| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.06.2012, 10:56
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellen Herzlichen Glückwunsch, du bist der erste der diese Frage stellt!   => Windows 7: Wie kann man Ordner mit Schloß-Symbol öffnen? Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.06.2012, 11:42
| #17 |
 | Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellen OK, ich schätze das war sowas ähnliches wie eine anerkennende Bemerkung (-:
__________________Hier der Log vom TDSS-Killer Code:
ATTFilter 11:44:57.0117 1860 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
11:44:57.0255 1860 ============================================================
11:44:57.0255 1860 Current date / time: 2012/06/05 11:44:57.0255
11:44:57.0255 1860 SystemInfo:
11:44:57.0255 1860
11:44:57.0255 1860 OS Version: 6.1.7600 ServicePack: 0.0
11:44:57.0255 1860 Product type: Workstation
11:44:57.0255 1860 ComputerName: SHOWNOMERCY-PC
11:44:57.0256 1860 UserName: ShowNoMercy
11:44:57.0256 1860 Windows directory: C:\Windows
11:44:57.0256 1860 System windows directory: C:\Windows
11:44:57.0256 1860 Running under WOW64
11:44:57.0256 1860 Processor architecture: Intel x64
11:44:57.0256 1860 Number of processors: 4
11:44:57.0256 1860 Page size: 0x1000
11:44:57.0256 1860 Boot type: Normal boot
11:44:57.0256 1860 ============================================================
11:44:57.0980 1860 Drive \Device\Harddisk0\DR0 - Size: 0xE8E1800000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB02, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:44:58.0028 1860 ============================================================
11:44:58.0028 1860 \Device\Harddisk0\DR0:
11:44:58.0037 1860 MBR partitions:
11:44:58.0037 1860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:44:58.0037 1860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249BE000
11:44:58.0037 1860 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x4FD1B000
11:44:58.0037 1860 ============================================================
11:44:58.0105 1860 C: <-> \Device\Harddisk0\DR0\Partition1
11:44:58.0107 1860 D: <-> \Device\Harddisk0\DR0\Partition2
11:44:58.0115 1860 F: <-> \Device\Harddisk0\DR0\Partition0
11:44:58.0116 1860 ============================================================
11:44:58.0116 1860 Initialize success
11:44:58.0116 1860 ============================================================
11:45:42.0493 4728 ============================================================
11:45:42.0493 4728 Scan started
11:45:42.0493 4728 Mode: Manual; SigCheck; TDLFS;
11:45:42.0493 4728 ============================================================
11:45:44.0256 4728 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:45:44.0397 4728 1394ohci - ok
11:45:44.0428 4728 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:45:44.0443 4728 ACPI - ok
11:45:44.0475 4728 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:45:44.0537 4728 AcpiPmi - ok
11:45:44.0662 4728 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:45:44.0677 4728 AdobeARMservice - ok
11:45:44.0724 4728 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:45:44.0755 4728 adp94xx - ok
11:45:44.0849 4728 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:45:44.0896 4728 adpahci - ok
11:45:44.0911 4728 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:45:44.0927 4728 adpu320 - ok
11:45:44.0974 4728 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:45:45.0395 4728 AeLookupSvc - ok
11:45:45.0551 4728 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
11:45:45.0598 4728 AFD - ok
11:45:45.0645 4728 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:45:45.0645 4728 agp440 - ok
11:45:45.0676 4728 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:45:45.0707 4728 ALG - ok
11:45:45.0723 4728 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:45:45.0738 4728 aliide - ok
11:45:45.0785 4728 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
11:45:45.0910 4728 AMD External Events Utility - ok
11:45:45.0925 4728 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:45:45.0941 4728 amdide - ok
11:45:45.0941 4728 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:45:45.0972 4728 AmdK8 - ok
11:45:46.0596 4728 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
11:45:46.0955 4728 amdkmdag - ok
11:45:47.0127 4728 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
11:45:47.0158 4728 amdkmdap - ok
11:45:47.0189 4728 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:45:47.0220 4728 AmdPPM - ok
11:45:47.0283 4728 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
11:45:47.0298 4728 amdsata - ok
11:45:47.0314 4728 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:45:47.0329 4728 amdsbs - ok
11:45:47.0361 4728 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
11:45:47.0361 4728 amdxata - ok
11:45:47.0485 4728 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:45:47.0517 4728 AntiVirSchedulerService - ok
11:45:47.0563 4728 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:45:47.0595 4728 AntiVirService - ok
11:45:47.0610 4728 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:45:47.0641 4728 AppID - ok
11:45:47.0673 4728 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:45:47.0719 4728 AppIDSvc - ok
11:45:47.0751 4728 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
11:45:47.0782 4728 Appinfo - ok
11:45:47.0813 4728 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:45:47.0860 4728 AppMgmt - ok
11:45:47.0875 4728 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:45:47.0875 4728 arc - ok
11:45:47.0891 4728 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:45:47.0907 4728 arcsas - ok
11:45:47.0922 4728 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:45:47.0985 4728 AsyncMac - ok
11:45:47.0985 4728 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:45:48.0000 4728 atapi - ok
11:45:48.0063 4728 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
11:45:48.0109 4728 AtiHDAudioService - ok
11:45:48.0593 4728 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
11:45:48.0718 4728 atikmdag - ok
11:45:48.0936 4728 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:45:49.0030 4728 AudioEndpointBuilder - ok
11:45:49.0045 4728 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:45:49.0077 4728 AudioSrv - ok
11:45:49.0186 4728 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
11:45:49.0201 4728 avgntflt - ok
11:45:49.0233 4728 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
11:45:49.0264 4728 avipbb - ok
11:45:49.0264 4728 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
11:45:49.0279 4728 avkmgr - ok
11:45:49.0342 4728 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
11:45:49.0389 4728 AxInstSV - ok
11:45:49.0435 4728 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:45:49.0467 4728 b06bdrv - ok
11:45:49.0529 4728 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:45:49.0576 4728 b57nd60a - ok
11:45:49.0591 4728 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:45:49.0638 4728 BDESVC - ok
11:45:49.0669 4728 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:45:49.0716 4728 Beep - ok
11:45:49.0794 4728 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
11:45:49.0872 4728 BFE - ok
11:45:49.0935 4728 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
11:45:50.0013 4728 BITS - ok
11:45:50.0075 4728 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:45:50.0106 4728 blbdrive - ok
11:45:50.0153 4728 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:45:50.0184 4728 bowser - ok
11:45:50.0200 4728 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:45:50.0231 4728 BrFiltLo - ok
11:45:50.0231 4728 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:45:50.0247 4728 BrFiltUp - ok
11:45:50.0278 4728 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
11:45:50.0340 4728 Browser - ok
11:45:50.0356 4728 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:45:50.0371 4728 Brserid - ok
11:45:50.0387 4728 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:45:50.0403 4728 BrSerWdm - ok
11:45:50.0403 4728 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:45:50.0434 4728 BrUsbMdm - ok
11:45:50.0449 4728 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:45:50.0465 4728 BrUsbSer - ok
11:45:50.0512 4728 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:45:50.0559 4728 BthEnum - ok
11:45:50.0574 4728 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:45:50.0590 4728 BTHMODEM - ok
11:45:50.0637 4728 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:45:50.0668 4728 BthPan - ok
11:45:50.0730 4728 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
11:45:50.0777 4728 BTHPORT - ok
11:45:50.0808 4728 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:45:50.0871 4728 bthserv - ok
11:45:50.0902 4728 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
11:45:50.0949 4728 BTHUSB - ok
11:45:50.0980 4728 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:45:51.0027 4728 cdfs - ok
11:45:51.0073 4728 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:45:51.0120 4728 cdrom - ok
11:45:51.0151 4728 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:45:51.0198 4728 CertPropSvc - ok
11:45:51.0214 4728 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:45:51.0229 4728 circlass - ok
11:45:51.0276 4728 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:45:51.0307 4728 CLFS - ok
11:45:51.0385 4728 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:45:51.0432 4728 clr_optimization_v2.0.50727_32 - ok
11:45:51.0495 4728 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:45:51.0510 4728 clr_optimization_v2.0.50727_64 - ok
11:45:51.0588 4728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:45:51.0604 4728 clr_optimization_v4.0.30319_32 - ok
11:45:51.0635 4728 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:45:51.0666 4728 clr_optimization_v4.0.30319_64 - ok
11:45:51.0682 4728 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:45:51.0697 4728 CmBatt - ok
11:45:51.0697 4728 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:45:51.0713 4728 cmdide - ok
11:45:51.0760 4728 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
11:45:51.0838 4728 CNG - ok
11:45:51.0869 4728 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:45:51.0869 4728 Compbatt - ok
11:45:51.0885 4728 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:45:51.0931 4728 CompositeBus - ok
11:45:51.0931 4728 COMSysApp - ok
11:45:51.0931 4728 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:45:51.0947 4728 crcdisk - ok
11:45:51.0994 4728 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
11:45:52.0056 4728 CryptSvc - ok
11:45:52.0103 4728 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
11:45:52.0165 4728 CSC - ok
11:45:52.0212 4728 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
11:45:52.0259 4728 CscService - ok
11:45:52.0321 4728 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:45:52.0384 4728 DcomLaunch - ok
11:45:52.0446 4728 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:45:52.0509 4728 defragsvc - ok
11:45:52.0571 4728 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:45:52.0618 4728 DfsC - ok
11:45:52.0649 4728 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
11:45:52.0789 4728 Dhcp - ok
11:45:52.0821 4728 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:45:52.0883 4728 discache - ok
11:45:52.0930 4728 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:45:52.0945 4728 Disk - ok
11:45:52.0977 4728 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
11:45:53.0008 4728 Dnscache - ok
11:45:53.0055 4728 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
11:45:53.0117 4728 dot3svc - ok
11:45:53.0133 4728 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
11:45:53.0179 4728 DPS - ok
11:45:53.0226 4728 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:45:53.0242 4728 drmkaud - ok
11:45:53.0304 4728 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:45:53.0335 4728 DXGKrnl - ok
11:45:53.0382 4728 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:45:53.0429 4728 EapHost - ok
11:45:53.0569 4728 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:45:53.0663 4728 ebdrv - ok
11:45:53.0772 4728 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
11:45:53.0819 4728 EFS - ok
11:45:53.0897 4728 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
11:45:53.0928 4728 ehRecvr - ok
11:45:53.0959 4728 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:45:53.0975 4728 ehSched - ok
11:45:54.0240 4728 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:45:54.0287 4728 elxstor - ok
11:45:54.0303 4728 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:45:54.0318 4728 ErrDev - ok
11:45:54.0365 4728 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:45:54.0427 4728 EventSystem - ok
11:45:54.0474 4728 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:45:54.0521 4728 exfat - ok
11:45:54.0537 4728 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:45:54.0583 4728 fastfat - ok
11:45:54.0646 4728 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
11:45:54.0677 4728 Fax - ok
11:45:54.0693 4728 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:45:54.0708 4728 fdc - ok
11:45:54.0724 4728 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:45:54.0771 4728 fdPHost - ok
11:45:54.0802 4728 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:45:54.0849 4728 FDResPub - ok
11:45:54.0849 4728 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:45:54.0864 4728 FileInfo - ok
11:45:54.0864 4728 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:45:54.0911 4728 Filetrace - ok
11:45:54.0911 4728 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:45:54.0927 4728 flpydisk - ok
11:45:54.0958 4728 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:45:54.0973 4728 FltMgr - ok
11:45:55.0036 4728 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
11:45:55.0083 4728 FontCache - ok
11:45:55.0207 4728 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:45:55.0239 4728 FontCache3.0.0.0 - ok
11:45:55.0270 4728 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:45:55.0270 4728 FsDepends - ok
11:45:55.0301 4728 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
11:45:55.0317 4728 Fs_Rec - ok
11:45:55.0379 4728 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:45:55.0410 4728 fvevol - ok
11:45:55.0441 4728 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:45:55.0457 4728 gagp30kx - ok
11:45:55.0504 4728 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
11:45:55.0551 4728 gpsvc - ok
11:45:55.0566 4728 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:45:55.0597 4728 hcw85cir - ok
11:45:55.0660 4728 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:45:55.0707 4728 HdAudAddService - ok
11:45:55.0738 4728 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:45:55.0753 4728 HDAudBus - ok
11:45:55.0769 4728 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:45:55.0800 4728 HidBatt - ok
11:45:55.0816 4728 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:45:55.0831 4728 HidBth - ok
11:45:55.0847 4728 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:45:55.0863 4728 HidIr - ok
11:45:55.0941 4728 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:45:56.0003 4728 hidserv - ok
11:45:56.0019 4728 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:45:56.0034 4728 HidUsb - ok
11:45:56.0065 4728 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
11:45:56.0128 4728 hkmsvc - ok
11:45:56.0175 4728 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
11:45:56.0190 4728 HomeGroupListener - ok
11:45:56.0221 4728 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
11:45:56.0253 4728 HomeGroupProvider - ok
11:45:56.0268 4728 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:45:56.0284 4728 HpSAMD - ok
11:45:56.0346 4728 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:45:56.0409 4728 HTTP - ok
11:45:56.0409 4728 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:45:56.0424 4728 hwpolicy - ok
11:45:56.0440 4728 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:45:56.0455 4728 i8042prt - ok
11:45:56.0502 4728 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
11:45:56.0533 4728 iaStorV - ok
11:45:56.0658 4728 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:45:56.0705 4728 idsvc - ok
11:45:56.0721 4728 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:45:56.0736 4728 iirsp - ok
11:45:56.0814 4728 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
11:45:56.0877 4728 IKEEXT - ok
11:45:56.0892 4728 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:45:56.0892 4728 intelide - ok
11:45:56.0908 4728 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:45:56.0923 4728 intelppm - ok
11:45:56.0970 4728 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:45:57.0033 4728 IPBusEnum - ok
11:45:57.0064 4728 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:45:57.0095 4728 IpFilterDriver - ok
11:45:57.0142 4728 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
11:45:57.0204 4728 iphlpsvc - ok
11:45:57.0220 4728 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:45:57.0251 4728 IPMIDRV - ok
11:45:57.0251 4728 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:45:57.0298 4728 IPNAT - ok
11:45:57.0313 4728 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:45:57.0329 4728 IRENUM - ok
11:45:57.0345 4728 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:45:57.0360 4728 isapnp - ok
11:45:57.0391 4728 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:45:57.0407 4728 iScsiPrt - ok
11:45:57.0423 4728 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:45:57.0438 4728 kbdclass - ok
11:45:57.0454 4728 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:45:57.0469 4728 kbdhid - ok
11:45:57.0501 4728 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:45:57.0516 4728 KeyIso - ok
11:45:57.0547 4728 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
11:45:57.0563 4728 KSecDD - ok
11:45:57.0579 4728 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
11:45:57.0594 4728 KSecPkg - ok
11:45:57.0594 4728 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:45:57.0641 4728 ksthunk - ok
11:45:57.0688 4728 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:45:57.0750 4728 KtmRm - ok
11:45:57.0797 4728 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
11:45:57.0828 4728 LanmanServer - ok
11:45:57.0875 4728 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
11:45:57.0937 4728 LanmanWorkstation - ok
11:45:57.0984 4728 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:45:58.0047 4728 lltdio - ok
11:45:58.0078 4728 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:45:58.0156 4728 lltdsvc - ok
11:45:58.0171 4728 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:45:58.0203 4728 lmhosts - ok
11:45:58.0218 4728 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:45:58.0218 4728 LSI_FC - ok
11:45:58.0234 4728 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:45:58.0249 4728 LSI_SAS - ok
11:45:58.0249 4728 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:45:58.0265 4728 LSI_SAS2 - ok
11:45:58.0296 4728 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:45:58.0296 4728 LSI_SCSI - ok
11:45:58.0312 4728 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:45:58.0359 4728 luafv - ok
11:45:58.0405 4728 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:45:58.0421 4728 MBAMProtector - ok
11:45:58.0499 4728 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:45:58.0530 4728 MBAMService - ok
11:45:58.0577 4728 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
11:45:58.0608 4728 Mcx2Svc - ok
11:45:58.0608 4728 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:45:58.0624 4728 megasas - ok
11:45:58.0639 4728 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:45:58.0655 4728 MegaSR - ok
11:45:58.0717 4728 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:45:58.0764 4728 MMCSS - ok
11:45:58.0811 4728 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:45:58.0858 4728 Modem - ok
11:45:58.0858 4728 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:45:58.0873 4728 monitor - ok
11:45:58.0920 4728 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:45:58.0936 4728 mouclass - ok
11:45:58.0951 4728 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:45:58.0967 4728 mouhid - ok
11:45:58.0983 4728 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:45:58.0998 4728 mountmgr - ok
11:45:59.0076 4728 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:45:59.0092 4728 MozillaMaintenance - ok
11:45:59.0107 4728 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:45:59.0123 4728 mpio - ok
11:45:59.0139 4728 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:45:59.0170 4728 mpsdrv - ok
11:45:59.0419 4728 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
11:45:59.0482 4728 MpsSvc - ok
11:45:59.0513 4728 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:45:59.0560 4728 MRxDAV - ok
11:45:59.0591 4728 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:45:59.0638 4728 mrxsmb - ok
11:45:59.0653 4728 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:45:59.0669 4728 mrxsmb10 - ok
11:45:59.0716 4728 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:45:59.0731 4728 mrxsmb20 - ok
11:45:59.0747 4728 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:45:59.0763 4728 msahci - ok
11:45:59.0778 4728 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:45:59.0778 4728 msdsm - ok
11:45:59.0825 4728 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:45:59.0856 4728 MSDTC - ok
11:45:59.0872 4728 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:45:59.0903 4728 Msfs - ok
11:45:59.0919 4728 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:45:59.0981 4728 mshidkmdf - ok
11:45:59.0981 4728 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:45:59.0997 4728 msisadrv - ok
11:46:00.0043 4728 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:46:00.0090 4728 MSiSCSI - ok
11:46:00.0106 4728 msiserver - ok
11:46:00.0121 4728 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:46:00.0168 4728 MSKSSRV - ok
11:46:00.0168 4728 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:46:00.0199 4728 MSPCLOCK - ok
11:46:00.0231 4728 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:46:00.0277 4728 MSPQM - ok
11:46:00.0324 4728 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:46:00.0355 4728 MsRPC - ok
11:46:00.0355 4728 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:46:00.0371 4728 mssmbios - ok
11:46:00.0387 4728 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:46:00.0418 4728 MSTEE - ok
11:46:00.0433 4728 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:46:00.0449 4728 MTConfig - ok
11:46:00.0465 4728 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:46:00.0480 4728 Mup - ok
11:46:00.0511 4728 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
11:46:00.0574 4728 napagent - ok
11:46:00.0621 4728 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:46:00.0667 4728 NativeWifiP - ok
11:46:00.0745 4728 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:46:00.0777 4728 NDIS - ok
11:46:00.0808 4728 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:46:00.0839 4728 NdisCap - ok
11:46:00.0855 4728 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:46:00.0901 4728 NdisTapi - ok
11:46:00.0901 4728 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:46:00.0948 4728 Ndisuio - ok
11:46:00.0964 4728 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:46:01.0011 4728 NdisWan - ok
11:46:01.0026 4728 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:46:01.0057 4728 NDProxy - ok
11:46:01.0073 4728 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:46:01.0104 4728 NetBIOS - ok
11:46:01.0135 4728 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:46:01.0182 4728 NetBT - ok
11:46:01.0213 4728 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:46:01.0229 4728 Netlogon - ok
11:46:01.0291 4728 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:46:01.0354 4728 Netman - ok
11:46:01.0385 4728 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:46:01.0432 4728 netprofm - ok
11:46:01.0541 4728 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:46:01.0572 4728 NetTcpPortSharing - ok
11:46:01.0588 4728 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:46:01.0603 4728 nfrd960 - ok
11:46:01.0650 4728 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
11:46:01.0713 4728 NlaSvc - ok
11:46:01.0713 4728 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:46:01.0759 4728 Npfs - ok
11:46:01.0775 4728 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:46:01.0884 4728 nsi - ok
11:46:01.0884 4728 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:46:01.0931 4728 nsiproxy - ok
11:46:02.0040 4728 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
11:46:02.0087 4728 Ntfs - ok
11:46:02.0181 4728 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:46:02.0212 4728 Null - ok
11:46:02.0274 4728 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
11:46:02.0321 4728 NVENETFD - ok
11:46:02.0352 4728 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
11:46:02.0368 4728 nvraid - ok
11:46:02.0399 4728 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
11:46:02.0415 4728 nvstor - ok
11:46:02.0446 4728 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:46:02.0461 4728 nv_agp - ok
11:46:02.0461 4728 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:46:02.0477 4728 ohci1394 - ok
11:46:02.0539 4728 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:46:02.0555 4728 p2pimsvc - ok
11:46:02.0602 4728 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:46:02.0633 4728 p2psvc - ok
11:46:02.0649 4728 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:46:02.0649 4728 Parport - ok
11:46:02.0695 4728 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
11:46:02.0727 4728 partmgr - ok
11:46:02.0742 4728 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:46:02.0773 4728 PcaSvc - ok
11:46:02.0805 4728 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:46:02.0820 4728 pci - ok
11:46:02.0820 4728 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:46:02.0836 4728 pciide - ok
11:46:02.0851 4728 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:46:02.0867 4728 pcmcia - ok
11:46:02.0883 4728 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:46:02.0883 4728 pcw - ok
11:46:02.0929 4728 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:46:02.0992 4728 PEAUTH - ok
11:46:03.0085 4728 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:46:03.0132 4728 PeerDistSvc - ok
11:46:03.0195 4728 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:46:03.0226 4728 PerfHost - ok
11:46:03.0382 4728 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
11:46:03.0444 4728 pla - ok
11:46:03.0507 4728 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
11:46:03.0553 4728 PlugPlay - ok
11:46:03.0585 4728 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:46:03.0600 4728 PNRPAutoReg - ok
11:46:03.0631 4728 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:46:03.0647 4728 PNRPsvc - ok
11:46:03.0694 4728 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
11:46:03.0756 4728 PolicyAgent - ok
11:46:03.0803 4728 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:46:03.0834 4728 Power - ok
11:46:03.0912 4728 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:46:03.0975 4728 PptpMiniport - ok
11:46:04.0021 4728 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:46:04.0037 4728 Processor - ok
11:46:04.0068 4728 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
11:46:04.0131 4728 ProfSvc - ok
11:46:04.0162 4728 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:46:04.0177 4728 ProtectedStorage - ok
11:46:04.0224 4728 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:46:04.0287 4728 Psched - ok
11:46:04.0427 4728 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:46:04.0474 4728 ql2300 - ok
11:46:04.0583 4728 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:46:04.0599 4728 ql40xx - ok
11:46:04.0630 4728 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:46:04.0677 4728 QWAVE - ok
11:46:04.0677 4728 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:46:04.0708 4728 QWAVEdrv - ok
11:46:04.0723 4728 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:46:04.0770 4728 RasAcd - ok
11:46:04.0833 4728 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:46:04.0864 4728 RasAgileVpn - ok
11:46:04.0879 4728 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:46:04.0926 4728 RasAuto - ok
11:46:04.0942 4728 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:46:04.0989 4728 Rasl2tp - ok
11:46:05.0020 4728 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
11:46:05.0067 4728 RasMan - ok
11:46:05.0082 4728 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:46:05.0113 4728 RasPppoe - ok
11:46:05.0129 4728 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:46:05.0176 4728 RasSstp - ok
11:46:05.0207 4728 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:46:05.0254 4728 rdbss - ok
11:46:05.0254 4728 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:46:05.0285 4728 rdpbus - ok
11:46:05.0301 4728 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:46:05.0332 4728 RDPCDD - ok
11:46:05.0379 4728 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
11:46:05.0410 4728 RDPDR - ok
11:46:05.0457 4728 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:46:05.0503 4728 RDPENCDD - ok
11:46:05.0519 4728 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:46:05.0566 4728 RDPREFMP - ok
11:46:05.0613 4728 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
11:46:05.0628 4728 RDPWD - ok
11:46:05.0644 4728 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:46:05.0659 4728 rdyboost - ok
11:46:05.0691 4728 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:46:05.0753 4728 RemoteAccess - ok
11:46:05.0769 4728 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:46:05.0815 4728 RemoteRegistry - ok
11:46:05.0862 4728 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:46:05.0909 4728 RFCOMM - ok
11:46:05.0940 4728 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:46:06.0003 4728 RpcEptMapper - ok
11:46:06.0034 4728 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:46:06.0049 4728 RpcLocator - ok
11:46:06.0112 4728 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:46:06.0159 4728 RpcSs - ok
11:46:06.0174 4728 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:46:06.0205 4728 rspndr - ok
11:46:06.0237 4728 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
11:46:06.0268 4728 s3cap - ok
11:46:06.0299 4728 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:46:06.0315 4728 SamSs - ok
11:46:06.0330 4728 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:46:06.0346 4728 sbp2port - ok
11:46:06.0377 4728 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:46:06.0424 4728 SCardSvr - ok
11:46:06.0439 4728 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:46:06.0486 4728 scfilter - ok
11:46:06.0549 4728 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
11:46:06.0580 4728 Schedule - ok
11:46:06.0611 4728 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:46:06.0658 4728 SCPolicySvc - ok
11:46:06.0705 4728 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
11:46:06.0736 4728 SDRSVC - ok
11:46:06.0783 4728 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:46:06.0829 4728 secdrv - ok
11:46:06.0861 4728 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
11:46:06.0923 4728 seclogon - ok
11:46:06.0939 4728 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:46:07.0001 4728 SENS - ok
11:46:07.0017 4728 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:46:07.0063 4728 SensrSvc - ok
11:46:07.0079 4728 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:46:07.0079 4728 Serenum - ok
11:46:07.0095 4728 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:46:07.0110 4728 Serial - ok
11:46:07.0126 4728 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:46:07.0157 4728 sermouse - ok
11:46:07.0297 4728 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
11:46:07.0329 4728 SessionEnv - ok
11:46:07.0344 4728 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:46:07.0360 4728 sffdisk - ok
11:46:07.0375 4728 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:46:07.0391 4728 sffp_mmc - ok
11:46:07.0391 4728 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:46:07.0422 4728 sffp_sd - ok
11:46:07.0422 4728 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:46:07.0438 4728 sfloppy - ok
11:46:07.0500 4728 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:46:07.0578 4728 SharedAccess - ok
11:46:07.0641 4728 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
11:46:07.0719 4728 ShellHWDetection - ok
11:46:07.0734 4728 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:46:07.0750 4728 SiSRaid2 - ok
11:46:07.0750 4728 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:46:07.0765 4728 SiSRaid4 - ok
11:46:07.0781 4728 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:46:07.0828 4728 Smb - ok
11:46:07.0859 4728 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:46:07.0875 4728 SNMPTRAP - ok
11:46:07.0875 4728 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:46:07.0890 4728 spldr - ok
11:46:07.0937 4728 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
11:46:07.0968 4728 Spooler - ok
11:46:08.0499 4728 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
11:46:08.0842 4728 sppsvc - ok
11:46:08.0920 4728 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:46:08.0982 4728 sppuinotify - ok
11:46:09.0060 4728 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:46:09.0107 4728 srv - ok
11:46:09.0138 4728 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:46:09.0185 4728 srv2 - ok
11:46:09.0216 4728 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:46:09.0247 4728 srvnet - ok
11:46:09.0279 4728 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:46:09.0341 4728 SSDPSRV - ok
11:46:09.0357 4728 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:46:09.0388 4728 SstpSvc - ok
11:46:09.0435 4728 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:46:09.0435 4728 stexstor - ok
11:46:09.0715 4728 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
11:46:10.0074 4728 stisvc - ok
11:46:10.0105 4728 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
11:46:10.0121 4728 storflt - ok
11:46:10.0137 4728 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
11:46:10.0152 4728 StorSvc - ok
11:46:10.0183 4728 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
11:46:10.0183 4728 storvsc - ok
11:46:10.0199 4728 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:46:10.0199 4728 swenum - ok
11:46:10.0246 4728 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:46:10.0277 4728 swprv - ok
11:46:10.0620 4728 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
11:46:11.0213 4728 SysMain - ok
11:46:11.0322 4728 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
11:46:11.0353 4728 TabletInputService - ok
11:46:11.0385 4728 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
11:46:11.0447 4728 TapiSrv - ok
11:46:11.0447 4728 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:46:11.0494 4728 TBS - ok
11:46:11.0619 4728 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
11:46:11.0681 4728 Tcpip - ok
11:46:11.0821 4728 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
11:46:11.0868 4728 TCPIP6 - ok
11:46:11.0931 4728 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:46:11.0977 4728 tcpipreg - ok
11:46:11.0993 4728 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:46:12.0009 4728 TDPIPE - ok
11:46:12.0040 4728 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
11:46:12.0071 4728 TDTCP - ok
11:46:12.0087 4728 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:46:12.0118 4728 tdx - ok
11:46:12.0383 4728 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
11:46:12.0492 4728 TeamViewer7 - ok
11:46:12.0617 4728 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:46:12.0633 4728 TermDD - ok
11:46:12.0711 4728 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
11:46:12.0789 4728 TermService - ok
11:46:12.0804 4728 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:46:12.0835 4728 Themes - ok
11:46:12.0867 4728 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:46:12.0898 4728 THREADORDER - ok
11:46:12.0929 4728 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:46:13.0007 4728 TrkWks - ok
11:46:13.0069 4728 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
11:46:13.0116 4728 TrustedInstaller - ok
11:46:13.0116 4728 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:46:13.0179 4728 tssecsrv - ok
11:46:13.0225 4728 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:46:13.0288 4728 tunnel - ok
11:46:13.0288 4728 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:46:13.0303 4728 uagp35 - ok
11:46:13.0335 4728 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:46:13.0397 4728 udfs - ok
11:46:13.0413 4728 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:46:13.0428 4728 UI0Detect - ok
11:46:13.0459 4728 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:46:13.0475 4728 uliagpkx - ok
11:46:13.0506 4728 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:46:13.0522 4728 umbus - ok
11:46:13.0537 4728 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:46:13.0537 4728 UmPass - ok
11:46:13.0600 4728 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
11:46:13.0631 4728 UmRdpService - ok
11:46:13.0662 4728 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:46:13.0725 4728 upnphost - ok
11:46:13.0756 4728 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
11:46:13.0771 4728 usbccgp - ok
11:46:13.0818 4728 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:46:13.0849 4728 usbcir - ok
11:46:13.0896 4728 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
11:46:13.0912 4728 usbehci - ok
11:46:13.0959 4728 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
11:46:14.0005 4728 usbhub - ok
11:46:14.0021 4728 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
11:46:14.0037 4728 usbohci - ok
11:46:14.0068 4728 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:46:14.0083 4728 usbprint - ok
11:46:14.0115 4728 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:46:14.0130 4728 USBSTOR - ok
11:46:14.0146 4728 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
11:46:14.0177 4728 usbuhci - ok
11:46:14.0208 4728 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:46:14.0255 4728 UxSms - ok
11:46:14.0286 4728 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:46:14.0302 4728 VaultSvc - ok
11:46:14.0333 4728 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:46:14.0333 4728 vdrvroot - ok
11:46:14.0380 4728 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
11:46:14.0411 4728 vds - ok
11:46:14.0427 4728 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:46:14.0442 4728 vga - ok
11:46:14.0458 4728 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:46:14.0489 4728 VgaSave - ok
11:46:14.0520 4728 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:46:14.0536 4728 vhdmp - ok
11:46:14.0536 4728 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:46:14.0551 4728 viaide - ok
11:46:14.0598 4728 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
11:46:14.0614 4728 vmbus - ok
11:46:14.0661 4728 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
11:46:14.0692 4728 VMBusHID - ok
11:46:14.0707 4728 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:46:14.0707 4728 volmgr - ok
11:46:14.0739 4728 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:46:14.0754 4728 volmgrx - ok
11:46:14.0785 4728 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:46:14.0801 4728 volsnap - ok
11:46:14.0832 4728 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:46:14.0848 4728 vsmraid - ok
11:46:14.0926 4728 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
11:46:15.0035 4728 VSS - ok
11:46:15.0144 4728 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:46:15.0160 4728 vwifibus - ok
11:46:15.0207 4728 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:46:15.0253 4728 W32Time - ok
11:46:15.0269 4728 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:46:15.0285 4728 WacomPen - ok
11:46:15.0300 4728 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:46:15.0347 4728 WANARP - ok
11:46:15.0363 4728 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:46:15.0394 4728 Wanarpv6 - ok
11:46:15.0519 4728 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
11:46:15.0628 4728 wbengine - ok
11:46:15.0690 4728 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:46:15.0706 4728 WbioSrvc - ok
11:46:15.0862 4728 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
11:46:15.0893 4728 wcncsvc - ok
11:46:15.0909 4728 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:46:15.0924 4728 WcsPlugInService - ok
11:46:15.0955 4728 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:46:15.0955 4728 Wd - ok
11:46:16.0002 4728 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:46:16.0033 4728 Wdf01000 - ok
11:46:16.0065 4728 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:46:16.0096 4728 WdiServiceHost - ok
11:46:16.0096 4728 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:46:16.0111 4728 WdiSystemHost - ok
11:46:16.0158 4728 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
11:46:16.0189 4728 WebClient - ok
11:46:16.0221 4728 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:46:16.0267 4728 Wecsvc - ok
11:46:16.0299 4728 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:46:16.0345 4728 wercplsupport - ok
11:46:16.0361 4728 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:46:16.0408 4728 WerSvc - ok
11:46:16.0439 4728 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:46:16.0470 4728 WfpLwf - ok
11:46:16.0501 4728 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:46:16.0517 4728 WIMMount - ok
11:46:16.0564 4728 WinDefend - ok
11:46:16.0564 4728 WinHttpAutoProxySvc - ok
11:46:16.0642 4728 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:46:16.0689 4728 Winmgmt - ok
11:46:16.0798 4728 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
11:46:16.0923 4728 WinRM - ok
11:46:17.0047 4728 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:46:17.0094 4728 Wlansvc - ok
11:46:17.0141 4728 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:46:17.0157 4728 WmiAcpi - ok
11:46:17.0219 4728 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:46:17.0250 4728 wmiApSrv - ok
11:46:17.0313 4728 WMPNetworkSvc - ok
11:46:17.0344 4728 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:46:17.0359 4728 WPCSvc - ok
11:46:17.0406 4728 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
11:46:17.0437 4728 WPDBusEnum - ok
11:46:17.0453 4728 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:46:17.0500 4728 ws2ifsl - ok
11:46:17.0547 4728 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
11:46:17.0578 4728 wscsvc - ok
11:46:17.0578 4728 WSearch - ok
11:46:17.0781 4728 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
11:46:18.0030 4728 wuauserv - ok
11:46:18.0171 4728 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:46:18.0217 4728 WudfPf - ok
11:46:18.0233 4728 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:46:18.0280 4728 WUDFRd - ok
11:46:18.0295 4728 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
11:46:18.0342 4728 wudfsvc - ok
11:46:18.0373 4728 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:46:18.0405 4728 WwanSvc - ok
11:46:18.0420 4728 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:46:18.0841 4728 \Device\Harddisk0\DR0 - ok
11:46:18.0841 4728 Boot (0x1200) (364457fc92cb3ac5b7582f8e78d86338) \Device\Harddisk0\DR0\Partition0
11:46:18.0841 4728 \Device\Harddisk0\DR0\Partition0 - ok
11:46:18.0873 4728 Boot (0x1200) (2bd84150ab0f3d88eb314126d80d17a7) \Device\Harddisk0\DR0\Partition1
11:46:18.0888 4728 \Device\Harddisk0\DR0\Partition1 - ok
11:46:18.0888 4728 Boot (0x1200) (cd22e3668bafe7440e3a5432cf786ea5) \Device\Harddisk0\DR0\Partition2
11:46:18.0904 4728 \Device\Harddisk0\DR0\Partition2 - ok
11:46:18.0904 4728 ============================================================
11:46:18.0904 4728 Scan finished
11:46:18.0904 4728 ============================================================
11:46:18.0935 4244 Detected object count: 0
11:46:18.0935 4244 Actual detected object count: 0
Aber, dass wir WIndows über das alte WIndows drüber installiert haben und somit ein WIndows.old Ordner entstanden ist, berücksichtigst du auch mit? Normalerweise müsste dann doch der Rest des "neuen" Windows frei von Befall sein, und nur der Windows.old Ordner infiziert sein, oder? |
|
05.06.2012, 11:48
| #18 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellenZitat:
 Zitat:
Und warum hat man Windowsdrübergebügelt und nich vernünftig sauber neu installiert?
__________________ |
|
05.06.2012, 12:03
| #19 |
| | Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellen Öhm, wir haben nur drüber gebügelt, weil wir die verschlüsselten Daten ja wieder bekommen wollen, und in anderen Threads ja geschrieben wurde, dass der Trojaner erhalten bleiben soll, um die Daten wieder herstellen zu können. Das habe ich doch so in der Art doch schon am Anfang geschrieben. Du liest wohl meine Texte nicht durch? *zwinker*  |
|
05.06.2012, 12:18
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellen Das war eher eine rhetorische Frage  Man hätte auch einfach über eine LiveCD die Daten sichern und dann Windows sauber neu installieren können...aber nun gut so ist es nicht geschehen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.06.2012, 13:01
| #21 |
| | Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellen Combofix Logfile: Code:
ATTFilter ComboFix 12-06-05.01 - ShowNoMercy 05.06.2012 13:50:52.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4093.2775 [GMT 2:00]
ausgeführt von:: c:\users\ShowNoMercy\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-05 bis 2012-06-05 ))))))))))))))))))))))))))))))
.
.
2012-06-05 11:55 . 2012-06-05 11:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 04:15 . 2012-06-04 04:15 -------- d-----w- c:\program files (x86)\TeamViewer
2012-06-04 03:24 . 2012-06-04 03:24 -------- d-----w- c:\program files (x86)\ESET
2012-06-03 16:30 . 2012-06-03 16:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-03 16:30 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 12:56 . 2012-06-02 12:56 -------- d-----w- c:\program files (x86)\streamWriter
2012-06-02 12:12 . 2012-06-02 12:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-01 19:47 . 2012-06-01 19:47 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-06-01 16:34 . 2012-06-01 16:34 -------- d-----w- c:\programdata\EA Core
2012-06-01 15:43 . 2012-06-01 15:42 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
2012-06-01 15:43 . 2012-06-01 15:43 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-06-01 15:42 . 2006-09-28 14:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-06-01 15:42 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-06-01 15:42 . 2012-06-01 19:47 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-06-01 13:55 . 2012-06-01 18:50 -------- d-----w- c:\program files (x86)\Origin Games
2012-06-01 13:54 . 2012-06-01 13:58 -------- d-----w- c:\programdata\Origin
2012-06-01 13:53 . 2012-06-01 13:53 -------- d-----w- c:\programdata\Electronic Arts
2012-06-01 13:53 . 2012-06-01 13:54 -------- d-----w- c:\program files (x86)\Origin
2012-06-01 13:12 . 2012-06-01 13:12 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-01 13:12 . 2012-06-01 13:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-01 13:12 . 2012-06-01 13:12 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-01 12:38 . 2012-06-01 12:38 -------- d-----w- c:\program files (x86)\Microsoft
2012-06-01 12:38 . 2012-06-01 12:38 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2012-06-01 12:37 . 2012-06-01 12:38 -------- d-----w- c:\program files (x86)\Windows Live
2012-06-01 12:37 . 2012-06-01 12:37 -------- d-----w- c:\windows\PCHEALTH
2012-06-01 12:28 . 2012-06-01 12:28 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-06-01 11:19 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-06-01 11:19 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-06-01 11:19 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-06-01 11:19 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-06-01 11:19 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-06-01 11:19 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-06-01 11:19 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-06-01 11:02 . 2012-06-01 11:02 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-06-01 10:38 . 2012-06-01 10:38 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-31 21:05 . 2012-05-31 21:05 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 21:05 . 2012-05-31 21:05 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-31 21:05 . 2012-05-31 21:05 -------- d-----w- c:\windows\SysWow64\Macromed
2012-05-31 21:05 . 2012-05-31 21:05 -------- d-----w- c:\windows\system32\Macromed
2012-05-31 20:22 . 2012-05-31 20:22 -------- d-----w- c:\programdata\Malwarebytes
2012-05-31 20:07 . 2012-05-31 20:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-31 20:07 . 2012-05-31 20:07 -------- d-----w- c:\program files (x86)\Oracle
2012-05-31 20:07 . 2012-04-04 16:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-31 20:07 . 2012-04-04 16:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-31 20:06 . 2012-05-31 20:06 -------- d-----w- c:\program files (x86)\Java
2012-05-31 19:45 . 2012-05-31 19:45 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-05-31 19:45 . 2012-05-31 19:45 -------- d-----w- c:\windows\system32\wbem\en-US
2012-05-31 19:35 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-05-31 19:35 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-05-31 19:16 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-05-31 19:16 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-05-31 19:00 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-05-31 19:00 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-05-31 19:00 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-05-31 19:00 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-05-31 19:00 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-05-31 19:00 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-05-31 19:00 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-05-31 19:00 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-05-31 19:00 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-05-31 19:00 . 2009-11-25 10:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-05-31 19:00 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-05-31 18:42 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-31 18:42 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-31 18:42 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-31 18:42 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-31 18:42 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-31 18:42 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-31 18:42 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-31 18:40 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-05-31 18:39 . 2012-05-31 18:39 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-31 18:39 . 2012-05-31 18:39 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-31 18:39 . 2012-05-31 18:39 -------- d-----w- c:\program files\Java
2012-05-31 17:59 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-05-31 17:58 . 2009-09-03 07:36 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2012-05-31 17:57 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-05-31 17:56 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-31 17:55 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi
2012-05-31 17:55 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi
2012-05-31 17:55 . 2011-02-05 12:41 20352 ----a-w- c:\windows\system32\kdusb.dll
2012-05-31 17:55 . 2011-02-05 12:41 19328 ----a-w- c:\windows\system32\kd1394.dll
2012-05-31 17:55 . 2011-02-05 12:41 17792 ----a-w- c:\windows\system32\kdcom.dll
2012-05-31 17:55 . 2011-02-05 12:39 603976 ----a-w- c:\windows\system32\winload.exe
2012-05-31 17:55 . 2011-02-05 12:39 518160 ----a-w- c:\windows\system32\winresume.exe
2012-05-31 17:55 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2012-05-31 17:55 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2012-05-31 17:55 . 2009-08-29 07:50 46592 ----a-w- c:\windows\system32\msasn1.dll
2012-05-31 17:55 . 2009-08-29 06:57 34816 ----a-w- c:\windows\SysWow64\msasn1.dll
2012-05-31 17:53 . 2012-05-31 17:53 -------- d-----w- C:\Windows.old
2012-05-31 17:53 . 2012-05-31 17:53 -------- d-----w- c:\programdata\ATI
2012-05-31 17:49 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-31 17:45 . 2012-05-31 17:45 -------- d-----w- c:\programdata\AMD
2012-05-31 17:45 . 2012-05-31 17:45 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-31 17:45 . 2012-05-31 17:45 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-31 17:45 . 2012-05-31 17:45 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-05-31 17:45 . 2012-05-31 17:45 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-05-31 17:44 . 2012-05-31 17:44 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-05-31 17:43 . 2012-05-31 17:45 -------- d-----w- c:\program files\ATI Technologies
2012-05-31 17:43 . 2012-05-31 17:43 -------- d-----w- c:\program files\ATI
2012-05-31 17:36 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-31 17:36 . 2012-04-27 08:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-31 17:36 . 2012-04-24 22:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-31 17:36 . 2012-05-31 17:36 -------- d-----w- c:\programdata\Avira
2012-05-31 17:36 . 2012-05-31 17:36 -------- d-----w- c:\program files (x86)\Avira
2012-05-31 17:36 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-31 17:36 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-31 17:35 . 2012-06-04 21:22 -------- d-sh--w- c:\windows\Installer
2012-05-31 17:31 . 2012-05-31 17:31 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-31 17:28 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-31 17:28 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-31 17:28 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-31 17:28 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-05-31 17:28 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-05-31 17:28 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-31 17:28 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-31 17:28 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-31 17:28 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-31 17:19 . 2012-05-14 23:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCB6CC03-1FF1-41B1-B242-CE957E67C912}\mpengine.dll
2012-05-31 17:19 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 17:04 . 2012-05-31 17:04 0 ----a-w- c:\windows\ativpsrm.bin
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-07-13 21:59 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-09 12:07 . 2012-03-09 12:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 12:06 . 2012-03-09 12:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-06-01 3407496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 25994202
*NewlyCreated* - 59739085
*Deregistered* - 25994202
*Deregistered* - 59739085
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\ShowNoMercy\AppData\Roaming\Mozilla\Firefox\Profiles\gqtpmxkp.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-547596515-2706801567-419722999-1001\Software\SecuROM\License information*]
"datasecu"=hex:38,8f,b9,26,f0,7a,ea,65,71,07,41,8c,6a,50,87,26,c1,da,a1,8f,a4,
78,fe,be,14,d9,ef,58,52,96,a1,6d,dc,fa,da,27,78,2c,e5,a4,47,74,66,47,50,cd,\
"rkeysecu"=hex:51,c5,32,3d,17,c6,73,f4,c7,78,56,98,31,79,d7,c7
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-05 13:57:22
ComboFix-quarantined-files.txt 2012-06-05 11:57
.
Vor Suchlauf: 9 Verzeichnis(se), 193.523.765.248 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 193.736.466.432 Bytes frei
.
- - End Of File - - 70CD3DC708D94E4C7C2E2C6F241E5E4A
|
|
05.06.2012, 15:49
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellen Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.06.2012, 17:50
| #23 |
| | Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellenCode:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-05 18:37:52
-----------------------------
18:37:52.752 OS Version: Windows x64 6.1.7600
18:37:52.752 Number of processors: 4 586 0x1707
18:37:52.752 ComputerName: SHOWNOMERCY-PC UserName: ShowNoMercy
18:37:56.283 Initialize success
18:38:05.035 AVAST engine defs: 12060500
18:38:25.549 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
18:38:25.549 Disk 0 Vendor: NVIDIA__ Size: 953880MB BusType: 8
18:38:25.580 Disk 0 MBR read successfully
18:38:25.580 Disk 0 MBR scan
18:38:25.580 Disk 0 Windows 7 default MBR code
18:38:25.611 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:38:25.627 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 299900 MB offset 206848
18:38:25.642 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 653878 MB offset 614402048
18:38:25.658 Disk 0 scanning C:\Windows\system32\drivers
18:38:34.519 Service scanning
18:38:54.768 Modules scanning
18:38:54.768 Disk 0 trace - called modules:
18:38:54.799 ntoskrnl.exe CLASSPNP.SYS disk.sys nvraid.sys ACPI.sys storport.sys hal.dll nvstor.sys
18:38:54.799 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bbe060]
18:38:54.799 3 CLASSPNP.SYS[fffff88000c2943f] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa8004924060]
18:38:54.814 5 nvraid.sys[fffff88000c0cbc5] -> nt!IofCallDriver -> [0xfffffa8003d12a40]
18:38:54.814 7 ACPI.sys[fffff88000f23781] -> nt!IofCallDriver -> \Device\00000059[0xfffffa80048c0060]
18:38:54.830 9 nvraid.sys[fffff88000c0cbc5] -> nt!IofCallDriver -> [0xfffffa8003d12a40]
18:38:54.830 11 ACPI.sys[fffff88000f23781] -> nt!IofCallDriver -> \Device\00000059[0xfffffa80048c0060]
18:38:55.860 AVAST engine scan C:\Windows
18:38:58.215 AVAST engine scan C:\Windows\system32
18:42:57.800 AVAST engine scan C:\Windows\system32\drivers
18:43:13.260 AVAST engine scan C:\Users\ShowNoMercy
18:49:10.016 AVAST engine scan C:\ProgramData
18:49:21.966 Scan finished successfully
18:49:30.327 Disk 0 MBR has been saved successfully to "C:\Users\ShowNoMercy\Desktop\MBR.dat"
18:49:30.327 The log file has been saved successfully to "C:\Users\ShowNoMercy\Desktop\aswMBR.txt"
|
|
05.06.2012, 19:43
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.06.2012, 09:20
| #25 |
| | Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellen Hi Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.03.05 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 ShowNoMercy :: SHOWNOMERCY-PC [Administrator] Schutz: Aktiviert 06.06.2012 07:22:02 mbam-log-2012-06-06 (07-22-02).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 591444 Laufzeit: 2 Stunde(n), 53 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) lg Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/06/2012 at 01:05 PM
Application Version : 5.0.1150
Core Rules Database Version : 8686
Trace Rules Database Version: 6498
Scan type : Complete Scan
Total Scan Time : 02:40:38
Operating System Information
Windows 7 Professional 64-bit (Build 6.01.7600)
UAC On - Administrator
Memory items scanned : 753
Memory threats detected : 0
Registry items scanned : 64580
Registry threats detected : 0
File items scanned : 439535
File threats detected : 19
Adware.Tracking Cookie
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\84UX3QER.txt [ /track.adform.net ]
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\6GIATV00.txt [ /atdmt.combing.com ]
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\1W4TI9SH.txt [ /atdmt.com ]
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\3XFXPTLJ.txt [ /adform.net ]
C:\USERS\SHOWNOMERCY\AppData\Roaming\Microsoft\Windows\Cookies\Low\37UBWGGJ.txt [ Cookie:shownomercy@adfarm1.adition.com/ ]
C:\USERS\SHOWNOMERCY\AppData\Roaming\Microsoft\Windows\Cookies\Low\S8AV7GXN.txt [ Cookie:shownomercy@ad.yieldmanager.com/ ]
C:\USERS\SHOWNOMERCY\AppData\Roaming\Microsoft\Windows\Cookies\Low\1MR84BC6.txt [ Cookie:shownomercy@apmebf.com/ ]
C:\USERS\SHOWNOMERCY\AppData\Roaming\Microsoft\Windows\Cookies\Low\DKFEH2RR.txt [ Cookie:shownomercy@track.adform.net/ ]
C:\USERS\SHOWNOMERCY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FXI9OE98.txt [ Cookie:shownomercy@atdmt.combing.com/ ]
C:\USERS\SHOWNOMERCY\AppData\Roaming\Microsoft\Windows\Cookies\Low\OII88DSX.txt [ Cookie:shownomercy@atdmt.com/ ]
C:\USERS\SHOWNOMERCY\AppData\Roaming\Microsoft\Windows\Cookies\Low\M42RT05G.txt [ Cookie:shownomercy@adform.net/ ]
C:\USERS\SHOWNOMERCY\Cookies\84UX3QER.txt [ Cookie:shownomercy@track.adform.net/ ]
C:\USERS\SHOWNOMERCY\Cookies\6GIATV00.txt [ Cookie:shownomercy@atdmt.combing.com/ ]
C:\USERS\SHOWNOMERCY\Cookies\1W4TI9SH.txt [ Cookie:shownomercy@atdmt.com/ ]
C:\USERS\SHOWNOMERCY\Cookies\3XFXPTLJ.txt [ Cookie:shownomercy@adform.net/ ]
www.googleadservices.com [ C:\USERS\SHOWNOMERCY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQTPMXKP.DEFAULT\COOKIES.SQLITE ]
C:\WINDOWS.OLD\USERS\SHOWNOMERCY\COOKIES\SHOWNOMERCY@TRACK.WEBTREKK[1].TXT [ /TRACK.WEBTREKK ]
C:\WINDOWS.OLD\USERS\SHOWNOMERCY\COOKIES\SHOWNOMERCY@BLUESTREAK[1].TXT [ /BLUESTREAK ]
C:\WINDOWS.OLD\USERS\SHOWNOMERCY\COOKIES\SHOWNOMERCY@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
|
|
06.06.2012, 14:03
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.06.2012, 08:27
| #27 |
| | Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellenCode:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/07/2012 at 01:57 AM
Application Version : 5.0.1150
Core Rules Database Version : 8694
Trace Rules Database Version: 6506
Scan type : Complete Scan
Total Scan Time : 02:38:55
Operating System Information
Windows 7 Professional 64-bit (Build 6.01.7600)
UAC On - Administrator
Memory items scanned : 764
Memory threats detected : 0
Registry items scanned : 64601
Registry threats detected : 0
File items scanned : 442605
File threats detected : 25
Adware.Tracking Cookie
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\TEVTT976.txt [ /ad.yieldmanager.com ]
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\UL7L7TMB.txt [ /apmebf.com ]
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\5ERH1CSH.txt [ /eaeacom.112.2o7.net ]
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\W933IHMS.txt [ /doubleclick.net ]
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\WUV08BFX.txt [ /track.adform.net ]
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\HZID0O7F.txt [ /mediaplex.com ]
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\OJL57K32.txt [ /fastclick.net ]
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\QD2XPSAC.txt [ /atdmt.combing.com ]
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\VC6K3QME.txt [ /atdmt.com ]
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\D4Y3YPF1.txt [ /microsoftwllivemkt.112.2o7.net ]
C:\Users\ShowNoMercy\AppData\Roaming\Microsoft\Windows\Cookies\QTVDPLEO.txt [ /adform.net ]
C:\USERS\SHOWNOMERCY\Cookies\TEVTT976.txt [ Cookie:shownomercy@ad.yieldmanager.com/ ]
C:\USERS\SHOWNOMERCY\Cookies\UL7L7TMB.txt [ Cookie:shownomercy@apmebf.com/ ]
C:\USERS\SHOWNOMERCY\Cookies\5ERH1CSH.txt [ Cookie:shownomercy@eaeacom.112.2o7.net/ ]
C:\USERS\SHOWNOMERCY\Cookies\W933IHMS.txt [ Cookie:shownomercy@doubleclick.net/ ]
C:\USERS\SHOWNOMERCY\Cookies\WUV08BFX.txt [ Cookie:shownomercy@track.adform.net/ ]
C:\USERS\SHOWNOMERCY\Cookies\HZID0O7F.txt [ Cookie:shownomercy@mediaplex.com/ ]
C:\USERS\SHOWNOMERCY\Cookies\OJL57K32.txt [ Cookie:shownomercy@fastclick.net/ ]
C:\USERS\SHOWNOMERCY\Cookies\QD2XPSAC.txt [ Cookie:shownomercy@atdmt.combing.com/ ]
C:\USERS\SHOWNOMERCY\Cookies\VC6K3QME.txt [ Cookie:shownomercy@atdmt.com/ ]
C:\USERS\SHOWNOMERCY\Cookies\D4Y3YPF1.txt [ Cookie:shownomercy@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\SHOWNOMERCY\Cookies\QTVDPLEO.txt [ Cookie:shownomercy@adform.net/ ]
C:\WINDOWS.OLD\USERS\SHOWNOMERCY\COOKIES\SHOWNOMERCY@TRACK.WEBTREKK[1].TXT [ /TRACK.WEBTREKK ]
C:\WINDOWS.OLD\USERS\SHOWNOMERCY\COOKIES\SHOWNOMERCY@BLUESTREAK[1].TXT [ /BLUESTREAK ]
C:\WINDOWS.OLD\USERS\SHOWNOMERCY\COOKIES\SHOWNOMERCY@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
|
|
07.06.2012, 14:55
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellen Es ging um Malwarebytes und nicht um Superantispyware!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.06.2012, 15:13
| #29 |
| | Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellen Ups sorry hol ich nach hab moment viel stress.  so jetzt aber. aktualisiert und "malwarebytes" Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.07.05 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 ShowNoMercy :: SHOWNOMERCY-PC [Administrator] 07.06.2012 23:38:03 mbam-log-2012-06-07 (23-38-03).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 597323 Laufzeit: 2 Stunde(n), 32 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu Trojan Agent rns gen, Verschlüsselte Dateien wiederherstellen |
| 100€ zahlen, agent, antivir, automatisch, bildschirm, crypter, dateien, diverse, e-mail, festplatte, folge, forum, hochfahren, information, klicke, namen, neue, nicht mehr, nichts, ordner, problem, programme, quarantäne, trojan, trojan agent, trojaner, version, wichtige daten, windows |
Linear-Darstellung
