| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.06.2013, 09:31
| #1 |
 | ![Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden - Standard](images/icons/icon1.gif){kind=icon} Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden Hallo Ihr Lieben, Habe bei einem meiner Kunden ein Problem mit dem Oben gennanten Trojaner. Aus den anderen Threads ging hervor das ihr die logs von otl und vom FRST braucht. diese schon mal anbei Vielen Dank für die Hilfe schon mal! Bernd |
|
18.06.2013, 10:11
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden Hi,
__________________Zitat:
 Lesestoff:Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
__________________ |
|
18.06.2013, 10:14
| #3 |
| | Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden Vielen Dank für die Antwort, bin mir bereits bewusst das es ein Rootkit ist
__________________ Ich würds dennoch gerne mit bereinigen versuchen, da ein Neuaufsetzen eine Anfahrt von 350km erfordern würde. LG Bernd |
|
18.06.2013, 10:31
| #4 | ||||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefundenZitat:
Okee  Zitat:
 => Firmenrechner werden hier eigentlich nicht bereinigt (vgl. http://www.trojaner-board.de/108422-...-anfragen.html ) Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.06.2013, 11:01
| #5 |
| | Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden Die Firma hat uns eingesetzt als Dienstleister, da sie auch die Arbeitssoftware von uns bezogen hat. Ich bitte euch dennoch, mir zu helfen, da es sich in der Tat um ein "Kleinunternehmen" handelt. Eine Ausnahme würde mich sehr freuen |
|
18.06.2013, 11:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden Du hast den extra farblich hervorgehobenen Teil gelesen oder überlesen? (ich versteh nicht, warum kaum einer sich dazu äußern will  )
__________________ --> Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden |
|
18.06.2013, 12:45
| #7 |
| | Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden Den Teil hab ich gelesen. Auf dem Rechner selbst sind keine Kundendaten weiter drauf, alle wichtigen Daten und Programme sind 3 fach gesichert. |
|
18.06.2013, 12:53
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden Ok Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.06.2013, 14:27
| #9 |
| | Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden Scan durchgeführt wie gefordert Code:
ATTFilter ComboFix 13-06-18.02 - Administrator 18.06.2013 14:21:07.1.4 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2560.2017 [GMT 2:00]
ausgeführt von:: c:\users\administrator\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\@
c:\$recycle.bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\n
c:\users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E4A7F2F6-B35E-4278-AA1F-C1EB53B911AA}.xps
c:\users\Alex\GoToAssistDownloadHelper.exe
c:\users\elli\4.0
c:\users\hubert\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-18 bis 2013-06-18 ))))))))))))))))))))))))))))))
.
.
2013-06-18 07:49 . 2013-06-18 07:49 -------- d-----w- C:\FRST
2013-06-18 07:32 . 2013-06-18 07:32 -------- d-----w- c:\users\administrator\AppData\Local\ElevatedDiagnostics
2013-06-18 07:01 . 2013-06-14 10:18 -------- d-----w- c:\users\Alex\irisplus-resources
2013-06-10 11:33 . 2013-06-10 11:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-10 11:19 . 2013-06-17 09:51 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-06-04 08:36 . 2013-06-04 08:36 1276 ----a-w- c:\users\Alex\advanced_ip_scanner_MAC.bin
2013-06-04 08:27 . 2013-06-04 08:27 -------- d-----w- c:\program files\Advanced IP Scanner v2
2013-05-31 11:25 . 2013-05-31 11:25 -------- d-----w- c:\users\administrator\AppData\Local\Programs
2013-05-31 11:20 . 2013-05-31 11:20 -------- d-----w- c:\users\administrator\AppData\Roaming\LavasoftStatistics
2013-05-31 11:17 . 2013-05-31 11:17 -------- d-----w- c:\programdata\Downloaded Installations
2013-05-31 11:17 . 2013-05-31 11:17 -------- d-----w- c:\users\administrator\AppData\Local\adawarebp
2013-05-31 11:17 . 2013-05-31 11:17 -------- d-----w- c:\programdata\blekko toolbars
2013-05-31 11:17 . 2013-05-31 11:17 -------- d-----w- c:\programdata\adawaretb
2013-05-31 11:17 . 2013-05-31 11:17 -------- d-----w- c:\program files\adawaretb
2013-05-31 11:17 . 2013-05-31 11:17 -------- d-----w- c:\users\-REISEN\administrator
2013-05-31 11:17 . 2013-05-31 11:17 -------- d-----w- c:\program files\Toolbar Cleaner
2013-05-31 11:16 . 2013-05-31 11:16 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-05-31 11:16 . 2013-05-31 11:16 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-31 11:16 . 2013-05-31 11:21 -------- d-----w- c:\users\administrator\AppData\Roaming\Ad-Aware Antivirus
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-04 12:50 . 2012-11-05 15:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LWBKEYLOCK"="c:\program files\Fujitsu Keyboard Lock Status driver\Keyboard Lock Status driver\3.0\SkeyLock.exe" [2008-05-02 310784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-20 348664]
.
c:\users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Zahlungserinnerung.lnk - f:\profi\wzed.exe [2008-5-23 40960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amadeus Pro Printer.lnk - c:\program files\Amadeus\Pro Printer\autosrv.exe [2012-3-27 155648]
Pano Control Panel.lnk - c:\program files\Pano Logic\PanoDirect\BIN\PanoCP.exe [2012-8-7 800256]
Synccess Client Control Center.lnk - c:\windows\Installer\{36C1AA52-BA44-446F-B911-746C4F4CFED7}\_D9AFE31F1C8DE9FD276890.exe [2012-3-19 10134]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-08-20 36000]
R2 AmadeusProPrinter;AmadeusProPrinter;c:\program files\Amadeus\Pro Printer\Mainsrv.exe [2009-12-18 454656]
R2 AntiVir Security Management Center Agent;Avira Management Console Agent;c:\program files\Avira\Avira Security Management Center Agent\agent.exe [2013-05-15 1128705]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-08-20 86224]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 Pano Direct Service;Pano Direct Service;c:\program files\Pano Logic\PanoDirect\BIN\PanoDirect.EXE [2012-08-07 5655552]
R2 SynccessClientService;SynccessClientService;c:\program files\Z.I.E.L. GmbH\Synccess Client Service\SynccessClientService.exe [2013-03-21 32256]
R2 vmicheartbeat;Hyper-V-Taktdienst;c:\windows\system32\vmicsvc.exe [2010-11-20 215552]
R2 vmickvpexchange;Hyper-V-Datenaustauschdienst;c:\windows\system32\vmicsvc.exe [2010-11-20 215552]
R2 vmicshutdown;Hyper-V-Dienst zum Herunterfahren des Gasts;c:\windows\system32\vmicsvc.exe [2010-11-20 215552]
R2 vmictimesync;Hyper-V-Dienst für Zeitsynchronisierung;c:\windows\system32\vmicsvc.exe [2010-11-20 215552]
R2 vmicvss;Hyper-V-Volumeschattenkopie-Anforderer;c:\windows\system32\vmicsvc.exe [2010-11-20 215552]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-06-10 40776]
R3 panodd;Pano Logic Display Driver;c:\windows\system32\DRIVERS\panomp.sys [2012-08-07 11264]
R3 panologic_aud;Pano Logic Audio Device;c:\windows\system32\drivers\panoaud.sys [2012-08-07 49664]
R3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [2013-06-17 181064]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-20 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2012-08-20 375760]
R4 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-08-20 465360]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-05-31 13560]
S3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-20 126464]
S3 panobus;Pano Logic USB Bus Enumerator;c:\windows\system32\DRIVERS\panobus.sys [2012-08-07 68096]
S3 panokbdf;Pano Logic Keyboard Filter Driver;c:\windows\system32\DRIVERS\panokbdf.sys [2012-08-07 14336]
S3 panomouf;Pano Logic Mouse Filter Driver;c:\windows\system32\DRIVERS\panomouf.sys [2012-08-07 15360]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: amadeus.com
Trusted Zone: amadeus.com\content
Trusted Zone: amadeus.net\content.1a
Trusted Zone: amadeusproweb.com
Trusted Zone: amadeusvista.com
Trusted Zone: amadeusvista.com\Muc.http.farm6.software
Trusted Zone: amadeusvista.com\Muc.http.farm8.software
Trusted Zone: amadeusvista.com\Muc.https.farm11.software
Trusted Zone: amadeusvista.com\Muc.https.farm5.software
Trusted Zone: navitel.fr
Trusted Zone: sncm.fr
TCP: Interfaces\{58E23BA3-67FE-4C26-B7A5-2D7E32E9D64A}: NameServer = 192.168.0.10,192.168.0.1
DPF: {126C289A-607B-4251-BF31-1555A5951948} - hxxps://www-18.synccess.net/synccess/TConnector2.CAB
DPF: {A0C97109-2786-11DB-BDEF-0013D350667C} - hxxps://www-18.synccess.net/SYNCCESS/DMS/editdoc/tx.cab
DPF: {F96020DD-C373-44A0-82B6-064EF0AEEAE3} - hxxp://certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
Toolbar-10 - (no file)
AddRemove-PDF Creator - c:\program\uninstpw.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3842022481-3051178987-2627056959-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,f1,86,6b,4c,3c,61,48,83,e7,1a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,f1,86,6b,4c,3c,61,48,83,e7,1a,\
.
[HKEY_USERS\S-1-5-21-3842022481-3051178987-2627056959-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3842022481-3051178987-2627056959-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3842022481-3051178987-2627056959-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-3842022481-3051178987-2627056959-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3842022481-3051178987-2627056959-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3842022481-3051178987-2627056959-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\panodd\Device0]
@Denied: (2) (LocalSystem)
"InstalledDisplayDrivers"=multi:"panodd\00\00"
"VgaCompatible"=dword:00000000
"Device Description"="Pano Logic Display Driver"
"Acceleration.Level"=dword:00000000
.
Zeit der Fertigstellung: 2013-06-18 14:36:24
ComboFix-quarantined-files.txt 2013-06-18 12:36
.
Vor Suchlauf: 9 Verzeichnis(se), 82.356.985.856 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 82.829.045.760 Bytes frei
.
- - End Of File - - 8590D4438C0E587BC6A46FEA797A67D7
A36C5E4F47E84449FF07ED3517B43A31
|
|
18.06.2013, 14:36
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.06.2013, 16:38
| #11 | |
| | Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden Ich muss gestehen, dass ich vergessen hatte aus dem abgesicherten Modus raus zu gehen. Sollten die vorherigen Scans daher unnütz gewesen sein, entschuldige ich mich hiermit dafür! Aufgefallen ist es mir erst, als Malwarebytes Anti-Rootkit nicht ging und einen Neustart forderte. Können wir hier weiter machen, oder müssen wir aufgrund dessen zurück zu vorherigen punkten? Gmer Scan durchgeführt: GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-18 16:29:47
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Virtual_HD rev.1.1.0 100,00GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldypod.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 816499E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 816831C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
---- EOF - GMER 2.1 ----
Malwarebytes: Zitat:
|
|
19.06.2013, 00:01
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.06.2013, 09:44
| #13 |
| | Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden aswMBR ist fehlgeschlagen und hat sich aufgehängt. Wie beschrieben av scan auf none gestellt und erneut durchlaufen lassen aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-19 10:37:34
-----------------------------
10:37:34.543 OS Version: Windows 6.1.7601 Service Pack 1
10:37:34.543 Number of processors: 4 586 0x2C02
10:37:34.543 ComputerName: VM-5 UserName:
10:37:35.730 Initialize success
10:37:51.035 AVAST engine defs: 13061803
10:38:01.404 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:38:01.420 Disk 0 Vendor: Virtual_HD 1.1.0 Size: 102398MB BusType: 3
10:38:01.966 Disk 0 MBR read successfully
10:38:01.966 Disk 0 MBR scan
10:38:01.982 Disk 0 Windows 7 default MBR code
10:38:01.998 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:38:02.060 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102296 MB offset 206848
10:38:02.076 Disk 0 scanning sectors +209709056
10:38:02.201 Disk 0 scanning C:\Windows\system32\drivers
10:38:19.503 Service scanning
10:38:41.038 Modules scanning
10:38:50.361 Disk 0 trace - called modules:
10:38:50.392 ntkrnlpa.exe CLASSPNP.SYS disk.sys Wdf01000.sys vmstorfl.sys halmacpi.dll
10:38:50.908 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a9f1d0]
10:38:50.923 3 CLASSPNP.SYS[82fcf59e] -> nt!IofCallDriver -> [0x85a9f9a8]
10:38:50.939 Scan finished successfully
10:39:20.489 Disk 0 MBR has been saved successfully to "C:\Users\administrator\Desktop\LOGS\MBR.dat"
10:39:20.505 The log file has been saved successfully to "C:\Users\administrator\Desktop\LOGS\aswMBR.txt"
Code:
ATTFilter 10:39:57.0276 3560 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:39:57.0448 3560 ============================================================
10:39:57.0448 3560 Current date / time: 2013/06/19 10:39:57.0448
10:39:57.0448 3560 SystemInfo:
10:39:57.0448 3560
10:39:57.0448 3560 OS Version: 6.1.7601 ServicePack: 1.0
10:39:57.0448 3560 Product type: Workstation
10:39:57.0448 3560 ComputerName: VM-5
10:39:57.0448 3560 UserName: Administrator
10:39:57.0448 3560 Windows directory: C:\Windows
10:39:57.0448 3560 System windows directory: C:\Windows
10:39:57.0448 3560 Processor architecture: Intel x86
10:39:57.0448 3560 Number of processors: 4
10:39:57.0448 3560 Page size: 0x1000
10:39:57.0448 3560 Boot type: Normal boot
10:39:57.0448 3560 ============================================================
10:39:59.0464 3560 Drive \Device\Harddisk0\DR0 - Size: 0x18FFE70000 (100.00 Gb), SectorSize: 0x200, Cylinders: 0x32FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:39:59.0464 3560 ============================================================
10:39:59.0464 3560 \Device\Harddisk0\DR0:
10:39:59.0464 3560 MBR partitions:
10:39:59.0464 3560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:39:59.0464 3560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC7CC000
10:39:59.0464 3560 ============================================================
10:39:59.0495 3560 C: <-> \Device\Harddisk0\DR0\Partition2
10:39:59.0495 3560 ============================================================
10:39:59.0495 3560 Initialize success
10:39:59.0495 3560 ============================================================
10:40:10.0684 1096 ============================================================
10:40:10.0684 1096 Scan started
10:40:10.0684 1096 Mode: Manual; SigCheck; TDLFS;
10:40:10.0684 1096 ============================================================
10:40:13.0013 1096 ================ Scan system memory ========================
10:40:13.0013 1096 System memory - ok
10:40:13.0013 1096 ================ Scan services =============================
10:40:13.0357 1096 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:40:13.0450 1096 1394ohci - ok
10:40:13.0497 1096 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:40:13.0529 1096 ACPI - ok
10:40:13.0529 1096 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:40:13.0591 1096 AcpiPmi - ok
10:40:13.0732 1096 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:40:13.0747 1096 AdobeARMservice - ok
10:40:13.0794 1096 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:40:13.0826 1096 adp94xx - ok
10:40:13.0841 1096 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:40:13.0857 1096 adpahci - ok
10:40:13.0872 1096 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:40:13.0888 1096 adpu320 - ok
10:40:13.0935 1096 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:40:14.0029 1096 AeLookupSvc - ok
10:40:14.0076 1096 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
10:40:14.0169 1096 AFD - ok
10:40:14.0201 1096 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
10:40:14.0341 1096 agp440 - ok
10:40:14.0388 1096 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:40:14.0466 1096 aic78xx - ok
10:40:14.0498 1096 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
10:40:14.0701 1096 ALG - ok
10:40:14.0716 1096 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
10:40:14.0732 1096 aliide - ok
10:40:14.0857 1096 [ 44446F43F8528F80A8B03D68E046A1CA ] Amadeus Automatic Update C:\Program Files\Automatic Update\AutoUpdate.exe
10:40:14.0904 1096 Amadeus Automatic Update ( UnsignedFile.Multi.Generic ) - warning
10:40:14.0904 1096 Amadeus Automatic Update - detected UnsignedFile.Multi.Generic (1)
10:40:15.0107 1096 [ 652EE492987A997A9379E243AA05FF63 ] AmadeusProPrinter C:\Program Files\Amadeus\Pro Printer\Mainsrv.exe
10:40:15.0154 1096 AmadeusProPrinter ( UnsignedFile.Multi.Generic ) - warning
10:40:15.0154 1096 AmadeusProPrinter - detected UnsignedFile.Multi.Generic (1)
10:40:15.0169 1096 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:40:15.0185 1096 amdagp - ok
10:40:15.0201 1096 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
10:40:15.0232 1096 amdide - ok
10:40:15.0232 1096 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:40:15.0279 1096 AmdK8 - ok
10:40:15.0295 1096 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:40:15.0357 1096 AmdPPM - ok
10:40:15.0420 1096 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:40:15.0435 1096 amdsata - ok
10:40:15.0466 1096 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:40:15.0498 1096 amdsbs - ok
10:40:15.0513 1096 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:40:15.0545 1096 amdxata - ok
10:40:15.0716 1096 [ B6521A62CA89177B20F5EAAFB67093DE ] AntiVir Security Management Center Agent C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe
10:40:15.0763 1096 AntiVir Security Management Center Agent ( UnsignedFile.Multi.Generic ) - warning
10:40:15.0763 1096 AntiVir Security Management Center Agent - detected UnsignedFile.Multi.Generic (1)
10:40:16.0060 1096 [ 56BEB1292DC71E49C824455EC582BFCE ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
10:40:16.0092 1096 AntiVirMailService - ok
10:40:16.0154 1096 [ 7ABE4092C35E7D4596487DFA075D84E1 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:40:16.0170 1096 AntiVirSchedulerService - ok
10:40:16.0201 1096 [ 5A37FFA608AE126C9702F5C07E07FC08 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:40:16.0232 1096 AntiVirService - ok
10:40:16.0279 1096 [ 5F2F39626586536CA86F402A1C947463 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
10:40:16.0295 1096 AntiVirWebService - ok
10:40:16.0310 1096 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
10:40:16.0388 1096 AppID - ok
10:40:16.0435 1096 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:40:16.0498 1096 AppIDSvc - ok
10:40:16.0498 1096 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
10:40:16.0623 1096 Appinfo - ok
10:40:16.0670 1096 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
10:40:16.0732 1096 AppMgmt - ok
10:40:16.0748 1096 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
10:40:16.0763 1096 arc - ok
10:40:16.0779 1096 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:40:16.0795 1096 arcsas - ok
10:40:16.0826 1096 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:40:16.0904 1096 AsyncMac - ok
10:40:16.0920 1096 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
10:40:16.0935 1096 atapi - ok
10:40:17.0092 1096 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:40:17.0154 1096 AudioEndpointBuilder - ok
10:40:17.0170 1096 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:40:17.0217 1096 Audiosrv - ok
10:40:17.0342 1096 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:40:17.0357 1096 avgntflt - ok
10:40:17.0389 1096 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:40:17.0404 1096 avipbb - ok
10:40:17.0435 1096 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:40:17.0451 1096 avkmgr - ok
10:40:17.0482 1096 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:40:17.0514 1096 AxInstSV - ok
10:40:17.0560 1096 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
10:40:17.0623 1096 b06bdrv - ok
10:40:17.0639 1096 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:40:17.0764 1096 b57nd60x - ok
10:40:17.0811 1096 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
10:40:17.0873 1096 BDESVC - ok
10:40:17.0889 1096 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
10:40:17.0951 1096 Beep - ok
10:40:18.0029 1096 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
10:40:18.0107 1096 BFE - ok
10:40:18.0201 1096 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
10:40:18.0279 1096 BITS - ok
10:40:18.0295 1096 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:40:18.0311 1096 blbdrive - ok
10:40:18.0357 1096 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:40:18.0436 1096 bowser - ok
10:40:18.0436 1096 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:40:18.0498 1096 BrFiltLo - ok
10:40:18.0545 1096 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:40:18.0608 1096 BrFiltUp - ok
10:40:18.0654 1096 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:40:18.0998 1096 BridgeMP - ok
10:40:19.0061 1096 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
10:40:19.0123 1096 Browser - ok
10:40:19.0170 1096 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:40:19.0217 1096 Brserid - ok
10:40:19.0233 1096 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:40:19.0326 1096 BrSerWdm - ok
10:40:19.0342 1096 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:40:19.0436 1096 BrUsbMdm - ok
10:40:19.0451 1096 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:40:19.0514 1096 BrUsbSer - ok
10:40:19.0514 1096 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:40:19.0608 1096 BTHMODEM - ok
10:40:19.0686 1096 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
10:40:19.0733 1096 bthserv - ok
10:40:19.0873 1096 catchme - ok
10:40:19.0905 1096 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:40:19.0967 1096 cdfs - ok
10:40:19.0998 1096 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:40:20.0030 1096 cdrom - ok
10:40:20.0076 1096 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
10:40:20.0155 1096 CertPropSvc - ok
10:40:20.0170 1096 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
10:40:20.0202 1096 circlass - ok
10:40:20.0233 1096 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
10:40:20.0248 1096 CLFS - ok
10:40:20.0373 1096 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:40:20.0389 1096 clr_optimization_v2.0.50727_32 - ok
10:40:20.0514 1096 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:40:20.0545 1096 clr_optimization_v4.0.30319_32 - ok
10:40:20.0545 1096 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:40:20.0592 1096 CmBatt - ok
10:40:20.0592 1096 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:40:20.0608 1096 cmdide - ok
10:40:20.0655 1096 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
10:40:20.0717 1096 CNG - ok
10:40:20.0748 1096 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:40:20.0764 1096 Compbatt - ok
10:40:20.0780 1096 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:40:20.0811 1096 CompositeBus - ok
10:40:20.0811 1096 COMSysApp - ok
10:40:20.0842 1096 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:40:20.0858 1096 crcdisk - ok
10:40:20.0936 1096 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:40:20.0983 1096 CryptSvc - ok
10:40:20.0999 1096 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
10:40:21.0045 1096 CSC - ok
10:40:21.0186 1096 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
10:40:21.0217 1096 CscService - ok
10:40:21.0295 1096 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
10:40:21.0358 1096 DcomLaunch - ok
10:40:21.0420 1096 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
10:40:21.0467 1096 defragsvc - ok
10:40:21.0499 1096 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:40:21.0545 1096 DfsC - ok
10:40:21.0624 1096 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:40:21.0686 1096 Dhcp - ok
10:40:21.0702 1096 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
10:40:21.0764 1096 discache - ok
10:40:21.0780 1096 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
10:40:21.0796 1096 Disk - ok
10:40:21.0827 1096 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:40:21.0858 1096 dmvsc - ok
10:40:21.0905 1096 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:40:21.0952 1096 Dnscache - ok
10:40:21.0999 1096 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
10:40:22.0046 1096 dot3svc - ok
10:40:22.0092 1096 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
10:40:22.0155 1096 DPS - ok
10:40:22.0296 1096 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:40:22.0483 1096 drmkaud - ok
10:40:22.0530 1096 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:40:22.0561 1096 DXGKrnl - ok
10:40:22.0608 1096 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
10:40:22.0671 1096 EapHost - ok
10:40:22.0796 1096 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
10:40:22.0889 1096 ebdrv - ok
10:40:22.0936 1096 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
10:40:22.0968 1096 EFS - ok
10:40:23.0077 1096 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:40:23.0139 1096 ehRecvr - ok
10:40:23.0155 1096 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
10:40:23.0186 1096 ehSched - ok
10:40:23.0280 1096 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:40:23.0311 1096 elxstor - ok
10:40:23.0343 1096 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:40:23.0374 1096 ErrDev - ok
10:40:23.0452 1096 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
10:40:23.0499 1096 EventSystem - ok
10:40:23.0546 1096 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
10:40:23.0577 1096 exfat - ok
10:40:23.0640 1096 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:40:23.0702 1096 fastfat - ok
10:40:23.0780 1096 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
10:40:23.0827 1096 Fax - ok
10:40:23.0858 1096 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:40:23.0890 1096 fdc - ok
10:40:23.0921 1096 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
10:40:23.0968 1096 fdPHost - ok
10:40:23.0983 1096 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
10:40:24.0030 1096 FDResPub - ok
10:40:24.0061 1096 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:40:24.0077 1096 FileInfo - ok
10:40:24.0093 1096 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:40:24.0155 1096 Filetrace - ok
10:40:24.0171 1096 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:40:24.0186 1096 flpydisk - ok
10:40:24.0186 1096 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:40:24.0233 1096 FltMgr - ok
10:40:24.0358 1096 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
10:40:24.0421 1096 FontCache - ok
10:40:24.0515 1096 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:40:24.0530 1096 FontCache3.0.0.0 - ok
10:40:24.0546 1096 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:40:24.0562 1096 FsDepends - ok
10:40:24.0593 1096 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:40:24.0608 1096 Fs_Rec - ok
10:40:24.0655 1096 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:40:24.0827 1096 fvevol - ok
10:40:24.0874 1096 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:40:24.0905 1096 gagp30kx - ok
10:40:24.0921 1096 [ 483924F92E55A5F9423201EC635E2CED ] gfibto C:\Windows\system32\drivers\gfibto.sys
10:40:24.0937 1096 gfibto - ok
10:40:25.0030 1096 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
10:40:25.0093 1096 gpsvc - ok
10:40:25.0140 1096 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:40:25.0187 1096 hcw85cir - ok
10:40:25.0234 1096 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:40:25.0249 1096 HDAudBus - ok
10:40:25.0296 1096 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:40:25.0343 1096 HidBatt - ok
10:40:25.0374 1096 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:40:25.0405 1096 HidBth - ok
10:40:25.0452 1096 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
10:40:25.0499 1096 HidIr - ok
10:40:25.0530 1096 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
10:40:25.0593 1096 hidserv - ok
10:40:25.0624 1096 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:40:25.0655 1096 HidUsb - ok
10:40:25.0671 1096 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:40:25.0734 1096 hkmsvc - ok
10:40:25.0780 1096 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:40:25.0843 1096 HomeGroupListener - ok
10:40:25.0890 1096 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:40:25.0921 1096 HomeGroupProvider - ok
10:40:26.0015 1096 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:40:26.0031 1096 HpSAMD - ok
10:40:26.0077 1096 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:40:26.0140 1096 HTTP - ok
10:40:26.0140 1096 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:40:26.0156 1096 hwpolicy - ok
10:40:26.0187 1096 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:40:26.0234 1096 i8042prt - ok
10:40:26.0281 1096 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:40:26.0296 1096 iaStorV - ok
10:40:26.0421 1096 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:40:26.0452 1096 idsvc - ok
10:40:26.0484 1096 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:40:26.0499 1096 iirsp - ok
10:40:26.0562 1096 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
10:40:26.0624 1096 IKEEXT - ok
10:40:26.0640 1096 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
10:40:26.0656 1096 intelide - ok
10:40:26.0687 1096 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:40:26.0703 1096 intelppm - ok
10:40:26.0734 1096 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:40:26.0781 1096 IPBusEnum - ok
10:40:26.0828 1096 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:40:26.0890 1096 IpFilterDriver - ok
10:40:26.0906 1096 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:40:26.0937 1096 IPMIDRV - ok
10:40:26.0968 1096 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:40:27.0015 1096 IPNAT - ok
10:40:27.0046 1096 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:40:27.0093 1096 IRENUM - ok
10:40:27.0093 1096 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:40:27.0124 1096 isapnp - ok
10:40:27.0203 1096 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:40:27.0234 1096 iScsiPrt - ok
10:40:27.0328 1096 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:40:27.0343 1096 kbdclass - ok
10:40:27.0406 1096 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:40:27.0437 1096 kbdhid - ok
10:40:27.0468 1096 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
10:40:27.0484 1096 KeyIso - ok
10:40:27.0718 1096 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:40:27.0734 1096 KSecDD - ok
10:40:27.0875 1096 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:40:27.0890 1096 KSecPkg - ok
10:40:27.0953 1096 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
10:40:28.0000 1096 KtmRm - ok
10:40:28.0062 1096 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
10:40:28.0109 1096 LanmanServer - ok
10:40:28.0156 1096 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:40:28.0203 1096 LanmanWorkstation - ok
10:40:28.0250 1096 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:40:28.0312 1096 lltdio - ok
10:40:28.0343 1096 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:40:28.0406 1096 lltdsvc - ok
10:40:28.0422 1096 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
10:40:28.0468 1096 lmhosts - ok
10:40:28.0500 1096 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:40:28.0531 1096 LSI_FC - ok
10:40:28.0531 1096 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:40:28.0547 1096 LSI_SAS - ok
10:40:28.0547 1096 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:40:28.0578 1096 LSI_SAS2 - ok
10:40:28.0593 1096 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:40:28.0609 1096 LSI_SCSI - ok
10:40:28.0656 1096 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
10:40:28.0718 1096 luafv - ok
10:40:28.0765 1096 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:40:28.0781 1096 MBAMProtector - ok
10:40:28.0875 1096 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:40:28.0906 1096 MBAMScheduler - ok
10:40:28.0984 1096 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:40:29.0015 1096 MBAMService - ok
10:40:29.0062 1096 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:40:29.0078 1096 Mcx2Svc - ok
10:40:29.0093 1096 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
10:40:29.0109 1096 megasas - ok
10:40:29.0125 1096 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:40:29.0140 1096 MegaSR - ok
10:40:29.0172 1096 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
10:40:29.0234 1096 MMCSS - ok
10:40:29.0250 1096 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
10:40:29.0297 1096 Modem - ok
10:40:29.0344 1096 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:40:29.0375 1096 monitor - ok
10:40:29.0406 1096 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:40:29.0422 1096 mouclass - ok
10:40:29.0437 1096 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:40:29.0484 1096 mouhid - ok
10:40:29.0515 1096 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:40:29.0531 1096 mountmgr - ok
10:40:29.0547 1096 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
10:40:29.0562 1096 mpio - ok
10:40:29.0594 1096 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:40:29.0625 1096 mpsdrv - ok
10:40:29.0640 1096 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:40:29.0656 1096 MRxDAV - ok
10:40:29.0703 1096 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:40:29.0734 1096 mrxsmb - ok
10:40:29.0797 1096 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:40:29.0828 1096 mrxsmb10 - ok
10:40:29.0844 1096 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:40:29.0890 1096 mrxsmb20 - ok
10:40:29.0906 1096 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
10:40:29.0922 1096 msahci - ok
10:40:29.0953 1096 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:40:29.0969 1096 msdsm - ok
10:40:30.0000 1096 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
10:40:30.0031 1096 MSDTC - ok
10:40:30.0062 1096 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:40:30.0109 1096 Msfs - ok
10:40:30.0125 1096 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:40:30.0187 1096 mshidkmdf - ok
10:40:30.0203 1096 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:40:30.0234 1096 msisadrv - ok
10:40:30.0281 1096 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:40:30.0328 1096 MSiSCSI - ok
10:40:30.0344 1096 msiserver - ok
10:40:30.0344 1096 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:40:30.0391 1096 MSKSSRV - ok
10:40:30.0391 1096 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:40:30.0453 1096 MSPCLOCK - ok
10:40:30.0453 1096 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:40:30.0500 1096 MSPQM - ok
10:40:30.0516 1096 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:40:30.0531 1096 MsRPC - ok
10:40:30.0562 1096 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:40:30.0578 1096 mssmbios - ok
10:40:30.0578 1096 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:40:30.0625 1096 MSTEE - ok
10:40:30.0625 1096 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:40:30.0656 1096 MTConfig - ok
10:40:30.0672 1096 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
10:40:30.0703 1096 Mup - ok
10:40:30.0766 1096 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
10:40:30.0828 1096 napagent - ok
10:40:30.0875 1096 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:40:30.0906 1096 NativeWifiP - ok
10:40:30.0937 1096 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:40:30.0984 1096 NDIS - ok
10:40:31.0016 1096 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:40:31.0078 1096 NdisCap - ok
10:40:31.0094 1096 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:40:31.0141 1096 NdisTapi - ok
10:40:31.0156 1096 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:40:31.0188 1096 Ndisuio - ok
10:40:31.0219 1096 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:40:31.0266 1096 NdisWan - ok
10:40:31.0281 1096 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:40:31.0328 1096 NDProxy - ok
10:40:31.0359 1096 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:40:31.0422 1096 NetBIOS - ok
10:40:31.0469 1096 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:40:31.0500 1096 NetBT - ok
10:40:31.0516 1096 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
10:40:31.0531 1096 Netlogon - ok
10:40:31.0594 1096 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
10:40:31.0641 1096 Netman - ok
10:40:31.0719 1096 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
10:40:31.0766 1096 netprofm - ok
10:40:31.0797 1096 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:40:31.0828 1096 NetTcpPortSharing - ok
10:40:31.0859 1096 [ 104BE93F0607C6AA0D85319581F96EC2 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
10:40:31.0891 1096 netvsc - ok
10:40:31.0922 1096 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:40:31.0938 1096 nfrd960 - ok
10:40:31.0985 1096 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
10:40:32.0031 1096 NlaSvc - ok
10:40:32.0047 1096 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:40:32.0094 1096 Npfs - ok
10:40:32.0125 1096 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
10:40:32.0172 1096 nsi - ok
10:40:32.0188 1096 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:40:32.0235 1096 nsiproxy - ok
10:40:32.0281 1096 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:40:32.0344 1096 Ntfs - ok
10:40:32.0391 1096 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
10:40:32.0422 1096 Null - ok
10:40:32.0485 1096 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:40:32.0875 1096 nvraid - ok
10:40:32.0922 1096 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:40:32.0953 1096 nvstor - ok
10:40:32.0985 1096 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:40:33.0000 1096 nv_agp - ok
10:40:33.0016 1096 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:40:33.0078 1096 ohci1394 - ok
10:40:33.0235 1096 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:40:33.0344 1096 ose - ok
10:40:33.0750 1096 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:40:33.0875 1096 osppsvc - ok
10:40:33.0938 1096 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:40:33.0985 1096 p2pimsvc - ok
10:40:34.0063 1096 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
10:40:34.0094 1096 p2psvc - ok
10:40:34.0438 1096 [ 0905E37E81F40CD2895BA5A20A6A0A78 ] Pano Direct Service C:\Program Files\Pano Logic\PanoDirect\BIN\PanoDirect.EXE
10:40:34.0547 1096 Pano Direct Service ( UnsignedFile.Multi.Generic ) - warning
10:40:34.0547 1096 Pano Direct Service - detected UnsignedFile.Multi.Generic (1)
10:40:34.0594 1096 [ 8D2A6100AB5FBA19733798ECCB3257B9 ] panobus C:\Windows\system32\DRIVERS\panobus.sys
10:40:34.0625 1096 panobus ( UnsignedFile.Multi.Generic ) - warning
10:40:34.0625 1096 panobus - detected UnsignedFile.Multi.Generic (1)
10:40:34.0641 1096 [ 0576B4A8D05986B35DD6247B46DB58D1 ] panodd C:\Windows\system32\DRIVERS\panomp.sys
10:40:34.0672 1096 panodd - ok
10:40:34.0688 1096 [ 62D23970E94E2AE2BF410D56F28F01AA ] panokbdf C:\Windows\system32\DRIVERS\panokbdf.sys
10:40:34.0719 1096 panokbdf - ok
10:40:34.0735 1096 [ 99FE78408E970045321D64552D5F8B2A ] panologic_aud C:\Windows\system32\drivers\panoaud.sys
10:40:34.0766 1096 panologic_aud - ok
10:40:34.0797 1096 [ 8941089F3D328D8E865889E45032E931 ] panomouf C:\Windows\system32\DRIVERS\panomouf.sys
10:40:34.0829 1096 panomouf - ok
10:40:34.0891 1096 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
10:40:34.0922 1096 Parport - ok
10:40:34.0938 1096 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:40:34.0969 1096 partmgr - ok
10:40:34.0969 1096 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:40:35.0001 1096 Parvdm - ok
10:40:35.0032 1096 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:40:35.0063 1096 PcaSvc - ok
10:40:35.0094 1096 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
10:40:35.0110 1096 pci - ok
10:40:35.0141 1096 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
10:40:35.0157 1096 pciide - ok
10:40:35.0204 1096 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:40:35.0219 1096 pcmcia - ok
10:40:35.0235 1096 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
10:40:35.0266 1096 pcw - ok
10:40:35.0313 1096 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:40:35.0376 1096 PEAUTH - ok
10:40:35.0454 1096 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:40:35.0501 1096 PeerDistSvc - ok
10:40:35.0594 1096 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
10:40:35.0673 1096 pla - ok
10:40:35.0782 1096 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:40:35.0829 1096 PlugPlay - ok
10:40:35.0876 1096 [ 379F7A0EC9FBE07629FD3F244D3E3E44 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:40:35.0923 1096 Pml Driver HPZ12 - ok
10:40:36.0032 1096 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:40:36.0063 1096 PNRPAutoReg - ok
10:40:36.0110 1096 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:40:36.0126 1096 PNRPsvc - ok
10:40:36.0204 1096 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:40:36.0266 1096 PolicyAgent - ok
10:40:36.0298 1096 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
10:40:36.0360 1096 Power - ok
10:40:36.0407 1096 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:40:36.0485 1096 PptpMiniport - ok
10:40:36.0485 1096 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
10:40:36.0532 1096 Processor - ok
10:40:36.0548 1096 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
10:40:36.0595 1096 ProfSvc - ok
10:40:36.0626 1096 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:40:36.0641 1096 ProtectedStorage - ok
10:40:36.0688 1096 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:40:36.0735 1096 Psched - ok
10:40:36.0782 1096 [ A283E768FA12EF33087F07B01F82D6DD ] PSEXESVC C:\Windows\PSEXESVC.EXE
10:40:36.0798 1096 PSEXESVC - ok
10:40:36.0876 1096 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:40:36.0923 1096 ql2300 - ok
10:40:36.0938 1096 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:40:36.0954 1096 ql40xx - ok
10:40:37.0001 1096 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
10:40:37.0048 1096 QWAVE - ok
10:40:37.0063 1096 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:40:37.0110 1096 QWAVEdrv - ok
10:40:37.0126 1096 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:40:37.0204 1096 RasAcd - ok
10:40:37.0251 1096 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:40:37.0298 1096 RasAgileVpn - ok
10:40:37.0345 1096 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
10:40:37.0407 1096 RasAuto - ok
10:40:37.0423 1096 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:40:37.0470 1096 Rasl2tp - ok
10:40:37.0517 1096 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
10:40:37.0579 1096 RasMan - ok
10:40:37.0595 1096 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:40:37.0642 1096 RasPppoe - ok
10:40:37.0673 1096 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:40:37.0720 1096 RasSstp - ok
10:40:37.0782 1096 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:40:37.0829 1096 rdbss - ok
10:40:37.0860 1096 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:40:37.0907 1096 rdpbus - ok
10:40:37.0938 1096 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:40:38.0001 1096 RDPCDD - ok
10:40:38.0032 1096 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:40:38.0095 1096 RDPDR - ok
10:40:38.0095 1096 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:40:38.0157 1096 RDPENCDD - ok
10:40:38.0173 1096 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:40:38.0220 1096 RDPREFMP - ok
10:40:38.0282 1096 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:40:38.0329 1096 RDPWD - ok
10:40:38.0376 1096 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:40:38.0407 1096 rdyboost - ok
10:40:38.0454 1096 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
10:40:38.0501 1096 RemoteAccess - ok
10:40:38.0548 1096 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:40:38.0595 1096 RemoteRegistry - ok
10:40:38.0610 1096 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:40:38.0673 1096 RpcEptMapper - ok
10:40:38.0720 1096 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
10:40:38.0751 1096 RpcLocator - ok
10:40:38.0798 1096 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
10:40:38.0845 1096 RpcSs - ok
10:40:38.0860 1096 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:40:38.0923 1096 rspndr - ok
10:40:38.0954 1096 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
10:40:38.0985 1096 s3cap - ok
10:40:39.0017 1096 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
10:40:39.0032 1096 SamSs - ok
10:40:39.0064 1096 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:40:39.0079 1096 sbp2port - ok
10:40:39.0142 1096 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:40:39.0204 1096 SCardSvr - ok
10:40:39.0220 1096 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:40:39.0282 1096 scfilter - ok
10:40:39.0361 1096 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
10:40:39.0423 1096 Schedule - ok
10:40:39.0454 1096 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:40:39.0501 1096 SCPolicySvc - ok
10:40:39.0532 1096 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:40:39.0579 1096 SDRSVC - ok
10:40:39.0611 1096 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:40:39.0673 1096 secdrv - ok
10:40:39.0704 1096 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
10:40:39.0782 1096 seclogon - ok
10:40:39.0814 1096 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
10:40:39.0861 1096 SENS - ok
10:40:39.0892 1096 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:40:39.0939 1096 SensrSvc - ok
10:40:39.0986 1096 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:40:40.0017 1096 Serenum - ok
10:40:40.0032 1096 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:40:40.0064 1096 Serial - ok
10:40:40.0079 1096 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:40:40.0095 1096 sermouse - ok
10:40:40.0126 1096 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
10:40:40.0173 1096 SessionEnv - ok
10:40:40.0189 1096 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:40:40.0220 1096 sffdisk - ok
10:40:40.0220 1096 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:40:40.0251 1096 sffp_mmc - ok
10:40:40.0267 1096 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:40:40.0314 1096 sffp_sd - ok
10:40:40.0345 1096 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:40:40.0376 1096 sfloppy - ok
10:40:40.0454 1096 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:40:40.0517 1096 SharedAccess - ok
10:40:40.0595 1096 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:40:40.0642 1096 ShellHWDetection - ok
10:40:40.0673 1096 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:40:40.0689 1096 sisagp - ok
10:40:40.0704 1096 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:40:40.0736 1096 SiSRaid2 - ok
10:40:40.0736 1096 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:40:40.0767 1096 SiSRaid4 - ok
10:40:40.0767 1096 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:40:40.0829 1096 Smb - ok
10:40:40.0829 1096 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:40:40.0876 1096 SNMPTRAP - ok
10:40:40.0892 1096 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
10:40:40.0908 1096 spldr - ok
10:40:41.0111 1096 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
10:40:41.0205 1096 Spooler - ok
10:40:41.0392 1096 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
10:40:41.0486 1096 sppsvc - ok
10:40:41.0533 1096 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:40:41.0595 1096 sppuinotify - ok
10:40:41.0689 1096 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:40:41.0720 1096 srv - ok
10:40:41.0783 1096 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:40:41.0814 1096 srv2 - ok
10:40:41.0845 1096 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:40:41.0876 1096 srvnet - ok
10:40:41.0939 1096 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:40:41.0986 1096 SSDPSRV - ok
10:40:42.0017 1096 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
10:40:42.0017 1096 ssmdrv - ok
10:40:42.0064 1096 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:40:42.0095 1096 SstpSvc - ok
10:40:42.0126 1096 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:40:42.0142 1096 stexstor - ok
10:40:42.0205 1096 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
10:40:42.0252 1096 StiSvc - ok
10:40:42.0283 1096 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:40:42.0298 1096 storflt - ok
10:40:42.0330 1096 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
10:40:42.0377 1096 StorSvc - ok
10:40:42.0392 1096 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:40:42.0408 1096 storvsc - ok
10:40:42.0439 1096 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:40:42.0455 1096 swenum - ok
10:40:42.0517 1096 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
10:40:42.0580 1096 swprv - ok
10:40:42.0658 1096 [ B182581C079861B1873A60CCC4A21E84 ] SynccessClientService C:\Program Files\Z.I.E.L. GmbH\Synccess Client Service\SynccessClientService.exe
10:40:42.0673 1096 SynccessClientService ( UnsignedFile.Multi.Generic ) - warning
10:40:42.0673 1096 SynccessClientService - detected UnsignedFile.Multi.Generic (1)
10:40:42.0720 1096 [ 04990C25043705985F1EC40BF704AAAC ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
10:40:42.0736 1096 SynthVid - ok
10:40:42.0798 1096 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
10:40:42.0845 1096 SysMain - ok
10:40:42.0877 1096 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:40:42.0908 1096 TabletInputService - ok
10:40:42.0970 1096 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
10:40:43.0205 1096 TapiSrv - ok
10:40:43.0220 1096 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
10:40:43.0283 1096 TBS - ok
10:40:43.0377 1096 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:40:43.0424 1096 Tcpip - ok
10:40:43.0455 1096 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:40:43.0502 1096 TCPIP6 - ok
10:40:43.0533 1096 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:40:43.0564 1096 tcpipreg - ok
10:40:43.0627 1096 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:40:43.0642 1096 TDPIPE - ok
10:40:43.0689 1096 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:40:43.0705 1096 TDTCP - ok
10:40:43.0736 1096 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:40:43.0783 1096 tdx - ok
10:40:43.0799 1096 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:40:43.0814 1096 TermDD - ok
10:40:43.0877 1096 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
10:40:43.0924 1096 TermService - ok
10:40:43.0955 1096 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
10:40:43.0986 1096 Themes - ok
10:40:44.0002 1096 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
10:40:44.0049 1096 THREADORDER - ok
10:40:44.0064 1096 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
10:40:44.0111 1096 TrkWks - ok
10:40:44.0189 1096 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:40:44.0236 1096 TrustedInstaller - ok
10:40:44.0283 1096 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:40:44.0346 1096 tssecsrv - ok
10:40:44.0346 1096 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:40:44.0408 1096 TsUsbFlt - ok
10:40:44.0424 1096 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:40:44.0439 1096 TsUsbGD - ok
10:40:44.0471 1096 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:40:44.0517 1096 tunnel - ok
10:40:44.0533 1096 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:40:44.0549 1096 uagp35 - ok
10:40:44.0596 1096 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:40:44.0642 1096 udfs - ok
10:40:44.0674 1096 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:40:44.0721 1096 UI0Detect - ok
10:40:44.0721 1096 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:40:44.0736 1096 uliagpkx - ok
10:40:44.0767 1096 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:40:44.0799 1096 umbus - ok
10:40:44.0814 1096 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
10:40:44.0846 1096 UmPass - ok
10:40:44.0892 1096 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
10:40:44.0908 1096 UmRdpService - ok
10:40:44.0986 1096 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
10:40:45.0033 1096 upnphost - ok
10:40:45.0096 1096 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:40:45.0127 1096 usbccgp - ok
10:40:45.0158 1096 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:40:45.0189 1096 usbcir - ok
10:40:45.0221 1096 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:40:45.0252 1096 usbehci - ok
10:40:45.0314 1096 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\drivers\usbhub.sys
10:40:45.0346 1096 usbhub - ok
10:40:45.0393 1096 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:40:45.0424 1096 usbohci - ok
10:40:45.0439 1096 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:40:45.0486 1096 usbprint - ok
10:40:45.0533 1096 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:40:45.0580 1096 USBSTOR - ok
10:40:45.0611 1096 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:40:45.0643 1096 usbuhci - ok
10:40:45.0674 1096 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
10:40:45.0736 1096 UxSms - ok
10:40:45.0752 1096 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
10:40:45.0768 1096 VaultSvc - ok
10:40:45.0799 1096 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:40:45.0830 1096 vdrvroot - ok
10:40:45.0893 1096 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
10:40:46.0002 1096 vds - ok
10:40:46.0033 1096 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:40:46.0065 1096 vga - ok
10:40:46.0080 1096 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:40:46.0111 1096 VgaSave - ok
10:40:46.0111 1096 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:40:46.0143 1096 vhdmp - ok
10:40:46.0158 1096 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:40:46.0174 1096 viaagp - ok
10:40:46.0190 1096 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:40:46.0221 1096 ViaC7 - ok
10:40:46.0221 1096 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
10:40:46.0237 1096 viaide - ok
10:40:46.0299 1096 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:40:46.0330 1096 vmbus - ok
10:40:46.0346 1096 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
10:40:46.0377 1096 VMBusHID - ok
10:40:46.0377 1096 vmicheartbeat - ok
10:40:46.0377 1096 vmickvpexchange - ok
10:40:46.0393 1096 vmicshutdown - ok
10:40:46.0393 1096 vmictimesync - ok
10:40:46.0393 1096 vmicvss - ok
10:40:46.0424 1096 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:40:46.0440 1096 volmgr - ok
10:40:46.0487 1096 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:40:46.0518 1096 volmgrx - ok
10:40:46.0533 1096 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:40:46.0549 1096 volsnap - ok
10:40:46.0596 1096 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:40:46.0612 1096 vsmraid - ok
10:40:46.0721 1096 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
10:40:46.0799 1096 VSS - ok
10:40:46.0846 1096 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:40:46.0877 1096 vwifibus - ok
10:40:46.0940 1096 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
10:40:47.0002 1096 W32Time - ok
10:40:47.0018 1096 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:40:47.0049 1096 WacomPen - ok
10:40:47.0080 1096 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:40:47.0112 1096 WANARP - ok
10:40:47.0127 1096 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:40:47.0159 1096 Wanarpv6 - ok
10:40:47.0252 1096 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
10:40:47.0299 1096 wbengine - ok
10:40:47.0331 1096 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:40:47.0377 1096 WbioSrvc - ok
10:40:47.0440 1096 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:40:47.0471 1096 wcncsvc - ok
10:40:47.0502 1096 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:40:47.0565 1096 WcsPlugInService - ok
10:40:47.0596 1096 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
10:40:47.0612 1096 Wd - ok
10:40:47.0674 1096 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:40:47.0706 1096 Wdf01000 - ok
10:40:47.0721 1096 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:40:47.0846 1096 WdiServiceHost - ok
10:40:47.0862 1096 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:40:47.0878 1096 WdiSystemHost - ok
10:40:47.0940 1096 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
10:40:47.0987 1096 WebClient - ok
10:40:48.0018 1096 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:40:48.0065 1096 Wecsvc - ok
10:40:48.0081 1096 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:40:48.0128 1096 wercplsupport - ok
10:40:48.0159 1096 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
10:40:48.0221 1096 WerSvc - ok
10:40:48.0237 1096 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:40:48.0284 1096 WfpLwf - ok
10:40:48.0362 1096 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:40:48.0378 1096 WIMMount - ok
10:40:48.0456 1096 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:40:48.0518 1096 WinDefend - ok
10:40:48.0518 1096 WinHttpAutoProxySvc - ok
10:40:48.0628 1096 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:40:48.0675 1096 Winmgmt - ok
10:40:48.0753 1096 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
10:40:48.0831 1096 WinRM - ok
10:40:48.0956 1096 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:40:49.0018 1096 Wlansvc - ok
10:40:49.0034 1096 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:40:49.0065 1096 WmiAcpi - ok
10:40:49.0112 1096 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:40:49.0143 1096 wmiApSrv - ok
10:40:49.0253 1096 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:40:49.0331 1096 WMPNetworkSvc - ok
10:40:49.0347 1096 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:40:49.0393 1096 WPCSvc - ok
10:40:49.0425 1096 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:40:49.0503 1096 WPDBusEnum - ok
10:40:49.0518 1096 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:40:49.0565 1096 ws2ifsl - ok
10:40:49.0612 1096 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
10:40:49.0628 1096 wscsvc - ok
10:40:49.0675 1096 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
10:40:49.0706 1096 WSDPrintDevice - ok
10:40:49.0706 1096 WSearch - ok
10:40:49.0847 1096 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
10:40:49.0909 1096 wuauserv - ok
10:40:49.0940 1096 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:40:49.0972 1096 WudfPf - ok
10:40:50.0019 1096 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:40:50.0050 1096 WUDFRd - ok
10:40:50.0081 1096 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:40:50.0128 1096 wudfsvc - ok
10:40:50.0175 1096 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
10:40:50.0222 1096 WwanSvc - ok
10:40:50.0237 1096 ================ Scan global ===============================
10:40:50.0284 1096 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
10:40:50.0347 1096 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
10:40:50.0362 1096 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
10:40:50.0378 1096 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
10:40:50.0456 1096 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
10:40:50.0456 1096 [Global] - ok
10:40:50.0456 1096 ================ Scan MBR ==================================
10:40:50.0487 1096 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:40:51.0519 1096 \Device\Harddisk0\DR0 - ok
10:40:51.0519 1096 ================ Scan VBR ==================================
10:40:51.0519 1096 [ 825D2ACC83CF92516BC4E0C56DC00151 ] \Device\Harddisk0\DR0\Partition1
10:40:51.0519 1096 \Device\Harddisk0\DR0\Partition1 - ok
10:40:51.0566 1096 [ C3B19324AF7449BA6F082F81E0646342 ] \Device\Harddisk0\DR0\Partition2
10:40:51.0566 1096 \Device\Harddisk0\DR0\Partition2 - ok
10:40:51.0566 1096 ============================================================
10:40:51.0566 1096 Scan finished
10:40:51.0566 1096 ============================================================
10:40:51.0597 2728 Detected object count: 6
10:40:51.0597 2728 Actual detected object count: 6
10:42:35.0954 2728 Amadeus Automatic Update ( UnsignedFile.Multi.Generic ) - skipped by user
10:42:35.0954 2728 Amadeus Automatic Update ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:42:35.0954 2728 AmadeusProPrinter ( UnsignedFile.Multi.Generic ) - skipped by user
10:42:35.0954 2728 AmadeusProPrinter ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:42:35.0954 2728 AntiVir Security Management Center Agent ( UnsignedFile.Multi.Generic ) - skipped by user
10:42:35.0954 2728 AntiVir Security Management Center Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:42:35.0954 2728 Pano Direct Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:42:35.0954 2728 Pano Direct Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:42:35.0970 2728 panobus ( UnsignedFile.Multi.Generic ) - skipped by user
10:42:35.0970 2728 panobus ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:42:35.0970 2728 SynccessClientService ( UnsignedFile.Multi.Generic ) - skipped by user
10:42:35.0970 2728 SynccessClientService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:42:41.0923 1508 Deinitialize success
|
|
19.06.2013, 10:08
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.06.2013, 12:11
| #15 |
| | Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x86
Ran by Administrator on 19.06.2013 at 11:37:37,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylontoolbarsrv_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylontoolbarsrv_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3196716
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\adawaretb"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\administrator\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Program Files\adawaretb"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\sweetim"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.06.2013 at 11:39:27,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.303 - Datei am 19/06/2013 um 11:43:01 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Administrator - VM-5
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\administrator\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Users\Alex\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Alex\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Alex\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Alex\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Alex\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Alex\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\elli\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\elli\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\hubert\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Sabrina\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Sabrina\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Sabrina\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Sabrina\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Sabrina\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\setup.VB-REISEN\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Setup\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\Software\adawaretb
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [2322 octets] - [19/06/2013 11:43:01]
########## EOF - C:\AdwCleaner[S1].txt - [2382 octets] ##########
OTL: Code:
ATTFilter OTL logfile created on: 19.06.2013 12:50:49 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\administrator\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,50 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 73,70% Memory free 5,00 Gb Paging File | 4,08 Gb Available in Paging File | 81,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99,90 Gb Total Space | 76,75 Gb Free Space | 76,83% Space Free | Partition Type: NTFS Computer Name: VM-5 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\Avira Security Management Center Agent\agent.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Z.I.E.L. GmbH\Synccess Client Service\SynccessCCC.exe (Z.I.E.L. GmbH) PRC - C:\Programme\Z.I.E.L. GmbH\Synccess Client Service\SynccessClientService.exe (Z.I.E.L. GmbH) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Pano Logic\PanoDirect\BIN\PanoDirect.EXE () PRC - C:\Programme\Pano Logic\PanoDirect\BIN\PanoCP.EXE () PRC - C:\Programme\Automatic Update\AutoUpdate.exe (Amadeus) PRC - C:\Programme\Automatic Update\AutoUpdateGUI.exe (AMADEUS) PRC - C:\Programme\Amadeus\Pro Printer\AmaPrt.exe (Amadeus) PRC - C:\Programme\Amadeus\Pro Printer\ComAdapt.exe (Amadeus) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\vmicsvc.exe (Microsoft Corporation) PRC - C:\Programme\Amadeus\Pro Printer\Mainsrv.exe (Amadeus) PRC - C:\Programme\Amadeus\Pro Printer\autosrv.exe (Amadeus Germany) PRC - C:\Programme\Amadeus\Pro Printer\Panel.exe (Amadeus Germany GmbH) PRC - C:\Programme\Fujitsu Keyboard Lock Status driver\Keyboard Lock Status driver\3.0\SkeyLock.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Programme\Pano Logic\PanoDirect\BIN\PanoCP.EXE () MOD - C:\Programme\Pano Logic\PanoDirect\BIN\QtCore4.dll () MOD - C:\Programme\Pano Logic\PanoDirect\BIN\QtGui4.dll () MOD - C:\Programme\Fujitsu Keyboard Lock Status driver\Keyboard Lock Status driver\3.0\SkeyLock.exe () MOD - C:\Programme\Fujitsu Keyboard Lock Status driver\Keyboard Lock Status driver\3.0\KLOCKDLL.dll () MOD - C:\Programme\Filzip\fzshext.dll () ========== Services (SafeList) ========== SRV - (PSEXESVC) -- C:\Windows\PSEXESVC.EXE (Sysinternals) SRV - (AntiVir Security Management Center Agent) -- C:\Programme\Avira\Avira Security Management Center Agent\agent.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SynccessClientService) -- C:\Programme\Z.I.E.L. GmbH\Synccess Client Service\SynccessClientService.exe (Z.I.E.L. GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Pano Direct Service) -- C:\Program Files\Pano Logic\PanoDirect\BIN\PanoDirect.EXE () SRV - (Amadeus Automatic Update) -- C:\Programme\Automatic Update\AutoUpdate.exe (Amadeus) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (vmicvss) -- C:\Windows\System32\vmicsvc.exe (Microsoft Corporation) SRV - (vmictimesync) -- C:\Windows\System32\vmicsvc.exe (Microsoft Corporation) SRV - (vmicshutdown) -- C:\Windows\System32\vmicsvc.exe (Microsoft Corporation) SRV - (vmickvpexchange) -- C:\Windows\System32\vmicsvc.exe (Microsoft Corporation) SRV - (vmicheartbeat) -- C:\Windows\System32\vmicsvc.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AmadeusProPrinter) -- C:\Programme\Amadeus\Pro Printer\Mainsrv.exe (Amadeus) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys File not found DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (panobus) -- C:\Windows\System32\drivers\panobus.sys (Pano Logic, Inc.) DRV - (panologic_aud) -- C:\Windows\System32\drivers\panoaud.sys (Pano Logic, Inc.) DRV - (panomouf) -- C:\Windows\System32\drivers\panomouf.sys (Pano Logic, Inc.) DRV - (panokbdf) -- C:\Windows\System32\drivers\panokbdf.sys (Pano Logic, Inc.) DRV - (panodd) -- C:\Windows\System32\drivers\panomp.sys (Pano Logic, Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (netvsc) -- C:\Windows\System32\drivers\netvsc60.sys (Microsoft Corporation) DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (SynthVid) -- C:\Windows\System32\drivers\VMBusVideoM.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3842022481-3051178987-2627056959-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3842022481-3051178987-2627056959-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A FA F1 83 F5 6B CE 01 [binary data] IE - HKU\S-1-5-21-3842022481-3051178987-2627056959-500\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3842022481-3051178987-2627056959-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3842022481-3051178987-2627056959-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3842022481-3051178987-2627056959-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2013.06.18 14:32:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LWBKEYLOCK] C:\Program Files\Fujitsu Keyboard Lock Status driver\Keyboard Lock Status driver\3.0\SkeyLock.exe () O4 - Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3842022481-3051178987-2627056959-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3842022481-3051178987-2627056959-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3842022481-3051178987-2627056959-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: amadeus.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: amadeus.com ([content] http in Trusted sites) O15 - HKLM\..Trusted Domains: amadeus.net ([content.1a] http in Trusted sites) O15 - HKLM\..Trusted Domains: amadeusproweb.com ([]http in Trusted sites) O15 - HKLM\..Trusted Domains: amadeusvista.com ([]http in Trusted sites) O15 - HKLM\..Trusted Domains: amadeusvista.com ([Muc.http.farm6.software] http in Trusted sites) O15 - HKLM\..Trusted Domains: amadeusvista.com ([Muc.http.farm8.software] http in Trusted sites) O15 - HKLM\..Trusted Domains: amadeusvista.com ([Muc.https.farm11.software] http in Trusted sites) O15 - HKLM\..Trusted Domains: amadeusvista.com ([Muc.https.farm5.software] http in Trusted sites) O15 - HKLM\..Trusted Domains: navitel.fr ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: sncm.fr ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: amadeus.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: navitel.fr ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sncm.fr ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: amadeus.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: navitel.fr ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sncm.fr ([]* in Trusted sites) O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} hxxp://certificates.amadeusvista.com/sgwadmin/common/AutoUpdateATL42P100.CAB (Amadeus Automatic Update) O16 - DPF: {126C289A-607B-4251-BF31-1555A5951948} https://www-18.synccess.net/synccess/TConnector2.CAB (TConnector2) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {A0C97109-2786-11DB-BDEF-0013D350667C} https://www-18.synccess.net/SYNCCESS/DMS/editdoc/tx.cab (TX - ButtonBar Control) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} hxxp://activex.microsoft.com/controls/vb6/COMDLG32.CAB (Microsoft Common Dialog Control, version 6.0 (SP6)) O16 - DPF: {F96020DD-C373-44A0-82B6-064EF0AEEAE3} hxxp://certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab (RegSiteClientTools Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vb-reisen.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58E23BA3-67FE-4C26-B7A5-2D7E32E9D64A}: NameServer = 192.168.0.10,192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.19 11:46:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Amadeus [2013.06.19 11:37:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.19 11:37:04 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.19 11:36:51 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\administrator\Desktop\JRT.exe [2013.06.19 10:39:34 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\administrator\Desktop\tdsskiller.exe [2013.06.19 09:20:34 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\administrator\Desktop\aswMBR.exe [2013.06.18 17:21:59 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.06.18 17:21:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll [2013.06.18 17:21:22 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.06.18 17:21:18 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.06.18 17:21:18 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.06.18 17:21:18 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.06.18 17:21:15 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.06.18 17:21:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.06.18 17:21:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.06.18 17:20:49 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2013.06.18 17:20:47 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll [2013.06.18 17:20:24 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.06.18 17:20:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.06.18 17:20:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.06.18 17:20:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.06.18 17:20:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.06.18 17:20:17 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.06.18 17:14:27 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.06.18 17:14:27 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.06.18 17:11:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.06.18 17:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.18 16:31:35 | 000,000,000 | ---D | C] -- C:\Users\administrator\Desktop\mbar-1.06.0.1003 [2013.06.18 14:37:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.18 14:37:08 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.18 14:37:08 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Local\temp [2013.06.18 14:17:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.18 14:17:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.18 14:17:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.18 14:16:43 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.18 14:15:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.18 14:14:51 | 005,081,021 | R--- | C] (Swearware) -- C:\Users\administrator\Desktop\ComboFix.exe [2013.06.18 09:49:16 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.18 09:48:51 | 001,365,717 | ---- | C] (Farbar) -- C:\Users\administrator\Desktop\FRST.exe [2013.06.18 09:45:23 | 000,000,000 | ---D | C] -- C:\Users\administrator\Desktop\LOGS [2013.06.18 09:32:43 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Local\ElevatedDiagnostics [2013.06.18 09:32:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\administrator\Desktop\OTL.exe [2013.06.10 13:19:46 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2013.06.04 10:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2 [2013.06.04 10:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced IP Scanner v2 [2013.05.31 13:25:58 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Local\Programs [2013.05.31 13:21:08 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.05.31 13:20:49 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Roaming\LavasoftStatistics [2013.05.31 13:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.05.31 13:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner [2013.05.31 13:16:30 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe [2013.05.31 13:16:30 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys [2013.05.31 13:16:28 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Roaming\Ad-Aware Antivirus [2013.05.31 13:14:42 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Roaming\Macromedia ========== Files - Modified Within 30 Days ========== [2013.06.19 12:49:33 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini [2013.06.19 11:53:22 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 11:53:22 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 11:46:02 | 000,001,933 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amadeus Pro Printer.lnk [2013.06.19 11:45:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.19 11:30:37 | 000,648,201 | ---- | M] () -- C:\Users\administrator\Desktop\adwcleaner.exe [2013.06.19 11:30:01 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\administrator\Desktop\JRT.exe [2013.06.19 09:18:36 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\SYNCCESS® 3.lnk [2013.06.19 09:16:17 | 000,343,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.06.19 09:10:38 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\administrator\Desktop\aswMBR.exe [2013.06.19 09:10:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\administrator\Desktop\tdsskiller.exe [2013.06.18 17:49:59 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.18 17:49:59 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.18 17:49:59 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.18 17:49:59 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.18 15:55:44 | 000,377,856 | ---- | M] () -- C:\Users\administrator\Desktop\gmer_2.1.19163.exe [2013.06.18 14:32:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.06.18 14:14:36 | 005,081,021 | R--- | M] (Swearware) -- C:\Users\administrator\Desktop\ComboFix.exe [2013.06.18 09:48:43 | 001,365,717 | ---- | M] (Farbar) -- C:\Users\administrator\Desktop\FRST.exe [2013.06.18 09:31:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\administrator\Desktop\OTL.exe [2013.06.17 11:51:26 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2013.06.10 13:34:31 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.31 13:16:30 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe [2013.05.31 13:16:30 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys ========== Files Created - No Company Name ========== [2013.06.19 11:42:36 | 000,648,201 | ---- | C] () -- C:\Users\administrator\Desktop\adwcleaner.exe [2013.06.19 09:18:36 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\SYNCCESS® 3.lnk [2013.06.18 15:56:26 | 000,377,856 | ---- | C] () -- C:\Users\administrator\Desktop\gmer_2.1.19163.exe [2013.06.18 14:17:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.18 14:17:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.18 14:17:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.18 14:17:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.18 14:17:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.15 02:03:14 | 000,001,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amadeus Pro Printer.lnk [2012.08.07 17:13:24 | 000,436,224 | ---- | C] () -- C:\Windows\System32\PanoCred.DLL [2012.07.05 16:29:51 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll [2012.03.27 20:50:46 | 000,003,616 | ---- | C] () -- C:\Windows\1aAutoUpdate.ini [2012.03.19 12:41:13 | 000,003,520 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.03.19 12:38:20 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini [2012.03.19 09:34:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.06.2013 12:50:49 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\administrator\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,50 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 73,70% Memory free
5,00 Gb Paging File | 4,08 Gb Available in Paging File | 81,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,90 Gb Total Space | 76,75 Gb Free Space | 76,83% Space Free | Partition Type: NTFS
Computer Name: VM-5 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 192.168.0.10
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{36C1AA52-BA44-446F-B911-746C4F4CFED7}" = Synccess Client Service
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E774FC4-A936-4C73-81CE-5785E125727B}" = Pano Direct Service 6.0.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6AE58D45-F8D0-4474-8528-CA3CC431BF7A}" = SYNCCESS® 3.2.153
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{C94E3F64-C3B8-498F-B900-991161351C07}" = ZListener
"{DA5DEB6B-E108-4652-BFEC-C9B95446F244}" = Advanced IP Scanner
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3493E2F-B147-4EDD-9AE2-5DEDB8776232}" = Avira Management Console Agent
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8D3A94D-278D-4AC3-865C-E65923651BE5}" = BistroPortal
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Professional Security
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Keyboard Lock Status driver_is1" = Keyboard Lock Status driver 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.SingleImage" = Microsoft Office Home and Business 2010
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.06.2013 05:47:02 | Computer Name = VM-5.vb-reisen.local | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 19.06.2013 05:45:37 | Computer Name = VM-5.vb-reisen.local | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 19.06.2013 05:46:05 | Computer Name = VM-5.vb-reisen.local | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 19.06.2013 05:47:12 | Computer Name = VM-5.vb-reisen.local | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
| Themen zu Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden |
| $recycle.bin, anbei, andere, anderen, brauch, datei, gefunde, gen, kunde, liebe, lieben, malware, problem, recycle.bin, threads, tr/sirefef.a., tr/sirefef.a.7, tr/sirefef.a.78, troja, trojan |
![Malware 'TR/Sirefef.A.78' [trojan] wurde in Datei 'C:\$Recycle.Bin\S-1-5-18\$a914ab4a146e17710dc55044bb578e54\U\00000001.@' gefunden](iconimages/plagegeister-aller-art-deren-bekaempfung/malware-tr-sirefef-a-78-trojan-wurde-datei-c-recycle-s-1-5-18-a914ab4a146e17710dc55044bb578e54-u-00000001-gefunden_ltr.gif)
Linear-Darstellung
