:54:11.184 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-4
17:54:11.186 Disk 2 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
17:54:11.190 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-3
17:54:11.193 Disk 3 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
17:54:11.202 Disk 0 MBR read successfully
17:54:11.206 Disk 0 MBR scan
17:54:11.212 Disk 0 Windows 7 default MBR code
17:54:11.214 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:54:11.218 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
17:54:11.227 Disk 0 scanning C:\Windows\system32\drivers
17:54:13.097 Service scanning
17:54:18.135 Modules scanning
17:54:18.142 Disk 0 trace - called modules:
17:54:18.150 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:54:18.155 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007530060]
17:54:18.160 3 CLASSPNP.SYS[fffff8800187c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800730c060]
17:54:18.477 AVAST engine scan C:\Windows
17:54:19.082 AVAST engine scan C:\Windows\system32
17:55:08.325 AVAST engine scan C:\Windows\system32\drivers
17:55:10.642 AVAST engine scan C:\Users\***
17:55:20.718 File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrA.exe **INFECTED** Win32:SaliCode
17:55:20.740 File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrB.exe **INFECTED** Win32:SaliCode
17:55:25.981 File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe **INFECTED** Win32:SaliCode
17:55:26.007 File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe **INFECTED** Win32:SaliCode
17:55:27.294 File: C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe **INFECTED** Win32:SaliCode
17:55:28.740 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper-console.exe **INFECTED** Win32:SaliCode
17:55:28.754 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper.exe **INFECTED** Win32:Sality
17:55:28.857 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkscape.exe **INFECTED** Win32:SaliCode
17:55:28.908 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkview.exe **INFECTED** Win32:SaliCode
17:55:31.427 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.0.exe **INFECTED** Win32:SaliCode
17:55:31.441 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.exe **INFECTED** Win32:SaliCode
17:55:31.465 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-7.1.exe **INFECTED** Win32:SaliCode
17:55:31.483 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-8.0.exe **INFECTED** Win32:SaliCode
17:55:31.516 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-9.0.exe **INFECTED** Win32:Sality
17:55:33.296 File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\pythonw.exe **INFECTED** Win32:Sality
17:55:37.942 File: C:\Users\***\Desktop\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe **INFECTED** Win32:SaliCode
17:55:46.328 File: C:\Users\***\Desktop\Minecraft.exe **INFECTED** Win32:SaliCode
17:55:46.528 File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\CONFIG.exe **INFECTED** Win32:SaliCode
17:55:46.593 File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\game.exe **INFECTED** Win32:Sality
17:55:46.677 File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\Updater.exe **INFECTED** Win32:SaliCode
17:55:51.206 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\dlsdump.exe **INFECTED** Win32:SaliCode
17:55:51.228 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigdump.exe **INFECTED** Win32:SaliCode
17:55:51.263 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigextract.exe **INFECTED** Win32:Sality
17:55:52.308 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\rifftree.exe **INFECTED** Win32:SaliCode
17:55:53.346 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\qsampler.exe **INFECTED** Win32:Sality
17:55:53.455 File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\uninstall.exe **INFECTED** Win32:SaliCode
17:55:53.765 AVAST engine scan C:\ProgramData
17:55:55.166 Scan finished successfully
18:13:55.499 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
18:13:55.502 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
21:14:18.292 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
21:14:18.495 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
21:14:47.973 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
21:14:47.977 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
|
|
07.05.2013, 20:44
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus beseitigung Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2013, 15:03
| #11 |
| | Virus beseitigung Malwarebytes log... Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.05.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 07.05.2013 21:50:24 mbam-log-neu.txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 523171 Laufzeit: 20 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Qoobox\Quarantine\F\rqhlf.exe.vir (Malware.Packer.Gen) -> Keine Aktion durchgeführt. D:\ufllh.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt. E:\hwasc.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=31dfb196065b194b9ce08c8a19fd28c4
# engine=13783
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-08 01:47:19
# local_time=2013-05-08 03:47:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 437436 119650689 0 0
# scanned=271391
# found=289
# cleaned=0
# scan_time=4128
sh=0A431528D75FC13607CC476A9ED40D6FBC0FF05A ft=1 fh=f03b0e64cb491cd2 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\JDownloader.exe"
sh=62257721D75C4D6C098CBF2D2F2A482D4291A497 ft=1 fh=cd5b5eae4e923944 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\JDownloaderBETA.exe"
sh=F94395BA3A43B0AF61B63CBEABAC10083D4CB9BE ft=1 fh=33a2084df6712d6c vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\JDownloaderD3D.exe"
sh=9DC2F7E4E4C61B8591F640538CEB20F5F4757307 ft=1 fh=105c855ba29f26bd vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\JDUninstall.exe"
sh=5D4C93446AB81E224A4B7F09AF80CF6A3309F02D ft=1 fh=03c13b8b7e2bd052 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\JDUpdate.exe"
sh=BD852B6AD82D76573D49217EE37411CC7D432467 ft=1 fh=ac919e9a9b6e4e4f vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\plugins\jdshutdown\windows\shutdown.exe"
sh=C1D057C5BB3A3E89E077C71364DC7A3AB9F0C2C8 ft=1 fh=26231981c8729169 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\tools\Windows\kikin\kikin_installer.exe"
sh=4AA035FC4BD61719DE2F5FF4768D19F64B85BDBA ft=1 fh=beae99e2df10c4c4 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\tools\Windows\unrarw32\unrar.exe"
sh=C8D17827A20A260A4FCC616F317EAC5CCC37779B ft=1 fh=acb8ccbcdecebcdf vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\ar505deu.exe"
sh=0632E4CB4502E7380F6DF489999190E74E712E62 ft=1 fh=708671167c59c05b vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\autopatcher.exe"
sh=4669B32E732F911AAE0467450D154AD71B60094C ft=1 fh=cb8503a64798ddbb vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\chktrust.exe"
sh=B267B5D22C0E662258C93FAEE44FB00EA88B1672 ft=1 fh=2bab4c4a6f07373d vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\dw15.exe"
sh=A17EA46265CE73FD64BE32A14747D4F581250FE2 ft=1 fh=86f7a0937f83a6b1 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\gfxinfo.exe"
sh=3B30094E501BCDC9FC1F89D912C6BDC283CD70BB ft=1 fh=f8189ece8cbfcb5e vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\instapup.exe"
sh=3415ACEC0384AEC58EADA59672888E9B89994421 ft=1 fh=328d50d15575edb0 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\movieplayer.exe"
sh=D9DA1B169D808A802666629F7F62CD0220B623F7 ft=1 fh=81b00f24c40d94b2 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\UNINSTAL.EXE"
sh=F7138792841C016C20FF8D144123CC4567022676 ft=1 fh=eb872c2909a8417f vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Afterfall InSanity\Binaries\Win32\UE3ShaderCompileWorker.exe"
sh=F1D64238A13248E5619FFACFC5845F03B33E5C62 ft=1 fh=9d00c2c2eb740b43 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Afterfall InSanity\redist\amdcpusetup.exe"
sh=6B4973A561993EA2084715F14EFE1134DFF2437A ft=1 fh=9be4e587a0adacdb vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Afterfall InSanity\redist\vcredist_x64.exe"
sh=90F3F6FF5D8E4249F8BB2744EC558BD0C875FB11 ft=1 fh=4e988ce1aa83f7bb vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Afterfall InSanity\redist\vcredist_x86.exe"
sh=EE84B1458DC147F9FBAC03C570A8124730A706F0 ft=1 fh=72c63df5cfc6d673 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Afterfall InSanity\redist\dotnet\Helper.exe"
sh=6890E9A2DA8DEBA4FC59ECE43D37CF4180840CBA ft=1 fh=17e3cf56e8338d15 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\DeathRally\DeathRally.exe"
sh=C430F3A1CF4FCF5342FE4BB99C0E2D64D6C5A49A ft=1 fh=bc23f51addb9401d vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\DeathRally\thirdparty\Studio_Redistributable\vcredist_x86.exe"
sh=AAEA27126BABBED907B0057C5A50996396505397 ft=1 fh=51a4736457526859 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Endless Space\EndlessSpace.exe"
sh=7E25953637392A57A058563922FD7047049D030A ft=1 fh=153d765cf0753350 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Endless Space\Components\vcredist_x86.exe"
sh=2BF2FE8AA4A59984F330570B627E5269F07B99E9 ft=1 fh=e0d9ff1503bf1027 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe"
sh=39A871305E80E6B88551DDE2161B400D6E17E9E1 ft=1 fh=2640cf297cfaf1c1 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\bin\demoinfo.exe"
sh=A079C0793FF7CFE816EECC648197E2D07107C9E1 ft=1 fh=11f48c21e7443655 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\bin\makevmt.exe"
sh=A6FBA8CF46128B0EFBFDCF114637B5EF3DCCC581 ft=1 fh=7d01d7dedec8f453 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe"
sh=A9EC59579545BB8AF38D0222F55E01682D7DD018 ft=1 fh=eccc7da87aae245b vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\exec.exe"
sh=0CD197569089655E21DA9F8528BC7A83DBC427AF ft=1 fh=ce09d8664347cc23 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\loaddll.exe"
sh=318DD05C4513D67AED941813A5FDF59248955789 ft=1 fh=d8a17d54895f3461 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\pnpscan.exe"
sh=5899DEE1792EFBF7D165B2DA71BD99FAECC799C6 ft=1 fh=5cb6338cb64993ba vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\Primary.exe"
sh=002FF4485E6CBE0DADCADD31474C6C2C78FC7293 ft=1 fh=beaa8ac719529743 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\UNHLPdeu.EXE"
sh=C3C2B4B70F527F97B1AFB53C976AE508E7C9A369 ft=1 fh=eb367f5a9c740058 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\UNSftPVR.EXE"
sh=697570D82920D9299E4CD51CA51F3B8D56B12C92 ft=1 fh=9675ebc677e63456 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\UNTV6.EXE"
sh=DDCD9F035CD5D0F622A73146CC0A43EDCE789A29 ft=1 fh=10849a56b18c4ea4 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\WinTV.exe"
sh=A28DC0B3FF6DF625D1C1BAF710445EA9910E5CEA ft=1 fh=b4cca409c64cd961 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\Scheduler\pvrfile_applet.exe"
sh=1E62008DFAD057BE1EDBBF91C1F3F34D53FDAFE0 ft=1 fh=0f38dba510b356a5 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\Scheduler\scheduler.exe"
sh=715D6B522B9204B3BD67D6D065332E8B4BEDA754 ft=1 fh=2f57b77b9a6dc1e4 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\Scheduler\StayAwake.exe"
sh=4F59F8F890B126AC599CA701EC53E1DF21810302 ft=1 fh=4c2254295fa4d2ad vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\Scheduler\uniSCHED.exe"
sh=8279284594BAB435468125A6497BEDEB4F34B2B2 ft=1 fh=43dce4331e542c35 vn="Win32/Sality.NBA virus" ac=I fn="C:\Python\Lib\distutils\command\wininst-10.0.exe"
sh=2C6E8F78A9FCC1B2B4CCA346688D7956D311873C ft=1 fh=2543d8d568ef9325 vn="Win32/Sality.NBA virus" ac=I fn="C:\Python\Lib\distutils\command\wininst-6.0.exe"
sh=D8793AE6EF49ABE5EF1E9DBEFAB60A5D70AA8BA5 ft=1 fh=0f60927b9256ad85 vn="Win32/Sality.NBA virus" ac=I fn="C:\Python\Lib\distutils\command\wininst-7.1.exe"
sh=982AC4359E083E4B775D5E1A15C9FB0D67EF7111 ft=1 fh=23e6924871d4cb0c vn="Win32/Sality.NBA virus" ac=I fn="C:\Python\Lib\distutils\command\wininst-8.0.exe"
sh=A5ED398EA6DB57FC1B5153924E88CCCD4239AD7F ft=1 fh=d887f627eebac0eb vn="Win32/Sality.NBA virus" ac=I fn="C:\Python\Lib\distutils\command\wininst-9.0.exe"
sh=397BE7CEDAFF9B9C619C0DEF277D23AE65E47E5D ft=1 fh=6376f3c7a313b98a vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PIND3NHU\Firefox%20Setup%2016.0.2[1].exe"
sh=C44BB09EF33BDE4BA039ED814C0423A7CC75CC53 ft=1 fh=3fd7836493e7f8c7 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrA.exe"
sh=F8D159BE1ACEF8EDBAEEFC48C5274B169F85FD65 ft=1 fh=2a0e98ab0653e9a9 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrB.exe"
sh=05772EDA187B39DB0257B65AD8ACAD00EFA6238E ft=1 fh=274e05c5d4005fcc vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe"
sh=9668A9AB3432823569330626C7BA205C57FE8C9C ft=1 fh=442532bdad4857f2 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe"
sh=619AF7DF581CBB626FF024B342C8E6CB23E1776B ft=1 fh=208da11b941a2bbf vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe"
sh=45141D8DEAB1887FDB25EA1256EE66410AEEF358 ft=1 fh=41a7a756da343b14 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\Minecraft.exe"
sh=B88D58656E3363B4DDDD1287B900A4DB22A7A2F7 ft=1 fh=970f102f0a61c92d vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper-console.exe"
sh=0F6DF47A422F9EC60329F76B8D8C3331C0ED3C96 ft=1 fh=8c2807fe65398639 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper.exe"
sh=D1CE92F8753175E7759C1C50C414B1970D410216 ft=1 fh=29aabdd640323a38 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkscape.exe"
sh=EAF958A632A3C601D98E4683795719AD2E23F31A ft=1 fh=722e6dd5ebb97352 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkview.exe"
sh=B1E164EB48E3B11CE6F0035DAA5CCE284C5B5430 ft=1 fh=e3a415000c2df8a7 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\pythonw.exe"
sh=43643AE6552F61B2C5A1CBCE7C88F7784125590E ft=1 fh=f077a79d1808aa64 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.0.exe"
sh=837E94905872558F05514661E3BF1880949A7AD1 ft=1 fh=4e396dc05e7a4ca2 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.exe"
sh=214BA2216D86B94FEEF5A265E4518354574A4C44 ft=1 fh=f3c8b965dda4c201 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-7.1.exe"
sh=0434F86F38E20D32EF61F978B4F615F81B939F7E ft=1 fh=93bd5d027547e7a9 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-8.0.exe"
sh=84FE47208FFA0EE7AF5E0BB857C44B977733C8D2 ft=1 fh=f7340282af20c9b4 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-9.0.exe"
sh=E50F34E93EA7285AA200E949197A80E66DFA9FBC ft=1 fh=f65efba38fed6515 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe"
sh=BBD7C078785AAA2067E790F81B681A0E25B18B8E ft=1 fh=ee7ff4f2f4cf7062 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\Shaiya\Shaiya-DE\CONFIG.exe"
sh=31097BEA65C020E1457187CC64FB454275DD8CFA ft=1 fh=15808f466c6725bd vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\Shaiya\Shaiya-DE\game.exe"
sh=B3A1E75E12CE393B394CF99D90AB607C81F99F8D ft=1 fh=09c03e8960993584 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\Shaiya\Shaiya-DE\Updater.exe"
sh=A3B859EEE8E2341BC2ADEF1DAD0D91BF857334DA ft=1 fh=78bc910555074eab vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Musik\VSTPlugins\LinuxSampler\qsampler.exe"
sh=0033CC522F898434A46847D0F21C2860DBE41579 ft=1 fh=56c38665cc680ba4 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Musik\VSTPlugins\LinuxSampler\uninstall.exe"
sh=BF0E98B4A64C1C9901DE3AD0EFA5F0FB4DBBC4BF ft=1 fh=69b04151b8eed50c vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\dlsdump.exe"
sh=04311C46C556EA4059D561C4C5118D6C150206E4 ft=1 fh=799fdcbbe94795e2 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigdump.exe"
sh=3D72ABD73695D413FC0189AD7431C7FAB9642291 ft=1 fh=1bd4ae5014bf9a79 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigextract.exe"
sh=B82DE06795CE7ED368EBF08B32B1B1527C0894F6 ft=1 fh=586f1e4b1bf32409 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\rifftree.exe"
sh=53C3D9AA50D68338448D12D0496FD4F6DC337ECE ft=1 fh=74b588adf1cecf0b vn="Win32/Sality.NBA virus" ac=I fn="D:\Program Files\Skype\Phone\Skype.exe"
sh=1FB1388F7AA3B5215F71F82D5AD825488D84758D ft=1 fh=5f14c319cebad59f vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\Bochs-2.5.1.exe"
sh=E260B9ACC26C35662414416AF0E997F6218F06DA ft=1 fh=af133312811bfb2f vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\mbam-setup-1.75.0.1300.exe"
sh=31EF85EF7D0F7EF6C747ED248AFCFC0774D83098 ft=1 fh=3d086cb09098ce07 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\openvpn-install-2.3.0-I004-i686.exe"
sh=098FE77DADA6A5417DA49A835635CF52A44BFF13 ft=1 fh=ebd5c10d3957b4d2 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\OpenVPNPortable_1.8.2.paf.exe"
sh=40A74B4CD6FED7BF11193D259ECB59A3E2DD28CC ft=1 fh=8ccf9a6e628f8dbe vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\syncios.exe"
sh=C96F13C19CDFB4AF9F793E37931C994E415B5E4B ft=1 fh=e6d831dfca63760b vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\Thunderbird Setup 10.0.2.exe"
sh=F5561862480C05480BC268147FD74064554FA0A1 ft=1 fh=c08ddd5f1dd85645 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\vc_web.exe"
sh=78C7227FC90C609BEF36AC01AC7AB5240BBF7DB5 ft=1 fh=85ed99459d9ba956 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\videora-iphone-600-setup.exe"
sh=E2C0470EC0FCF2AB271239AB1054584242DC8A6B ft=1 fh=90f6a80b40ed09c7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\app4win\app4win.exe"
sh=02DCA998255D174284683D9B1C501AE87499D52E ft=1 fh=d00abb324df4d7c4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\hacking\HxD\HxD.exe"
sh=FA57C343BDCA0F90659478AB8B8ACB93F80B0A53 ft=1 fh=b270e9626877a3ec vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\hacking\HxD\unins000.exe"
sh=AFFE96B8EF1024DDC352A30FBEEA78AF32034080 ft=1 fh=94b84fdf8e434f70 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\hacking\PEiD\PEiD.exe"
sh=C48E53E0782E7707892FF36B5F754DB26C0406AF ft=1 fh=efde9480e2fe2544 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\ASIO4ALL_2_10_Deutsch.exe"
sh=D32667F352BA16837684BB0D92A8C493A5F8D3AA ft=1 fh=7da278ab21a68d30 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\CheatEngine62.exe"
sh=030CA1170032965EB0D7557AF53EC08FCC003FC5 ft=1 fh=4e11cce14268e8f4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\Dropbox 1.6.13.exe"
sh=12EFEE8A2B08E17C404DF3AEE56A5EE37CCD1A89 ft=1 fh=550577ff9694ddd8 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\eac-1.0beta3.exe"
sh=43057AD65F77EE1368D38873965215F05BD177C2 ft=1 fh=234d20fb3625770e vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\Fraps_setup.exe"
sh=74862ED44EA0FC1BB8EBBD73DE84114B2AA2D709 ft=1 fh=ac3391a57cf9ca74 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\Git-1.8.0-preview20121022.exe"
sh=10F790E5B85294B43965B4A588E4635C374F6708 ft=1 fh=cfa8923e337fd5d5 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\JDownloaderSetup.exe"
sh=465693300291B39546840B9DB6D7881E6B2BB808 ft=1 fh=56bb64befb13e1cb vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\linuxsampler_20121229_setup.exe"
sh=E298D002E87C3FF7094E205CC73A9BE0A45B1EF2 ft=1 fh=89ee47111dbed5a7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\reaper431-install.exe"
sh=8C571BEF99BB53641C39A0932D791204EACECF27 ft=1 fh=f2f5beaf4e16e069 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\SkypeSetup.exe"
sh=17E05AACADCD421D1FE033A1CDCD1A3F2562A105 ft=1 fh=2880a62510ee4cc7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\TeamViewerQS_de-ckc.exe"
sh=145786E36C19627D1810246052904621C23118FC ft=1 fh=e6d831df9521f9f5 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\Thunderbird Setup 10.0.2.exe"
sh=10C3AFE84B48C7A05AD9B5143EC92DC2DAE46CB9 ft=1 fh=1f52e35d9e1a0549 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\vlc-2.0.4-win32.exe"
sh=8242C413E8422366CB47AFF56FAC32F15FBDCEA1 ft=1 fh=95b96d8b1916b045 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\wireshark-win64-1.6.5.exe"
sh=10AC210A34B4FC3DEDB8009EEE0DE2542E3FC5F7 ft=1 fh=db6d2aed5138eb40 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\audacity-win-2.0.2\Audacity\audacity.exe"
sh=D9F894011684B4B207489CD62C7985D8F5DE5D7F ft=1 fh=6637dba784206c47 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\FileZillaPortable\App\filezilla\filezilla.exe"
sh=644D49D68116D294DFAA7AFE73D68EFA753D18DD ft=1 fh=0e87435864f7390b vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\FileZillaPortable\App\filezilla\fzputtygen.exe"
sh=ACC14F4D44DCB973214D32C55F341A4BFD5DE55F ft=1 fh=c2cffaae59761b5f vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\FileZillaPortable\App\filezilla\fzsftp.exe"
sh=E361BCC9D30520694424DC238F5669E9B3211648 ft=1 fh=970f102f69c4e9f1 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\gspawn-win32-helper-console.exe"
sh=EED31A45BCAB45CA569578391000B97D03A9231B ft=1 fh=8c2807fe1687cd35 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\gspawn-win32-helper.exe"
sh=D26408C1CB2E085EA7F6C9BBB399B3BCAACD07F9 ft=1 fh=8c4fe4fccd9db1cc vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\inkscape.exe"
sh=EE524E6F2AD279C6A92F5D06CE333F75A83C3FC9 ft=1 fh=7920d86e3814d3fd vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\inkview.exe"
sh=44DE4BADE74E722228EDF306A7D70E2E939AF96D ft=1 fh=c0d8cd2af748ac5c vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\python\python.exe"
sh=FDB27B05ED6C19A661D96DC13D54BCAD78D9E0F7 ft=1 fh=939ab8472c6a20c4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\python\pythonw.exe"
sh=3CE00C03F713715EA66285DFE5BA3AA304C980D5 ft=1 fh=466b9c58c4347bd7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\python\Lib\distutils\command\wininst-6.0.exe"
sh=9F7DB151A0BC6D3B1E18F278848F5C8C10780390 ft=1 fh=f57a2f171ae60f78 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\python\Lib\distutils\command\wininst-6.exe"
sh=EAA4E98E2D4F832B85462E06B933C81EB77247D6 ft=1 fh=4d4762394dbc5ecf vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\python\Lib\distutils\command\wininst-7.1.exe"
sh=B1ED33B82D580E4B827C68DE23C3853992B5EC73 ft=1 fh=3afa6bbe41288a25 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\python\Lib\distutils\command\wininst-8.0.exe"
sh=E8C30DF007FCCA85F334541F7902DC7252A163DC ft=1 fh=fe9ad8d39566843a vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\python\Lib\distutils\command\wininst-9.0.exe"
sh=933EF23736EB42B184C414BC24AC4EC57DBD26FD ft=1 fh=9a2f8808fedcf8df vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\mkvtoolnix\mkvextract.exe"
sh=2BE15B06915B52C350A3D46F52B73D025CFD99CC ft=1 fh=dbde8cef443156b8 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\mkvtoolnix\mkvinfo.exe"
sh=05B0A008900D22F5742040F01B7111F102A81E86 ft=1 fh=4a0774fa5a80586a vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\mkvtoolnix\mkvmerge.exe"
sh=3BC74F28C649CE6BF08AD2C43D547AE3A1FE66A0 ft=1 fh=31579e5a16dc49ac vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\mkvtoolnix\mkvpropedit.exe"
sh=F216FA6B41A4B73D392E70EE96988B16A1632B11 ft=1 fh=b3f189ace03fbaa3 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\mkvtoolnix\mmg.exe"
sh=574B19685418DF9D3D14517C53A257FDCD4402F8 ft=1 fh=00e4797ccde43069 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\nethack-343-win\NetHack.exe"
sh=9EC01C2DAE2E84F9C7C7AED68356E56407AD288D ft=1 fh=6db3407e64713684 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\nethack-343-win\NetHackW.exe"
sh=979A9419D8088A44FB558A112277B1705AC1E4A7 ft=1 fh=feade7ba3cb705ef vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\Nettalk6de\Nettalk.exe"
sh=90A16257FF04E3CD5A91A1EFFBDDB60A8E1F2BF3 ft=1 fh=a8ae364db73e2946 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\Nettalk6de\Update.exe"
sh=9B569FF15629E57270CA34BA7042D34496CF4E74 ft=1 fh=0817782ed0631092 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\Synthesia-0.8.3\Synthesia-0.8.3\Synthesia.exe"
sh=3E0A80BF70B188D214190F879E79965F4A20829E ft=1 fh=1489fb049e0956b5 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\LuPO_NRW_SV\LuPO_NRW_SV.exe"
sh=E81B92237A677D0011CB35B746A08B0A74C9E6B6 ft=1 fh=9b63f3f55c48b527 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\teeworlds-0.5_trunk-win32\teeworlds-b53-r818cf464-win32\teeworlds.exe"
sh=29BA592C0DFD69B9E33DB57E223EF34A2B1D3B2B ft=1 fh=37772c0506c26dcc vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\7z465.exe"
sh=1BD9D166D870068D37D31E5DE1715BE3C40C6410 ft=1 fh=c6856d803631676a vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Adobe_Photoshop_CS5_Extended-AkamaiDLM.exe"
sh=E89A77FE7B16029333C97466C7B29B3379F5F78E ft=1 fh=176c7fae9d9165fc vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\ccsetup300.exe"
sh=B3E03F441BFC64F4897A584F5203ED072E22F1CB ft=1 fh=250619b75f170261 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\CheatEngine55.exe"
sh=31C084ED221EA2696D5B6C1C73A2D51447DC9968 ft=1 fh=eaaa106b7350a8ec vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\CheatEngine561.exe"
sh=B742A017622E922CFD42F5E23154C3CAAC9CC7C2 ft=1 fh=122fe9ddc21e7990 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\CursorFX_public.exe"
sh=43B613AE4ECE5ADF533BC0367BC61E7CFF8F9ADC ft=1 fh=0198028639698562 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\dircomp-setup.exe"
sh=9230692D627FACD48821F284C838CE61F9EB5003 ft=1 fh=fe7ddae8eb11c2d7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\DivXInstaller.exe"
sh=2D75D9D49E4A55371CF9C67947206122EA133CCB ft=1 fh=208c1d4f2af9e7d7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Downloader_AirRivalsDE.exe"
sh=891126CDD9D918D3B1A58136D25072D6A7C73544 ft=1 fh=56c83102c889810b vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Downloader_Elsword_de.exe"
sh=56B508604F5C3CCADAD6BA8C9541AD95E3FDCB41 ft=1 fh=904ce2f7535eedca vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Dropbox 1.0.10.exe"
sh=4911DFD6883585BF98BFA270626C626E267C944E ft=1 fh=409f0281cdc1c047 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\FileZilla_3.3.5.1_win32-setup.exe"
sh=8E8FEA963428C4EE766E7DF2A325939D6D79B4CD ft=1 fh=96a058484092aa2b vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\FlashMute_2.exe"
sh=2A0BD2487235F44CB13591F03BFEFCD1CED3B0F7 ft=1 fh=02c33567c256f5e3 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\guide_v19.exe"
sh=E76E181DBD838D90F8158C5257DC4A6B5B7C7E05 ft=1 fh=fa92dc68eb951a5d vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\havdetectiontool.exe"
sh=C5CE17603BC580AA301FFD8123AD6A2B00C04322 ft=1 fh=0e4092191c1fa4ba vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\HippoVNC.exe"
sh=878B93849ED1E436D7BC843D74189208E661F7E7 ft=1 fh=f8a64a5e02be74cc vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Inkscape-0.48.0-1.exe"
sh=3908194B1BB9A8683AD2EB0A0A6E16DFB882FFE7 ft=1 fh=d3ad6781fb60694b vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\install_icq7.exe"
sh=38228F29FE457379FF7D351667D6B50F5EE6E3E7 ft=1 fh=3b4c6213f09bee7f vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\IsoBuster_2.8_Deutsch_Setup.exe"
sh=A938377ECA7E51180B8102A5C0E903543C9D049E ft=1 fh=88c75c3699b7344e vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\LF2_v20a_Install.exe"
sh=50954970505AFC794B71CF9CDC492A25F0EAEDBA ft=1 fh=9850a6524e11ef93 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\megavideo_d_setup.exe"
sh=002C6B1815048CA7E049932F655904B6E2019DAC ft=1 fh=41a7a756e089c402 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Minecraft.exe"
sh=500B4F5D2EBECD88EE2D0930D9DEE423381B994B ft=1 fh=a4d78de6c93f2b50 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\PhotoScapeSetup_V3.5.exe"
sh=9207C76C3F513E9DD1024D6A994C94703DF91891 ft=1 fh=99a268b3e4b1088c vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\QuickTimeInstaller.exe"
sh=60F6055F1CA1587504E388F588B73406AF20726F ft=1 fh=b6444bde697915f7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\readerttsinstallger.exe"
sh=6233055CFC9414A9A8EE6B9C49E004B8F842F9AA ft=1 fh=7ee4a29630bd473d vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\setup.exe"
sh=89DF94046F177E8171FB57297D2F5F358F4674B2 ft=1 fh=44c07c79299b7599 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\SetupAnyDVD6720.exe"
sh=7A64F31E20648B1F8DC4B451B385212DDBDED268 ft=1 fh=713f6969c6744028 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\SetupCloneDVD2928Slysoft.exe"
sh=DF5905F94D0A2320599DA237960BAD7740E47E18 ft=1 fh=338f5c3fbc604ba7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\setupd.exe"
sh=EA9F8CADE6684B0A8808D67C47A4FF5A232D1AA9 ft=1 fh=7376a5ee9b72f30d vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\SkypeSetup.exe"
sh=599A131CAA24DFEC0985ADC985FF8D3B04CF19B2 ft=1 fh=62aa1b092e4a7743 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Synthesia-0.7.0-installer.exe"
sh=0D39C8C5028D8D9119C0790ABE857E6B182C3050 ft=1 fh=ea42bcb93d9d2c58 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Synthesia-0.7.3-installer.exe"
sh=B67073B9B25D66C35C2720019E5C99B7D25F615C ft=1 fh=dabaed1368909b41 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\VeohWebPlayerSetup_eng.exe"
sh=CE9854EE1337FEDD4BFC5400BFE7A14F3C417F94 ft=1 fh=f6e38269544eacef vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\vlc-1.1.4-win32.exe"
sh=2855B747AFBE0FA52FA412FFFB991708B964AE54 ft=1 fh=094acb1a39485fb7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\DEUMSDNX1530338\Setup\VSSetupWatson\DW20.EXE"
sh=36DB247F57B7D584E2EC61720900DCCFF9B4765E ft=1 fh=0c8b978ded10b41f vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\DEUMSDNX1530338\Setup\VSSetupWatson\DWTRIG20.EXE"
sh=39D22209B8572F362A1377C5C2438D5B098C1D41 ft=1 fh=1a17fe21e832a350 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\DEUMSDNX1530338\WCU\DExplore\DExplore.exe"
sh=F63C21DE283AC84CEF4F0BA2F557502AD7E4C6A5 ft=1 fh=4f57fb14f3ea3551 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\DEUMSDNX1530338\WCU\DExplore\dexplorelp.exe"
sh=141B40851215AD2F11F44D8FB8C9986EBFF6ADD3 ft=1 fh=b2f1aaa6822a882b vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\DEUMSDNX1530338\WCU\msi31\WindowsInstaller-KB893803-v2-x86.exe"
sh=6BFCA08204F447EF0650E64041C712FBCD2A4BF6 ft=1 fh=9e823c9295f64bad vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\dorgem210\Dorgem.exe"
sh=998312F242758A7CD1FF67BD519905AF0CBC0C48 ft=1 fh=6a59148921e05b15 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\KingdomLF2_v0.9(unfinished)\KingdomLF2.exe"
sh=CADF8A8AF8C664A5739457E671EAA55BED1848FF ft=1 fh=8ad579add6abef08 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\other\sdl\Microsoft\Feeds Cache\LRH1JVSR\teeworlds.exe"
sh=0C98C269F9C78E11AACA4D8B9C5EB1ED2AEB38E2 ft=1 fh=f3edf80b10d7781a vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\skillwheel\skillwheel.exe"
sh=E1151738198B27A3D610C8E7D8C10B338203ADA3 ft=1 fh=8a4e7b68749f84f2 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\teeworlds-b46-r533d28e3-win32\teeworlds.exe"
sh=C841C2A50C379E31BB640A6CA69D0B0C305FF191 ft=1 fh=8e89a3d5d8442e87 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\VirtualDub-1.9.10\auxsetup.exe"
sh=56B09C487A93AB2D7DED49E7E82A6E64139BEF22 ft=1 fh=01ed8c96507d4569 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\VirtualDub-1.9.10\vdub.exe"
sh=77F9BA16EFF640EF2B91285EA28B5016AA2535AB ft=1 fh=d9fd5296b78cba57 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\VirtualDub-1.9.10\VirtualDub.exe"
sh=F36AAD1114FCE7BA5E2423C75289A5C7DBED7BE0 ft=1 fh=2a87f73b687e4607 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\VirtualDub-1.9.10\VirtualDubMod.exe"
sh=C695153E025DFDA6D5FC1B6626B0A380AAF1605E ft=1 fh=f478715bab020921 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\wavpack-4.60.1\wavpack.exe"
sh=7AC58505B2FA7E6AB3B31247AC1F7C2219118857 ft=1 fh=8ce170131054d5e0 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\wavpack-4.60.1\wvgain.exe"
sh=B227771C0BE34C7F3CB2855B66F86B0E900D8399 ft=1 fh=7998f323f46d48a2 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\wavpack-4.60.1\wvunpack.exe"
sh=F204D15FF0089A4CE9C2E3FE4C3E76B6CF26402A ft=1 fh=2f6d5939ba61263b vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\webcam-snapshot.tar\webcam-snapshot\snap.exe"
sh=75F6FBA27643B1CBB1EBAD5DDEE1F42A0CDBE793 ft=1 fh=5027de1fca8d6087 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\webcam-snapshot.tar\webcam-snapshot\snap_lucky_home.exe"
sh=F7DF721C27633DE30C3ADD035F27031532069EFF ft=1 fh=8543743461c96f2f vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\webcam-snapshot.tar\webcam-snapshot\snap_lucky_mobile.exe"
sh=64FBC0F6B32078FF3C6BA9C1F7BDD3E482C3A64A ft=1 fh=ca0777b64c956251 vn="Win32/Sality.NBA virus" ac=I fn="E:\NVIDIA\DisplayDriver\260.89\Vista\International\Display.Driver\dbInstaller.exe"
sh=EAFC02909F3EF1026A7FD5E20270C07A3EA97A2A ft=1 fh=0d9f740b529cc452 vn="Win32/Sality.NBA virus" ac=I fn="E:\NVIDIA\DisplayDriver\260.89\Vista\International\NV3DVision\3DVision_260.89.exe"
sh=400F03C923A98DF5D8F88E748C4E31A3AD622C91 ft=1 fh=f3adbec902ec12fc vn="Win32/Sality.NBA virus" ac=I fn="E:\NVIDIA\DisplayDriver\260.89\Vista\International\NView\nviewsetup.exe"
sh=D5729DE99254021E59D61EA883A0B4F35E284EBF ft=1 fh=fc8038cf8f59a33f vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\7-Zip\7z.exe"
sh=0FCF1821BF144F1EF6A784CA7B93031536B9B614 ft=1 fh=ebd2c64d6c4fd65a vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\7-Zip\7zFM.exe"
sh=6765B621CECA2E32C243BBD90FE107D1305B3B05 ft=1 fh=87394442053df2a6 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\7-Zip\7zG.exe"
sh=4AED1053E311D5C6F5A6176A18CE1DC8D80AAB00 ft=1 fh=28e1236cae8008cb vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\7-Zip\Uninstall.exe"
sh=2B627DEEA3FE657DF2B790CD917C8B1B85696D17 ft=1 fh=6f713e88d1e53304 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe"
sh=75FB61C4769F338E15EC963840E05A648A943204 ft=1 fh=36cba347e8754ba7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Adobe\Reader 9.0\Reader\Eula.exe"
sh=BFEFD6E0678F9135A6A99A17F17E518266F580F0 ft=1 fh=f9e68b1057a3b793 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Adobe\Reader 9.0\Reader\LogTransport2.exe"
sh=CFC088C8B888BE3F36B1860B9B668BFEEE6F2A43 ft=1 fh=3dd92aa12a8eb6b4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe"
sh=2150CB849BF36F64EF88F80E8C651A2387234EF7 ft=1 fh=45ec9c351f4f8130 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\AirRivals\airrivals.exe"
sh=E7C2D9404A44507DF27C99F435B0479E61ECEB2B ft=1 fh=8743636963090648 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\AirRivals\HShield\AhnRpt.exe"
sh=2F82FAFDC5BE1661655E1C1A248203699E83144E ft=1 fh=f191e1b27a0595ad vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\AirRivals\Res-VoIP\SCVoIP.exe"
sh=099B536703BC607D09F6AD7F8BC3C67565D87989 ft=1 fh=9c567fd06066a015 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Apple Software Update\SoftwareUpdate.exe"
sh=813574ADC03EC820BB5342B1B7EB7AE14A2AF81F ft=1 fh=e0f13ce3908fdc33 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CCleaner\CCleaner.exe"
sh=B7544881D9B7D0CDB5F22C5864F0A147BCF6F876 ft=1 fh=a1cdd377970c787e vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CCleaner\uninst.exe"
sh=F8D24CDD95D5B5FC1290F68FD119226DC75F6FED ft=1 fh=3b9044d705d91217 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CE\Cheat Engine\unins000.exe"
sh=5566749AA38E075B2B6023738D4CF848B6B7F970 ft=1 fh=328abdb3f295a847 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Cheat Engine\unins000.exe"
sh=4A6331BF07D7163B5F825B2D31D9C70AE2C92567 ft=1 fh=c95635eb551ae8fa vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CloneDVD2\CloneDVD2-uninst.exe"
sh=1DFFA606F7B1BEC40112953C0DD7697DB52C1937 ft=1 fh=a21657b69b87f2fd vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CloneDVD2\ExecuteWithUAC.exe"
sh=E9FE69A411D9C2A149C78F57B1556F5829C03C79 ft=1 fh=62c56af377930607 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CloneDVD2\RegCloneDVD.exe"
sh=8089F4416665C30F6CD370CE3846DB6A4E7B517A ft=1 fh=0c718c321f84a2b5 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe"
sh=1DFBF73E1F730F929A9D0816898EFCEBA30B46B3 ft=1 fh=2e8cc567492003cc vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe"
sh=EBB15EE699026E50EF0FFAA9B17A3243FFFBE32D ft=1 fh=6740c23b5a49b357 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe"
sh=408D389AADB3A87A0F5CDE10FC16A5F5014709A5 ft=1 fh=f3e4f5eed65faa07 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Common Files\Java\Java Update\jucheck.exe"
sh=5001AA4F1ECF4480BBCD9ADC040CEDBCBCB62FB0 ft=1 fh=8c1761e768b8dfc4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Common Files\Java\Java Update\jusched.exe"
sh=65F765ECD2D2531BC24A50BC5CADE1662F85901C ft=1 fh=734d05fdbf4e550a vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\CrypTool.exe"
sh=8A6D38E69C477C17D2DD392669F0D5DE77DDA456 ft=1 fh=cdd535c20e59efa4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\Enigma_de.exe"
sh=1A723464F03FD58A3B2313A47CAB59A3C2BB5B5B ft=1 fh=dce50ac1c0b66bbc vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\Rijndael-Animation.exe"
sh=07D3940E999D94D9F43424EB4F7BF88BED910EA3 ft=1 fh=bc2be5bbb2602201 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\Rijndael-Inspector.exe"
sh=0BF0601AF31D1DCE29D86B4DC9C51115E121DDE2 ft=1 fh=c1ccd797cb5f552b vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\Uninstall.exe"
sh=F7E5ACDA6D8E3868A726EAA1D7D85943591F9CAE ft=1 fh=2963a2de562b88e4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\Zahlenhai.exe"
sh=DBCD9024F48D2ED2B6AEDB11EE1967C69A65C2FA ft=1 fh=78cdc364e31130be vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\Bc\Bc.exe"
sh=921EE175AC153A2D5A67050405DEE89BCA48CCDD ft=1 fh=cc8015612d4686bf vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\smimedemo\SMIME_Animation.exe"
sh=BA359D1FAD8AAB03DD5C1C06A48D791002A7A33F ft=1 fh=b40275f205a46c98 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\DivX\DivX Control Panel\DivXControlPanelLauncher.exe"
sh=C9EF5DD60094C958B78C7DDB926F24B2D98F577E ft=1 fh=042332fb017c0d5e vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\DivX\DivX Control Panel\dplreg.exe"
sh=5D36AB3F4CE8D9CF4572BDF42B0ED099F2754E22 ft=1 fh=d4a77c263b476cad vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\DivX\DivX Update\DivXUpdate.exe"
sh=109645411DC7B46C1EDD60DD593FFD761991AAB8 ft=1 fh=951bf6b69701d0ce vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\DownloadToolz\Megavideo Video Downloader\unins000.exe"
sh=5366E7A3DE5CE35314612B64FEDA905F8E914E97 ft=1 fh=4c9af4613912469c vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\emagic\Logic Lugert Edition\EASIMME.exe"
sh=927F3DB49946EA53646D439A72B3F694CD1BED6A ft=1 fh=b3a82cae1c842fbc vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\emagic\Logic Lugert Edition\Logic Lugert Edition.exe"
sh=6ED8C9025BB47CA4ADF39DABAA48FA52FF9D8357 ft=1 fh=fea283513d4532db vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\gspawn-win32-helper-console.exe"
sh=313DF66AE3FA5F49FAFFB9D8632EF287FF430019 ft=1 fh=274b9012fe4afe65 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\gspawn-win32-helper.exe"
sh=2BB21B23300A1D4DDC11574B9C2F5C29674D798B ft=1 fh=92237c20a316adff vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\inkscape.exe"
sh=69768CA262581B4452A28E0AD79AF01A3A5D0F07 ft=1 fh=94bf181d8ef95bdf vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\inkview.exe"
sh=F2275B827751A2603164DF9E24D58A39BDD18678 ft=1 fh=99f16c339f1945d8 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\Uninstall.exe"
sh=C3C5F441C19798DA645E946BC1C1E08BB6BF0BDD ft=1 fh=72daba5b2a4548da vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\python\python.exe"
sh=F0C704B85287784B48A9F5969D2CA168CDBBAAF0 ft=1 fh=720d54d602fc0a32 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\python\pythonw.exe"
sh=4D1CA90A94AE646F43D72CE9AD953F0488FCC055 ft=1 fh=e7b6009c7098e002 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\python\Lib\distutils\command\wininst-6.0.exe"
sh=84B919B94FA18A4CE77A926410878CFF5AD4A96E ft=1 fh=2b252ec21acfbea7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\python\Lib\distutils\command\wininst-6.exe"
sh=3EAFD7C097AC0C5E77C8A5F985D6708D7D5E650C ft=1 fh=a73289e93d6560e3 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\python\Lib\distutils\command\wininst-7.1.exe"
sh=F738BFDE39654CAAC9DE76EA4BCE96C548A8C243 ft=1 fh=3dc928cf01ae9051 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\python\Lib\distutils\command\wininst-9.0.exe"
sh=10064C2CBA3B6742229E3D94E1A3370065855E85 ft=1 fh=55d0b73962a52a36 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\Setup.exe"
sh=B1869D3DB6816B7B5D26AC0C0FA0BDE77492D57C ft=1 fh=1566f17069720fbd vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\Setup.exe"
sh=CB2E6AC343678EE81EE1C90E5563F97E445217DE ft=1 fh=9ea9020c0f8c0e42 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe"
sh=F2116EB5439F3AB327738C2AEF2197BF9E51F264 ft=1 fh=c98bb6e0a39f29f8 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\java-rmi.exe"
sh=038DCAA2ECC78570B1841FC333779A440EAC6FF1 ft=1 fh=e056488a6640b68b vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\java.exe"
sh=176A96E753FA43BB640AF4D341A640AAFB39FBE7 ft=1 fh=886773c103f66c8f vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\javacpl.exe"
sh=05243BEFA82AAC4F647FC40FD2B10DBD9693CEB5 ft=1 fh=81cde6a54cf2b9de vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\javaw.exe"
sh=D167EE3CA566CBA99281AED36965D8C3213A3DB9 ft=1 fh=836c5f23b9c546f5 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\javaws.exe"
sh=7D9E119FCA0B89F5D52C86B70AE240D59D7997B1 ft=1 fh=d2be7d900f061e71 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\jbroker.exe"
sh=48728CBFB770BE0EF2F4607CB9A2123C3D9DCE67 ft=1 fh=2a98793a7dec7032 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\jp2launcher.exe"
sh=9DA5F794B5CA5F919A5A790836A170FFA06EDAE6 ft=1 fh=c01f0300ace8b312 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\jqs.exe"
sh=8B8E34F9BE5E8AB4E19683A0298C983CF0F0B172 ft=1 fh=6a07bfbe9050f812 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\jqsnotify.exe"
sh=3E902BEAA883E8C00A4CE5B5F3BF7674631E023A ft=1 fh=0e7ee2ea4be465ca vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\keytool.exe"
sh=B50F333B240E32A51897B5BA7014C8D6C9D8DFBA ft=1 fh=37793eef5aa5a2ff vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\kinit.exe"
sh=AFA15E4C011BB69A99189B89CE0E8F11C7ECE560 ft=1 fh=7191601b989fdf06 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\klist.exe"
sh=FBB27F8D4C4594B04F2F07C689E876F5A51AD43D ft=1 fh=a0e0554c069dfa24 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\ktab.exe"
sh=A8D94F04C28DF9A2EB2692D38730702F99556EEF ft=1 fh=5502a929e7f57124 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\orbd.exe"
sh=18D18E9389AC74038F877BFE7AC18C030A80BC2B ft=1 fh=b2d98382154dd131 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\pack200.exe"
sh=BEF9A44AC29F0290C80DFD9953A49E6A878E1EF6 ft=1 fh=84d1fec4a02b2d80 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\policytool.exe"
sh=577BB10A752DBE7674ED8313C6368834B134BE88 ft=1 fh=ea03cf93401db152 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\rmid.exe"
sh=161DFFDA3BB6EED2476CB23E2F84D8B4DAB2E9DD ft=1 fh=c5fad91b8b83ce66 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\rmiregistry.exe"
sh=147D83C7C8312BAE3F7D9C44B97E6AC64A399168 ft=1 fh=aa824e752e086913 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\servertool.exe"
sh=623392A543C4730F321EADBFEBF9A0F8486CF7EE ft=1 fh=ce73f20b9752d816 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\ssvagent.exe"
sh=20B932664A5FAE982692A548BB54D113E7A43C77 ft=1 fh=00ac557e19357768 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\tnameserv.exe"
sh=7C3D425E562C2C7078125AEAE3D8A76D3231D4E8 ft=1 fh=2049a5890d1a91fd vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\unpack200.exe"
sh=7B5AB8117591182ED1BD86EA8895D207AE6591F2 ft=1 fh=50d64bffc0d5f6e4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\LittleFighter2\LF2_v2.0a\lf2.exe"
sh=DB29ECD632796129E21727A5E7BF5C333FD78E23 ft=1 fh=c35904252b3098e5 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\LittleFighter2\LF2_v2.0a\Uninstal.exe"
sh=68371110005A6A35A3ABDFA12DB881969FBBBC79 ft=1 fh=64d1f1f86fc6d121 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\LittleFighter2\LF2_v2.0a\recording\lfr_summary_generator.exe"
sh=054A52C26BCD1C9F5A58B293A2CC808105BC3226 ft=1 fh=0c447c2e98b3fce2 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Logitech Touch Mouse Server\uninst.exe"
sh=150CF0F345D094D14E50672F0E5BDED1AE093147 ft=1 fh=66c7f8c1944b19b5 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\mt.exe"
sh=2E7FFA148330AB69AC638FE05DD2B88EFE6551AF ft=1 fh=3c3c80a7b9cbd6d7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Microsoft SQL Server\100\Shared\VS2008\1031\rdbgsetup.exe"
sh=D6E94AD2EDF20E430ED0D95A2F22E5CA13669A1D ft=1 fh=aa4827c015ad1bdb vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Microsoft SQL Server\100\Shared\VS2008\1033\rdbgsetup.exe"
sh=5085D5C432963B80758F14A1DA230B25B921FC7A ft=1 fh=66944ec266f4b134 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\My\Certificates\7z.exe"
sh=94613B41CFECCE12C869188925022334B1CA7CB6 ft=1 fh=6e19f6089b0d7246 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\My\Certificates\7zFM.exe"
sh=9AA13CB2967EBA69A0F393FD205BD622DD5CA5CC ft=1 fh=7ca4785b766c2c40 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\My\Certificates\7zG.exe"
sh=EFBCBBE7796962243EC77BFB30C56A18A37B906B ft=1 fh=28e1236cace6ce07 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\My\Certificates\Uninstall.exe"
sh=DFE195FF3AF35D36E1343C77937C4E20235889A1 ft=1 fh=807afd9f852cdbc0 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
sh=F54D6944B94F8145BF532087E96F6E776A6A923C ft=1 fh=3aa0aa2055046d40 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe"
sh=2551469B06475A20386FE336F4A8EE68BE372153 ft=1 fh=6c9dd7c1eb4b1645 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\3D Vision\nvsttest.exe"
sh=8B7E1A637B23135713820FE24DE046AFC04F58D1 ft=1 fh=065729ca5ef00986 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\3D Vision\nvstview.exe"
sh=F1556FF4C0F20A4C6383D86D516FCAA7F42E1675 ft=1 fh=da6009f0985ce05e vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\3D Vision\nvstwiz.exe"
sh=7C1EFE83F738DC153C1CAF515BA17D38523E7E3D ft=1 fh=85c0d2194d9b909b vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe"
sh=CF3FAF4B5DAE375CC2BC11037F840DFA4F9C0286 ft=1 fh=3c65af1b0e50fa79 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
sh=61539B154E62F46519E9048E5C3A344A1E819DEB ft=1 fh=ca0777b68bb8bfa2 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\Drs\dbInstaller.exe"
sh=55BDE77ED0307B3656B3C34E1800AE55DFF2830E ft=1 fh=0d9f740b676f1668 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\Installer2\Display.3DVision.0\3DVision_260.89.exe"
sh=31DC4B9B6C1F7BA6B4A3BF056104D573A36CC40B ft=1 fh=ca0777b665e41369 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.0\dbInstaller.exe"
sh=E4C0EDC53A6C2715A5534BF962A33E0D17D64F3F ft=1 fh=05ff74147cfd0f76 vn="Win32/Sality.NBA virus" ac=I fn="F:\Edna Bricht Aus - Sammler Edition\uninstall.exe"
sh=2958ABDFACEB6AD257F436402227A99B5914DBDF ft=1 fh=3400b56063eefbd7 vn="Win32/Sality.NBA virus" ac=I fn="F:\HOMM6\gu.exe"
sh=F5BB7523EF575F32511B7DDB9A74B591E57733A1 ft=1 fh=7fa00939172899b2 vn="Win32/Sality.NBA virus" ac=I fn="F:\HOMM6\Might & Magic Heroes VI.exe"
sh=808D3EE2A1942AF0DA3967643A5BECE70AD90902 ft=1 fh=019ad208f605229e vn="Win32/Sality.NBA virus" ac=I fn="F:\HOMM6\Redist\UbisoftGameLauncherInstaller-0255.exe"
sh=3B2A5EA937D43DDA691810B4F4A74268FCF93E11 ft=1 fh=4449dd2868595671 vn="Win32/Sality.NBA virus" ac=I fn="F:\HOMM6\Redist\UbisoftGameLauncherInstaller.exe"
sh=C2DB0334D82F4B3EDD33874B56E69F14EC17387B ft=1 fh=4cfe02bd81274b2f vn="Win32/Sality.NBA virus" ac=I fn="F:\StarCraft II\StarCraft II Public Test.exe"
sh=DB10C4AD386D16953D5F869DD71DCF800C204A71 ft=1 fh=4cfe02bd8fffa16a vn="Win32/Sality.NBA virus" ac=I fn="F:\StarCraft II\StarCraft II.exe"
sh=0521AFEF5291BBB5034957D97D3EF795F0F19327 ft=1 fh=66b247555cc118e0 vn="Win32/Sality.NBA virus" ac=I fn="F:\StarCraft II\Support\BlizzardDownloader.exe"
sh=0D786AFB521108BC4B232C506554CE7006CC66A5 ft=1 fh=3c49e6976b19a960 vn="Win32/Sality.NBA virus" ac=I fn="F:\StarCraft II\Support\ErrorReporter.exe"
sh=1CD696CE871BF35207D8230669F54CC72C1F8F5F ft=1 fh=92d1de9d10dec27d vn="Win32/Sality.NBA virus" ac=I fn="F:\StarCraft II\Support\Repair.exe"
|
|
08.05.2013, 15:10
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus beseitigung Sry aber dein System ist im Eimer, Sality hat mit Sicherheit noch mehr Dateien infiziert... Folge bitte dem Artikel zur Neuinstallation von Windows.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2013, 15:55
| #13 |
| | Virus beseitigung Naja hatte sowieso nicht viel Hoffnung ohne dich hätte ich onehin das system komplett gelöscht...Aber Danke dass du dir Zeit für mich genommen hast. Ihr macht hier wirklich tolle Arbeit. Ich würde ja auch gern helfen aber zurzeit gibt es anscheinend keine Ausbildungen...Großes Dank an dich! |
|
08.05.2013, 22:15
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus beseitigung Gut, danke für deine Worte Denk bitte dran, dass du auf keinen Fall von diesem System verarbeitete EXE-Dateien sichern darfst. Du kannst eine Sicherung der Daten machen, aber bitte NUR über ein Rettungsmedium auf Linux-Basis wie zB PartedMagic oder Knoppix, da dann bitte auch nur reine Datendateien sichern wie Musik, Videos, persönliche Dokumente aber bitte KEINE ausführbaren Dateien Programme/Spiele/Setupdateien
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Virus beseitigung |
| anderes, anzeige, anzeigen, beseitigung, dateien, festplatte, festplatten, frage, gen, internet, meldung, namen, netzwerk, office, programm, programme, rechner, scan, scanner, system, verdacht, versteckte, virenscanner, virus, windows-firewall, zugriff |
Linear-Darstellung
