| |
| |||||||
Log-Analyse und Auswertung: TR/crypt.zpack.gen8 - schwarzer Desktop - Daten VerlustWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
06.04.2012, 15:05
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/crypt.zpack.gen8 - schwarzer Desktop - Daten VerlustZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.04.2012, 16:13
| #17 |
 | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Hallo Arne,
__________________Was heißt das konkret? Soll ich das Script mit rückeditiertem Namen erneut ausführen? Beste Grüße |
|
06.04.2012, 16:19
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Ja genau das machen
__________________
__________________ |
|
06.04.2012, 17:00
| #19 |
| | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Ok, Done! Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named egxc was found to stop!
Service\Driver key egxc not found.
File System32\drivers\utnyymr.sys not found.
Registry value HKEY_USERS\S-1-5-21-2694853571-1494760454-3953676919-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll not found.
Folder C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\ not found.
Folder C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
C:\Users\********\AppData\Roaming\.# folder moved successfully.
Unable to delete ADS C:\ProgramData\Temp:CE0A077E .
========== FILES ==========
File\Folder C:\Program Files\Common Files\Spigot not found.
File\Folder C:\Program Files\Application Updater not found.
File\Folder C:\Program Files\pdfforge Toolbar not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: ********
->Temp folder emptied: 1214101 bytes
->Temporary Internet Files folder emptied: 52214 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50424891 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4108 bytes
RecycleBin emptied: 2348420 bytes
Total Files Cleaned = 52.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: ********
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04062012_173847
Files\Folders moved on Reboot...
File\Folder C:\windows\temp\mcafee_25ysSk0x5SFM8t2 not found!
File\Folder C:\windows\temp\mcmsc_czsTWllkzgCdGQD not found!
File\Folder C:\windows\temp\mcmsc_IJWQCOQJdTh8vdm not found!
File\Folder C:\windows\temp\mcmsc_YEYOLwLuVfiYzjh not found!
File\Folder C:\windows\temp\sqlite_1iGVxlqd5Hp1wKc not found!
File\Folder C:\windows\temp\sqlite_4Z9lhMoTKSLG9qf not found!
File\Folder C:\windows\temp\sqlite_hZcmHdbLIzXL8kP not found!
File\Folder C:\windows\temp\sqlite_MuxBtJ7kQDibPkK not found!
Registry entries deleted on Reboot...
|
|
06.04.2012, 17:14
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2012, 18:03
| #21 |
| | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten VerlustCode:
ATTFilter 18:33:37.0629 4540 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
18:33:39.0659 4540 ============================================================
18:33:39.0659 4540 Current date / time: 2012/04/06 18:33:39.0659
18:33:39.0660 4540 SystemInfo:
18:33:39.0660 4540
18:33:39.0660 4540 OS Version: 6.1.7601 ServicePack: 1.0
18:33:39.0660 4540 Product type: Workstation
18:33:39.0661 4540 ComputerName: ION510
18:33:39.0661 4540 UserName: *******
18:33:39.0661 4540 Windows directory: C:\windows
18:33:39.0662 4540 System windows directory: C:\windows
18:33:39.0662 4540 Processor architecture: Intel x86
18:33:39.0662 4540 Number of processors: 2
18:33:39.0662 4540 Page size: 0x1000
18:33:39.0662 4540 Boot type: Normal boot
18:33:39.0662 4540 ============================================================
18:33:43.0452 4540 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:33:43.0459 4540 \Device\Harddisk0\DR0:
18:33:43.0460 4540 MBR used
18:33:43.0460 4540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
18:33:43.0460 4540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1B392970
18:33:43.0499 4540 Initialize success
18:33:43.0499 4540 ============================================================
18:34:56.0607 4480 ============================================================
18:34:56.0607 4480 Scan started
18:34:56.0607 4480 Mode: Manual; SigCheck; TDLFS;
18:34:56.0608 4480 ============================================================
18:34:58.0660 4480 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
18:34:59.0186 4480 1394ohci - ok
18:34:59.0287 4480 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
18:34:59.0360 4480 ACPI - ok
18:34:59.0396 4480 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
18:34:59.0706 4480 AcpiPmi - ok
18:34:59.0840 4480 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
18:35:00.0188 4480 adp94xx - ok
18:35:00.0350 4480 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
18:35:00.0706 4480 adpahci - ok
18:35:00.0816 4480 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
18:35:01.0157 4480 adpu320 - ok
18:35:01.0245 4480 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
18:35:01.0466 4480 AeLookupSvc - ok
18:35:01.0560 4480 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
18:35:01.0743 4480 AFD - ok
18:35:01.0859 4480 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
18:35:02.0046 4480 agp440 - ok
18:35:02.0112 4480 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
18:35:02.0447 4480 aic78xx - ok
18:35:02.0533 4480 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
18:35:02.0791 4480 ALG - ok
18:35:02.0845 4480 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
18:35:03.0162 4480 aliide - ok
18:35:03.0186 4480 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
18:35:03.0374 4480 amdagp - ok
18:35:03.0440 4480 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
18:35:03.0847 4480 amdide - ok
18:35:03.0942 4480 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
18:35:04.0250 4480 AmdK8 - ok
18:35:04.0354 4480 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
18:35:04.0560 4480 AmdPPM - ok
18:35:04.0608 4480 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
18:35:04.0945 4480 amdsata - ok
18:35:05.0052 4480 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
18:35:05.0392 4480 amdsbs - ok
18:35:05.0588 4480 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
18:35:05.0898 4480 amdxata - ok
18:35:06.0012 4480 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:35:06.0266 4480 AntiVirSchedulerService - ok
18:35:06.0345 4480 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:35:06.0397 4480 AntiVirService - ok
18:35:06.0486 4480 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
18:35:06.0983 4480 AppID - ok
18:35:07.0079 4480 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
18:35:07.0300 4480 AppIDSvc - ok
18:35:07.0349 4480 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
18:35:07.0554 4480 Appinfo - ok
18:35:07.0676 4480 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:35:07.0857 4480 Apple Mobile Device - ok
18:35:07.0918 4480 Application Updater - ok
18:35:08.0015 4480 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
18:35:08.0346 4480 arc - ok
18:35:08.0456 4480 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
18:35:08.0785 4480 arcsas - ok
18:35:08.0884 4480 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
18:35:09.0096 4480 AsyncMac - ok
18:35:09.0188 4480 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
18:35:09.0252 4480 atapi - ok
18:35:09.0324 4480 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
18:35:09.0639 4480 AudioEndpointBuilder - ok
18:35:09.0687 4480 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
18:35:09.0818 4480 Audiosrv - ok
18:35:09.0905 4480 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:35:10.0071 4480 avgio - ok
18:35:10.0190 4480 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
18:35:10.0574 4480 avgntflt - ok
18:35:10.0668 4480 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
18:35:11.0029 4480 avipbb - ok
18:35:11.0137 4480 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
18:35:11.0425 4480 AxInstSV - ok
18:35:11.0542 4480 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
18:35:11.0849 4480 b06bdrv - ok
18:35:11.0980 4480 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
18:35:12.0286 4480 b57nd60x - ok
18:35:12.0417 4480 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
18:35:12.0698 4480 BDESVC - ok
18:35:12.0794 4480 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
18:35:13.0135 4480 Beep - ok
18:35:13.0205 4480 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
18:35:13.0446 4480 BFE - ok
18:35:13.0513 4480 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
18:35:13.0685 4480 BITS - ok
18:35:13.0753 4480 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
18:35:14.0089 4480 blbdrive - ok
18:35:14.0221 4480 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:35:14.0464 4480 Bonjour Service - ok
18:35:14.0565 4480 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
18:35:14.0935 4480 bowser - ok
18:35:15.0037 4480 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
18:35:15.0604 4480 BrFiltLo - ok
18:35:15.0687 4480 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
18:35:15.0919 4480 BrFiltUp - ok
18:35:16.0021 4480 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
18:35:16.0224 4480 Browser - ok
18:35:16.0281 4480 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
18:35:16.0560 4480 Brserid - ok
18:35:16.0644 4480 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
18:35:16.0996 4480 BrSerWdm - ok
18:35:17.0084 4480 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
18:35:17.0200 4480 BrUsbMdm - ok
18:35:17.0217 4480 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
18:35:17.0533 4480 BrUsbSer - ok
18:35:17.0654 4480 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
18:35:18.0050 4480 BthEnum - ok
18:35:18.0120 4480 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
18:35:18.0479 4480 BTHMODEM - ok
18:35:18.0583 4480 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
18:35:18.0956 4480 BthPan - ok
18:35:19.0092 4480 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
18:35:19.0342 4480 BTHPORT - ok
18:35:19.0425 4480 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
18:35:19.0655 4480 bthserv - ok
18:35:19.0742 4480 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
18:35:20.0094 4480 BTHUSB - ok
18:35:20.0201 4480 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
18:35:20.0452 4480 btwaudio - ok
18:35:20.0492 4480 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\drivers\btwavdt.sys
18:35:20.0913 4480 btwavdt - ok
18:35:21.0051 4480 btwdins (7caa4410c25026b9bee85f6c7f86b19b) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:35:21.0300 4480 btwdins - ok
18:35:21.0385 4480 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
18:35:21.0710 4480 btwl2cap - ok
18:35:21.0816 4480 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
18:35:22.0111 4480 btwrchid - ok
18:35:22.0170 4480 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
18:35:22.0429 4480 cdfs - ok
18:35:22.0565 4480 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
18:35:22.0801 4480 cdrom - ok
18:35:22.0900 4480 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
18:35:23.0123 4480 CertPropSvc - ok
18:35:23.0175 4480 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
18:35:23.0371 4480 circlass - ok
18:35:23.0432 4480 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
18:35:23.0610 4480 CLFS - ok
18:35:23.0696 4480 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:35:23.0924 4480 clr_optimization_v2.0.50727_32 - ok
18:35:24.0057 4480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:35:24.0163 4480 clr_optimization_v4.0.30319_32 - ok
18:35:24.0247 4480 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
18:35:24.0470 4480 CmBatt - ok
18:35:24.0556 4480 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
18:35:24.0897 4480 cmdide - ok
18:35:24.0952 4480 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
18:35:25.0236 4480 CNG - ok
18:35:25.0299 4480 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
18:35:25.0500 4480 Compbatt - ok
18:35:25.0549 4480 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
18:35:25.0772 4480 CompositeBus - ok
18:35:25.0830 4480 COMSysApp - ok
18:35:25.0895 4480 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
18:35:26.0153 4480 crcdisk - ok
18:35:26.0230 4480 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
18:35:26.0504 4480 CryptSvc - ok
18:35:26.0576 4480 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
18:35:26.0708 4480 DcomLaunch - ok
18:35:26.0769 4480 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
18:35:27.0042 4480 defragsvc - ok
18:35:27.0147 4480 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
18:35:27.0409 4480 DfsC - ok
18:35:27.0521 4480 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
18:35:27.0757 4480 Dhcp - ok
18:35:27.0850 4480 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
18:35:27.0980 4480 discache - ok
18:35:28.0086 4480 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
18:35:28.0409 4480 Disk - ok
18:35:28.0467 4480 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
18:35:28.0711 4480 Dnscache - ok
18:35:28.0788 4480 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
18:35:29.0008 4480 dot3svc - ok
18:35:29.0064 4480 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
18:35:29.0265 4480 DPS - ok
18:35:29.0371 4480 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
18:35:29.0706 4480 drmkaud - ok
18:35:29.0773 4480 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
18:35:30.0014 4480 DXGKrnl - ok
18:35:30.0055 4480 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
18:35:30.0270 4480 EapHost - ok
18:35:30.0429 4480 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
18:35:30.0800 4480 ebdrv - ok
18:35:30.0889 4480 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
18:35:31.0190 4480 EFS - ok
18:35:31.0281 4480 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
18:35:31.0658 4480 ehRecvr - ok
18:35:31.0699 4480 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
18:35:32.0038 4480 ehSched - ok
18:35:32.0143 4480 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
18:35:32.0540 4480 elxstor - ok
18:35:32.0636 4480 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
18:35:32.0836 4480 ErrDev - ok
18:35:32.0918 4480 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
18:35:33.0036 4480 EventSystem - ok
18:35:33.0103 4480 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
18:35:33.0388 4480 exfat - ok
18:35:33.0485 4480 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
18:35:33.0752 4480 fastfat - ok
18:35:33.0870 4480 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
18:35:34.0228 4480 Fax - ok
18:35:34.0320 4480 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
18:35:34.0545 4480 fdc - ok
18:35:34.0618 4480 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
18:35:34.0743 4480 fdPHost - ok
18:35:34.0774 4480 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
18:35:35.0001 4480 FDResPub - ok
18:35:35.0072 4480 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
18:35:35.0372 4480 FileInfo - ok
18:35:35.0401 4480 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
18:35:35.0811 4480 Filetrace - ok
18:35:35.0905 4480 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
18:35:36.0132 4480 flpydisk - ok
18:35:36.0215 4480 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
18:35:36.0508 4480 FltMgr - ok
18:35:36.0630 4480 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
18:35:36.0823 4480 FontCache - ok
18:35:36.0917 4480 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:35:37.0152 4480 FontCache3.0.0.0 - ok
18:35:37.0238 4480 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
18:35:37.0610 4480 FsDepends - ok
18:35:37.0723 4480 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
18:35:38.0039 4480 fssfltr - ok
18:35:38.0176 4480 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:35:38.0498 4480 fsssvc - ok
18:35:38.0607 4480 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
18:35:38.0686 4480 Fs_Rec - ok
18:35:38.0753 4480 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
18:35:39.0090 4480 fvevol - ok
18:35:39.0201 4480 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
18:35:39.0404 4480 gagp30kx - ok
18:35:39.0456 4480 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:35:39.0696 4480 GEARAspiWDM - ok
18:35:39.0769 4480 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
18:35:40.0040 4480 gpsvc - ok
18:35:40.0160 4480 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:35:40.0225 4480 gupdate - ok
18:35:40.0268 4480 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:35:40.0308 4480 gupdatem - ok
18:35:40.0421 4480 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:35:40.0486 4480 gusvc - ok
18:35:40.0578 4480 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
18:35:40.0901 4480 hcw85cir - ok
18:35:41.0005 4480 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
18:35:41.0262 4480 HdAudAddService - ok
18:35:41.0332 4480 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
18:35:41.0419 4480 HDAudBus - ok
18:35:41.0463 4480 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
18:35:41.0689 4480 HidBatt - ok
18:35:41.0794 4480 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
18:35:42.0144 4480 HidBth - ok
18:35:42.0252 4480 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
18:35:42.0612 4480 HidIr - ok
18:35:42.0704 4480 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
18:35:42.0999 4480 hidserv - ok
18:35:43.0092 4480 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
18:35:43.0449 4480 HidUsb - ok
18:35:43.0538 4480 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
18:35:43.0741 4480 hkmsvc - ok
18:35:43.0792 4480 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
18:35:43.0974 4480 HomeGroupListener - ok
18:35:44.0050 4480 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
18:35:44.0235 4480 HomeGroupProvider - ok
18:35:44.0320 4480 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
18:35:44.0634 4480 HpSAMD - ok
18:35:44.0917 4480 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
18:35:45.0043 4480 HTTP - ok
18:35:45.0086 4480 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
18:35:45.0221 4480 hwpolicy - ok
18:35:45.0290 4480 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
18:35:45.0644 4480 i8042prt - ok
18:35:45.0757 4480 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
18:35:46.0136 4480 iaStorV - ok
18:35:46.0290 4480 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:35:46.0611 4480 idsvc - ok
18:35:46.0840 4480 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
18:35:47.0273 4480 igfx - ok
18:35:47.0368 4480 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
18:35:47.0690 4480 iirsp - ok
18:35:47.0812 4480 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
18:35:48.0074 4480 IKEEXT - ok
18:35:48.0282 4480 IntcAzAudAddService (5ceef2cccb4fe00d3ffbfeb12bcfa07f) C:\windows\system32\drivers\RTKVHDA.sys
18:35:48.0711 4480 IntcAzAudAddService - ok
18:35:48.0798 4480 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
18:35:49.0142 4480 intelide - ok
18:35:49.0191 4480 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
18:35:49.0262 4480 intelppm - ok
18:35:49.0313 4480 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
18:35:49.0523 4480 IPBusEnum - ok
18:35:49.0561 4480 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:35:49.0922 4480 IpFilterDriver - ok
18:35:50.0040 4480 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
18:35:50.0313 4480 iphlpsvc - ok
18:35:50.0387 4480 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
18:35:50.0590 4480 IPMIDRV - ok
18:35:50.0634 4480 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
18:35:50.0856 4480 IPNAT - ok
18:35:51.0018 4480 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
18:35:51.0279 4480 iPod Service - ok
18:35:51.0382 4480 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
18:35:51.0647 4480 IRENUM - ok
18:35:51.0695 4480 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
18:35:51.0867 4480 isapnp - ok
18:35:51.0902 4480 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
18:35:52.0114 4480 iScsiPrt - ok
18:35:52.0209 4480 ISODisk (96f2f5884d02535e2d4dfc849836f4a6) C:\windows\system32\drivers\ISODisk.sys
18:35:52.0384 4480 ISODisk ( UnsignedFile.Multi.Generic ) - warning
18:35:52.0384 4480 ISODisk - detected UnsignedFile.Multi.Generic (1)
18:35:52.0451 4480 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
18:35:52.0759 4480 kbdclass - ok
18:35:52.0877 4480 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
18:35:53.0222 4480 kbdhid - ok
18:35:53.0338 4480 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:35:53.0400 4480 KeyIso - ok
18:35:53.0440 4480 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
18:35:53.0708 4480 KSecDD - ok
18:35:53.0753 4480 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
18:35:54.0236 4480 KSecPkg - ok
18:35:54.0345 4480 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
18:35:54.0586 4480 KtmRm - ok
18:35:54.0665 4480 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
18:35:54.0884 4480 LanmanServer - ok
18:35:54.0995 4480 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
18:35:55.0224 4480 LanmanWorkstation - ok
18:35:55.0340 4480 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\windows\system32\DRIVERS\LHidFilt.Sys
18:35:55.0512 4480 LHidFilt - ok
18:35:55.0571 4480 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
18:35:55.0827 4480 lltdio - ok
18:35:55.0918 4480 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
18:35:56.0158 4480 lltdsvc - ok
18:35:56.0196 4480 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
18:35:56.0416 4480 lmhosts - ok
18:35:56.0532 4480 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\windows\system32\DRIVERS\LMouFilt.Sys
18:35:56.0719 4480 LMouFilt - ok
18:35:56.0833 4480 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
18:35:57.0157 4480 LSI_FC - ok
18:35:57.0228 4480 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
18:35:57.0547 4480 LSI_SAS - ok
18:35:57.0639 4480 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
18:35:57.0935 4480 LSI_SAS2 - ok
18:35:57.0962 4480 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
18:35:58.0377 4480 LSI_SCSI - ok
18:35:58.0633 4480 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
18:35:58.0778 4480 luafv - ok
18:35:58.0883 4480 McAfee SiteAdvisor Service (f5f945ab625031a276c6a8e8f92c3bdc) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
18:35:59.0166 4480 McAfee SiteAdvisor Service - ok
18:35:59.0301 4480 mcmscsvc (0fc36e77d779f8d021d338bdc7368181) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
18:35:59.0399 4480 mcmscsvc - ok
18:35:59.0543 4480 McNASvc (2988e515570e4f8b9d9b256137f8e8f4) c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
18:35:59.0771 4480 McNASvc - ok
18:35:59.0866 4480 McODS (35180c22036174b76b448ee42747f6f0) C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
18:36:00.0133 4480 McODS - ok
18:36:00.0256 4480 McProxy (c85968d24449e37653b891b03188140c) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
18:36:00.0488 4480 McProxy - ok
18:36:00.0575 4480 McShield (d075df11c65f1d370fcc5d3b976e6e72) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
18:36:00.0801 4480 McShield - ok
18:36:00.0854 4480 McSysmon (f2a433e0ea959028e349fb1d5bae01e7) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
18:36:00.0925 4480 McSysmon - ok
18:36:01.0021 4480 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
18:36:01.0201 4480 Mcx2Svc - ok
18:36:01.0276 4480 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
18:36:01.0601 4480 megasas - ok
18:36:01.0891 4480 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
18:36:02.0238 4480 MegaSR - ok
18:36:02.0322 4480 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\windows\system32\drivers\mfeavfk.sys
18:36:02.0501 4480 mfeavfk - ok
18:36:02.0540 4480 mfebopk (1d003e3056a43d881597d6763e83b943) C:\windows\system32\drivers\mfebopk.sys
18:36:02.0737 4480 mfebopk - ok
18:36:02.0814 4480 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\windows\system32\drivers\mfehidk.sys
18:36:03.0024 4480 mfehidk - ok
18:36:03.0089 4480 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\windows\system32\drivers\mferkdk.sys
18:36:03.0295 4480 mferkdk - ok
18:36:03.0432 4480 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\windows\system32\drivers\mfesmfk.sys
18:36:03.0619 4480 mfesmfk - ok
18:36:03.0677 4480 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
18:36:03.0783 4480 MMCSS - ok
18:36:03.0856 4480 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
18:36:03.0980 4480 Modem - ok
18:36:04.0049 4480 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
18:36:04.0135 4480 monitor - ok
18:36:04.0248 4480 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
18:36:04.0539 4480 mouclass - ok
18:36:04.0746 4480 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
18:36:05.0293 4480 mouhid - ok
18:36:05.0415 4480 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
18:36:05.0470 4480 mountmgr - ok
18:36:05.0512 4480 MPFP (95675c3398dcc084c8d1dc35cc4e9e01) C:\windows\system32\Drivers\Mpfp.sys
18:36:05.0827 4480 MPFP - ok
18:36:05.0969 4480 MpfService (db4d0dfe069e995b3f45ce4623abfdd9) C:\Program Files\McAfee\MPF\MPFSrv.exe
18:36:06.0221 4480 MpfService - ok
18:36:06.0308 4480 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
18:36:06.0633 4480 mpio - ok
18:36:06.0686 4480 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
18:36:06.0816 4480 mpsdrv - ok
18:36:06.0880 4480 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
18:36:07.0145 4480 MpsSvc - ok
18:36:07.0260 4480 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
18:36:07.0667 4480 MRxDAV - ok
18:36:07.0779 4480 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
18:36:08.0164 4480 mrxsmb - ok
18:36:08.0259 4480 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:36:08.0604 4480 mrxsmb10 - ok
18:36:08.0660 4480 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:36:08.0968 4480 mrxsmb20 - ok
18:36:09.0015 4480 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
18:36:09.0337 4480 msahci - ok
18:36:09.0436 4480 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
18:36:09.0784 4480 msdsm - ok
18:36:09.0841 4480 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
18:36:10.0078 4480 MSDTC - ok
18:36:10.0172 4480 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
18:36:10.0321 4480 Msfs - ok
18:36:10.0363 4480 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
18:36:10.0723 4480 mshidkmdf - ok
18:36:10.0887 4480 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
18:36:11.0072 4480 msisadrv - ok
18:36:11.0143 4480 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
18:36:11.0371 4480 MSiSCSI - ok
18:36:11.0393 4480 msiserver - ok
18:36:11.0529 4480 MSK80Service (cf3c267356f458be85c5034bfc382022) C:\Program Files\McAfee\MSK\MskSrver.exe
18:36:11.0727 4480 MSK80Service - ok
18:36:11.0841 4480 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
18:36:11.0984 4480 MSKSSRV - ok
18:36:12.0095 4480 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
18:36:12.0217 4480 MSPCLOCK - ok
18:36:12.0241 4480 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
18:36:12.0369 4480 MSPQM - ok
18:36:12.0421 4480 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
18:36:12.0611 4480 MsRPC - ok
18:36:12.0717 4480 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
18:36:12.0761 4480 mssmbios - ok
18:36:12.0814 4480 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
18:36:13.0048 4480 MSTEE - ok
18:36:13.0070 4480 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
18:36:13.0306 4480 MTConfig - ok
18:36:13.0350 4480 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
18:36:13.0522 4480 Mup - ok
18:36:13.0585 4480 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
18:36:13.0720 4480 napagent - ok
18:36:13.0797 4480 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
18:36:14.0153 4480 NativeWifiP - ok
18:36:14.0273 4480 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
18:36:14.0356 4480 NDIS - ok
18:36:14.0411 4480 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
18:36:14.0656 4480 NdisCap - ok
18:36:14.0771 4480 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
18:36:14.0896 4480 NdisTapi - ok
18:36:15.0006 4480 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
18:36:15.0266 4480 Ndisuio - ok
18:36:15.0309 4480 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
18:36:15.0692 4480 NdisWan - ok
18:36:15.0806 4480 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
18:36:16.0147 4480 NDProxy - ok
18:36:16.0254 4480 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
18:36:16.0417 4480 NetBIOS - ok
18:36:16.0478 4480 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
18:36:16.0856 4480 NetBT - ok
18:36:16.0953 4480 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:36:17.0025 4480 Netlogon - ok
18:36:17.0099 4480 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
18:36:17.0344 4480 Netman - ok
18:36:17.0381 4480 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
18:36:17.0495 4480 netprofm - ok
18:36:17.0586 4480 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:36:17.0802 4480 NetTcpPortSharing - ok
18:36:17.0911 4480 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
18:36:18.0237 4480 nfrd960 - ok
18:36:18.0303 4480 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
18:36:18.0421 4480 NlaSvc - ok
18:36:18.0488 4480 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
18:36:18.0730 4480 Npfs - ok
18:36:18.0786 4480 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
18:36:19.0014 4480 nsi - ok
18:36:19.0116 4480 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
18:36:19.0253 4480 nsiproxy - ok
18:36:19.0355 4480 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
18:36:19.0676 4480 Ntfs - ok
18:36:19.0763 4480 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
18:36:19.0985 4480 Null - ok
18:36:20.0042 4480 NVHDA (603b0c9bb86f7b3efb88a482c6663ec4) C:\windows\system32\drivers\nvhda32v.sys
18:36:20.0237 4480 NVHDA - ok
18:36:20.0613 4480 nvlddmkm (519d5e6b7fa9542c42437b2dfdcfafd1) C:\windows\system32\DRIVERS\nvlddmkm.sys
18:36:21.0357 4480 nvlddmkm - ok
18:36:21.0461 4480 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
18:36:21.0750 4480 nvraid - ok
18:36:21.0805 4480 nvsmu (7c8575ff76e52f6d92de54c2de247760) C:\windows\system32\DRIVERS\nvsmu.sys
18:36:21.0932 4480 nvsmu - ok
18:36:21.0983 4480 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
18:36:22.0286 4480 nvstor - ok
18:36:22.0462 4480 nvsvc (d9295d59e8c69537b87d0dc638f61b76) C:\windows\system32\nvvsvc.exe
18:36:22.0746 4480 nvsvc - ok
18:36:22.0828 4480 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
18:36:23.0028 4480 nv_agp - ok
18:36:23.0068 4480 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
18:36:23.0269 4480 ohci1394 - ok
18:36:23.0326 4480 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
18:36:23.0494 4480 p2pimsvc - ok
18:36:23.0570 4480 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
18:36:23.0645 4480 p2psvc - ok
18:36:23.0702 4480 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
18:36:24.0029 4480 Parport - ok
18:36:24.0098 4480 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
18:36:24.0412 4480 partmgr - ok
18:36:24.0590 4480 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
18:36:24.0805 4480 Parvdm - ok
18:36:24.0866 4480 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
18:36:24.0933 4480 PcaSvc - ok
18:36:25.0006 4480 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
18:36:25.0213 4480 pci - ok
18:36:25.0267 4480 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
18:36:25.0586 4480 pciide - ok
18:36:25.0683 4480 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
18:36:25.0886 4480 pcmcia - ok
18:36:25.0925 4480 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
18:36:25.0992 4480 pcw - ok
18:36:26.0057 4480 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
18:36:26.0352 4480 PEAUTH - ok
18:36:26.0737 4480 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
18:36:27.0072 4480 pla - ok
18:36:27.0177 4480 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
18:36:27.0495 4480 PlugPlay - ok
18:36:27.0560 4480 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
18:36:27.0759 4480 PNRPAutoReg - ok
18:36:27.0827 4480 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
18:36:27.0889 4480 PNRPsvc - ok
18:36:27.0962 4480 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
18:36:28.0177 4480 PolicyAgent - ok
18:36:28.0249 4480 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
18:36:28.0461 4480 Power - ok
18:36:28.0562 4480 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
18:36:28.0950 4480 PptpMiniport - ok
18:36:28.0995 4480 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
18:36:29.0188 4480 Processor - ok
18:36:29.0293 4480 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
18:36:29.0506 4480 ProfSvc - ok
18:36:29.0564 4480 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:36:29.0622 4480 ProtectedStorage - ok
18:36:29.0687 4480 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
18:36:29.0781 4480 Psched - ok
18:36:29.0860 4480 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
18:36:30.0255 4480 ql2300 - ok
18:36:30.0282 4480 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
18:36:30.0647 4480 ql40xx - ok
18:36:30.0735 4480 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
18:36:30.0927 4480 QWAVE - ok
18:36:30.0992 4480 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
18:36:31.0336 4480 QWAVEdrv - ok
18:36:31.0432 4480 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
18:36:31.0564 4480 RasAcd - ok
18:36:31.0623 4480 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
18:36:32.0028 4480 RasAgileVpn - ok
18:36:32.0111 4480 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
18:36:32.0316 4480 RasAuto - ok
18:36:32.0375 4480 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
18:36:32.0513 4480 Rasl2tp - ok
18:36:32.0603 4480 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
18:36:32.0895 4480 RasMan - ok
18:36:33.0110 4480 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
18:36:33.0244 4480 RasPppoe - ok
18:36:33.0295 4480 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
18:36:33.0652 4480 RasSstp - ok
18:36:33.0715 4480 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
18:36:34.0085 4480 rdbss - ok
18:36:34.0188 4480 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
18:36:34.0408 4480 rdpbus - ok
18:36:34.0464 4480 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
18:36:34.0690 4480 RDPCDD - ok
18:36:34.0768 4480 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
18:36:35.0037 4480 RDPENCDD - ok
18:36:35.0135 4480 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
18:36:35.0389 4480 RDPREFMP - ok
18:36:35.0453 4480 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
18:36:35.0860 4480 RDPWD - ok
18:36:35.0972 4480 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
18:36:36.0352 4480 rdyboost - ok
18:36:36.0414 4480 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
18:36:36.0627 4480 RemoteAccess - ok
18:36:36.0711 4480 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
18:36:36.0937 4480 RemoteRegistry - ok
18:36:37.0008 4480 Rezip (f85ae59a52885f4b09aadafb23001a3b) C:\windows\SYSTEM32\Rezip.exe
18:36:37.0190 4480 Rezip ( UnsignedFile.Multi.Generic ) - warning
18:36:37.0190 4480 Rezip - detected UnsignedFile.Multi.Generic (1)
18:36:37.0269 4480 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
18:36:37.0611 4480 RFCOMM - ok
18:36:37.0702 4480 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
18:36:37.0940 4480 RpcEptMapper - ok
18:36:37.0990 4480 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
18:36:38.0253 4480 RpcLocator - ok
18:36:38.0324 4480 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
18:36:38.0469 4480 RpcSs - ok
18:36:38.0570 4480 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
18:36:38.0829 4480 rspndr - ok
18:36:38.0947 4480 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
18:36:39.0321 4480 RTL8167 - ok
18:36:39.0462 4480 rtl819xp (48649b9808e7c7e2081b2851590cb665) C:\windows\system32\DRIVERS\rtl819xp.sys
18:36:39.0879 4480 rtl819xp - ok
18:36:39.0977 4480 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
18:36:40.0257 4480 SABI - ok
18:36:40.0348 4480 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:36:40.0411 4480 SamSs - ok
18:36:40.0470 4480 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
18:36:40.0775 4480 sbp2port - ok
18:36:40.0830 4480 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
18:36:41.0050 4480 SCardSvr - ok
18:36:41.0144 4480 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
18:36:41.0365 4480 scfilter - ok
18:36:41.0447 4480 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
18:36:41.0721 4480 Schedule - ok
18:36:41.0778 4480 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
18:36:41.0869 4480 SCPolicySvc - ok
18:36:41.0930 4480 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
18:36:42.0203 4480 SDRSVC - ok
18:36:42.0288 4480 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
18:36:42.0416 4480 secdrv - ok
18:36:42.0470 4480 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
18:36:42.0695 4480 seclogon - ok
18:36:42.0789 4480 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
18:36:42.0983 4480 SENS - ok
18:36:43.0037 4480 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
18:36:43.0303 4480 SensrSvc - ok
18:36:43.0407 4480 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
18:36:43.0642 4480 Serenum - ok
18:36:43.0751 4480 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
18:36:44.0048 4480 Serial - ok
18:36:44.0107 4480 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
18:36:44.0342 4480 sermouse - ok
18:36:44.0492 4480 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
18:36:44.0712 4480 SessionEnv - ok
18:36:44.0779 4480 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
18:36:45.0019 4480 sffdisk - ok
18:36:45.0058 4480 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
18:36:45.0260 4480 sffp_mmc - ok
18:36:45.0377 4480 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
18:36:45.0581 4480 sffp_sd - ok
18:36:45.0635 4480 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
18:36:45.0944 4480 sfloppy - ok
18:36:46.0094 4480 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
18:36:46.0344 4480 SharedAccess - ok
18:36:46.0443 4480 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
18:36:46.0664 4480 ShellHWDetection - ok
18:36:46.0741 4480 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
18:36:46.0956 4480 sisagp - ok
18:36:47.0002 4480 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
18:36:47.0289 4480 SiSRaid2 - ok
18:36:47.0448 4480 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
18:36:47.0775 4480 SiSRaid4 - ok
18:36:48.0030 4480 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
18:36:48.0365 4480 Smb - ok
18:36:48.0558 4480 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
18:36:49.0033 4480 SNMPTRAP - ok
18:36:49.0143 4480 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
18:36:49.0226 4480 spldr - ok
18:36:49.0301 4480 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
18:36:49.0735 4480 Spooler - ok
18:36:49.0942 4480 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
18:36:50.0183 4480 sppsvc - ok
18:36:50.0243 4480 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
18:36:50.0445 4480 sppuinotify - ok
18:36:50.0603 4480 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\System32\Drivers\sptd.sys
18:36:51.0143 4480 sptd - ok
18:36:51.0252 4480 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
18:36:51.0652 4480 srv - ok
18:36:51.0698 4480 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
18:36:51.0907 4480 srv2 - ok
18:36:51.0959 4480 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
18:36:52.0307 4480 srvnet - ok
18:36:52.0401 4480 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
18:36:52.0552 4480 SSDPSRV - ok
18:36:52.0619 4480 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
18:36:52.0820 4480 ssmdrv - ok
18:36:53.0070 4480 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
18:36:53.0284 4480 SstpSvc - ok
18:36:53.0344 4480 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
18:36:53.0632 4480 stexstor - ok
18:36:53.0853 4480 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
18:36:54.0067 4480 StiSvc - ok
18:36:54.0150 4480 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
18:36:54.0317 4480 swenum - ok
18:36:54.0380 4480 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
18:36:54.0612 4480 swprv - ok
18:36:54.0727 4480 SynTP (069e5728e565bd401347cb94732c4733) C:\windows\system32\DRIVERS\SynTP.sys
18:36:55.0031 4480 SynTP - ok
18:36:55.0119 4480 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
18:36:55.0273 4480 SysMain - ok
18:36:55.0334 4480 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
18:36:55.0532 4480 TabletInputService - ok
18:36:55.0598 4480 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
18:36:55.0826 4480 TapiSrv - ok
18:36:55.0913 4480 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
18:36:56.0177 4480 TBS - ok
18:36:56.0350 4480 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
18:36:56.0649 4480 Tcpip - ok
18:36:56.0743 4480 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
18:36:56.0836 4480 TCPIP6 - ok
18:36:56.0958 4480 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
18:36:57.0317 4480 tcpipreg - ok
18:36:57.0394 4480 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
18:36:57.0686 4480 TDPIPE - ok
18:36:57.0879 4480 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
18:36:58.0237 4480 TDTCP - ok
18:36:58.0486 4480 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
18:36:58.0812 4480 tdx - ok
18:36:58.0961 4480 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
18:36:59.0214 4480 TermDD - ok
18:36:59.0291 4480 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
18:36:59.0544 4480 TermService - ok
18:36:59.0633 4480 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
18:36:59.0821 4480 Themes - ok
18:36:59.0877 4480 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
18:36:59.0979 4480 THREADORDER - ok
18:37:00.0029 4480 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
18:37:00.0247 4480 TrkWks - ok
18:37:00.0318 4480 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
18:37:00.0658 4480 TrustedInstaller - ok
18:37:00.0777 4480 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
18:37:01.0321 4480 tssecsrv - ok
18:37:01.0451 4480 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
18:37:01.0739 4480 TsUsbFlt - ok
18:37:01.0861 4480 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
18:37:01.0969 4480 tunnel - ok
18:37:02.0019 4480 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
18:37:02.0213 4480 uagp35 - ok
18:37:02.0288 4480 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
18:37:02.0538 4480 udfs - ok
18:37:02.0680 4480 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
18:37:02.0799 4480 UI0Detect - ok
18:37:02.0883 4480 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
18:37:03.0057 4480 uliagpkx - ok
18:37:03.0113 4480 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
18:37:03.0302 4480 umbus - ok
18:37:03.0358 4480 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
18:37:03.0570 4480 UmPass - ok
18:37:03.0671 4480 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
18:37:03.0809 4480 upnphost - ok
18:37:03.0866 4480 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
18:37:04.0232 4480 USBAAPL - ok
18:37:04.0331 4480 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
18:37:04.0609 4480 usbccgp - ok
18:37:04.0717 4480 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
18:37:04.0917 4480 usbcir - ok
18:37:04.0968 4480 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
18:37:05.0285 4480 usbehci - ok
18:37:05.0397 4480 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
18:37:05.0741 4480 usbhub - ok
18:37:05.0802 4480 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\DRIVERS\usbohci.sys
18:37:06.0218 4480 usbohci - ok
18:37:06.0494 4480 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
18:37:06.0856 4480 usbprint - ok
18:37:06.0959 4480 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
18:37:07.0296 4480 usbscan - ok
18:37:07.0408 4480 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:37:07.0804 4480 USBSTOR - ok
18:37:07.0904 4480 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
18:37:08.0233 4480 usbuhci - ok
18:37:08.0346 4480 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
18:37:08.0689 4480 usbvideo - ok
18:37:08.0867 4480 uvnc_service (6da5bd7f379500c8473bb9ef23fbeb60) C:\Program Files\UltraVNC\WinVNC.exe
18:37:08.0992 4480 uvnc_service - ok
18:37:09.0073 4480 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
18:37:09.0276 4480 UxSms - ok
18:37:09.0333 4480 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:37:09.0387 4480 VaultSvc - ok
18:37:09.0460 4480 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
18:37:09.0648 4480 vdrvroot - ok
18:37:09.0717 4480 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
18:37:10.0019 4480 vds - ok
18:37:10.0111 4480 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
18:37:10.0318 4480 vga - ok
18:37:10.0367 4480 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
18:37:10.0477 4480 VgaSave - ok
18:37:10.0538 4480 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
18:37:10.0737 4480 vhdmp - ok
18:37:10.0820 4480 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
18:37:10.0988 4480 viaagp - ok
18:37:11.0042 4480 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
18:37:11.0292 4480 ViaC7 - ok
18:37:11.0342 4480 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
18:37:11.0744 4480 viaide - ok
18:37:11.0814 4480 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
18:37:12.0071 4480 volmgr - ok
18:37:12.0186 4480 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
18:37:12.0274 4480 volmgrx - ok
18:37:12.0343 4480 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
18:37:12.0529 4480 volsnap - ok
18:37:12.0596 4480 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
18:37:12.0915 4480 vsmraid - ok
18:37:13.0041 4480 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
18:37:13.0372 4480 VSS - ok
18:37:13.0433 4480 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
18:37:13.0662 4480 vwifibus - ok
18:37:13.0770 4480 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
18:37:14.0113 4480 vwififlt - ok
18:37:14.0212 4480 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
18:37:14.0540 4480 vwifimp - ok
18:37:14.0611 4480 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
18:37:14.0840 4480 W32Time - ok
18:37:14.0917 4480 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
18:37:15.0253 4480 WacomPen - ok
18:37:15.0385 4480 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
18:37:15.0748 4480 WANARP - ok
18:37:15.0767 4480 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
18:37:15.0856 4480 Wanarpv6 - ok
18:37:16.0007 4480 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
18:37:16.0353 4480 WatAdminSvc - ok
18:37:16.0447 4480 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
18:37:16.0878 4480 wbengine - ok
18:37:16.0964 4480 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
18:37:17.0232 4480 WbioSrvc - ok
18:37:17.0300 4480 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
18:37:17.0422 4480 wcncsvc - ok
18:37:17.0483 4480 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
18:37:17.0751 4480 WcsPlugInService - ok
18:37:17.0803 4480 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
18:37:18.0130 4480 Wd - ok
18:37:18.0212 4480 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
18:37:18.0598 4480 Wdf01000 - ok
18:37:18.0773 4480 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
18:37:19.0038 4480 WdiServiceHost - ok
18:37:19.0069 4480 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
18:37:19.0134 4480 WdiSystemHost - ok
18:37:19.0232 4480 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
18:37:19.0435 4480 WebClient - ok
18:37:19.0505 4480 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
18:37:19.0736 4480 Wecsvc - ok
18:37:19.0785 4480 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
18:37:19.0900 4480 wercplsupport - ok
18:37:20.0037 4480 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
18:37:20.0149 4480 WerSvc - ok
18:37:20.0277 4480 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
18:37:20.0504 4480 WfpLwf - ok
18:37:20.0550 4480 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
18:37:20.0862 4480 WIMMount - ok
18:37:20.0985 4480 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:37:21.0217 4480 WinDefend - ok
18:37:21.0254 4480 WinHttpAutoProxySvc - ok
18:37:21.0374 4480 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
18:37:21.0612 4480 Winmgmt - ok
18:37:21.0754 4480 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
18:37:22.0010 4480 WinRM - ok
18:37:22.0173 4480 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
18:37:22.0381 4480 WinUsb - ok
18:37:22.0460 4480 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
18:37:22.0783 4480 Wlansvc - ok
18:37:22.0912 4480 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
18:37:23.0011 4480 WmiAcpi - ok
18:37:23.0115 4480 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
18:37:23.0368 4480 wmiApSrv - ok
18:37:23.0514 4480 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:37:23.0741 4480 WMPNetworkSvc - ok
18:37:23.0828 4480 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
18:37:24.0077 4480 WPCSvc - ok
18:37:24.0131 4480 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
18:37:24.0328 4480 WPDBusEnum - ok
18:37:24.0388 4480 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
18:37:24.0516 4480 ws2ifsl - ok
18:37:24.0577 4480 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
18:37:24.0653 4480 wscsvc - ok
18:37:24.0681 4480 WSearch - ok
18:37:24.0828 4480 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
18:37:25.0006 4480 wuauserv - ok
18:37:25.0075 4480 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
18:37:25.0482 4480 WudfPf - ok
18:37:25.0601 4480 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
18:37:26.0000 4480 WUDFRd - ok
18:37:26.0145 4480 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
18:37:26.0371 4480 wudfsvc - ok
18:37:26.0433 4480 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
18:37:26.0614 4480 WwanSvc - ok
18:37:26.0715 4480 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
18:37:26.0842 4480 yukonw7 - ok
18:37:26.0984 4480 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
18:37:27.0560 4480 \Device\Harddisk0\DR0 - ok
18:37:27.0603 4480 Boot (0x1200) (193ed5a42ec8212eb6b548774a8464a0) \Device\Harddisk0\DR0\Partition0
18:37:27.0607 4480 \Device\Harddisk0\DR0\Partition0 - ok
18:37:27.0623 4480 Boot (0x1200) (a91ada52c45bc9c29574c8a6b82acfd7) \Device\Harddisk0\DR0\Partition1
18:37:27.0628 4480 \Device\Harddisk0\DR0\Partition1 - ok
18:37:27.0629 4480 ============================================================
18:37:27.0630 4480 Scan finished
18:37:27.0630 4480 ============================================================
18:37:27.0665 4864 Detected object count: 2
18:37:27.0665 4864 Actual detected object count: 2
18:49:06.0684 4864 ISODisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:06.0685 4864 ISODisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:06.0686 4864 Rezip ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:06.0686 4864 Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.04.2012, 18:07
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2012, 22:52
| #23 |
| | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Ok, hier das ComboFix .log. Beste Grüße Code:
ATTFilter ComboFix 12-04-06.03 - ******* 06.04.2012 19:26:07.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1790.1050 [GMT 2:00]
ausgeführt von:: c:\users\*******\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: McAfee VirusScan *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-06 bis 2012-04-06 ))))))))))))))))))))))))))))))
.
.
2012-04-06 17:41 . 2012-04-06 17:41 -------- d-----w- c:\users\*******\AppData\Local\temp
2012-04-06 17:41 . 2012-04-06 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 12:52 . 2012-04-06 12:52 -------- d-----w- C:\_OTL
2012-04-02 18:21 . 2012-04-02 18:21 -------- d-----w- c:\program files\ESET
2012-03-31 14:52 . 2012-03-31 14:52 -------- d-----w- c:\users\*******\AppData\Roaming\Malwarebytes
2012-03-31 14:51 . 2012-03-31 14:51 -------- d-----w- c:\programdata\Malwarebytes
2012-03-31 14:51 . 2012-03-31 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-31 14:51 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 19:22 . 2012-03-27 19:22 -------- d-----w- c:\users\*******\AppData\Roaming\FreeCommander
2012-03-27 19:22 . 2012-03-27 19:22 -------- d-----w- c:\program files\FreeCommander
2012-03-18 12:22 . 2012-03-18 12:22 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 12:22 . 2012-03-18 12:22 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-18 10:30 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-18 10:30 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-17 12:55 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 12:55 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-17 12:54 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-17 12:54 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-17 12:54 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-17 12:53 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-17 12:53 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-17 12:53 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-18 10:24 . 2011-05-28 12:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 19:59 . 2012-02-15 19:59 40960 ----a-r- c:\users\*******\AppData\Roaming\Microsoft\Installer\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}\ARPPRODUCTICON.exe
2012-03-18 12:22 . 2012-02-19 11:43 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-04 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-09 13797920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2012\mshaktuell.exe [2011-11-27 1380464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^*******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-20 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-14 691696]
S1 ISODisk;ISODisk; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2011-05-18 2016504]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-01 64032]
S3 rtl819xp;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-) PCI NIC-NT-Treiber;c:\windows\system32\DRIVERS\rtl819xp.sys [2011-01-06 559208]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 03098852
*Deregistered* - 03098852
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-04 16:16]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 23:02]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 23:02]
.
2012-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-14 11:22]
.
2012-03-03 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-14 11:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mejxpefa.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-06 19:47:05
ComboFix-quarantined-files.txt 2012-04-06 17:47
.
Vor Suchlauf: 10 Verzeichnis(se), 177.469.444.096 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 177.146.875.904 Bytes frei
.
- - End Of File - - 380457F5A44DBFE61C898A4842E720AE
|
|
06.04.2012, 23:13
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.04.2012, 12:21
| #25 |
| | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Hallo Arne, anbei die Logs: gmer Code:
ATTFilter GMER 1.0.15.15641 - httpwww.gmer.net
Rootkit scan 2012-04-07 110916
Windows 6.1.7601 Service Pack 1 Harddisk0DR0 - DeviceIdeIdeDeviceP0T0L0-0 ST9250315AS rev.0001SDM1
Running gmer.exe; Driver CUser*******AppDataLocalTemppxldrpod.sys
---- System - GMER 1.0.15 ----
SSDT 8F908FE6 ZwCreateSection
SSDT 8F908FEB ZwSetContextThread
SSDT 8F908F87 ZwTerminateProcess
Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link DriverMcAfee, Inc.) ZwCreateFile [0x8F7D47A8]
Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link DriverMcAfee, Inc.) ZwCreateProcess [0x8F7D473D]
Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link DriverMcAfee, Inc.) ZwCreateProcessEx [0x8F7D4751]
Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link DriverMcAfee, Inc.) ZwCreateUserProcess [0x8F7D4767]
Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link DriverMcAfee, Inc.) ZwOpenProcess [0x8F7D4715]
Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link DriverMcAfee, Inc.) ZwOpenThread [0x8F7D4729]
Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link DriverMcAfee, Inc.) ZwProtectVirtualMemory [0x8F7D47BC]
Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link DriverMcAfee, Inc.) ZwSetInformationProcess [0x8F7D477B]
Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link DriverMcAfee, Inc.) NtCreateFile
Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link DriverMcAfee, Inc.) NtOpenProcess
Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link DriverMcAfee, Inc.) NtOpenThread
Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link DriverMcAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey + 13BD 8307D979 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8309D4F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 830A487C 4 Bytes [E6, 8F, 90, 8F]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 830A4C1C 4 Bytes [EB, 8F, 90, 8F]
.text ntoskrnl.exe!KeRemoveQueueEx + 1937 830A4CF4 4 Bytes [87, 8F, 90, 8F]
---- User code sections - GMER 1.0.15 ----
.text cPROGRA~1COMMON~1mcafeemcproxymcproxy.exe[2080] kernel32.dll!LoadLibraryA 7793DC65 5 Bytes JMP 0041C130 cPROGRA~1COMMON~1mcafeemcproxymcproxy.exe (McAfee Proxy Service ModuleMcAfee, Inc.)
.text cPROGRA~1COMMON~1mcafeemcproxymcproxy.exe[2080] kernel32.dll!LoadLibraryW 7793EF42 5 Bytes JMP 0041C1B0 cPROGRA~1COMMON~1mcafeemcproxymcproxy.exe (McAfee Proxy Service ModuleMcAfee, Inc.)
---- User IATEAT - GMER 1.0.15 ----
IAT Cwindowssystem32rundll32.exe[2128] @ Cwindowssystem32USER32.dll [KERNEL32.dll!GetProcAddress] [7582FFF6] Cwindowssystem32apphelp.dll (Clientbibliothek für AnwendungskompatibilitätMicrosoft Corporation)
IAT Cwindowssystem32rundll32.exe[2128] @ Cwindowssystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [7582FFF6] Cwindowssystem32apphelp.dll (Clientbibliothek für AnwendungskompatibilitätMicrosoft Corporation)
IAT Cwindowssystem32rundll32.exe[2128] @ Cwindowssystem32SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7582FFF6] Cwindowssystem32apphelp.dll (Clientbibliothek für AnwendungskompatibilitätMicrosoft Corporation)
IAT Cwindowssystem32rundll32.exe[2128] @ Cwindowssystem32ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7582FFF6] Cwindowssystem32apphelp.dll (Clientbibliothek für AnwendungskompatibilitätMicrosoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice FileSystemNtfs Ntfs mfehidk.sys (Host Intrusion Detection Link DriverMcAfee, Inc.)
AttachedDevice Driverkbdclass DeviceKeyboardClass0 Wdf01000.sys (Kernelmodustreiber-FrameworklaufzeitMicrosoft Corporation)
AttachedDevice Driverkbdclass DeviceKeyboardClass1 Wdf01000.sys (Kernelmodustreiber-FrameworklaufzeitMicrosoft Corporation)
Device DriverACPI_HAL Device00000051 halmacpi.dll (Hardware Abstraction Layer DLLMicrosoft Corporation)
AttachedDevice Drivertdx DeviceTcp Mpfp.sys (McAfee Personal Firewall Plus DriverMcAfee, Inc.)
AttachedDevice Drivervolmgr DeviceHarddiskVolume1 fvevol.sys (BitLocker Drive Encryption DriverMicrosoft Corporation)
AttachedDevice Drivervolmgr DeviceHarddiskVolume2 fvevol.sys (BitLocker Drive Encryption DriverMicrosoft Corporation)
AttachedDevice Drivervolmgr DeviceHarddiskVolume3 fvevol.sys (BitLocker Drive Encryption DriverMicrosoft Corporation)
AttachedDevice Drivertdx DeviceUdp Mpfp.sys (McAfee Personal Firewall Plus DriverMcAfee, Inc.)
AttachedDevice Drivertdx DeviceRawIp Mpfp.sys (McAfee Personal Firewall Plus DriverMcAfee, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLMSYSTEMCurrentControlSetservicesBTHPORTParametersKeys00242cda6c4a
Reg HKLMSYSTEMCurrentControlSetservicesBTHPORTParametersKeys002556e975c9
Reg HKLMSYSTEMCurrentControlSetservicesBTHPORTParametersKeys0c6076bc0cd9
Reg HKLMSYSTEMCurrentControlSetservicesBTHPORTParametersKeys0c6076bc0cd9@001e45cb5727 0xCF 0xD4 0x08 0xEC ...
Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@p0 CProgram FilesDAEMON Tools Lite
Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0xB4 0x9B 0x89 ...
Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001
Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001@hdf12 0x4D 0xDE 0x20 0xA9 ...
Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001gdq0
Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001gdq0@hdf12 0x47 0xAE 0x27 0xAD ...
Reg HKLMSYSTEMControlSet002servicesBTHPORTParametersKeys00242cda6c4a (not active ControlSet)
Reg HKLMSYSTEMControlSet002servicesBTHPORTParametersKeys002556e975c9 (not active ControlSet)
Reg HKLMSYSTEMControlSet002servicesBTHPORTParametersKeys0c6076bc0cd9 (not active ControlSet)
Reg HKLMSYSTEMControlSet002servicesBTHPORTParametersKeys0c6076bc0cd9@001e45cb5727 0xCF 0xD4 0x08 0xEC ...
Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@p0 CProgram FilesDAEMON Tools Lite
Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0xB4 0x9B 0x89 ...
Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001@hdf12 0x4D 0xDE 0x20 0xA9 ...
Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001gdq0 (not active ControlSet)
Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001gdq0@hdf12 0x47 0xAE 0x27 0xAD ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 11:31:11 on 07.04.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 11.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "McDefragTask.job" - "McAfee, Inc." - c:\PROGRA~1\mcafee\mqc\QcConsol.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "McQcTask.job" - "McAfee, Inc." - c:\PROGRA~1\mcafee\mqc\QcConsol.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\******\AppData\Local\Temp\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys "ISODisk" (ISODisk) - ? - C:\windows\system32\drivers\ISODisk.sys (File found, but it contains no detailed information) "Logitech SetPoint KMDF HID Filter Driver" (LHidFilt) - "Logitech, Inc." - C:\windows\System32\DRIVERS\LHidFilt.Sys "Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\windows\System32\DRIVERS\LMouFilt.Sys "McAfee Inc. mfeavfk" (mfeavfk) - "McAfee, Inc." - C:\windows\System32\drivers\mfeavfk.sys "McAfee Inc. mfebopk" (mfebopk) - "McAfee, Inc." - C:\windows\System32\drivers\mfebopk.sys "McAfee Inc. mfehidk" (mfehidk) - "McAfee, Inc." - C:\windows\System32\drivers\mfehidk.sys "McAfee Inc. mferkdk" (mferkdk) - "McAfee, Inc." - C:\windows\System32\drivers\mferkdk.sys "McAfee Inc. mfesmfk" (mfesmfk) - "McAfee, Inc." - C:\windows\System32\drivers\mfesmfk.sys "pxldrpod" (pxldrpod) - ? - C:\Users\******\AppData\Local\Temp\pxldrpod.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\windows\system32\nvcpl.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {27B4851A-3207-45A2-B947-BE8AFE6163AB} "McAfee Phishing Filter" - ? - c:\progra~1\mcafee\msk\mskapbho.dll {B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan\scriptsn.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) "WISO Mein Steuer-Sparbuch heute.lnk" - "Buhl Tax Service, Hannover" - C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "mcagent_exe" - "McAfee, Inc." - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup "PDVD8LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "RemoteControl8" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Application Updater" (Application Updater) - ? - "C:\Program Files\Application Updater\ApplicationUpdater.exe" (File not found) "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "McAfee Anti-Spam Service" (MSK80Service) - "McAfee, Inc." - C:\Program Files\McAfee\MSK\MskSrver.exe "McAfee Application Installer Cleanup (0049671333748672)" (0049671333748672mcinstcleanup) - "McAfee, Inc." - C:\windows\TEMP\004967~1.EXE "McAfee Network Agent" (McNASvc) - "McAfee, Inc." - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe "McAfee Personal Firewall Service" (MpfService) - "McAfee, Inc." - C:\Program Files\McAfee\MPF\MPFSrv.exe "McAfee Proxy Service" (McProxy) - "McAfee, Inc." - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe "McAfee Real-time Scanner" (McShield) - "McAfee, Inc." - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe "McAfee Scanner" (McODS) - "McAfee, Inc." - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe "McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe "McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\windows\system32\nvvsvc.exe "Rezip" (Rezip) - ? - C:\windows\SYSTEM32\Rezip.exe "uvnc_service" (uvnc_service) - "UltraVNC" - C:\Program Files\UltraVNC\WinVNC.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-07 11:42:51
-----------------------------
11:42:51.987 OS Version: Windows 6.1.7601 Service Pack 1
11:42:51.988 Number of processors: 2 586 0x1C02
11:42:52.005 ComputerName: ION510 UserName:
11:42:53.945 Initialize success
11:44:16.931 AVAST engine defs: 12040700
11:45:14.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:45:14.978 Disk 0 Vendor: ST9250315AS 0001SDM1 Size: 238475MB BusType: 3
11:45:15.167 Disk 0 MBR read successfully
11:45:15.181 Disk 0 MBR scan
11:45:15.236 Disk 0 unknown MBR code
11:45:15.286 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
11:45:15.400 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
11:45:15.508 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223013 MB offset 31664128
11:45:15.605 Disk 0 scanning sectors +488395120
11:45:16.312 Disk 0 scanning C:\windows\system32\drivers
11:47:35.858 Service scanning
11:48:44.700 Modules scanning
11:52:18.709 Disk 0 trace - called modules:
11:52:18.820 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:52:18.837 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8584c8c0]
11:52:18.855 3 CLASSPNP.SYS[88fdc59e] -> nt!IofCallDriver -> [0x85806918]
11:52:18.873 5 ACPI.sys[88a153d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84b2a610]
11:52:19.855 AVAST engine scan C:\windows
11:54:38.436 AVAST engine scan C:\windows\system32
12:22:17.124 AVAST engine scan C:\windows\system32\drivers
12:27:50.236 AVAST engine scan C:\Users\******
12:43:49.154 AVAST engine scan C:\ProgramData
12:45:52.116 Scan finished successfully
13:12:18.505 Disk 0 MBR has been saved successfully to "C:\Users\******\Desktop\MBR.dat"
13:12:18.529 The log file has been saved successfully to "C:\Users\******\Desktop\aswMBR.txt"
|
|
07.04.2012, 18:11
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.04.2012, 20:02
| #27 |
| | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Hallo Arne, hab mich leider länger nicht mit der Sache beschäftigen können. Anbei jetzt der aswMBR log Beste Grüße Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-30 20:04:07
-----------------------------
20:04:07.505 OS Version: Windows 6.1.7601 Service Pack 1
20:04:07.505 Number of processors: 2 586 0x1C02
20:04:07.521 ComputerName: ****** UserName:
20:04:46.960 Initialize success
20:05:06.054 AVAST engine defs: 12043000
20:06:51.666 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:06:51.666 Disk 0 Vendor: ST9250315AS 0001SDM1 Size: 238475MB BusType: 3
20:06:51.697 Disk 0 MBR read successfully
20:06:51.713 Disk 0 MBR scan
20:06:51.713 Disk 0 Windows 7 default MBR code
20:06:51.744 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
20:06:51.775 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
20:06:51.791 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223013 MB offset 31664128
20:06:51.822 Disk 0 scanning sectors +488395120
20:06:51.916 Disk 0 scanning C:\windows\system32\drivers
20:08:08.505 Service scanning
20:08:51.749 Modules scanning
20:09:06.759 Disk 0 trace - called modules:
20:09:06.806 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:09:06.821 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854a3030]
20:09:06.837 3 CLASSPNP.SYS[88c1559e] -> nt!IofCallDriver -> [0x854e6918]
20:09:06.868 5 ACPI.sys[88a203d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85421030]
20:09:08.054 AVAST engine scan C:\windows
20:09:25.962 AVAST engine scan C:\windows\system32
20:20:47.983 AVAST engine scan C:\windows\system32\drivers
20:21:28.310 AVAST engine scan C:\Users\**********
20:38:54.618 AVAST engine scan C:\ProgramData
20:40:53.833 Scan finished successfully
20:41:51.508 Disk 0 MBR has been saved successfully to "C:\Users\**********\Desktop\MBR.dat"
20:41:51.539 The log file has been saved successfully to "C:\Users\**********\Desktop\aswMBR_2.txt"
|
|
01.05.2012, 14:07
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2012, 18:05
| #29 |
| | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Hi, anbei die Logs mbam Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.01.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 ********** :: ***********[Administrator] 01.05.2012 15:28:21 mbam-log-2012-05-01 (15-28-21).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 309006 Laufzeit: 3 Stunde(n), 42 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 05/02/2012 at 00:30 AM
Application Version : 5.0.1148
Core Rules Database Version : 8537
Trace Rules Database Version: 6349
Scan type : Complete Scan
Total Scan Time : 03:59:02
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 877
Memory threats detected : 0
Registry items scanned : 34176
Registry threats detected : 0
File items scanned : 166731
File threats detected : 67
Adware.Tracking Cookie
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\*******@doubleclick[2].txt [ /doubleclick ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\*******@smartadserver[2].txt [ /smartadserver ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\*******@smartadserver[3].txt [ /smartadserver ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\RZORVARE.txt [ /doubleclick.net ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\HR1AAB8O.txt [ /www.googleadservices.com ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\6IKZM0Q9.txt [ /ad2.adfarm1.adition.com ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\4LQXQTOC.txt [ /adform.net ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\Y1VQBS7O.txt [ /atdmt.com ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\UX0LYJ6Y.txt [ /zanox-affiliate.de ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\AQ7A8I12.txt [ /www.zanox-affiliate.de ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\FKJ3PW9L.txt [ /ad.360yield.com ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\6JZEF8SU.txt [ /www.windowsmedia.com ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\JB12JYJB.txt [ /ad.dyntracker.de ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\WAS0EYJM.txt [ /revsci.net ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\2EQ0YIFB.txt [ /tracking.quisma.com ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\G3EFGLNO.txt [ /fastclick.net ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\UP1LIRVL.txt [ /server.adform.net ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\3M94QP24.txt [ /serving-sys.com ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\YEZT8WDE.txt [ /imrworldwide.com ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\JYEKISCV.txt [ /adfarm1.adition.com ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\R5XFE2KC.txt [ /apmebf.com ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\MNH7NPJI.txt [ /smartadserver.com ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\6BVTC3YJ.txt [ /mediaplex.com ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\UK8W7D9A.txt [ /adx.chip.de ]
C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\HR4F44KB.txt [ /zanox.com ]
C:\USERS\*******\AppData\Roaming\Microsoft\Windows\Cookies\Low\*******@doubleclick[1].txt [ Cookie:*******@doubleclick.net/ ]
C:\USERS\*******\AppData\Roaming\Microsoft\Windows\Cookies\Low\*******@revsci[1].txt [ Cookie:*******@revsci.net/ ]
C:\USERS\*******\AppData\Roaming\Microsoft\Windows\Cookies\Low\*******@mediaplex[1].txt [ Cookie:*******@mediaplex.com/ ]
C:\USERS\*******\Cookies\RZORVARE.txt [ Cookie:*******@doubleclick.net/ ]
C:\USERS\*******\Cookies\HR1AAB8O.txt [ Cookie:*******@www.googleadservices.com/pagead/conversion/995553404/ ]
C:\USERS\*******\Cookies\6IKZM0Q9.txt [ Cookie:*******@ad2.adfarm1.adition.com/ ]
C:\USERS\*******\Cookies\4LQXQTOC.txt [ Cookie:*******@adform.net/ ]
C:\USERS\*******\Cookies\Y1VQBS7O.txt [ Cookie:*******@atdmt.com/ ]
C:\USERS\*******\Cookies\UX0LYJ6Y.txt [ Cookie:*******@zanox-affiliate.de/ ]
C:\USERS\*******\Cookies\6JZEF8SU.txt [ Cookie:*******@www.windowsmedia.com/ ]
C:\USERS\*******\Cookies\JB12JYJB.txt [ Cookie:*******@ad.dyntracker.de/ ]
C:\USERS\*******\Cookies\WAS0EYJM.txt [ Cookie:*******@revsci.net/ ]
C:\USERS\*******\Cookies\2EQ0YIFB.txt [ Cookie:*******@tracking.quisma.com/ ]
C:\USERS\*******\Cookies\G3EFGLNO.txt [ Cookie:*******@fastclick.net/ ]
C:\USERS\*******\Cookies\UP1LIRVL.txt [ Cookie:*******@server.adform.net/ ]
C:\USERS\*******\Cookies\3M94QP24.txt [ Cookie:*******@serving-sys.com/ ]
C:\USERS\*******\Cookies\YEZT8WDE.txt [ Cookie:*******@imrworldwide.com/cgi-bin ]
C:\USERS\*******\Cookies\JYEKISCV.txt [ Cookie:*******@adfarm1.adition.com/ ]
C:\USERS\*******\Cookies\MNH7NPJI.txt [ Cookie:*******@smartadserver.com/ ]
C:\USERS\*******\Cookies\6BVTC3YJ.txt [ Cookie:*******@mediaplex.com/ ]
C:\USERS\*******\Cookies\*******@smartadserver[3].txt [ Cookie:*******@smartadserver.com/ ]
C:\USERS\*******\Cookies\HR4F44KB.txt [ Cookie:*******@zanox.com/ ]
C:\USERS\*******\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\*******@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]
C:\USERS\*******\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\*******@APMEBF[1].TXT [ /APMEBF ]
C:\USERS\*******\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\*******@BLUESTREAK[1].TXT [ /BLUESTREAK ]
C:\USERS\*******\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\*******@PAYPAL.112.2O7[1].TXT [ /PAYPAL.112.2O7 ]
C:\USERS\*******\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\*******@STATS.PAYPAL[2].TXT [ /STATS.PAYPAL ]
C:\USERS\*******\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\*******@WWW.ETRACKER[1].TXT [ /WWW.ETRACKER ]
.xiti.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\COOKIES.SQLITE ]
clicks.stylefruits.de [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\COOKIES.SQLITE ]
.tracking.3gnet.de [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\COOKIES.SQLITE ]
search.freefind.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\COOKIES.SQLITE ]
a.visualrevenue.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\COOKIES.SQLITE ]
Adware.Toolbar-Dealio
C:\_OTL\MOVEDFILES\04062012_145208\C_PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE
C:\_OTL\MOVEDFILES\04062012_145208\C_PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE
|
|
02.05.2012, 18:58
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust |
| antivir, antivir guard, avgnt, avira, avira meldung, backdoor.agent.rcgen, computer, cpu, dateisystem, daten verlust, desktop, error, firefox, flash player, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, installation, locker, mozilla, pdfforge toolbar, phishing, plug-in, problem, realtek, registry, rundll, security, siteadvisor, software, sparbuch, svchost.exe, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.zpack.gen8, windows 7 home, windows 7 home premium |
Linear-Darstellung
