Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 24.04.2012, 21:40   #16
peanu
 
tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer - Standard

tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer



Den Fix habe ich jetzt auch ausgeführt:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
HKU\S-1-5-21-2780499411-348196821-419369589-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2780499411-348196821-419369589-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-2780499411-348196821-419369589-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2780499411-348196821-419369589-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-2780499411-348196821-419369589-1002\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_USERS\S-1-5-21-2780499411-348196821-419369589-1002\Software\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_USERS\S-1-5-21-2780499411-348196821-419369589-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
========== FILES ==========
C:\Users\************\AppData\Local\Opera\Opera\cache\sesn folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\revocation\g_0000 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\revocation folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_007F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_007E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_007D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_007C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_007B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_007A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0079 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0078 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0077 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0076 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0075 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0074 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0073 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0072 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0071 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0070 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_006F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_006E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_006D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_006C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_006B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_006A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0069 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0068 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0067 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0066 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0065 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0064 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0063 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0062 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0061 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0060 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_005F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_005E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_005D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_005C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_005B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_005A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0059 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0058 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0057 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0056 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0055 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0054 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0053 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0052 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0051 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0050 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_004F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_004E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_004D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_004C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_004B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_004A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0049 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0048 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0047 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0046 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0045 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0044 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0043 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0042 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0041 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0040 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_003F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_003E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_003D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_003C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_003B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_003A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0039 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0038 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0037 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0036 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0035 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0034 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0033 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0032 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0031 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0030 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_002F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_002E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_002D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_002C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_002B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_002A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0029 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0028 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0027 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0026 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0025 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0024 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0023 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0022 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0021 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0020 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_001F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_001E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_001D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_001C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_001B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_001A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0019 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0018 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0017 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0016 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0015 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0014 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0013 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0012 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0011 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0010 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_000F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_000E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_000D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_000C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_000B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_000A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0009 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0008 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0007 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0006 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0005 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0004 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0003 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0002 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0001 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0000 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\sesn folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_0078 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_004C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_004B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_0049 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_0035 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_001F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_0006 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_0004 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ************
->Temp folder emptied: 216484954 bytes
->Temporary Internet Files folder emptied: 30253477 bytes
->Java cache emptied: 21633 bytes
->Google Chrome cache emptied: 211672970 bytes
->Flash cache emptied: 10317 bytes
 
User: Gast
->Temp folder emptied: 1323859 bytes
->Temporary Internet Files folder emptied: 1592634 bytes
->Opera cache emptied: 16224297 bytes
->Flash cache emptied: 1074 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68530768 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 700426959 bytes
 
Total Files Cleaned = 1.189,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: ************
->Flash cache emptied: 0 bytes
 
User: Gast
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04242012_222044

Files\Folders moved on Reboot...
C:\Users\************\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 25.04.2012, 10:36   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer - Standard

tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________

__________________

Alt 26.04.2012, 05:52   #18
peanu
 
tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer - Standard

tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer



TDDS ist ausgeführt worden, hier der Log:

Code:
ATTFilter
06:44:47.0286 4484	TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
06:44:47.0516 4484	============================================================
06:44:47.0516 4484	Current date / time: 2012/04/26 06:44:47.0516
06:44:47.0516 4484	SystemInfo:
06:44:47.0516 4484	
06:44:47.0516 4484	OS Version: 6.1.7601 ServicePack: 1.0
06:44:47.0516 4484	Product type: Workstation
06:44:47.0516 4484	ComputerName: SCHLEPPI
06:44:47.0516 4484	UserName: **************
06:44:47.0516 4484	Windows directory: C:\windows
06:44:47.0516 4484	System windows directory: C:\windows
06:44:47.0516 4484	Running under WOW64
06:44:47.0516 4484	Processor architecture: Intel x64
06:44:47.0516 4484	Number of processors: 4
06:44:47.0516 4484	Page size: 0x1000
06:44:47.0516 4484	Boot type: Normal boot
06:44:47.0516 4484	============================================================
06:44:51.0612 4484	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:44:51.0623 4484	============================================================
06:44:51.0623 4484	\Device\Harddisk0\DR0:
06:44:51.0644 4484	MBR partitions:
06:44:51.0644 4484	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
06:44:51.0644 4484	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x22629000
06:44:51.0644 4484	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x226BF800, BlocksNum 0x236D800
06:44:51.0644 4484	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x24A2D000, BlocksNum 0x9FD800
06:44:51.0644 4484	============================================================
06:44:51.0690 4484	C: <-> \Device\Harddisk0\DR0\Partition1
06:44:51.0789 4484	E: <-> \Device\Harddisk0\DR0\Partition2
06:44:51.0827 4484	F: <-> \Device\Harddisk0\DR0\Partition3
06:44:51.0827 4484	============================================================
06:44:51.0827 4484	Initialize success
06:44:51.0827 4484	============================================================
06:45:47.0286 5244	============================================================
06:45:47.0286 5244	Scan started
06:45:47.0287 5244	Mode: Manual; SigCheck; TDLFS; 
06:45:47.0287 5244	============================================================
06:45:48.0009 5244	1394ohci        (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
06:45:48.0163 5244	1394ohci - ok
06:45:48.0218 5244	Accelerometer   (7a330a42870eb1fa81f88be514d2d566) C:\windows\system32\DRIVERS\Accelerometer.sys
06:45:48.0296 5244	Accelerometer - ok
06:45:48.0406 5244	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
06:45:48.0437 5244	ACDaemon - ok
06:45:48.0499 5244	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
06:45:48.0530 5244	ACPI - ok
06:45:48.0562 5244	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
06:45:48.0624 5244	AcpiPmi - ok
06:45:48.0730 5244	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:45:48.0746 5244	AdobeARMservice - ok
06:45:48.0872 5244	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:45:48.0902 5244	AdobeFlashPlayerUpdateSvc - ok
06:45:48.0961 5244	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
06:45:48.0986 5244	adp94xx - ok
06:45:49.0027 5244	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
06:45:49.0044 5244	adpahci - ok
06:45:49.0064 5244	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
06:45:49.0074 5244	adpu320 - ok
06:45:49.0114 5244	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
06:45:49.0274 5244	AeLookupSvc - ok
06:45:49.0386 5244	AESTFilters     (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
06:45:49.0446 5244	AESTFilters - ok
06:45:49.0569 5244	Afc             (6ccd1135320109d6b219f1a6e04ad9f6) C:\windows\syswow64\drivers\Afc.sys
06:45:49.0597 5244	Afc - ok
06:45:49.0660 5244	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
06:45:49.0741 5244	AFD - ok
06:45:49.0788 5244	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
06:45:49.0819 5244	agp440 - ok
06:45:49.0834 5244	ALG             (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
06:45:49.0928 5244	ALG - ok
06:45:49.0959 5244	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
06:45:49.0975 5244	aliide - ok
06:45:50.0006 5244	AMD External Events Utility (c08ade825268d291afe06eda71415c7d) C:\windows\system32\atiesrxx.exe
06:45:50.0115 5244	AMD External Events Utility - ok
06:45:50.0131 5244	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
06:45:50.0146 5244	amdide - ok
06:45:50.0178 5244	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
06:45:50.0240 5244	AmdK8 - ok
06:45:50.0754 5244	amdkmdag        (f59a32a90c4f96189cd74473f7be572b) C:\windows\system32\DRIVERS\atikmdag.sys
06:45:51.0023 5244	amdkmdag - ok
06:45:51.0196 5244	amdkmdap        (0327723d45a7bb7c1fe4835eb784ac61) C:\windows\system32\DRIVERS\atikmpag.sys
06:45:51.0255 5244	amdkmdap - ok
06:45:51.0295 5244	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
06:45:51.0341 5244	AmdPPM - ok
06:45:51.0404 5244	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
06:45:51.0419 5244	amdsata - ok
06:45:51.0451 5244	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
06:45:51.0466 5244	amdsbs - ok
06:45:51.0497 5244	amdxata         (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
06:45:51.0513 5244	amdxata - ok
06:45:51.0607 5244	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
06:45:51.0622 5244	AntiVirSchedulerService - ok
06:45:51.0653 5244	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
06:45:51.0669 5244	AntiVirService - ok
06:45:51.0700 5244	AppID           (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
06:45:51.0866 5244	AppID - ok
06:45:51.0897 5244	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
06:45:51.0963 5244	AppIDSvc - ok
06:45:51.0988 5244	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
06:45:52.0069 5244	Appinfo - ok
06:45:52.0128 5244	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\windows\System32\appmgmts.dll
06:45:52.0203 5244	AppMgmt - ok
06:45:52.0239 5244	arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
06:45:52.0253 5244	arc - ok
06:45:52.0278 5244	arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
06:45:52.0292 5244	arcsas - ok
06:45:52.0355 5244	ARCVCAM         (357635f16d28558c50870f4ef8aa4712) C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
06:45:52.0374 5244	ARCVCAM - ok
06:45:52.0474 5244	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
06:45:52.0558 5244	aspnet_state - ok
06:45:52.0585 5244	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
06:45:52.0664 5244	AsyncMac - ok
06:45:52.0719 5244	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
06:45:52.0741 5244	atapi - ok
06:45:52.0809 5244	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
06:45:52.0879 5244	AudioEndpointBuilder - ok
06:45:52.0895 5244	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
06:45:52.0926 5244	AudioSrv - ok
06:45:52.0973 5244	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\windows\system32\DRIVERS\avgntflt.sys
06:45:52.0989 5244	avgntflt - ok
06:45:53.0082 5244	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\windows\system32\DRIVERS\avipbb.sys
06:45:53.0098 5244	avipbb - ok
06:45:53.0191 5244	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys
06:45:53.0207 5244	avkmgr - ok
06:45:53.0269 5244	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
06:45:53.0408 5244	AxInstSV - ok
06:45:53.0464 5244	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
06:45:53.0534 5244	b06bdrv - ok
06:45:53.0591 5244	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
06:45:53.0647 5244	b57nd60a - ok
06:45:53.0740 5244	BBSvc           (28a4012e68bc9597bcb9b26b51aac4b6) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
06:45:53.0768 5244	BBSvc - ok
06:45:53.0827 5244	BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
06:45:53.0851 5244	BBUpdate - ok
06:45:53.0879 5244	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
06:45:53.0948 5244	BDESVC - ok
06:45:53.0970 5244	Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
06:45:54.0039 5244	Beep - ok
06:45:54.0115 5244	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
06:45:54.0212 5244	BFE - ok
06:45:54.0303 5244	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
06:45:54.0444 5244	BITS - ok
06:45:54.0522 5244	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
06:45:54.0569 5244	blbdrive - ok
06:45:54.0913 5244	Bluetooth Device Manager (94a6341079918db7bf799ee897bd2563) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
06:45:55.0047 5244	Bluetooth Device Manager - ok
06:45:55.0169 5244	Bluetooth Media Service (7e76bf0972822a9b63fd55a73df3eed6) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
06:45:55.0216 5244	Bluetooth Media Service - ok
06:45:55.0250 5244	Bluetooth OBEX Service (f7d36e135bf9274bb3435f95e7fad339) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
06:45:55.0270 5244	Bluetooth OBEX Service - ok
06:45:55.0346 5244	Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
06:45:55.0384 5244	Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
06:45:55.0384 5244	Bonjour Service - detected UnsignedFile.Multi.Generic (1)
06:45:55.0507 5244	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
06:45:55.0578 5244	bowser - ok
06:45:55.0606 5244	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
06:45:55.0666 5244	BrFiltLo - ok
06:45:55.0691 5244	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
06:45:55.0735 5244	BrFiltUp - ok
06:45:55.0787 5244	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
06:45:55.0856 5244	Browser - ok
06:45:55.0904 5244	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
06:45:55.0982 5244	Brserid - ok
06:45:56.0013 5244	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
06:45:56.0060 5244	BrSerWdm - ok
06:45:56.0107 5244	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
06:45:56.0154 5244	BrUsbMdm - ok
06:45:56.0185 5244	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
06:45:56.0232 5244	BrUsbSer - ok
06:45:56.0294 5244	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
06:45:56.0357 5244	BthEnum - ok
06:45:56.0403 5244	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
06:45:56.0435 5244	BTHMODEM - ok
06:45:56.0472 5244	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
06:45:56.0508 5244	BthPan - ok
06:45:56.0579 5244	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
06:45:56.0622 5244	BTHPORT - ok
06:45:56.0673 5244	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
06:45:56.0735 5244	bthserv - ok
06:45:56.0757 5244	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
06:45:56.0789 5244	BTHUSB - ok
06:45:56.0825 5244	btmaudio        (bd21a9c1e361f9ad74407b38a55f36b0) C:\windows\system32\drivers\btmaud.sys
06:45:56.0894 5244	btmaudio - ok
06:45:56.0922 5244	BTMCOM          (6d3ff2b480f7ab8da103cbc7fbeacd48) C:\windows\system32\Drivers\btmcom.sys
06:45:56.0998 5244	BTMCOM - ok
06:45:57.0063 5244	BTMUSB          (b64cfabe65e241c784bb9f301795449b) C:\windows\system32\Drivers\btmusb.sys
06:45:57.0134 5244	BTMUSB - ok
06:45:57.0167 5244	cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
06:45:57.0233 5244	cdfs - ok
06:45:57.0279 5244	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
06:45:57.0324 5244	cdrom - ok
06:45:57.0361 5244	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
06:45:57.0442 5244	CertPropSvc - ok
06:45:57.0473 5244	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
06:45:57.0520 5244	circlass - ok
06:45:57.0629 5244	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
06:45:57.0661 5244	CLFS - ok
06:45:57.0754 5244	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:45:57.0770 5244	clr_optimization_v2.0.50727_32 - ok
06:45:57.0848 5244	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:45:57.0879 5244	clr_optimization_v2.0.50727_64 - ok
06:45:57.0957 5244	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:45:58.0072 5244	clr_optimization_v4.0.30319_32 - ok
06:45:58.0115 5244	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:45:58.0165 5244	clr_optimization_v4.0.30319_64 - ok
06:45:58.0198 5244	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
06:45:58.0226 5244	CmBatt - ok
06:45:58.0276 5244	cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
06:45:58.0334 5244	cmdide - ok
06:45:58.0423 5244	CNG             (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
06:45:58.0483 5244	CNG - ok
06:45:58.0515 5244	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
06:45:58.0526 5244	Compbatt - ok
06:45:58.0560 5244	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
06:45:58.0592 5244	CompositeBus - ok
06:45:58.0595 5244	COMSysApp - ok
06:45:58.0641 5244	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
06:45:58.0665 5244	crcdisk - ok
06:45:58.0693 5244	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
06:45:58.0754 5244	CryptSvc - ok
06:45:58.0817 5244	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\windows\system32\drivers\csc.sys
06:45:58.0900 5244	CSC - ok
06:45:58.0969 5244	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\windows\System32\cscsvc.dll
06:45:59.0043 5244	CscService - ok
06:45:59.0089 5244	DAMDrv          (b9aac23bcc9326e5e50d937fecb7dcb5) C:\windows\system32\DRIVERS\DAMDrv64.sys
06:45:59.0089 5244	DAMDrv - ok
06:45:59.0152 5244	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
06:45:59.0230 5244	DcomLaunch - ok
06:45:59.0277 5244	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
06:45:59.0323 5244	defragsvc - ok
06:45:59.0386 5244	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
06:45:59.0464 5244	DfsC - ok
06:45:59.0511 5244	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
06:45:59.0589 5244	Dhcp - ok
06:45:59.0628 5244	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
06:45:59.0726 5244	discache - ok
06:45:59.0757 5244	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
06:45:59.0768 5244	Disk - ok
06:45:59.0786 5244	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\windows\system32\drivers\dmvsc.sys
06:45:59.0851 5244	dmvsc - ok
06:45:59.0892 5244	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
06:45:59.0962 5244	Dnscache - ok
06:46:00.0010 5244	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
06:46:00.0065 5244	dot3svc - ok
06:46:00.0201 5244	DpHost          (aa224b1ba5b2093de97d6fcddcf5d13b) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
06:46:00.0228 5244	DpHost - ok
06:46:00.0257 5244	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
06:46:00.0306 5244	DPS - ok
06:46:00.0347 5244	drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
06:46:00.0402 5244	drmkaud - ok
06:46:00.0492 5244	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
06:46:00.0528 5244	DXGKrnl - ok
06:46:00.0557 5244	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
06:46:00.0596 5244	EapHost - ok
06:46:00.0799 5244	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
06:46:00.0877 5244	ebdrv - ok
06:46:00.0986 5244	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
06:46:01.0064 5244	EFS - ok
06:46:01.0167 5244	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
06:46:01.0243 5244	ehRecvr - ok
06:46:01.0268 5244	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
06:46:01.0325 5244	ehSched - ok
06:46:01.0426 5244	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
06:46:01.0457 5244	elxstor - ok
06:46:01.0467 5244	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
06:46:01.0494 5244	ErrDev - ok
06:46:01.0561 5244	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
06:46:01.0635 5244	EventSystem - ok
06:46:01.0689 5244	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
06:46:01.0763 5244	exfat - ok
06:46:01.0795 5244	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
06:46:01.0850 5244	fastfat - ok
06:46:01.0936 5244	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
06:46:02.0010 5244	Fax - ok
06:46:02.0044 5244	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
06:46:02.0058 5244	fdc - ok
06:46:02.0089 5244	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
06:46:02.0166 5244	fdPHost - ok
06:46:02.0212 5244	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
06:46:02.0275 5244	FDResPub - ok
06:46:02.0322 5244	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
06:46:02.0337 5244	FileInfo - ok
06:46:02.0353 5244	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
06:46:02.0400 5244	Filetrace - ok
06:46:02.0509 5244	FLCDLOCK        (551034d58aaafe0ebb087cd4c7767eb8) c:\Windows\SysWOW64\flcdlock.exe
06:46:02.0540 5244	FLCDLOCK - ok
06:46:02.0634 5244	FLEXnet Licensing Service (3d9b36631032fde0ffea0dc0260e4e35) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:46:02.0649 5244	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
06:46:02.0649 5244	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
06:46:02.0757 5244	FLEXnet Licensing Service 64 (52c0312ab35eb7187015fb6a99136bb5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
06:46:02.0822 5244	FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - warning
06:46:02.0822 5244	FLEXnet Licensing Service 64 - detected UnsignedFile.Multi.Generic (1)
06:46:02.0963 5244	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
06:46:02.0993 5244	flpydisk - ok
06:46:03.0049 5244	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
06:46:03.0079 5244	FltMgr - ok
06:46:03.0159 5244	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
06:46:03.0246 5244	FontCache - ok
06:46:03.0314 5244	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:46:03.0330 5244	FontCache3.0.0.0 - ok
06:46:03.0362 5244	FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
06:46:03.0374 5244	FsDepends - ok
06:46:03.0454 5244	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
06:46:03.0480 5244	Fs_Rec - ok
06:46:03.0569 5244	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
06:46:03.0598 5244	fvevol - ok
06:46:03.0640 5244	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
06:46:03.0651 5244	gagp30kx - ok
06:46:03.0735 5244	GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
06:46:03.0766 5244	GameConsoleService - ok
06:46:03.0813 5244	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
06:46:03.0875 5244	gpsvc - ok
06:46:03.0906 5244	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
06:46:03.0938 5244	gusvc - ok
06:46:03.0969 5244	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
06:46:04.0016 5244	hcw85cir - ok
06:46:04.0062 5244	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
06:46:04.0125 5244	HdAudAddService - ok
06:46:04.0156 5244	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
06:46:04.0187 5244	HDAudBus - ok
06:46:04.0218 5244	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
06:46:04.0258 5244	HidBatt - ok
06:46:04.0296 5244	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
06:46:04.0332 5244	HidBth - ok
06:46:04.0355 5244	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
06:46:04.0371 5244	HidIr - ok
06:46:04.0400 5244	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
06:46:04.0465 5244	hidserv - ok
06:46:04.0510 5244	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
06:46:04.0525 5244	HidUsb - ok
06:46:04.0552 5244	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
06:46:04.0612 5244	hkmsvc - ok
06:46:04.0688 5244	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
06:46:04.0778 5244	HomeGroupListener - ok
06:46:04.0868 5244	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
06:46:04.0920 5244	HomeGroupProvider - ok
06:46:05.0024 5244	HP Power Assistant Service (02c2108111d9656a9729995d2219fb99) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
06:46:05.0049 5244	HP Power Assistant Service - ok
06:46:05.0141 5244	HP ProtectTools Service (37890fdd25beac6aeda3e2d57f2b29eb) c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
06:46:05.0172 5244	HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
06:46:05.0172 5244	HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
06:46:05.0257 5244	HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
06:46:05.0273 5244	HP Support Assistant Service - ok
06:46:05.0413 5244	hpCMSrv         (d4b198e9b3ce6d05771e116d2d560f2f) c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
06:46:05.0444 5244	hpCMSrv - ok
06:46:05.0507 5244	HPDayStarterService (a9fc4d7ea174bbf5a675b299ffad80a2) c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
06:46:05.0538 5244	HPDayStarterService - ok
06:46:05.0585 5244	HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
06:46:05.0600 5244	HPDrvMntSvc.exe - ok
06:46:05.0741 5244	hpdskflt        (a4be23c451adeb252cd17a0532cae220) C:\windows\system32\DRIVERS\hpdskflt.sys
06:46:05.0756 5244	hpdskflt - ok
06:46:05.0825 5244	HPFSService     (98fab0413c7365c9069994d7ce47f3ec) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
06:46:05.0841 5244	HPFSService ( UnsignedFile.Multi.Generic ) - warning
06:46:05.0841 5244	HPFSService - detected UnsignedFile.Multi.Generic (1)
06:46:05.0911 5244	hpHotkeyMonitor (0adc6afab2b17ffc9c6e24dd1583f888) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
06:46:05.0934 5244	hpHotkeyMonitor - ok
06:46:05.0963 5244	HpqKbFiltr      (b98ee5d4535a685634b90f7e04de0df7) C:\windows\system32\drivers\HpqKbFiltr.sys
06:46:05.0973 5244	HpqKbFiltr - ok
06:46:06.0064 5244	hpqwmiex        (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
06:46:06.0109 5244	hpqwmiex - ok
06:46:06.0145 5244	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
06:46:06.0159 5244	HpSAMD - ok
06:46:06.0198 5244	hpsrv           (a88a45e82bc54bffb49c63973010226a) C:\windows\system32\Hpservice.exe
06:46:06.0218 5244	hpsrv - ok
06:46:06.0271 5244	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
06:46:06.0346 5244	HTTP - ok
06:46:06.0369 5244	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
06:46:06.0376 5244	hwpolicy - ok
06:46:06.0409 5244	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
06:46:06.0418 5244	i8042prt - ok
06:46:06.0476 5244	iaStor          (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
06:46:06.0504 5244	iaStor - ok
06:46:06.0580 5244	IAStorDataMgrSvc (117ff657e0d9bbd61b5c3e71e63d3919) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
06:46:06.0595 5244	IAStorDataMgrSvc - ok
06:46:06.0658 5244	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
06:46:06.0685 5244	iaStorV - ok
06:46:06.0780 5244	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:46:06.0827 5244	idsvc - ok
06:46:07.0407 5244	igfx            (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys
06:46:07.0695 5244	igfx - ok
06:46:07.0801 5244	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
06:46:07.0820 5244	iirsp - ok
06:46:07.0887 5244	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
06:46:07.0964 5244	IKEEXT - ok
06:46:08.0004 5244	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
06:46:08.0011 5244	intelide - ok
06:46:08.0833 5244	intelkmd        (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdpmd64.sys
06:46:09.0143 5244	intelkmd - ok
06:46:09.0256 5244	intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
06:46:09.0306 5244	intelppm - ok
06:46:09.0353 5244	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
06:46:09.0407 5244	IPBusEnum - ok
06:46:09.0441 5244	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
06:46:09.0513 5244	IpFilterDriver - ok
06:46:09.0576 5244	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
06:46:09.0646 5244	iphlpsvc - ok
06:46:09.0687 5244	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
06:46:09.0733 5244	IPMIDRV - ok
06:46:09.0775 5244	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
06:46:09.0836 5244	IPNAT - ok
06:46:09.0856 5244	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
06:46:09.0889 5244	IRENUM - ok
06:46:09.0905 5244	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
06:46:09.0920 5244	isapnp - ok
06:46:09.0967 5244	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
06:46:09.0967 5244	iScsiPrt - ok
06:46:10.0092 5244	jhi_service     (3b794ca0de73790420deba3c759f1502) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
06:46:10.0123 5244	jhi_service - ok
06:46:10.0170 5244	JMCR            (0b44199365a69696109ab9a5855e0841) C:\windows\system32\DRIVERS\jmcr.sys
06:46:10.0201 5244	JMCR - ok
06:46:10.0217 5244	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
06:46:10.0232 5244	kbdclass - ok
06:46:10.0248 5244	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
06:46:10.0295 5244	kbdhid - ok
06:46:10.0341 5244	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:46:10.0373 5244	KeyIso - ok
06:46:10.0373 5244	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
06:46:10.0388 5244	KSecDD - ok
06:46:10.0419 5244	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
06:46:10.0419 5244	KSecPkg - ok
06:46:10.0460 5244	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
06:46:10.0526 5244	ksthunk - ok
06:46:10.0576 5244	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
06:46:10.0649 5244	KtmRm - ok
06:46:10.0712 5244	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
06:46:10.0799 5244	LanmanServer - ok
06:46:10.0834 5244	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
06:46:10.0885 5244	LanmanWorkstation - ok
06:46:10.0915 5244	lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
06:46:10.0945 5244	lltdio - ok
06:46:10.0979 5244	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
06:46:11.0022 5244	lltdsvc - ok
06:46:11.0047 5244	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
06:46:11.0088 5244	lmhosts - ok
06:46:11.0217 5244	LMS             (97f9eaac985a663394cd8f54dcd3e73a) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
06:46:11.0236 5244	LMS - ok
06:46:11.0299 5244	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
06:46:11.0327 5244	LSI_FC - ok
06:46:11.0366 5244	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
06:46:11.0381 5244	LSI_SAS - ok
06:46:11.0423 5244	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
06:46:11.0432 5244	LSI_SAS2 - ok
06:46:11.0458 5244	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
06:46:11.0458 5244	LSI_SCSI - ok
06:46:11.0521 5244	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
06:46:11.0630 5244	luafv - ok
06:46:11.0692 5244	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
06:46:11.0723 5244	MBAMProtector - ok
06:46:11.0801 5244	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
06:46:11.0833 5244	MBAMService - ok
06:46:12.0052 5244	McAfee Endpoint Encryption Agent (80e7e71caaf758bf084bdf13996d52d0) C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
06:46:12.0097 5244	McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - warning
06:46:12.0097 5244	McAfee Endpoint Encryption Agent - detected UnsignedFile.Multi.Generic (1)
06:46:12.0209 5244	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
06:46:12.0262 5244	Mcx2Svc - ok
06:46:12.0331 5244	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
06:46:12.0354 5244	megasas - ok
06:46:12.0384 5244	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
06:46:12.0400 5244	MegaSR - ok
06:46:12.0429 5244	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
06:46:12.0436 5244	MEIx64 - ok
06:46:12.0495 5244	MfeEpePc        (a11f574a809b3751a17815f00c88781f) C:\windows\system32\drivers\MfeEpePc.sys
06:46:12.0522 5244	MfeEpePc - ok
06:46:12.0545 5244	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
06:46:12.0601 5244	MMCSS - ok
06:46:12.0639 5244	Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
06:46:12.0706 5244	Modem - ok
06:46:12.0747 5244	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
06:46:12.0800 5244	monitor - ok
06:46:12.0836 5244	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
06:46:12.0854 5244	mouclass - ok
06:46:12.0887 5244	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
06:46:12.0915 5244	mouhid - ok
06:46:12.0952 5244	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
06:46:12.0964 5244	mountmgr - ok
06:46:12.0996 5244	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
06:46:13.0012 5244	mpio - ok
06:46:13.0043 5244	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
06:46:13.0074 5244	mpsdrv - ok
06:46:13.0152 5244	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
06:46:13.0230 5244	MpsSvc - ok
06:46:13.0262 5244	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
06:46:13.0308 5244	MRxDAV - ok
06:46:13.0371 5244	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
06:46:13.0418 5244	mrxsmb - ok
06:46:13.0480 5244	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
06:46:13.0527 5244	mrxsmb10 - ok
06:46:13.0584 5244	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
06:46:13.0626 5244	mrxsmb20 - ok
06:46:13.0685 5244	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
06:46:13.0702 5244	msahci - ok
06:46:13.0721 5244	msdsm           (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
06:46:13.0731 5244	msdsm - ok
06:46:13.0792 5244	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
06:46:13.0862 5244	MSDTC - ok
06:46:13.0912 5244	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
06:46:13.0990 5244	Msfs - ok
06:46:14.0008 5244	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
06:46:14.0067 5244	mshidkmdf - ok
06:46:14.0104 5244	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
06:46:14.0112 5244	msisadrv - ok
06:46:14.0147 5244	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
06:46:14.0224 5244	MSiSCSI - ok
06:46:14.0248 5244	msiserver - ok
06:46:14.0275 5244	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
06:46:14.0344 5244	MSKSSRV - ok
06:46:14.0348 5244	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
06:46:14.0384 5244	MSPCLOCK - ok
06:46:14.0419 5244	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
06:46:14.0458 5244	MSPQM - ok
06:46:14.0510 5244	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
06:46:14.0550 5244	MsRPC - ok
06:46:14.0567 5244	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
06:46:14.0582 5244	mssmbios - ok
06:46:14.0613 5244	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
06:46:14.0676 5244	MSTEE - ok
06:46:14.0723 5244	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
06:46:14.0769 5244	MTConfig - ok
06:46:14.0816 5244	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
06:46:14.0847 5244	Mup - ok
06:46:14.0894 5244	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
06:46:14.0972 5244	napagent - ok
06:46:15.0019 5244	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
06:46:15.0097 5244	NativeWifiP - ok
06:46:15.0168 5244	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
06:46:15.0200 5244	NDIS - ok
06:46:15.0213 5244	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
06:46:15.0261 5244	NdisCap - ok
06:46:15.0281 5244	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
06:46:15.0306 5244	NdisTapi - ok
06:46:15.0335 5244	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
06:46:15.0413 5244	Ndisuio - ok
06:46:15.0450 5244	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
06:46:15.0530 5244	NdisWan - ok
06:46:15.0563 5244	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
06:46:15.0639 5244	NDProxy - ok
06:46:15.0666 5244	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
06:46:15.0726 5244	NetBIOS - ok
06:46:15.0774 5244	NetBT           (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
06:46:15.0862 5244	NetBT - ok
06:46:15.0901 5244	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:46:15.0910 5244	Netlogon - ok
06:46:15.0958 5244	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
06:46:16.0011 5244	Netman - ok
06:46:16.0105 5244	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:46:16.0136 5244	NetMsmqActivator - ok
06:46:16.0136 5244	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:46:16.0151 5244	NetPipeActivator - ok
06:46:16.0198 5244	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
06:46:16.0276 5244	netprofm - ok
06:46:16.0307 5244	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:46:16.0307 5244	NetTcpActivator - ok
06:46:16.0307 5244	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:46:16.0323 5244	NetTcpPortSharing - ok
06:46:16.0370 5244	nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
06:46:16.0385 5244	nfrd960 - ok
06:46:16.0432 5244	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
06:46:16.0495 5244	NlaSvc - ok
06:46:16.0526 5244	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
06:46:16.0604 5244	Npfs - ok
06:46:16.0619 5244	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
06:46:16.0651 5244	nsi - ok
06:46:16.0684 5244	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
06:46:16.0724 5244	nsiproxy - ok
06:46:16.0842 5244	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
06:46:16.0875 5244	Ntfs - ok
06:46:16.0972 5244	Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
06:46:17.0081 5244	Null - ok
06:46:17.0125 5244	nusb3hub        (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\DRIVERS\nusb3hub.sys
06:46:17.0169 5244	nusb3hub - ok
06:46:17.0231 5244	nusb3xhc        (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\DRIVERS\nusb3xhc.sys
06:46:17.0284 5244	nusb3xhc - ok
06:46:17.0326 5244	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
06:46:17.0355 5244	nvraid - ok
06:46:17.0382 5244	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
06:46:17.0397 5244	nvstor - ok
06:46:17.0435 5244	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
06:46:17.0448 5244	nv_agp - ok
06:46:17.0467 5244	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
06:46:17.0498 5244	ohci1394 - ok
06:46:17.0556 5244	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
06:46:17.0633 5244	p2pimsvc - ok
06:46:17.0674 5244	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
06:46:17.0721 5244	p2psvc - ok
06:46:17.0768 5244	Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
06:46:17.0799 5244	Parport - ok
06:46:17.0830 5244	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
06:46:17.0861 5244	partmgr - ok
06:46:17.0908 5244	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
06:46:17.0939 5244	PcaSvc - ok
06:46:17.0986 5244	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
06:46:18.0017 5244	pci - ok
06:46:18.0033 5244	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
06:46:18.0064 5244	pciide - ok
06:46:18.0095 5244	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
06:46:18.0111 5244	pcmcia - ok
06:46:18.0142 5244	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
06:46:18.0158 5244	pcw - ok
06:46:18.0189 5244	pdfcDispatcher - ok
06:46:18.0269 5244	PdiService      (8f924f00f2f81422fd7c340fda0e00d8) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
06:46:18.0288 5244	PdiService - ok
06:46:18.0344 5244	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
06:46:18.0430 5244	PEAUTH - ok
06:46:18.0528 5244	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\windows\system32\peerdistsvc.dll
06:46:18.0618 5244	PeerDistSvc - ok
06:46:18.0696 5244	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
06:46:18.0743 5244	PerfHost - ok
06:46:18.0935 5244	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
06:46:19.0009 5244	pla - ok
06:46:19.0068 5244	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
06:46:19.0152 5244	PlugPlay - ok
06:46:19.0182 5244	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
06:46:19.0233 5244	PNRPAutoReg - ok
06:46:19.0264 5244	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
06:46:19.0295 5244	PNRPsvc - ok
06:46:19.0342 5244	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
06:46:19.0404 5244	PolicyAgent - ok
06:46:19.0467 5244	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
06:46:19.0529 5244	Power - ok
06:46:19.0591 5244	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
06:46:19.0638 5244	PptpMiniport - ok
06:46:19.0685 5244	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
06:46:19.0716 5244	Processor - ok
06:46:19.0768 5244	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
06:46:19.0850 5244	ProfSvc - ok
06:46:19.0889 5244	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:46:19.0898 5244	ProtectedStorage - ok
06:46:19.0938 5244	Psched          (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
06:46:20.0011 5244	Psched - ok
06:46:20.0134 5244	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
06:46:20.0179 5244	ql2300 - ok
06:46:20.0295 5244	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
06:46:20.0323 5244	ql40xx - ok
06:46:20.0368 5244	QWAVE           (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
06:46:20.0389 5244	QWAVE - ok
06:46:20.0422 5244	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
06:46:20.0476 5244	QWAVEdrv - ok
06:46:20.0498 5244	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
06:46:20.0538 5244	RasAcd - ok
06:46:20.0557 5244	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
06:46:20.0583 5244	RasAgileVpn - ok
06:46:20.0614 5244	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
06:46:20.0666 5244	RasAuto - ok
06:46:20.0692 5244	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
06:46:20.0718 5244	Rasl2tp - ok
06:46:20.0755 5244	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
06:46:20.0802 5244	RasMan - ok
06:46:20.0833 5244	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
06:46:20.0911 5244	RasPppoe - ok
06:46:20.0942 5244	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
06:46:20.0989 5244	RasSstp - ok
06:46:21.0051 5244	rdbss           (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
06:46:21.0098 5244	rdbss - ok
06:46:21.0129 5244	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
06:46:21.0176 5244	rdpbus - ok
06:46:21.0207 5244	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
06:46:21.0270 5244	RDPCDD - ok
06:46:21.0317 5244	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\windows\system32\drivers\rdpdr.sys
06:46:21.0370 5244	RDPDR - ok
06:46:21.0377 5244	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
06:46:21.0436 5244	RDPENCDD - ok
06:46:21.0455 5244	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
06:46:21.0501 5244	RDPREFMP - ok
06:46:21.0548 5244	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
06:46:21.0615 5244	RDPWD - ok
06:46:21.0658 5244	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
06:46:21.0677 5244	rdyboost - ok
06:46:21.0734 5244	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
06:46:21.0801 5244	RemoteAccess - ok
06:46:21.0838 5244	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
06:46:21.0882 5244	RemoteRegistry - ok
06:46:21.0932 5244	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
06:46:21.0985 5244	RFCOMM - ok
06:46:22.0025 5244	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
06:46:22.0076 5244	RpcEptMapper - ok
06:46:22.0102 5244	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
06:46:22.0112 5244	RpcLocator - ok
06:46:22.0165 5244	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
06:46:22.0217 5244	RpcSs - ok
06:46:22.0240 5244	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
06:46:22.0286 5244	rspndr - ok
06:46:22.0355 5244	RTL8167         (2777226ee8bf50b059d7a7c90177e99c) C:\windows\system32\DRIVERS\Rt64win7.sys
06:46:22.0387 5244	RTL8167 - ok
06:46:22.0465 5244	RTL8192Ce       (f33e70e48a54a7a1bfbeeb4f3b273e4a) C:\windows\system32\DRIVERS\rtl8192Ce.sys
06:46:22.0511 5244	RTL8192Ce - ok
06:46:22.0527 5244	s3cap           (e60c0a09f997826c7627b244195ab581) C:\windows\system32\drivers\vms3cap.sys
06:46:22.0558 5244	s3cap - ok
06:46:22.0589 5244	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:46:22.0605 5244	SamSs - ok
06:46:22.0636 5244	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
06:46:22.0652 5244	sbp2port - ok
06:46:22.0683 5244	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
06:46:22.0761 5244	SCardSvr - ok
06:46:22.0808 5244	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
06:46:22.0889 5244	scfilter - ok
06:46:22.0978 5244	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
06:46:23.0066 5244	Schedule - ok
06:46:23.0123 5244	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
06:46:23.0176 5244	SCPolicySvc - ok
06:46:23.0244 5244	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
06:46:23.0273 5244	sdbus - ok
06:46:23.0321 5244	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
06:46:23.0377 5244	SDRSVC - ok
06:46:23.0399 5244	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
06:46:23.0443 5244	secdrv - ok
06:46:23.0467 5244	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
06:46:23.0496 5244	seclogon - ok
06:46:23.0511 5244	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
06:46:23.0563 5244	SENS - ok
06:46:23.0601 5244	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
06:46:23.0668 5244	SensrSvc - ok
06:46:23.0696 5244	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
06:46:23.0733 5244	Serenum - ok
06:46:23.0761 5244	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
06:46:23.0794 5244	Serial - ok
06:46:23.0826 5244	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
06:46:23.0862 5244	sermouse - ok
06:46:23.0925 5244	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
06:46:23.0987 5244	SessionEnv - ok
06:46:24.0050 5244	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
06:46:24.0112 5244	sffdisk - ok
06:46:24.0128 5244	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
06:46:24.0159 5244	sffp_mmc - ok
06:46:24.0190 5244	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
06:46:24.0221 5244	sffp_sd - ok
06:46:24.0268 5244	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
06:46:24.0315 5244	sfloppy - ok
06:46:24.0377 5244	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
06:46:24.0437 5244	SharedAccess - ok
06:46:24.0489 5244	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
06:46:24.0544 5244	ShellHWDetection - ok
06:46:24.0565 5244	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
06:46:24.0573 5244	SiSRaid2 - ok
06:46:24.0607 5244	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
06:46:24.0616 5244	SiSRaid4 - ok
06:46:24.0648 5244	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
06:46:24.0753 5244	Smb - ok
06:46:24.0830 5244	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
06:46:24.0875 5244	SNMPTRAP - ok
06:46:24.0923 5244	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
06:46:24.0946 5244	spldr - ok
06:46:24.0996 5244	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
06:46:25.0044 5244	Spooler - ok
06:46:25.0218 5244	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
06:46:25.0350 5244	sppsvc - ok
06:46:25.0478 5244	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
06:46:25.0572 5244	sppuinotify - ok
06:46:25.0759 5244	SPUVCbv         (201dd8f0f943584a857da0ae93adf2dd) C:\windows\system32\Drivers\SPUVCbv_x64.sys
06:46:25.0853 5244	SPUVCbv - ok
06:46:26.0014 5244	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
06:46:26.0073 5244	srv - ok
06:46:26.0127 5244	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
06:46:26.0154 5244	srv2 - ok
06:46:26.0183 5244	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
06:46:26.0220 5244	srvnet - ok
06:46:26.0281 5244	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
06:46:26.0367 5244	SSDPSRV - ok
06:46:26.0414 5244	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
06:46:26.0471 5244	SstpSvc - ok
06:46:26.0587 5244	STacSV          (0cdea5acbb69c45f642e96d81e906ccd) C:\Program Files\IDT\WDM\STacSV64.exe
06:46:26.0620 5244	STacSV - ok
06:46:26.0708 5244	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
06:46:26.0733 5244	stexstor - ok
06:46:27.0048 5244	STHDA           (5c8d6072d1d09f11789c6a014688048a) C:\windows\system32\DRIVERS\stwrt64.sys
06:46:27.0079 5244	STHDA - ok
06:46:27.0391 5244	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
06:46:27.0469 5244	stisvc - ok
06:46:27.0500 5244	storflt         (7785dc213270d2fc066538daf94087e7) C:\windows\system32\drivers\vmstorfl.sys
06:46:27.0525 5244	storflt - ok
06:46:27.0568 5244	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\windows\system32\storsvc.dll
06:46:27.0627 5244	StorSvc - ok
06:46:27.0663 5244	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\windows\system32\drivers\storvsc.sys
06:46:27.0676 5244	storvsc - ok
06:46:27.0693 5244	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
06:46:27.0705 5244	swenum - ok
06:46:27.0767 5244	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
06:46:27.0826 5244	swprv - ok
06:46:27.0907 5244	SynTP           (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\drivers\SynTP.sys
06:46:27.0958 5244	SynTP - ok
06:46:28.0147 5244	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
06:46:28.0210 5244	SysMain - ok
06:46:28.0319 5244	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
06:46:28.0353 5244	TabletInputService - ok
06:46:28.0388 5244	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
06:46:28.0439 5244	TapiSrv - ok
06:46:28.0473 5244	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
06:46:28.0499 5244	TBS - ok
06:46:28.0648 5244	Tcpip           (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
06:46:28.0711 5244	Tcpip - ok
06:46:28.0929 5244	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
06:46:28.0991 5244	TCPIP6 - ok
06:46:29.0114 5244	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
06:46:29.0184 5244	tcpipreg - ok
06:46:29.0211 5244	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
06:46:29.0252 5244	TDPIPE - ok
06:46:29.0292 5244	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
06:46:29.0319 5244	TDTCP - ok
06:46:29.0348 5244	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
06:46:29.0410 5244	tdx - ok
06:46:29.0451 5244	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
06:46:29.0474 5244	TermDD - ok
06:46:29.0552 5244	TermService     (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
06:46:29.0636 5244	TermService - ok
06:46:29.0658 5244	Themes          (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
06:46:29.0712 5244	Themes - ok
06:46:29.0765 5244	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
06:46:29.0809 5244	THREADORDER - ok
06:46:29.0837 5244	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
06:46:29.0890 5244	TrkWks - ok
06:46:29.0952 5244	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
06:46:30.0042 5244	TrustedInstaller - ok
06:46:30.0077 5244	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
06:46:30.0155 5244	tssecsrv - ok
06:46:30.0186 5244	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
06:46:30.0249 5244	TsUsbFlt - ok
06:46:30.0280 5244	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
06:46:30.0311 5244	TsUsbGD - ok
06:46:30.0358 5244	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
06:46:30.0405 5244	tunnel - ok
06:46:30.0436 5244	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
06:46:30.0451 5244	uagp35 - ok
06:46:30.0627 5244	uArcCapture     (d5994ab5c2b2d72d6320a7004d52617c) C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
06:46:30.0650 5244	uArcCapture - ok
06:46:30.0720 5244	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
06:46:30.0800 5244	udfs - ok
06:46:30.0842 5244	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
06:46:30.0853 5244	UI0Detect - ok
06:46:30.0888 5244	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
06:46:30.0898 5244	uliagpkx - ok
06:46:30.0908 5244	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
06:46:30.0937 5244	umbus - ok
06:46:30.0981 5244	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
06:46:31.0032 5244	UmPass - ok
06:46:31.0078 5244	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\windows\System32\umrdp.dll
06:46:31.0111 5244	UmRdpService - ok
06:46:31.0331 5244	UNS             (a69cd6bdb82872999d2e46f9324ada83) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
06:46:31.0371 5244	UNS - ok
06:46:31.0502 5244	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
06:46:31.0560 5244	upnphost - ok
06:46:31.0615 5244	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
06:46:31.0677 5244	usbccgp - ok
06:46:31.0724 5244	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
06:46:31.0787 5244	usbcir - ok
06:46:31.0802 5244	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
06:46:31.0833 5244	usbehci - ok
06:46:31.0896 5244	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\drivers\usbhub.sys
06:46:31.0927 5244	usbhub - ok
06:46:31.0958 5244	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
06:46:32.0005 5244	usbohci - ok
06:46:32.0052 5244	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
06:46:32.0083 5244	usbprint - ok
06:46:32.0114 5244	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
06:46:32.0161 5244	USBSTOR - ok
06:46:32.0194 5244	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
06:46:32.0233 5244	usbuhci - ok
06:46:32.0280 5244	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
06:46:32.0328 5244	usbvideo - ok
06:46:32.0365 5244	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
06:46:32.0427 5244	UxSms - ok
06:46:32.0457 5244	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:46:32.0466 5244	VaultSvc - ok
06:46:32.0682 5244	vcsFPService    (41eef971dd82a3674d07f275a4def702) C:\windows\system32\vcsFPService.exe
06:46:32.0740 5244	vcsFPService - ok
06:46:32.0852 5244	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
06:46:32.0878 5244	vdrvroot - ok
06:46:32.0938 5244	vds             (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
06:46:32.0996 5244	vds - ok
06:46:33.0039 5244	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
06:46:33.0070 5244	vga - ok
06:46:33.0092 5244	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
06:46:33.0156 5244	VgaSave - ok
06:46:33.0200 5244	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
06:46:33.0231 5244	vhdmp - ok
06:46:33.0247 5244	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
06:46:33.0262 5244	viaide - ok
06:46:33.0278 5244	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\windows\system32\drivers\vmbus.sys
06:46:33.0293 5244	vmbus - ok
06:46:33.0325 5244	VMBusHID        (7de90b48f210d29649380545db45a187) C:\windows\system32\drivers\VMBusHID.sys
06:46:33.0340 5244	VMBusHID - ok
06:46:33.0387 5244	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
06:46:33.0418 5244	volmgr - ok
06:46:33.0465 5244	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
06:46:33.0481 5244	volmgrx - ok
06:46:33.0543 5244	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
06:46:33.0574 5244	volsnap - ok
06:46:33.0590 5244	vpcbus          (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\windows\system32\drivers\vpchbus.sys
06:46:33.0605 5244	vpcbus - ok
06:46:33.0652 5244	vpcnfltr        (8acda395841538ce9713a67fe8b2a3eb) C:\windows\system32\DRIVERS\vpcnfltr.sys
06:46:33.0683 5244	vpcnfltr - ok
06:46:33.0715 5244	vpcusb          (31924e31bc315773e6d149b157db46d5) C:\windows\system32\DRIVERS\vpcusb.sys
06:46:33.0765 5244	vpcusb - ok
06:46:33.0827 5244	vpcvmm          (510d250a08c09850f5c78ca2011b3b62) C:\windows\system32\drivers\vpcvmm.sys
06:46:33.0856 5244	vpcvmm - ok
06:46:33.0901 5244	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
06:46:33.0913 5244	vsmraid - ok
06:46:34.0012 5244	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
06:46:34.0084 5244	VSS - ok
06:46:34.0202 5244	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
06:46:34.0237 5244	vwifibus - ok
06:46:34.0341 5244	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
06:46:34.0407 5244	vwififlt - ok
06:46:34.0452 5244	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
06:46:34.0477 5244	vwifimp - ok
06:46:34.0532 5244	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
06:46:34.0608 5244	W32Time - ok
06:46:34.0652 5244	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
06:46:34.0694 5244	WacomPen - ok
06:46:34.0738 5244	WANARP          (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
06:46:34.0800 5244	WANARP - ok
06:46:34.0800 5244	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
06:46:34.0832 5244	Wanarpv6 - ok
06:46:34.0941 5244	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
06:46:34.0988 5244	WatAdminSvc - ok
06:46:35.0097 5244	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
06:46:35.0175 5244	wbengine - ok
06:46:35.0318 5244	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
06:46:35.0358 5244	WbioSrvc - ok
06:46:35.0383 5244	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
06:46:35.0420 5244	wcncsvc - ok
06:46:35.0457 5244	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
06:46:35.0523 5244	WcsPlugInService - ok
06:46:35.0584 5244	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
06:46:35.0610 5244	Wd - ok
06:46:35.0679 5244	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
06:46:35.0713 5244	Wdf01000 - ok
06:46:35.0746 5244	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
06:46:35.0834 5244	WdiServiceHost - ok
06:46:35.0836 5244	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
06:46:35.0849 5244	WdiSystemHost - ok
06:46:35.0886 5244	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
06:46:35.0923 5244	WebClient - ok
06:46:35.0960 5244	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
06:46:36.0017 5244	Wecsvc - ok
06:46:36.0056 5244	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
06:46:36.0123 5244	wercplsupport - ok
06:46:36.0146 5244	WerSvc          (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
06:46:36.0192 5244	WerSvc - ok
06:46:36.0248 5244	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
06:46:36.0307 5244	WfpLwf - ok
06:46:36.0323 5244	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
06:46:36.0323 5244	WIMMount - ok
06:46:36.0354 5244	WinDefend - ok
06:46:36.0370 5244	WinHttpAutoProxySvc - ok
06:46:36.0432 5244	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
06:46:36.0526 5244	Winmgmt - ok
06:46:36.0666 5244	WinRM           (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
06:46:36.0728 5244	WinRM - ok
06:46:36.0842 5244	WinUSB          (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUSB.sys
06:46:36.0873 5244	WinUSB - ok
06:46:36.0972 5244	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
06:46:37.0053 5244	Wlansvc - ok
06:46:37.0281 5244	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:46:37.0343 5244	wlidsvc - ok
06:46:37.0443 5244	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
06:46:37.0490 5244	WmiAcpi - ok
06:46:37.0572 5244	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
06:46:37.0616 5244	wmiApSrv - ok
06:46:37.0665 5244	WMPNetworkSvc - ok
06:46:37.0691 5244	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
06:46:37.0725 5244	WPCSvc - ok
06:46:37.0749 5244	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
06:46:37.0780 5244	WPDBusEnum - ok
06:46:37.0807 5244	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
06:46:37.0861 5244	ws2ifsl - ok
06:46:37.0892 5244	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
06:46:37.0908 5244	wscsvc - ok
06:46:37.0923 5244	WSearch - ok
06:46:38.0032 5244	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
06:46:38.0126 5244	wuauserv - ok
06:46:38.0282 5244	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
06:46:38.0360 5244	WudfPf - ok
06:46:38.0417 5244	WUDFRd          (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
06:46:38.0480 5244	WUDFRd - ok
06:46:38.0521 5244	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
06:46:38.0547 5244	wudfsvc - ok
06:46:38.0601 5244	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
06:46:38.0662 5244	WwanSvc - ok
06:46:38.0720 5244	XobniService    (a35820791f940822c31908f58f91d973) C:\Program Files (x86)\Xobni\XobniService.exe
06:46:38.0740 5244	XobniService - ok
06:46:38.0791 5244	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:46:38.0902 5244	\Device\Harddisk0\DR0 - ok
06:46:38.0912 5244	Boot (0x1200)   (426f608e5b98faf1ccbfbb19ffd8ecd5) \Device\Harddisk0\DR0\Partition0
06:46:38.0915 5244	\Device\Harddisk0\DR0\Partition0 - ok
06:46:38.0931 5244	Boot (0x1200)   (415de9c235d0b5bcfb7f4a6dabb775d2) \Device\Harddisk0\DR0\Partition1
06:46:38.0933 5244	\Device\Harddisk0\DR0\Partition1 - ok
06:46:38.0965 5244	Boot (0x1200)   (34d2bb38022f8b0e2fd9340b23e127c0) \Device\Harddisk0\DR0\Partition2
06:46:38.0967 5244	\Device\Harddisk0\DR0\Partition2 - ok
06:46:38.0984 5244	Boot (0x1200)   (033008fdfa50785153bcfad1c4000e11) \Device\Harddisk0\DR0\Partition3
06:46:38.0985 5244	\Device\Harddisk0\DR0\Partition3 - ok
06:46:38.0986 5244	============================================================
06:46:38.0986 5244	Scan finished
06:46:38.0986 5244	============================================================
06:46:39.0002 5804	Detected object count: 6
06:46:39.0003 5804	Actual detected object count: 6
06:47:06.0516 5804	Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
06:47:06.0516 5804	Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:47:06.0520 5804	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
06:47:06.0520 5804	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:47:06.0522 5804	FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - skipped by user
06:47:06.0523 5804	FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:47:06.0524 5804	HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
06:47:06.0524 5804	HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:47:06.0526 5804	HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
06:47:06.0526 5804	HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:47:06.0527 5804	McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - skipped by user
06:47:06.0527 5804	McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Grüße
Alex
__________________

Alt 26.04.2012, 09:29   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer - Standard

tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.04.2012, 22:04   #20
peanu
 
tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer - Standard

tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer



Hallo,
habe es jetzt erst geschafft Combofix auszuführen. Hier wäre die Logdatei

Code:
ATTFilter
ComboFix 12-04-28.01 - *********** 29.04.2012  11:04:37.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4030.1988 [GMT 2:00]
ausgeführt von:: c:\users\Erwin Rõuberle\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\bdaplgin.ax
c:\windows\SysWow64\cero.rs
c:\windows\SysWow64\csrr.rs
c:\windows\SysWow64\DextUVCB.ax
c:\windows\SysWow64\esrb.rs
c:\windows\SysWow64\g711codc.ax
c:\windows\SysWow64\grb.rs
c:\windows\SysWow64\iac25_32.ax
c:\windows\SysWow64\ir41_32.ax
c:\windows\SysWow64\ivfsrc.ax
c:\windows\SysWow64\ksproxy.ax
c:\windows\SysWow64\kstvtune.ax
c:\windows\SysWow64\Kswdmcap.ax
c:\windows\SysWow64\ksxbar.ax
c:\windows\SysWow64\Mpeg2Data.ax
c:\windows\SysWow64\mpg2splt.ax
c:\windows\SysWow64\MSDvbNP.ax
c:\windows\SysWow64\MSNP.ax
c:\windows\SysWow64\oflc.rs
c:\windows\SysWow64\pegi-fi.rs
c:\windows\SysWow64\pegi-pt.rs
c:\windows\SysWow64\pegi.rs
c:\windows\SysWow64\pegibbfc.rs
c:\windows\SysWow64\psisrndr.ax
c:\windows\SysWow64\usk.rs
c:\windows\SysWow64\VBICodec.ax
c:\windows\SysWow64\vbisurf.ax
c:\windows\SysWow64\vidcap.ax
c:\windows\SysWow64\WEB.rs
c:\windows\SysWow64\WSTPager.ax
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-28 bis 2012-04-29  ))))))))))))))))))))))))))))))
.
.
2012-04-29 09:10 . 2012-04-29 09:10	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2012-04-29 09:10 . 2012-04-29 09:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-29 08:04 . 2012-04-13 08:46	8917360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{556476DA-B1AF-4F66-ABED-F65815952918}\mpengine.dll
2012-04-24 20:20 . 2012-04-24 20:20	--------	d-----w-	C:\_OTL
2012-04-19 04:54 . 2012-04-19 04:54	--------	d-----w-	c:\programdata\Synaptics
2012-04-18 04:25 . 2012-04-18 04:25	--------	d-----w-	c:\users\***********\AppData\Local\CrashDumps
2012-04-16 04:29 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-16 04:29 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-16 04:29 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-04-16 04:29 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-04-16 04:29 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-16 04:29 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-04-16 04:29 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-04-15 19:54 . 2012-04-15 19:54	--------	d-----w-	c:\program files (x86)\ESET
2012-04-01 18:07 . 2012-04-01 18:07	--------	d-----w-	c:\users\***********\AppData\Roaming\Malwarebytes
2012-04-01 18:07 . 2012-04-01 18:07	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-01 18:07 . 2012-04-15 20:00	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-01 18:07 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 21:11 . 2012-03-29 19:32	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-15 21:11 . 2012-02-15 22:07	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-15 21:10 . 2012-03-29 20:10	8741536	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-18 09:06 . 2012-03-18 09:06	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-02-23 21:23 . 2012-02-23 21:23	4448256	----a-w-	c:\windows\SysWow64\GPhotos.scr
2012-02-23 08:18 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 05:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 05:38	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 05:38	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 05:38	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-15 19:47 . 2010-06-24 19:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-10 06:36 . 2012-03-14 05:38	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 05:38	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-01-31 17:38 . 2012-01-31 17:38	3120	----a-w-	c:\windows\SysWow64\drivers\wdfjibi.sys
2012-01-31 07:56 . 2012-02-15 21:04	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-01-31 07:56 . 2012-02-15 21:04	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HP HD Webcam [Fixed]_Monitor"="c:\program files (x86)\HP HD Webcam [Fixed]\monitor.exe" [2010-11-26 11:31 267128]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-14 343168]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-11-10 169528]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***********\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-05-09 23:43	75320	----a-w-	c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-03-07 62184]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2011-02-28 1189968]
R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-05-09 464440]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-04-05 1094712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2011-02-16 680016]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-02-09 1318912]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2011-02-09 4151376]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-31 1028096]
S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:11]
.
2012-04-29 c:\windows\Tasks\HPCeeScheduleFor***********.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-04-24 c:\windows\Tasks\HPCeeScheduleForSCHLEPPI$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\***********\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\***********\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\***********\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\***********\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2011-02-16 21709904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2011-02-09 200704]
"combofix"="c:\combofix\CF20832.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-29  11:23:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-29 09:23
.
Vor Suchlauf: 13 Verzeichnis(se), 190.568.488.960 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 189.982.425.088 Bytes frei
.
- - End Of File - - 89AC5488D1B253A4FA00B7B6B344D202
         
Grüße Alex


Alt 30.04.2012, 12:41   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer - Standard

tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr", dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
--> tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer

Alt 03.05.2012, 06:01   #22
peanu
 
tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer - Standard

tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer



Jetzt habe ich es endlich geschafft das Tool auszuführen.

Hier ist der Log:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-03 06:38:26
-----------------------------
06:38:26.296    OS Version: Windows x64 6.1.7601 Service Pack 1
06:38:26.296    Number of processors: 4 586 0x2A07
06:38:26.296    ComputerName: SCHLEPPI  UserName: 
06:38:27.263    Initialize success
06:41:00.201    AVAST engine defs: 12050201
06:41:46.692    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:41:46.692    Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
06:41:46.708    Disk 0 MBR read successfully
06:41:46.708    Disk 0 MBR scan
06:41:46.723    Disk 0 Windows 7 default MBR code
06:41:46.723    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          300 MB offset 2048
06:41:46.755    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       281682 MB offset 616448
06:41:46.786    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        18139 MB offset 577501184
06:41:46.833    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     5115 MB offset 614649856
06:41:46.895    Disk 0 scanning C:\windows\system32\drivers
06:41:58.533    Service scanning
06:42:33.648    Modules scanning
06:42:33.664    Disk 0 trace - called modules:
06:42:33.711    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll 
06:42:33.726    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d5a060]
06:42:33.726    3 CLASSPNP.SYS[fffff88001b9143f] -> nt!IofCallDriver -> [0xfffffa8004c1fb10]
06:42:33.742    5 hpdskflt.sys[fffff88001b38361] -> nt!IofCallDriver -> [0xfffffa8004b34e40]
06:42:33.742    7 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b33050]
06:42:34.600    AVAST engine scan C:\windows
06:42:37.891    AVAST engine scan C:\windows\system32
06:45:21.118    AVAST engine scan C:\windows\system32\drivers
06:45:37.863    AVAST engine scan C:\Users\**********
06:52:01.588    AVAST engine scan C:\ProgramData
06:54:22.540    Scan finished successfully
06:58:08.718    Disk 0 MBR has been saved successfully to "C:\Users\**********\Desktop\MBR.dat"
06:58:08.733    The log file has been saved successfully to "C:\Users\**********\Desktop\aswMBR.txt"
         

Alt 03.05.2012, 14:47   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer - Standard

tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.05.2012, 21:29   #24
peanu
 
tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer - Standard

tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer



Mein Laptop war wieder fleißig, hier sind die Logs:

Hier von SASW:

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/04/2012 at 10:12 PM

Application Version : 5.0.1148

Core Rules Database Version : 8557
Trace Rules Database Version: 6369

Scan type       : Complete Scan
Total Scan Time : 01:47:51

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 930
Memory threats detected   : 0
Registry items scanned    : 68892
Registry threats detected : 0
File items scanned        : 215662
File threats detected     : 100

Adware.Tracking Cookie
	C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\E4DYT51D.txt [ /zanox.com ]
	C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\PF6XA3OM.txt [ /tracking.quisma.com ]
	C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\PGGXZM9A.txt [ /smartadserver.com ]
	C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\HY2W25IK.txt [ /mediaplex.com ]
	C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\5BKK66OO.txt [ /trackalyzer.com ]
	C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\O2VT90RL.txt [ /c.atdmt.com ]
	C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\D6Y3NA38.txt [ /apmebf.com ]
	C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\DM3OJH4C.txt [ /fastclick.net ]
	C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\JGWIHH00.txt [ /doubleclick.net ]
	C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\LE0QQFG3.txt [ /stats.manticoretechnology.com ]
	C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\WX0LOLWY.txt [ /ad.zanox.com ]
	C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\UV4QYBTH.txt [ /t2.trackalyzer.com ]
	C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\KKJJGUKN.txt [ /atdmt.com ]
	C:\USERS\***************\AppData\Roaming\Microsoft\Windows\Cookies\Low\TJ1C0IN2.txt [ Cookie:***************@ad3.adfarm1.adition.com/ ]
	C:\USERS\***************\AppData\Roaming\Microsoft\Windows\Cookies\Low\JK9PWOZM.txt [ Cookie:***************@c.atdmt.com/ ]
	C:\USERS\***************\AppData\Roaming\Microsoft\Windows\Cookies\Low\813X2UM8.txt [ Cookie:***************@doubleclick.net/ ]
	C:\USERS\***************\AppData\Roaming\Microsoft\Windows\Cookies\Low\IWX39ID6.txt [ Cookie:***************@adfarm1.adition.com/ ]
	C:\USERS\***************\AppData\Roaming\Microsoft\Windows\Cookies\Low\7E5I3EQW.txt [ Cookie:***************@atdmt.com/ ]
	C:\USERS\***************\Cookies\PGGXZM9A.txt [ Cookie:***************@smartadserver.com/ ]
	C:\USERS\***************\Cookies\HY2W25IK.txt [ Cookie:***************@mediaplex.com/ ]
	C:\USERS\***************\Cookies\O2VT90RL.txt [ Cookie:***************@c.atdmt.com/ ]
	C:\USERS\***************\Cookies\JGWIHH00.txt [ Cookie:***************@doubleclick.net/ ]
	C:\USERS\***************\Cookies\WX0LOLWY.txt [ Cookie:***************@ad.zanox.com/ ]
	C:\USERS\***************\Cookies\UV4QYBTH.txt [ Cookie:***************@t2.trackalyzer.com/ ]
	C:\USERS\***************\Cookies\KKJJGUKN.txt [ Cookie:***************@atdmt.com/ ]
	.doubleclick.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adfarm1.adition.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.mobile.de [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.googleadservices.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.autoscout24.112.2o7.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bs.serving-sys.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad4.adfarm1.adition.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zanox.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.zanox.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.specificclick.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.im.banner.t-online.de [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adform.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ww251.smartadserver.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.fastclick.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.clickfuse.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.clickfuse.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad2.adfarm1.adition.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.at.atwola.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	partners.webmasterplan.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-ModBot
	C:\WINDOWS\HEWLETT-PACKARD\VIDEOMEM32.UDM
         

und hier der von Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.04.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
***************** :: SCHLEPPI [Administrator]

Schutz: Aktiviert

04.05.2012 06:52:42
mbam-log-2012-05-04 (06-52-42).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 391963
Laufzeit: 1 Stunde(n), 4 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 04.05.2012, 21:48   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer - Standard

tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer



Sieht ok aus, da wurden nur Cookies gefunden. C:\WINDOWS\HEWLETT-PACKARD\VIDEOMEM32.UDM ist ein Fehlalarm.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.05.2012, 19:17   #26
peanu
 
tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer - Standard

tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer



Hallo Arne,
ich kann gerade nichts außergewöhnliches an meinem System feststellen, und gehe davon aus, daß nun alles beseitigt ist, nachdem auch alle Tools nichts mehr gefunden haben. Ich war mir nur am Anfang unsicher, ob sich nicht noch irgendwas verstecktes rumtreibt.
Danke auch für die Tips mit den Cookies. Im großen und ganzen bin ich im Internet eher vorsichtig unterwegs. Habe früher mal Backend Programmierung gemacht und weiß daher im Wesentlichen über die Gefahren Bescheid, allerdings habe ich mich in den letzten Jahren eher als User betätigt und bin nicht mehr so in der Materie drin.
Mein neues Laptop hat auch so einen HP Quickweb Linux System, daß ich hauptsächlich zum "wilden Surfen" benutze.
Dieser Trojaner war in den letzten 12 Jahren mein erster Befall mit Folgen.

Was ich noch loswerden muss: Ich finde das was ihr hier in dem Forum macht echt super, habe es auch schon weiterempfohlen. Und ich danke Dir tausendmal für deinen Support in den letzten Wochen. Ich hoffe, daß wir jetzt alles ausgemerzt haben, und ich Deine Hilfe in nächster Zeit nicht mehr benötige.

Beste Grüße
Alex

Alt 06.05.2012, 19:38   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer - Standard

tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer



Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer
0x00000001, 7-zip, antivirus, autorun, avira, backdoor.agent.rcgen, bho, bingbar, browser, dateisystem, desktop, diner dash, error, excel, failed, firefox, flash player, format, google, helper, heuristiks/extra, heuristiks/shuriken, igdpmd64.sys, install.exe, js/agent.nez, logfile, mozilla thunderbird, plug-in, realtek, registry, rundll, searchscopes, security, software, trojaner, usb 3.0, version=1.0, windows



Ähnliche Themen: tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer


  1. TR/Crypt.ZPACK.Gen8 + TR/Injector.M
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (9)
  2. C:TR/Crypt.ZPACK.Gen8
    Log-Analyse und Auswertung - 12.03.2013 (23)
  3. Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (21)
  4. TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ?
    Log-Analyse und Auswertung - 23.07.2012 (8)
  5. TR/Crypt.ZPACK.GEN8
    Log-Analyse und Auswertung - 09.06.2012 (6)
  6. TR/Crypt.ZPACK.GEN8 - nach Start schwarzer Desktop, keine Progr./Dateien; AVIRA Warnung, Systemfehle
    Log-Analyse und Auswertung - 19.05.2012 (1)
  7. TR/Crypt.ZPACK.Gen8 - Virusproblem
    Log-Analyse und Auswertung - 17.05.2012 (10)
  8. TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust
    Log-Analyse und Auswertung - 02.05.2012 (31)
  9. TR/Crypt.ZPack.Gen8 - Entfernung
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (1)
  10. TR/Crypt.ZPACK.GEN8 - nach Start schwarzer Desktop, keine Progr./Dateien; AVIRA Warnung, Systemfehle
    Log-Analyse und Auswertung - 17.04.2012 (19)
  11. Smart_HDD - Bildschirm schwarz, Desktop leer
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (1)
  12. TaskManager weg, Desktop/Startmenü leer, Wallpaper schwarz
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  13. SecurityCenter, Desktop schwarz, Startmenü leer...
    Plagegeister aller Art und deren Bekämpfung - 19.01.2012 (3)
  14. Desktop schwarz, Startmenü leer, HDD
    Plagegeister aller Art und deren Bekämpfung - 13.12.2011 (3)
  15. TaskManager weg, Desktop/Startmenü leer, Wallpaper schwarz
    Plagegeister aller Art und deren Bekämpfung - 30.09.2011 (9)
  16. Desktop schwarz, Startmenü leer, HDD angeblich kaputt
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (14)
  17. Desktop schwarz, Startmenü leer, HDD
    Plagegeister aller Art und deren Bekämpfung - 07.06.2011 (23)

Zum Thema tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer - Den Fix habe ich jetzt auch ausgeführt: Code: Alles auswählen Aufklappen ATTFilter All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : - tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer...
Archiv
Du betrachtest: tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.