| |
| |||||||
Log-Analyse und Auswertung: Viren gefunden und gelöscht. Jetzt sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
21.02.2012, 12:01
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Viren gefunden und gelöscht. Jetzt sauber? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "221.130.13.210"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "221.130.13.210"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "221.130.13.210"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "221.130.13.210"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "221.130.13.210"
FF - prefs.js..network.proxy.ssl_port: 80
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2709662662-993020936-908336301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fd6a9d59-bfe9-11df-9918-0021709bb8cd}\Shell - "" = AutoRun
O33 - MountPoints2\{fd6a9d59-bfe9-11df-9918-0021709bb8cd}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:21654C57
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:73BDADA8
@Alternate Data Stream - 1233 bytes -> C:\ProgramData\Microsoft:JFJWAm3wtl0UqNnvJxSj8OH0jIAQOl
@Alternate Data Stream - 1168 bytes -> C:\ProgramData\Microsoft:A3Doq0xN40mJUXIctI6wf2fA
@Alternate Data Stream - 1100 bytes -> C:\ProgramData\Microsoft:NX3xnklciGslgyE0PfEVIfqf
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.02.2012, 12:43
| #2 |
 | Viren gefunden und gelöscht. Jetzt sauber? Danke!
__________________Ich habe den Fix ausgeführt und die Log-Datei anonymisiert und gespeichert. Leider finde ich die Datei jetzt nicht mehr. Wo speichert denn OTL standardmässig die Logs und wie heisst die Datei? Lg _L_ |
|
21.02.2012, 13:29
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren gefunden und gelöscht. Jetzt sauber? Schau in C:\_OTL mal nach
__________________
__________________ |
|
21.02.2012, 13:52
| #4 |
| | Viren gefunden und gelöscht. Jetzt sauber? Super, danke schön! Hier nun also die Log-Datei. Lg _L_ |
|
21.02.2012, 13:53
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren gefunden und gelöscht. Jetzt sauber? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2012, 19:11
| #6 |
| | Viren gefunden und gelöscht. Jetzt sauber? Hier die Log-Datei vom TDSS-Killer. Code:
ATTFilter 19:04:51.0428 7824 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
19:04:51.0553 7824 ============================================================
19:04:51.0553 7824 Current date / time: 2012/02/21 19:04:51.0553
19:04:51.0553 7824 SystemInfo:
19:04:51.0553 7824
19:04:51.0553 7824 OS Version: 6.1.7601 ServicePack: 1.0
19:04:51.0553 7824 Product type: Workstation
19:04:51.0553 7824 ComputerName: ***
19:04:51.0553 7824 UserName: ***
19:04:51.0553 7824 Windows directory: C:\Windows
19:04:51.0553 7824 System windows directory: C:\Windows
19:04:51.0553 7824 Running under WOW64
19:04:51.0553 7824 Processor architecture: Intel x64
19:04:51.0553 7824 Number of processors: 2
19:04:51.0553 7824 Page size: 0x1000
19:04:51.0553 7824 Boot type: Normal boot
19:04:51.0553 7824 ============================================================
19:04:52.0658 7824 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:04:52.0672 7824 \Device\Harddisk0\DR0:
19:04:52.0672 7824 MBR used
19:04:52.0672 7824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:04:52.0672 7824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1A4E6000
19:04:52.0672 7824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AF9DF0D, BlocksNum 0x1F3E6D34
19:04:52.0750 7824 Initialize success
19:04:52.0750 7824 ============================================================
19:07:04.0149 6092 ============================================================
19:07:04.0149 6092 Scan started
19:07:04.0149 6092 Mode: Manual; SigCheck; TDLFS;
19:07:04.0149 6092 ============================================================
19:07:05.0538 6092 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:07:05.0647 6092 1394ohci - ok
19:07:05.0709 6092 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
19:07:05.0787 6092 61883 - ok
19:07:05.0865 6092 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:07:05.0881 6092 ACPI - ok
19:07:05.0943 6092 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:07:06.0006 6092 AcpiPmi - ok
19:07:06.0084 6092 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:07:06.0115 6092 adp94xx - ok
19:07:06.0162 6092 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:07:06.0193 6092 adpahci - ok
19:07:06.0240 6092 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:07:06.0255 6092 adpu320 - ok
19:07:06.0302 6092 afcdp (3426a6eaa09077f3ab946fb9ceb85d8e) C:\Windows\system32\DRIVERS\afcdp.sys
19:07:06.0349 6092 afcdp - ok
19:07:06.0442 6092 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:07:06.0505 6092 AFD - ok
19:07:06.0552 6092 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:07:06.0567 6092 agp440 - ok
19:07:06.0614 6092 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:07:06.0630 6092 aliide - ok
19:07:06.0645 6092 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:07:06.0661 6092 amdide - ok
19:07:06.0692 6092 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:07:06.0754 6092 AmdK8 - ok
19:07:06.0754 6092 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:07:06.0801 6092 AmdPPM - ok
19:07:06.0832 6092 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:07:06.0848 6092 amdsata - ok
19:07:06.0879 6092 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:07:06.0895 6092 amdsbs - ok
19:07:06.0926 6092 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:07:06.0942 6092 amdxata - ok
19:07:07.0004 6092 AnyDVD (a4837260ab5e274d508a52a6da7c9ed1) C:\Windows\system32\Drivers\AnyDVD.sys
19:07:07.0020 6092 AnyDVD - ok
19:07:07.0082 6092 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:07:07.0238 6092 AppID - ok
19:07:07.0316 6092 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:07:07.0332 6092 arc - ok
19:07:07.0363 6092 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:07:07.0378 6092 arcsas - ok
19:07:07.0410 6092 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:07:07.0534 6092 AsyncMac - ok
19:07:07.0581 6092 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:07:07.0597 6092 atapi - ok
19:07:07.0644 6092 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
19:07:07.0675 6092 Avc - ok
19:07:07.0706 6092 AVCSTRM (155f536d6181508929f4fe177f4167ce) C:\Windows\system32\DRIVERS\avcstrm.sys
19:07:07.0753 6092 AVCSTRM - ok
19:07:07.0815 6092 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:07:07.0878 6092 b06bdrv - ok
19:07:07.0940 6092 b57nd60a (9992652b31c61f74caf09ea07fdb8612) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:07:07.0971 6092 b57nd60a - ok
19:07:08.0002 6092 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:07:08.0065 6092 Beep - ok
19:07:08.0112 6092 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:07:08.0143 6092 blbdrive - ok
19:07:08.0236 6092 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:07:08.0268 6092 bowser - ok
19:07:08.0314 6092 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:07:08.0361 6092 BrFiltLo - ok
19:07:08.0377 6092 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:07:08.0392 6092 BrFiltUp - ok
19:07:08.0439 6092 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:07:08.0486 6092 Brserid - ok
19:07:08.0533 6092 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:07:08.0564 6092 BrSerWdm - ok
19:07:08.0580 6092 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:07:08.0626 6092 BrUsbMdm - ok
19:07:08.0658 6092 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:07:08.0673 6092 BrUsbSer - ok
19:07:08.0751 6092 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:07:08.0798 6092 BthEnum - ok
19:07:08.0814 6092 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:07:08.0845 6092 BTHMODEM - ok
19:07:08.0892 6092 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:07:08.0923 6092 BthPan - ok
19:07:08.0970 6092 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
19:07:09.0001 6092 BTHPORT - ok
19:07:09.0032 6092 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
19:07:09.0079 6092 BTHUSB - ok
19:07:09.0126 6092 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:07:09.0188 6092 cdfs - ok
19:07:09.0235 6092 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:07:09.0282 6092 cdrom - ok
19:07:09.0313 6092 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:07:09.0360 6092 circlass - ok
19:07:09.0391 6092 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:07:09.0422 6092 CLFS - ok
19:07:09.0469 6092 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:07:09.0500 6092 CmBatt - ok
19:07:09.0531 6092 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:07:09.0547 6092 cmdide - ok
19:07:09.0594 6092 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:07:09.0640 6092 CNG - ok
19:07:09.0672 6092 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:07:09.0687 6092 Compbatt - ok
19:07:09.0734 6092 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:07:09.0765 6092 CompositeBus - ok
19:07:09.0796 6092 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:07:09.0812 6092 crcdisk - ok
19:07:09.0859 6092 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:07:09.0906 6092 CSC - ok
19:07:09.0952 6092 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:07:09.0999 6092 DfsC - ok
19:07:10.0015 6092 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:07:10.0046 6092 discache - ok
19:07:10.0093 6092 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:07:10.0093 6092 Disk - ok
19:07:10.0155 6092 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:07:10.0171 6092 drmkaud - ok
19:07:10.0218 6092 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:07:10.0264 6092 DXGKrnl - ok
19:07:10.0358 6092 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:07:10.0452 6092 ebdrv - ok
19:07:10.0561 6092 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
19:07:10.0561 6092 ElbyCDIO - ok
19:07:10.0608 6092 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:07:10.0623 6092 elxstor - ok
19:07:10.0654 6092 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:07:10.0686 6092 ErrDev - ok
19:07:10.0717 6092 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:07:10.0748 6092 exfat - ok
19:07:10.0779 6092 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:07:10.0826 6092 fastfat - ok
19:07:10.0842 6092 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:07:10.0888 6092 fdc - ok
19:07:10.0920 6092 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:07:10.0935 6092 FileInfo - ok
19:07:10.0951 6092 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:07:10.0998 6092 Filetrace - ok
19:07:10.0998 6092 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:07:11.0029 6092 flpydisk - ok
19:07:11.0076 6092 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:07:11.0091 6092 FltMgr - ok
19:07:11.0138 6092 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:07:11.0154 6092 FsDepends - ok
19:07:11.0185 6092 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:07:11.0200 6092 Fs_Rec - ok
19:07:11.0216 6092 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:07:11.0247 6092 fvevol - ok
19:07:11.0263 6092 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:07:11.0278 6092 gagp30kx - ok
19:07:11.0310 6092 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:07:11.0310 6092 GEARAspiWDM - ok
19:07:11.0388 6092 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:07:11.0419 6092 hcw85cir - ok
19:07:11.0481 6092 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:07:11.0512 6092 HdAudAddService - ok
19:07:11.0559 6092 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:07:11.0590 6092 HDAudBus - ok
19:07:11.0606 6092 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:07:11.0637 6092 HidBatt - ok
19:07:11.0653 6092 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:07:11.0684 6092 HidBth - ok
19:07:11.0731 6092 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:07:11.0762 6092 HidIr - ok
19:07:11.0809 6092 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:07:11.0840 6092 HidUsb - ok
19:07:11.0918 6092 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:07:11.0934 6092 HpSAMD - ok
19:07:11.0996 6092 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:07:12.0058 6092 HTTP - ok
19:07:12.0105 6092 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:07:12.0121 6092 hwpolicy - ok
19:07:12.0152 6092 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:07:12.0168 6092 i8042prt - ok
19:07:12.0230 6092 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:07:12.0246 6092 iaStorV - ok
19:07:12.0324 6092 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:07:12.0339 6092 iirsp - ok
19:07:12.0370 6092 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:07:12.0386 6092 intelide - ok
19:07:12.0417 6092 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:07:12.0433 6092 intelppm - ok
19:07:12.0480 6092 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:07:12.0526 6092 IpFilterDriver - ok
19:07:12.0573 6092 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:07:12.0604 6092 IPMIDRV - ok
19:07:12.0667 6092 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:07:12.0714 6092 IPNAT - ok
19:07:12.0760 6092 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:07:12.0838 6092 IRENUM - ok
19:07:12.0870 6092 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:07:12.0885 6092 isapnp - ok
19:07:12.0916 6092 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:07:12.0932 6092 iScsiPrt - ok
19:07:12.0979 6092 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:07:12.0994 6092 kbdclass - ok
19:07:13.0041 6092 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:07:13.0072 6092 kbdhid - ok
19:07:13.0104 6092 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:07:13.0119 6092 KSecDD - ok
19:07:13.0166 6092 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:07:13.0182 6092 KSecPkg - ok
19:07:13.0197 6092 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:07:13.0244 6092 ksthunk - ok
19:07:13.0306 6092 LEqdUsb (8817aba3a9180f6c4b8938842925b1e1) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
19:07:13.0322 6092 LEqdUsb - ok
19:07:13.0353 6092 LHidEqd (8bcb069c2b6da65b5f6f561293ee447c) C:\Windows\system32\DRIVERS\LHidEqd.Sys
19:07:13.0369 6092 LHidEqd - ok
19:07:13.0400 6092 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:07:13.0416 6092 LHidFilt - ok
19:07:13.0447 6092 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:07:13.0509 6092 lltdio - ok
19:07:13.0525 6092 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:07:13.0540 6092 LMouFilt - ok
19:07:13.0572 6092 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:07:13.0587 6092 LSI_FC - ok
19:07:13.0603 6092 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:07:13.0618 6092 LSI_SAS - ok
19:07:13.0650 6092 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:07:13.0665 6092 LSI_SAS2 - ok
19:07:13.0681 6092 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:07:13.0696 6092 LSI_SCSI - ok
19:07:13.0728 6092 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:07:13.0774 6092 luafv - ok
19:07:13.0852 6092 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\Windows\system32\DRIVERS\lv302a64.sys
19:07:13.0868 6092 lvpepf64 - ok
19:07:13.0899 6092 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\Windows\system32\DRIVERS\lvrs64.sys
19:07:13.0930 6092 LVRS64 - ok
19:07:13.0993 6092 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
19:07:14.0008 6092 LVUSBS64 - ok
19:07:14.0055 6092 MADFUMIDISPORT2010 (a3b7a450c59ded98fc189b1bd4d6ab5c) C:\Windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys
19:07:14.0071 6092 MADFUMIDISPORT2010 - ok
19:07:14.0118 6092 MAUSBMIDISPORT (2e48bf22134bd7104edf51aa82a6841f) C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys
19:07:14.0133 6092 MAUSBMIDISPORT - ok
19:07:14.0180 6092 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:07:14.0196 6092 MBAMProtector - ok
19:07:14.0274 6092 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:07:14.0289 6092 megasas - ok
19:07:14.0320 6092 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:07:14.0336 6092 MegaSR - ok
19:07:14.0367 6092 mfeapfk (0d121a46e0148a3bc941fa3bb0269329) C:\Windows\system32\drivers\mfeapfk.sys
19:07:14.0383 6092 mfeapfk - ok
19:07:14.0414 6092 mfeavfk (93f251905c028809ffb49f95a63fcbc9) C:\Windows\system32\drivers\mfeavfk.sys
19:07:14.0430 6092 mfeavfk - ok
19:07:14.0461 6092 mfeavfk01 - ok
19:07:14.0508 6092 mfehidk (a282a937127ea7b15eb85559e59ae576) C:\Windows\system32\drivers\mfehidk.sys
19:07:14.0523 6092 mfehidk - ok
19:07:14.0554 6092 mferkdet (04d7e0e2a48730a1c535837f105e6352) C:\Windows\system32\drivers\mferkdet.sys
19:07:14.0570 6092 mferkdet - ok
19:07:14.0617 6092 mfewfpk (325dd1031cfd71bd4d8afdb1faaf3bea) C:\Windows\system32\drivers\mfewfpk.sys
19:07:14.0632 6092 mfewfpk - ok
19:07:14.0695 6092 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:07:14.0742 6092 Modem - ok
19:07:14.0773 6092 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:07:14.0788 6092 monitor - ok
19:07:14.0835 6092 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:07:14.0851 6092 mouclass - ok
19:07:14.0882 6092 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:07:14.0913 6092 mouhid - ok
19:07:14.0944 6092 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:07:14.0960 6092 mountmgr - ok
19:07:15.0007 6092 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:07:15.0022 6092 mpio - ok
19:07:15.0038 6092 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:07:15.0085 6092 mpsdrv - ok
19:07:15.0132 6092 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:07:15.0210 6092 MRxDAV - ok
19:07:15.0256 6092 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:07:15.0288 6092 mrxsmb - ok
19:07:15.0334 6092 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:07:15.0366 6092 mrxsmb10 - ok
19:07:15.0381 6092 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:07:15.0428 6092 mrxsmb20 - ok
19:07:15.0459 6092 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:07:15.0475 6092 msahci - ok
19:07:15.0522 6092 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:07:15.0537 6092 msdsm - ok
19:07:15.0584 6092 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
19:07:15.0615 6092 MSDV - ok
19:07:15.0646 6092 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:07:15.0678 6092 Msfs - ok
19:07:15.0693 6092 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:07:15.0834 6092 mshidkmdf - ok
19:07:15.0927 6092 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:07:15.0927 6092 msisadrv - ok
19:07:15.0974 6092 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:07:16.0005 6092 MSKSSRV - ok
19:07:16.0036 6092 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:07:16.0083 6092 MSPCLOCK - ok
19:07:16.0114 6092 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:07:16.0161 6092 MSPQM - ok
19:07:16.0208 6092 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:07:16.0239 6092 MsRPC - ok
19:07:16.0286 6092 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:07:16.0302 6092 mssmbios - ok
19:07:16.0333 6092 MSTAPE (966ec55988d580b9823c453781309450) C:\Windows\system32\DRIVERS\mstape.sys
19:07:16.0364 6092 MSTAPE - ok
19:07:16.0380 6092 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:07:16.0411 6092 MSTEE - ok
19:07:16.0426 6092 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:07:16.0473 6092 MTConfig - ok
19:07:16.0489 6092 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:07:16.0504 6092 Mup - ok
19:07:16.0551 6092 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:07:16.0582 6092 NativeWifiP - ok
19:07:16.0645 6092 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:07:16.0692 6092 NDIS - ok
19:07:16.0723 6092 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:07:16.0754 6092 NdisCap - ok
19:07:16.0785 6092 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:07:16.0832 6092 NdisTapi - ok
19:07:16.0894 6092 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:07:16.0941 6092 Ndisuio - ok
19:07:16.0972 6092 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:07:17.0019 6092 NdisWan - ok
19:07:17.0066 6092 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:07:17.0113 6092 NDProxy - ok
19:07:17.0191 6092 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys
19:07:17.0206 6092 Netaapl ( UnsignedFile.Multi.Generic ) - warning
19:07:17.0206 6092 Netaapl - detected UnsignedFile.Multi.Generic (1)
19:07:17.0238 6092 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:07:17.0284 6092 NetBIOS - ok
19:07:17.0316 6092 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:07:17.0362 6092 NetBT - ok
19:07:17.0487 6092 netw5v64 (b0b1ba4b9ae82b8b10d972f0cadaa833) C:\Windows\system32\DRIVERS\netw5v64.sys
19:07:17.0643 6092 netw5v64 - ok
19:07:17.0674 6092 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:07:17.0690 6092 nfrd960 - ok
19:07:17.0721 6092 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:07:17.0752 6092 Npfs - ok
19:07:17.0784 6092 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:07:17.0815 6092 nsiproxy - ok
19:07:17.0893 6092 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:07:17.0940 6092 Ntfs - ok
19:07:17.0971 6092 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:07:18.0018 6092 Null - ok
19:07:18.0049 6092 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:07:18.0080 6092 nusb3hub - ok
19:07:18.0096 6092 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:07:18.0127 6092 nusb3xhc - ok
19:07:18.0314 6092 nvlddmkm (893fef73be84c413c43c7fcd60c3cef2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:07:18.0548 6092 nvlddmkm - ok
19:07:18.0610 6092 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:07:18.0626 6092 nvraid - ok
19:07:18.0642 6092 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:07:18.0673 6092 nvstor - ok
19:07:18.0704 6092 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:07:18.0720 6092 nv_agp - ok
19:07:18.0766 6092 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:07:18.0782 6092 ohci1394 - ok
19:07:18.0844 6092 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:07:18.0876 6092 Parport - ok
19:07:18.0907 6092 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:07:18.0922 6092 partmgr - ok
19:07:18.0969 6092 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:07:18.0985 6092 pci - ok
19:07:19.0047 6092 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:07:19.0063 6092 pciide - ok
19:07:19.0094 6092 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:07:19.0110 6092 pcmcia - ok
19:07:19.0125 6092 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:07:19.0141 6092 pcw - ok
19:07:19.0172 6092 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:07:19.0234 6092 PEAUTH - ok
19:07:19.0344 6092 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS
19:07:19.0422 6092 PID_PEPI - ok
19:07:19.0484 6092 pppop (740db3794b8637a43697e0f408b064b2) C:\Windows\system32\DRIVERS\pppop64.sys
19:07:19.0484 6092 pppop - ok
19:07:19.0531 6092 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:07:19.0578 6092 PptpMiniport - ok
19:07:19.0609 6092 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:07:19.0656 6092 Processor - ok
19:07:19.0702 6092 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:07:19.0749 6092 Psched - ok
19:07:19.0812 6092 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:07:19.0827 6092 PxHlpa64 - ok
19:07:19.0874 6092 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:07:19.0936 6092 ql2300 - ok
19:07:19.0952 6092 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:07:19.0968 6092 ql40xx - ok
19:07:19.0999 6092 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:07:20.0014 6092 QWAVEdrv - ok
19:07:20.0030 6092 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:07:20.0092 6092 RasAcd - ok
19:07:20.0124 6092 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:07:20.0155 6092 RasAgileVpn - ok
19:07:20.0202 6092 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:07:20.0248 6092 Rasl2tp - ok
19:07:20.0280 6092 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:07:20.0326 6092 RasPppoe - ok
19:07:20.0358 6092 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:07:20.0404 6092 RasSstp - ok
19:07:20.0451 6092 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:07:20.0498 6092 rdbss - ok
19:07:20.0514 6092 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:07:20.0545 6092 rdpbus - ok
19:07:20.0576 6092 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:07:20.0623 6092 RDPCDD - ok
19:07:20.0670 6092 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:07:20.0701 6092 RDPDR - ok
19:07:20.0701 6092 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:07:20.0748 6092 RDPENCDD - ok
19:07:20.0779 6092 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:07:20.0810 6092 RDPREFMP - ok
19:07:20.0872 6092 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
19:07:20.0904 6092 RdpVideoMiniport - ok
19:07:20.0982 6092 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:07:21.0013 6092 RDPWD - ok
19:07:21.0075 6092 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:07:21.0091 6092 rdyboost - ok
19:07:21.0169 6092 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:07:21.0200 6092 RFCOMM - ok
19:07:21.0231 6092 rimmptsk (9c23519fc1fd331aaaedc145ab947293) C:\Windows\system32\DRIVERS\rimmpx64.sys
19:07:21.0278 6092 rimmptsk - ok
19:07:21.0309 6092 rismxdp (2a43f9e6dbde12bc0c104785c3b3f5df) C:\Windows\system32\DRIVERS\rixdpx64.sys
19:07:21.0325 6092 rismxdp - ok
19:07:21.0372 6092 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:07:21.0418 6092 rspndr - ok
19:07:21.0465 6092 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:07:21.0512 6092 s3cap - ok
19:07:21.0559 6092 SbieDrv (b7e1ff02c6a9bcde9a34de801e379844) C:\Program Files\Sandboxie\SbieDrv.sys
19:07:21.0574 6092 SbieDrv - ok
19:07:21.0621 6092 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:07:21.0637 6092 sbp2port - ok
19:07:21.0699 6092 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:07:21.0730 6092 scfilter - ok
19:07:21.0808 6092 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
19:07:21.0840 6092 sdbus - ok
19:07:21.0886 6092 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:07:21.0918 6092 secdrv - ok
19:07:21.0949 6092 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:07:21.0980 6092 Serenum - ok
19:07:22.0011 6092 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:07:22.0042 6092 Serial - ok
19:07:22.0089 6092 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:07:22.0105 6092 sermouse - ok
19:07:22.0152 6092 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:07:22.0183 6092 sffdisk - ok
19:07:22.0214 6092 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:07:22.0230 6092 sffp_mmc - ok
19:07:22.0245 6092 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:07:22.0276 6092 sffp_sd - ok
19:07:22.0292 6092 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:07:22.0323 6092 sfloppy - ok
19:07:22.0370 6092 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:07:22.0386 6092 SiSRaid2 - ok
19:07:22.0401 6092 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:07:22.0417 6092 SiSRaid4 - ok
19:07:22.0448 6092 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:07:22.0495 6092 Smb - ok
19:07:22.0557 6092 snapman (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys
19:07:22.0573 6092 snapman - ok
19:07:22.0604 6092 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:07:22.0604 6092 spldr - ok
19:07:22.0698 6092 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:07:22.0729 6092 srv - ok
19:07:22.0776 6092 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:07:22.0822 6092 srv2 - ok
19:07:22.0869 6092 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:07:22.0916 6092 SrvHsfHDA - ok
19:07:22.0963 6092 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:07:23.0025 6092 SrvHsfV92 - ok
19:07:23.0072 6092 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:07:23.0103 6092 SrvHsfWinac - ok
19:07:23.0166 6092 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:07:23.0181 6092 srvnet - ok
19:07:23.0228 6092 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:07:23.0244 6092 stexstor - ok
19:07:23.0290 6092 STHDA (8435ed937f36ab0715e217c382c96a2b) C:\Windows\system32\drivers\stwrt64.sys
19:07:23.0353 6092 STHDA - ok
19:07:23.0400 6092 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
19:07:23.0415 6092 StillCam - ok
19:07:23.0478 6092 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:07:23.0493 6092 storflt - ok
19:07:23.0524 6092 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:07:23.0540 6092 storvsc - ok
19:07:23.0587 6092 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:07:23.0602 6092 swenum - ok
19:07:23.0634 6092 SynasUSB - ok
19:07:23.0665 6092 Synth3dVsc - ok
19:07:23.0696 6092 SynTP (b2a7d0790246e6fcdbdd256c4fcc4975) C:\Windows\system32\DRIVERS\SynTP.sys
19:07:23.0727 6092 SynTP - ok
19:07:23.0805 6092 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:07:23.0868 6092 Tcpip - ok
19:07:23.0930 6092 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:07:23.0961 6092 TCPIP6 - ok
19:07:24.0008 6092 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:07:24.0055 6092 tcpipreg - ok
19:07:24.0086 6092 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:07:24.0133 6092 TDPIPE - ok
19:07:24.0195 6092 tdrpman251 (df9179b7bdf0c5b71f9c3d93c016bae5) C:\Windows\system32\DRIVERS\tdrpm251.sys
19:07:24.0242 6092 tdrpman251 - ok
19:07:24.0273 6092 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:07:24.0320 6092 TDTCP - ok
19:07:24.0367 6092 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:07:24.0414 6092 tdx - ok
19:07:24.0476 6092 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:07:24.0492 6092 TermDD - ok
19:07:24.0523 6092 timounter (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys
19:07:24.0570 6092 timounter - ok
19:07:24.0616 6092 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
19:07:24.0648 6092 TPM - ok
19:07:24.0694 6092 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:07:24.0741 6092 tssecsrv - ok
19:07:24.0788 6092 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:07:24.0835 6092 TsUsbFlt - ok
19:07:24.0850 6092 tsusbhub - ok
19:07:24.0913 6092 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:07:24.0960 6092 tunnel - ok
19:07:24.0991 6092 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:07:25.0006 6092 uagp35 - ok
19:07:25.0038 6092 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:07:25.0100 6092 udfs - ok
19:07:25.0147 6092 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:07:25.0162 6092 uliagpkx - ok
19:07:25.0225 6092 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:07:25.0256 6092 umbus - ok
19:07:25.0287 6092 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:07:25.0303 6092 UmPass - ok
19:07:25.0350 6092 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:07:25.0396 6092 USBAAPL64 - ok
19:07:25.0428 6092 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:07:25.0459 6092 usbaudio - ok
19:07:25.0506 6092 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:07:25.0537 6092 usbccgp - ok
19:07:25.0568 6092 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:07:25.0599 6092 usbcir - ok
19:07:25.0646 6092 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:07:25.0662 6092 usbehci - ok
19:07:25.0708 6092 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:07:25.0740 6092 usbhub - ok
19:07:25.0755 6092 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:07:25.0771 6092 usbohci - ok
19:07:25.0818 6092 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:07:25.0833 6092 usbprint - ok
19:07:25.0849 6092 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:07:25.0880 6092 USBSTOR - ok
19:07:25.0927 6092 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:07:25.0942 6092 usbuhci - ok
19:07:26.0005 6092 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
19:07:26.0052 6092 VClone - ok
19:07:26.0098 6092 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:07:26.0114 6092 vdrvroot - ok
19:07:26.0145 6092 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:07:26.0161 6092 vga - ok
19:07:26.0176 6092 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:07:26.0223 6092 VgaSave - ok
19:07:26.0254 6092 VGPU - ok
19:07:26.0301 6092 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:07:26.0317 6092 vhdmp - ok
19:07:26.0348 6092 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:07:26.0364 6092 viaide - ok
19:07:26.0410 6092 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:07:26.0426 6092 vmbus - ok
19:07:26.0473 6092 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:07:26.0488 6092 VMBusHID - ok
19:07:26.0520 6092 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:07:26.0535 6092 volmgr - ok
19:07:26.0582 6092 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:07:26.0613 6092 volmgrx - ok
19:07:26.0660 6092 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:07:26.0676 6092 volsnap - ok
19:07:26.0707 6092 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
19:07:26.0722 6092 vpcbus - ok
19:07:26.0785 6092 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
19:07:26.0816 6092 vpcnfltr - ok
19:07:26.0863 6092 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
19:07:26.0894 6092 vpcusb - ok
19:07:26.0941 6092 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
19:07:26.0972 6092 vpcvmm - ok
19:07:27.0003 6092 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:07:27.0019 6092 vsmraid - ok
19:07:27.0050 6092 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:07:27.0081 6092 vwifibus - ok
19:07:27.0159 6092 wacmoumonitor (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
19:07:27.0190 6092 wacmoumonitor - ok
19:07:27.0222 6092 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
19:07:27.0237 6092 wacommousefilter - ok
19:07:27.0253 6092 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:07:27.0284 6092 WacomPen - ok
19:07:27.0315 6092 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
19:07:27.0331 6092 wacomvhid - ok
19:07:27.0393 6092 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:07:27.0424 6092 WANARP - ok
19:07:27.0440 6092 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:07:27.0487 6092 Wanarpv6 - ok
19:07:27.0534 6092 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:07:27.0549 6092 Wd - ok
19:07:27.0580 6092 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:07:27.0612 6092 Wdf01000 - ok
19:07:27.0658 6092 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:07:27.0705 6092 WfpLwf - ok
19:07:27.0721 6092 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:07:27.0736 6092 WIMMount - ok
19:07:27.0830 6092 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:07:27.0861 6092 WinUsb - ok
19:07:27.0892 6092 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:07:27.0908 6092 WmiAcpi - ok
19:07:27.0955 6092 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:07:28.0002 6092 ws2ifsl - ok
19:07:28.0048 6092 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:07:28.0080 6092 WSDPrintDevice - ok
19:07:28.0126 6092 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:07:28.0189 6092 WudfPf - ok
19:07:28.0220 6092 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:07:28.0267 6092 WUDFRd - ok
19:07:28.0329 6092 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:07:28.0501 6092 \Device\Harddisk0\DR0 - ok
19:07:28.0516 6092 Boot (0x1200) (ba8dde2e9e41d55e03e2077fcbfd1fbf) \Device\Harddisk0\DR0\Partition0
19:07:28.0516 6092 \Device\Harddisk0\DR0\Partition0 - ok
19:07:28.0548 6092 Boot (0x1200) (480a7671a397db45e6bc4bff674feaf9) \Device\Harddisk0\DR0\Partition1
19:07:28.0548 6092 \Device\Harddisk0\DR0\Partition1 - ok
19:07:28.0579 6092 Boot (0x1200) (bc62f0d6795dc77ad57b0d1fd5508dcf) \Device\Harddisk0\DR0\Partition2
19:07:28.0579 6092 \Device\Harddisk0\DR0\Partition2 - ok
19:07:28.0579 6092 ============================================================
19:07:28.0579 6092 Scan finished
19:07:28.0579 6092 ============================================================
19:07:28.0579 6280 Detected object count: 1
19:07:28.0579 6280 Actual detected object count: 1
19:07:40.0357 6280 Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user
19:07:40.0357 6280 Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip
Lg _L_ |
|
21.02.2012, 19:14
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren gefunden und gelöscht. Jetzt sauber? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2012, 20:13
| #8 |
| | Viren gefunden und gelöscht. Jetzt sauber?Code:
ATTFilter ComboFix 12-02-21.02 - *** 21.02.2012 19:30:56.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.41.1031.18.4094.2123 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\***\AppData\Local\assembly\tmp
c:\users\***\AppData\Roaming\Setup.exe
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-21 bis 2012-02-21 ))))))))))))))))))))))))))))))
.
.
2012-02-21 18:44 . 2012-02-21 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-21 11:13 . 2012-02-21 11:13 -------- d-----w- C:\_OTL
2012-02-17 07:54 . 2012-02-17 07:54 -------- d-----w- c:\program files (x86)\ESET
2012-02-15 21:26 . 2012-02-15 21:26 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-02-15 21:26 . 2012-02-15 21:26 -------- d-----w- c:\programdata\Malwarebytes
2012-02-15 21:26 . 2012-02-15 21:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-15 21:26 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 08:08 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 08:08 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 08:07 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 08:07 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 08:07 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 08:06 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 08:05 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 08:05 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-12 10:59 . 2012-02-12 10:59 -------- d-----w- c:\users\***\AppData\Local\iSpirit
2012-02-02 15:52 . 2012-02-21 18:49 -------- d-----w- c:\program files (x86)\Giraffic
2012-02-02 15:52 . 2012-02-02 15:54 -------- d-----w- c:\programdata\Giraffic
2012-02-02 15:52 . 2012-02-02 15:52 -------- d-----w- c:\program files (x86)\Veoh Networks
2012-01-28 18:20 . 2012-01-28 18:20 -------- d-----w- c:\program files\iPod
2012-01-28 18:20 . 2012-01-28 18:21 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 11:45 . 2011-12-27 11:45 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-21 14:21 . 2011-12-21 14:21 27648 ----a-w- c:\windows\system32\OKLMON64.DLL
2011-11-29 19:02 . 2010-09-11 20:06 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-10-02 2456992]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"WebWeaver Desktop"="c:\program files (x86)\DigiOnline GmbH\WebWeaver Desktop\WebWeaver.exe" [2011-12-23 929792]
"Appigo Sync"="c:\program files (x86)\Appigo Sync\Appigo Sync.exe" [2010-09-14 229376]
"GoogleContactSync"="c:\program files (x86)\WebGear\GO Contact Sync\GOContactSync.exe" [2011-11-07 857600]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-01-03 4980344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2012-01-11 5153056]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-10-10 202256]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-17 26530760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
Toodledo Sync Tool.lnk - c:\windows\Installer\{9AFA4423-D0E3-4F92-908E-D4C9CEEB3DA3}\_4EBBCD3A645B53E3579F1E.exe [2010-9-15 894]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"TrueImageMonitor.exe"=c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 136176]
R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys [x]
R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SynasUSB;SynasUSB;sysWOW64\drivers\SynUSB64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-09-12 2326920]
S2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\SysWOW64\FortiSSLVPNdaemon.exe [2009-03-09 518688]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:\program files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-06 1636872]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 64132669
*Deregistered* - 64132669
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-19 c:\windows\Tasks\b4a_Volume D+Outlook.job
- c:\program files (x86)\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2009-11-24 13:56]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 16:47]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 16:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2010-11-21 21:00 366280 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2010-11-21 21:00 366280 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2010-11-21 21:00 366280 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-07 15847456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-07 82464]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-05-07 88608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1211688]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ch/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to iPhone Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bcclzy1x.default\
FF - prefs.js: browser.startup.homepage - www.google.ch
FF - prefs.js: keyword.URL - hxxp://www.google.ch/search?sourceid=navclient&hl=de&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-iCloudServices - c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Wow6432Node-HKCU-Run-ApplePhotoStreams - c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Wow6432Node-HKLM-Run-WebWeaver Desktop - (no file)
HKLM-Run-SigmatelSysTrayApp - c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-FoxyTunesForFirefox - c:\program files (x86)\Mozilla Firefox\firefox.exe
AddRemove-Look@LAN_1.0 - c:\windows\iun6002.exe
AddRemove-Adobe Connect Add-in - c:\users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
AddRemove-JClic author - c:\windows\system32\javaws.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
AddRemove-yEd Graph Editor - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2709662662-993020936-908336301-1000_Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
@Allowed: (Read) (RestrictedCode)
@=hex:50,d9,41,32,94,c4,cc,01
.
[HKEY_USERS\S-1-5-21-2709662662-993020936-908336301-1000_Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@Allowed: (Read) (RestrictedCode)
@=hex:50,d9,41,32,94,c4,cc,01
.
[HKEY_USERS\S-1-5-21-2709662662-993020936-908336301-1000_Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@Allowed: (Read) (RestrictedCode)
@=hex:10,9c,46,32,94,c4,cc,01
.
[HKEY_USERS\S-1-5-21-2709662662-993020936-908336301-1000_Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@Allowed: (Read) (RestrictedCode)
@=hex:10,9c,46,32,94,c4,cc,01
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f9,d8,06,7a,ae,5c,7a,ce,2a,ca,b1,d1,2b,54,3d,1d,95,37,21,04,20,
19,0b,a6,eb,33,d6,a7,d5,d5,fd,04,1a,ed,97,63,6f,66,c5,3e,31,2e,39,94,f6,45,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
@=hex:c1,a7,b4,78,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
@=hex:e0,30,3d,7b,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{20EF7B60-CE85-4048-A409-02CB203268EE}*]
@=hex:24,2b,fe,7a,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{242E582C-66A8-478C-8BCA-0AF9F1D38D39}*]
@=hex:76,c7,cf,7a,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{29638F0C-042B-4B50-A2D2-8E8E7CA71E4F}*]
@=hex:d9,c1,32,7a,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
@=hex:62,dd,e3,79,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
@=hex:12,d6,63,79,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:e2,65,42,7e,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{787E3340-6D04-4BF3-BCC2-2AD3630471CE}*]
@=hex:11,bf,96,78,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
@=hex:c9,74,7f,79,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{92561398-2ED8-42AF-86E2-66FA8E9DC46E}*]
@=hex:61,a6,52,7a,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:d1,aa,6c,7e,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:47,8b,58,79,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
@=hex:37,d1,fe,78,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:f1,2e,82,7e,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C514227C-0AF4-44BB-816A-E9483A4302C9}*]
@=hex:40,b5,96,7a,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
@=hex:93,32,20,7b,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C7A40493-BF23-4B53-AB2A-4A923B3EE34B}*]
@=hex:3f,ae,2b,79,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{E14E55A7-29C8-4389-8E5A-3EF964510FCA}*]
@=hex:f8,63,14,7a,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{F5E30566-7C8F-4037-A8FF-A7382E251C56}*]
@=hex:5c,9c,73,7a,93,c4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f9,d8,06,7a,ae,5c,7a,ce,2a,ca,b1,d1,2b,54,3d,1d,95,37,21,04,20,
19,0b,a6,eb,33,d6,a7,d5,d5,fd,04,1a,ed,97,63,6f,66,c5,3e,31,2e,39,94,f6,45,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-21 20:08:20
ComboFix-quarantined-files.txt 2012-02-21 19:08
.
Vor Suchlauf: 10 Verzeichnis(se), 88'876'793'856 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 88'113'029'120 Bytes frei
.
- - End Of File - - DFBDFB186210A81118686FABD8A1C3E8
|
|
21.02.2012, 20:54
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren gefunden und gelöscht. Jetzt sauber? Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2012, 22:04
| #10 |
| | Viren gefunden und gelöscht. Jetzt sauber? Das Programm ist leider zum zweiten Mal abgestürzt mit der Windows-Meldung: "avast! Antirootkit funktioniert nicht mehr" Beim ersten Mal habe ich mich nicht geachtet, diesmal wars aber beim Eintrag Code:
ATTFilter Scanning: C:\Windows\assembly\CAC_MSIL\Microsoft.VisualStudio.Tools.Applications
Lg _L_ PS: Zwischendurch übrigens auch mal wieder herzlichen Dank für deine Hilfe. Was ihr da in diesem Forum kostenlos leistet ist wirklich phänomenal! Herzlichen Dank! |
|
21.02.2012, 22:45
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren gefunden und gelöscht. Jetzt sauber? Kannst du wenigstens sehen, wie aswMBR den MBR beurteilt? unknown MBR oder sowas wie default Windows 7 MBR code" ?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2012, 22:53
| #12 |
| | Viren gefunden und gelöscht. Jetzt sauber? Ja, das kann ich sehen: Code:
ATTFilter Disk 0 MBR read successfully
Disk 0 MBR scan
Disk 0 Windows 7 default MBR code
|
|
22.02.2012, 10:51
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren gefunden und gelöscht. Jetzt sauber?Zitat:
Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2012, 17:19
| #14 |
| | Viren gefunden und gelöscht. Jetzt sauber? Ok, danke. Hier noch die beiden Log-Files. Lg _L_ |
|
22.02.2012, 19:49
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren gefunden und gelöscht. Jetzt sauber? Sieht ok aus, da wurden nur Cookies gefunden. Die können weg. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ist das System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Viren gefunden und gelöscht. Jetzt sauber? |
| anbieter, bieter, candy, compu, computer, durchsuchen, entdeck, entdeckt, enterprise, forum, gefunde, inter, interne, lösung, namen, netzwerk, nicht mehr, profis, rootkit, sauber, viren, virusscan, wirklich, wissen |
Hybrid-Darstellung
