| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32/Sirefef.FC TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.09.2012, 12:26
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Win32/Sirefef.FC Trojaner Ich werde hier beide Augen zudrücken, weil der Kram ja auch schon im Papierkorb war und LW F offensichtlich ein Netzwerkspeicher bei dir ist.  adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.09.2012, 18:52
| #17 |
 | Win32/Sirefef.FC Trojaner Hier die Log:
__________________Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/02/2012 um 19:47:52 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Coko - COKO
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Coko\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v12.0 (de)
Profilname : default
Datei : C:\Users\Coko\AppData\Roaming\Mozilla\Firefox\Profiles\504etxy1.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [838 octets] - [02/09/2012 19:47:52]
########## EOF - C:\AdwCleaner[R1].txt - [897 octets] ##########
|
|
03.09.2012, 19:35
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Sirefef.FC Trojaner adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________
__________________ |
|
03.09.2012, 23:38
| #19 |
| | Win32/Sirefef.FC Trojaner Hi, bitte nochmal vielmals um Aufschiebung. Bin leider bis nächste Woche beruflich unterwegs und kann mich dann erst wieder mit der neuen Log zurückmelden. |
|
04.09.2012, 13:39
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Sirefef.FC Trojaner Ich seh schon wenn du hier wieder postest
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.09.2012, 21:40
| #21 |
| | Win32/Sirefef.FC Trojaner ok, nun war es das aber erstma mit dem Reisen :-) Hier die Log: Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/09/2012 um 22:29:30 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Coko - COKO-PC
# Normaler Modus : Normal
# Ausgef¸hrt unter : C:\Users\Coko\Desktop\adwcleaner.exe
# Option [Lˆschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v12.0 (de)
Profilname : default
Datei : C:\Users\Coko\AppData\Roaming\Mozilla\Firefox\Profiles\504etxy1.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [965 octets] - [02/09/2012 19:47:52]
AdwCleaner[S1].txt - [1156 octets] - [09/09/2012 22:29:30]
########## EOF - C:\AdwCleaner[S1].txt - [1216 octets] ##########
|
|
10.09.2012, 16:09
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Sirefef.FC Trojaner Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.09.2012, 16:49
| #23 |
| | Win32/Sirefef.FC Trojaner 1) Der normale Modus ging schon immer. Bis auf das ich immer wieder von NOD32 die Meldungen von dem gefundenen Trojaner bekomme, die Windows Firewall nicht mehr aktivieren kann und ich bei klicks auf einen Link nach einer Google Suche auf Werbeseiten geleitet wurde (das ist jetzt nicht mehr der Fall) ging eigentlich alles normal. 2) Vermissen tue ich auch nichts. Alle Ordner sind gefüllt und so, wie sie sein sollen. |
|
10.09.2012, 20:21
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Sirefef.FC Trojaner Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.09.2012, 19:07
| #25 |
| | Win32/Sirefef.FC Trojaner Alles nach Anleitung erledigt. Hier die Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.09.2012 19:21:03 - Run 2 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Coko\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,77% Memory free 4,00 Gb Paging File | 3,14 Gb Available in Paging File | 78,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,59 Gb Total Space | 47,49 Gb Free Space | 62,00% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 97,56 Gb Free Space | 99,91% Space Free | Partition Type: NTFS Drive F: | 135,23 Gb Total Space | 73,72 Gb Free Space | 54,51% Space Free | Partition Type: NTFS Computer Name: COKO-PC | User Name: Coko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.11 19:18:17 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Coko\Desktop\OTL.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\ekrn.exe PRC - [2011.09.22 13:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\egui.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 23:29:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:36 | 000,259,072 | ---- | M] () -- C:\Windows\System32\services.exe PRC - [2009.04.14 08:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE ========== Modules (No Company Name) ========== MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Services (SafeList) ========== SRV - [2012.08.31 22:14:46 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.31 16:11:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\efavdrv.sys -- (efavdrv) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.09 15:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2011.08.04 10:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw) DRV - [2011.08.04 10:20:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp) DRV - [2011.08.04 10:20:38 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF) DRV - [2011.08.04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.06.18 20:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C E2 E6 94 C3 C5 CC 01 [binary data] IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 16:11:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.03 17:45:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.12.29 02:06:10 | 000,000,000 | ---D | M] [2011.12.29 01:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coko\AppData\Roaming\mozilla\Extensions [2012.05.12 22:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coko\AppData\Roaming\mozilla\Firefox\Profiles\504etxy1.default\extensions [2012.04.01 17:48:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.31 16:11:31 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.08.31 16:11:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 16:11:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.31 16:11:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.31 16:11:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.31 16:11:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.31 16:11:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Coko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Coko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24ED9925-762C-4644-957A-2FCE40ADB78F}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: wuauserv - File not found NetSvcs: BITS - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: SharedAccess - File not found SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.31 22:24:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.31 16:18:43 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Coko\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.23 16:15:12 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Coko\Desktop\esetsmartinstaller_enu.exe ========== Files - Modified Within 30 Days ========== [2012.09.11 19:18:17 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Coko\Desktop\OTL.exe [2012.09.11 19:13:56 | 000,022,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.11 19:13:56 | 000,022,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.11 19:06:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.11 19:06:28 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys [2012.09.02 19:47:31 | 000,511,265 | ---- | M] () -- C:\Users\Coko\Desktop\adwcleaner.exe [2012.09.02 19:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.31 16:20:10 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.31 16:18:58 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Coko\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.23 16:15:14 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Coko\Desktop\esetsmartinstaller_enu.exe ========== Files Created - No Company Name ========== [2012.09.02 19:50:00 | 000,090,624 | ---- | C] () -- C:\Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\U\80000032.@ [2012.09.02 19:47:28 | 000,511,265 | ---- | C] () -- C:\Users\Coko\Desktop\adwcleaner.exe [2012.08.31 22:12:49 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\U\00000008.@ [2012.08.31 22:12:38 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\U\80000000.@ [2012.08.31 16:20:10 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.02 20:31:00 | 000,000,000 | ---- | C] () -- C:\Users\Coko\defogger_reenable [2012.07.22 13:14:58 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\L\00000004.@ [2012.01.16 22:16:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\@ [2012.01.16 22:16:24 | 000,002,048 | -HS- | C] () -- C:\Users\Coko\AppData\Local\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\@ [2011.12.29 14:41:09 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011.12.29 14:41:09 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2011.12.29 14:39:35 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.12.29 14:39:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.12.29 14:38:16 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2011.12.29 14:38:03 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2011.12.29 14:38:03 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011.12.29 14:38:02 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2011.12.28 20:34:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.28 20:34:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.04.12 03:30:05 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.04.12 03:30:05 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== LOP Check ========== [2012.03.08 21:15:29 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Canneverbe Limited [2012.09.11 19:07:13 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Dropbox [2011.12.29 02:08:06 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\ESET [2011.12.30 19:38:29 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\redsn0w [2011.12.29 01:50:23 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Thunderbird [2011.12.30 23:42:37 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Trillian [2011.12.29 19:03:34 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Xilisoft [2012.07.22 13:21:27 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\xsecva [2012.07.25 22:23:41 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.12.31 00:18:29 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Adobe [2012.03.03 14:33:28 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Apple Computer [2012.03.03 08:04:26 | 000,000,000 | R--D | M] -- C:\Users\Coko\AppData\Roaming\Brother [2012.03.08 21:15:29 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Canneverbe Limited [2012.09.11 19:07:13 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Dropbox [2011.12.29 02:08:06 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\ESET [2011.12.28 20:41:19 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Identities [2011.12.29 14:36:02 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\InstallShield [2011.12.29 14:48:58 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Macromedia [2012.08.02 17:00:34 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Malwarebytes [2011.04.12 03:39:07 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Media Center Programs [2012.03.08 21:31:43 | 000,000,000 | --SD | M] -- C:\Users\Coko\AppData\Roaming\Microsoft [2011.12.29 01:39:31 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Mozilla [2011.12.30 19:38:29 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\redsn0w [2011.12.29 01:50:23 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Thunderbird [2011.12.30 23:42:37 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Trillian [2012.01.02 04:41:07 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\vlc [2011.12.29 19:03:34 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Xilisoft [2012.07.22 13:21:27 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\xsecva < %APPDATA%\*.exe /s > [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Coko\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Coko\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Coko\AppData\Roaming\Dropbox\bin\Uninstall.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.12.29 02:24:20 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011.12.29 02:24:20 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll < End of report > |
|
11.09.2012, 23:12
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Sirefef.FC Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}
C:\Users\Coko\AppData\Local\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2012, 14:50
| #27 |
| | Win32/Sirefef.FC Trojaner Der Rechner wurde neugestartet und brachte folgende Log hervor: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop not found.
Registry value HKEY_USERS\S-1-5-21-2460109341-2024125387-723533134-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
========== FILES ==========
File\Folder C:\Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62} not found.
C:\Users\Coco\AppData\Local\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\U folder moved successfully.
C:\Users\Coco\AppData\Local\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\L folder moved successfully.
C:\Users\Coco\AppData\Local\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62} folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Coco\Desktop\cmd.bat deleted successfully.
C:\Users\Coco\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Coco
->Temp folder emptied: 1481 bytes
->Temporary Internet Files folder emptied: 37294 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7609439 bytes
->Flash cache emptied: 492 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 7,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.3 log created on 09122012_154406
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
12.09.2012, 15:23
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Sirefef.FC Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2012, 17:34
| #29 |
| | Win32/Sirefef.FC Trojaner Hier die nächste Log: Code:
ATTFilter 18:28:10.0593 2080 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:28:10.0875 2080 ============================================================
18:28:10.0875 2080 Current date / time: 2012/09/12 18:28:10.0875
18:28:10.0875 2080 SystemInfo:
18:28:10.0875 2080
18:28:10.0875 2080 OS Version: 6.1.7601 ServicePack: 1.0
18:28:10.0875 2080 Product type: Workstation
18:28:10.0875 2080 ComputerName: COCO-PC
18:28:10.0875 2080 UserName: Coco
18:28:10.0875 2080 Windows directory: C:\Windows
18:28:10.0875 2080 System windows directory: C:\Windows
18:28:10.0875 2080 Processor architecture: Intel x86
18:28:10.0875 2080 Number of processors: 1
18:28:10.0875 2080 Page size: 0x1000
18:28:10.0875 2080 Boot type: Normal boot
18:28:10.0875 2080 ============================================================
18:28:12.0015 2080 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:28:12.0031 2080 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x939E, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
18:28:12.0031 2080 ============================================================
18:28:12.0031 2080 \Device\Harddisk1\DR1:
18:28:12.0031 2080 MBR partitions:
18:28:12.0031 2080 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
18:28:12.0031 2080 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x10E74800
18:28:12.0031 2080 \Device\Harddisk0\DR0:
18:28:12.0031 2080 MBR partitions:
18:28:12.0031 2080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:28:12.0031 2080 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x992F800
18:28:12.0031 2080 ============================================================
18:28:12.0046 2080 C: <-> \Device\Harddisk0\DR0\Partition2
18:28:12.0062 2080 E: <-> \Device\Harddisk1\DR1\Partition1
18:28:12.0093 2080 F: <-> \Device\Harddisk1\DR1\Partition2
18:28:12.0093 2080 ============================================================
18:28:12.0093 2080 Initialize success
18:28:12.0093 2080 ============================================================
18:29:24.0223 3860 ============================================================
18:29:24.0223 3860 Scan started
18:29:24.0223 3860 Mode: Manual; SigCheck; TDLFS;
18:29:24.0223 3860 ============================================================
18:29:25.0176 3860 ================ Scan system memory ========================
18:29:25.0176 3860 System memory - ok
18:29:25.0176 3860 ================ Scan services =============================
18:29:25.0333 3860 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:29:25.0459 3860 1394ohci - ok
18:29:25.0491 3860 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:29:25.0522 3860 ACPI - ok
18:29:25.0553 3860 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:29:25.0600 3860 AcpiPmi - ok
18:29:25.0788 3860 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:29:25.0803 3860 AdobeARMservice - ok
18:29:25.0881 3860 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:29:25.0897 3860 AdobeFlashPlayerUpdateSvc - ok
18:29:25.0944 3860 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:29:25.0959 3860 adp94xx - ok
18:29:26.0022 3860 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:29:26.0038 3860 adpahci - ok
18:29:26.0069 3860 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:29:26.0084 3860 adpu320 - ok
18:29:26.0131 3860 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:29:26.0272 3860 AeLookupSvc - ok
18:29:26.0319 3860 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:29:26.0366 3860 AFD - ok
18:29:26.0413 3860 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:29:26.0413 3860 agp440 - ok
18:29:26.0459 3860 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:29:26.0475 3860 aic78xx - ok
18:29:26.0616 3860 [ 7997B6F02CBDA0E31FA18CC85871B938 ] ALCXWDM C:\Windows\system32\drivers\RTKVAC.SYS
18:29:33.0241 3860 ALCXWDM - ok
18:29:33.0303 3860 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:29:33.0350 3860 ALG - ok
18:29:33.0381 3860 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:29:33.0381 3860 aliide - ok
18:29:33.0428 3860 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:29:33.0444 3860 amdagp - ok
18:29:33.0444 3860 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:29:33.0459 3860 amdide - ok
18:29:33.0506 3860 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:29:33.0538 3860 AmdK8 - ok
18:29:33.0553 3860 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:29:33.0584 3860 AmdPPM - ok
18:29:33.0631 3860 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:29:33.0647 3860 amdsata - ok
18:29:33.0741 3860 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:29:33.0756 3860 amdsbs - ok
18:29:33.0788 3860 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:29:33.0803 3860 amdxata - ok
18:29:33.0850 3860 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:29:33.0881 3860 AppID - ok
18:29:33.0913 3860 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:29:33.0959 3860 AppIDSvc - ok
18:29:33.0991 3860 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:29:34.0022 3860 Appinfo - ok
18:29:34.0069 3860 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:29:34.0084 3860 Apple Mobile Device - ok
18:29:34.0131 3860 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
18:29:34.0178 3860 AppMgmt - ok
18:29:34.0209 3860 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
18:29:34.0225 3860 arc - ok
18:29:34.0241 3860 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:29:34.0256 3860 arcsas - ok
18:29:34.0288 3860 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:29:34.0382 3860 AsyncMac - ok
18:29:34.0414 3860 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:29:34.0429 3860 atapi - ok
18:29:34.0570 3860 [ 712D8A95E45B070114C5309ADA7358FF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:29:34.0726 3860 atikmdag - ok
18:29:34.0773 3860 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:29:34.0820 3860 AudioEndpointBuilder - ok
18:29:34.0851 3860 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:29:34.0882 3860 Audiosrv - ok
18:29:34.0914 3860 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:29:34.0960 3860 AxInstSV - ok
18:29:35.0007 3860 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
18:29:35.0054 3860 b06bdrv - ok
18:29:35.0101 3860 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:29:35.0132 3860 b57nd60x - ok
18:29:35.0195 3860 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:29:35.0226 3860 BDESVC - ok
18:29:35.0257 3860 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:29:35.0289 3860 Beep - ok
18:29:35.0320 3860 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:29:35.0351 3860 blbdrive - ok
18:29:35.0414 3860 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:29:35.0429 3860 Bonjour Service - ok
18:29:35.0460 3860 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:29:35.0492 3860 bowser - ok
18:29:35.0523 3860 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:29:35.0554 3860 BrFiltLo - ok
18:29:35.0585 3860 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:29:35.0617 3860 BrFiltUp - ok
18:29:35.0664 3860 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
18:29:35.0742 3860 Browser - ok
18:29:35.0773 3860 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:29:35.0820 3860 Brserid - ok
18:29:35.0851 3860 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:29:35.0882 3860 BrSerWdm - ok
18:29:35.0898 3860 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:29:35.0929 3860 BrUsbMdm - ok
18:29:35.0945 3860 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:29:35.0976 3860 BrUsbSer - ok
18:29:35.0992 3860 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:29:36.0023 3860 BTHMODEM - ok
18:29:36.0070 3860 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:29:36.0117 3860 bthserv - ok
18:29:36.0132 3860 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:29:36.0179 3860 cdfs - ok
18:29:36.0226 3860 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:29:36.0257 3860 cdrom - ok
18:29:36.0304 3860 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:29:36.0335 3860 CertPropSvc - ok
18:29:36.0367 3860 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
18:29:36.0400 3860 circlass - ok
18:29:36.0416 3860 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:29:36.0447 3860 CLFS - ok
18:29:36.0509 3860 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:29:36.0525 3860 clr_optimization_v2.0.50727_32 - ok
18:29:36.0603 3860 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:29:36.0634 3860 clr_optimization_v4.0.30319_32 - ok
18:29:36.0650 3860 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:29:36.0681 3860 CmBatt - ok
18:29:36.0712 3860 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:29:36.0728 3860 cmdide - ok
18:29:36.0775 3860 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:29:36.0806 3860 CNG - ok
18:29:36.0822 3860 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:29:36.0822 3860 Compbatt - ok
18:29:36.0869 3860 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:29:36.0884 3860 CompositeBus - ok
18:29:36.0916 3860 COMSysApp - ok
18:29:36.0947 3860 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:29:36.0962 3860 crcdisk - ok
18:29:37.0025 3860 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:29:37.0072 3860 CryptSvc - ok
18:29:37.0119 3860 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
18:29:37.0150 3860 CSC - ok
18:29:37.0197 3860 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
18:29:37.0228 3860 CscService - ok
18:29:37.0259 3860 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:29:37.0306 3860 DcomLaunch - ok
18:29:37.0337 3860 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:29:37.0384 3860 defragsvc - ok
18:29:37.0431 3860 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:29:37.0462 3860 DfsC - ok
18:29:37.0509 3860 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:29:37.0556 3860 Dhcp - ok
18:29:37.0587 3860 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:29:37.0634 3860 discache - ok
18:29:37.0697 3860 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
18:29:37.0712 3860 Disk - ok
18:29:37.0744 3860 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
18:29:37.0775 3860 dmvsc - ok
18:29:37.0806 3860 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:29:37.0853 3860 Dnscache - ok
18:29:37.0884 3860 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:29:37.0931 3860 dot3svc - ok
18:29:37.0962 3860 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:29:37.0994 3860 DPS - ok
18:29:38.0041 3860 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:29:38.0056 3860 drmkaud - ok
18:29:38.0103 3860 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:29:38.0134 3860 DXGKrnl - ok
18:29:38.0166 3860 [ 04238864710460C5682E260207D06192 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
18:29:38.0181 3860 eamonm - ok
18:29:38.0212 3860 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:29:38.0259 3860 EapHost - ok
18:29:38.0384 3860 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
18:29:38.0509 3860 ebdrv - ok
18:29:38.0541 3860 efavdrv - ok
18:29:38.0572 3860 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:29:38.0603 3860 EFS - ok
18:29:38.0634 3860 [ DEFF87F04AB5F6DD5EDF2B80853BBE10 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
18:29:38.0650 3860 ehdrv - ok
18:29:38.0759 3860 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:29:38.0806 3860 ehRecvr - ok
18:29:38.0822 3860 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:29:38.0853 3860 ehSched - ok
18:29:38.0931 3860 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
18:29:38.0962 3860 ekrn - ok
18:29:39.0009 3860 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:29:39.0041 3860 elxstor - ok
18:29:39.0087 3860 [ 5BA193CA0AE31209AAA39939CE6736B2 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
18:29:39.0103 3860 epfw - ok
18:29:39.0119 3860 [ 9CEFD59C8E5EBFB48165AEF54617F539 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
18:29:39.0134 3860 EpfwLWF - ok
18:29:39.0166 3860 [ 7144A06AC105A2A7302944602E415EC1 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
18:29:39.0166 3860 epfwwfp - ok
18:29:39.0181 3860 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:29:39.0212 3860 ErrDev - ok
18:29:39.0275 3860 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:29:39.0306 3860 EventSystem - ok
18:29:39.0337 3860 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:29:39.0369 3860 exfat - ok
18:29:39.0416 3860 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:29:39.0462 3860 fastfat - ok
18:29:39.0509 3860 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:29:39.0556 3860 Fax - ok
18:29:39.0587 3860 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:29:39.0619 3860 fdc - ok
18:29:39.0634 3860 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:29:39.0697 3860 fdPHost - ok
18:29:39.0728 3860 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:29:39.0744 3860 FDResPub - ok
18:29:39.0775 3860 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:29:39.0791 3860 FileInfo - ok
18:29:39.0806 3860 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:29:39.0853 3860 Filetrace - ok
18:29:39.0884 3860 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:29:39.0900 3860 flpydisk - ok
18:29:39.0931 3860 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:29:39.0947 3860 FltMgr - ok
18:29:39.0994 3860 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
18:29:40.0041 3860 FontCache - ok
18:29:40.0119 3860 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:29:40.0119 3860 FontCache3.0.0.0 - ok
18:29:40.0150 3860 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:29:40.0166 3860 FsDepends - ok
18:29:40.0197 3860 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:29:40.0212 3860 Fs_Rec - ok
18:29:40.0259 3860 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:29:40.0275 3860 fvevol - ok
18:29:40.0306 3860 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:29:40.0322 3860 gagp30kx - ok
18:29:40.0353 3860 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:29:40.0369 3860 GEARAspiWDM - ok
18:29:40.0418 3860 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:29:40.0471 3860 gpsvc - ok
18:29:40.0502 3860 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:29:40.0534 3860 hcw85cir - ok
18:29:40.0565 3860 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:29:40.0596 3860 HDAudBus - ok
18:29:40.0612 3860 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:29:40.0643 3860 HidBatt - ok
18:29:40.0721 3860 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:29:40.0737 3860 HidBth - ok
18:29:40.0768 3860 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:29:40.0799 3860 HidIr - ok
18:29:40.0815 3860 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:29:40.0862 3860 hidserv - ok
18:29:40.0909 3860 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:29:40.0940 3860 HidUsb - ok
18:29:40.0956 3860 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:29:41.0002 3860 hkmsvc - ok
18:29:41.0034 3860 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:29:41.0049 3860 HomeGroupListener - ok
18:29:41.0096 3860 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:29:41.0127 3860 HomeGroupProvider - ok
18:29:41.0159 3860 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:29:41.0174 3860 HpSAMD - ok
18:29:41.0221 3860 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:29:41.0268 3860 HTTP - ok
18:29:41.0284 3860 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:29:41.0299 3860 hwpolicy - ok
18:29:41.0331 3860 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:29:41.0346 3860 i8042prt - ok
18:29:41.0393 3860 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:29:41.0409 3860 iaStorV - ok
18:29:41.0478 3860 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:29:41.0509 3860 idsvc - ok
18:29:41.0556 3860 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:29:41.0572 3860 iirsp - ok
18:29:41.0619 3860 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:29:41.0666 3860 IKEEXT - ok
18:29:41.0712 3860 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:29:41.0728 3860 intelide - ok
18:29:41.0759 3860 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
18:29:41.0775 3860 intelppm - ok
18:29:41.0822 3860 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:29:41.0853 3860 IPBusEnum - ok
18:29:41.0884 3860 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:41.0931 3860 IpFilterDriver - ok
18:29:41.0947 3860 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:29:41.0962 3860 IPMIDRV - ok
18:29:42.0009 3860 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:29:42.0041 3860 IPNAT - ok
18:29:42.0087 3860 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:29:42.0119 3860 iPod Service - ok
18:29:42.0166 3860 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:29:42.0181 3860 IRENUM - ok
18:29:42.0212 3860 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:29:42.0228 3860 isapnp - ok
18:29:42.0259 3860 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:29:42.0275 3860 iScsiPrt - ok
18:29:42.0322 3860 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:29:42.0322 3860 kbdclass - ok
18:29:42.0369 3860 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:29:42.0400 3860 kbdhid - ok
18:29:42.0416 3860 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:29:42.0431 3860 KeyIso - ok
18:29:42.0462 3860 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:29:42.0485 3860 KSecDD - ok
18:29:42.0506 3860 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:29:42.0524 3860 KSecPkg - ok
18:29:42.0571 3860 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:29:42.0602 3860 KtmRm - ok
18:29:42.0633 3860 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
18:29:42.0680 3860 LanmanServer - ok
18:29:42.0743 3860 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:29:42.0774 3860 LanmanWorkstation - ok
18:29:42.0821 3860 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:29:42.0868 3860 lltdio - ok
18:29:42.0899 3860 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:29:42.0930 3860 lltdsvc - ok
18:29:42.0961 3860 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:29:42.0993 3860 lmhosts - ok
18:29:43.0040 3860 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:29:43.0055 3860 LSI_FC - ok
18:29:43.0102 3860 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:29:43.0118 3860 LSI_SAS - ok
18:29:43.0149 3860 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:29:43.0149 3860 LSI_SAS2 - ok
18:29:43.0180 3860 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:29:43.0196 3860 LSI_SCSI - ok
18:29:43.0227 3860 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:29:43.0258 3860 luafv - ok
18:29:43.0321 3860 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:29:43.0336 3860 MBAMProtector - ok
18:29:43.0415 3860 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:29:43.0446 3860 MBAMService - ok
18:29:43.0493 3860 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:29:43.0508 3860 Mcx2Svc - ok
18:29:43.0540 3860 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
18:29:43.0555 3860 megasas - ok
18:29:43.0586 3860 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:29:43.0602 3860 MegaSR - ok
18:29:43.0665 3860 Microsoft SharePoint Workspace Audit Service - ok
18:29:43.0743 3860 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:29:43.0774 3860 MMCSS - ok
18:29:43.0805 3860 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:29:43.0852 3860 Modem - ok
18:29:43.0868 3860 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:29:43.0899 3860 monitor - ok
18:29:43.0946 3860 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:29:43.0961 3860 mouclass - ok
18:29:43.0993 3860 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:29:44.0024 3860 mouhid - ok
18:29:44.0055 3860 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:29:44.0071 3860 mountmgr - ok
18:29:44.0149 3860 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:29:44.0165 3860 MozillaMaintenance - ok
18:29:44.0180 3860 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:29:44.0196 3860 mpio - ok
18:29:44.0227 3860 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:29:44.0258 3860 mpsdrv - ok
18:29:44.0290 3860 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:29:44.0321 3860 MRxDAV - ok
18:29:44.0368 3860 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:44.0383 3860 mrxsmb - ok
18:29:44.0415 3860 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:44.0446 3860 mrxsmb10 - ok
18:29:44.0477 3860 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:44.0493 3860 mrxsmb20 - ok
18:29:44.0524 3860 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:29:44.0540 3860 msahci - ok
18:29:44.0571 3860 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:29:44.0586 3860 msdsm - ok
18:29:44.0618 3860 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:29:44.0649 3860 MSDTC - ok
18:29:44.0696 3860 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:29:44.0727 3860 Msfs - ok
18:29:44.0758 3860 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:29:44.0790 3860 mshidkmdf - ok
18:29:44.0821 3860 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:29:44.0836 3860 msisadrv - ok
18:29:44.0883 3860 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:29:44.0930 3860 MSiSCSI - ok
18:29:44.0946 3860 msiserver - ok
18:29:44.0977 3860 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:29:45.0008 3860 MSKSSRV - ok
18:29:45.0040 3860 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:29:45.0086 3860 MSPCLOCK - ok
18:29:45.0118 3860 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:29:45.0149 3860 MSPQM - ok
18:29:45.0180 3860 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:29:45.0196 3860 MsRPC - ok
18:29:45.0243 3860 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:29:45.0243 3860 mssmbios - ok
18:29:45.0290 3860 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:29:45.0336 3860 MSTEE - ok
18:29:45.0352 3860 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:29:45.0383 3860 MTConfig - ok
18:29:45.0399 3860 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:29:45.0415 3860 Mup - ok
18:29:45.0461 3860 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:29:45.0508 3860 napagent - ok
18:29:45.0555 3860 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:29:45.0586 3860 NativeWifiP - ok
18:29:45.0618 3860 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:29:45.0649 3860 NDIS - ok
18:29:45.0743 3860 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:29:45.0836 3860 NdisCap - ok
18:29:45.0899 3860 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:29:45.0930 3860 NdisTapi - ok
18:29:45.0961 3860 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:29:45.0993 3860 Ndisuio - ok
18:29:46.0024 3860 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:29:46.0055 3860 NdisWan - ok
18:29:46.0086 3860 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:29:46.0118 3860 NDProxy - ok
18:29:46.0149 3860 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:29:46.0196 3860 NetBIOS - ok
18:29:46.0211 3860 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:29:46.0258 3860 NetBT - ok
18:29:46.0274 3860 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:29:46.0290 3860 Netlogon - ok
18:29:46.0336 3860 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:29:46.0383 3860 Netman - ok
18:29:46.0415 3860 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:29:46.0461 3860 netprofm - ok
18:29:46.0477 3860 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:29:46.0493 3860 NetTcpPortSharing - ok
18:29:46.0540 3860 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:29:46.0555 3860 nfrd960 - ok
18:29:46.0586 3860 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:29:46.0633 3860 NlaSvc - ok
18:29:46.0696 3860 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:29:46.0743 3860 Npfs - ok
18:29:46.0774 3860 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:29:46.0805 3860 nsi - ok
18:29:46.0821 3860 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:29:46.0868 3860 nsiproxy - ok
18:29:46.0930 3860 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:29:46.0977 3860 Ntfs - ok
18:29:47.0008 3860 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:29:47.0055 3860 Null - ok
18:29:47.0086 3860 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:29:47.0102 3860 nvraid - ok
18:29:47.0133 3860 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:29:47.0149 3860 nvstor - ok
18:29:47.0165 3860 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:29:47.0180 3860 nv_agp - ok
18:29:47.0211 3860 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:29:47.0243 3860 ohci1394 - ok
18:29:47.0274 3860 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:29:47.0290 3860 ose - ok
18:29:47.0461 3860 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:29:47.0681 3860 osppsvc - ok
18:29:47.0728 3860 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:29:47.0775 3860 p2pimsvc - ok
18:29:47.0806 3860 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:29:47.0853 3860 p2psvc - ok
18:29:47.0884 3860 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:29:47.0900 3860 Parport - ok
18:29:47.0931 3860 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:29:47.0947 3860 partmgr - ok
18:29:47.0978 3860 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:29:47.0978 3860 Parvdm - ok
18:29:48.0025 3860 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:29:48.0041 3860 PcaSvc - ok
18:29:48.0072 3860 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:29:48.0087 3860 pci - ok
18:29:48.0119 3860 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:29:48.0134 3860 pciide - ok
18:29:48.0150 3860 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:29:48.0166 3860 pcmcia - ok
18:29:48.0197 3860 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:29:48.0212 3860 pcw - ok
18:29:48.0244 3860 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:29:48.0291 3860 PEAUTH - ok
18:29:48.0353 3860 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:29:48.0416 3860 PeerDistSvc - ok
18:29:48.0509 3860 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:29:48.0572 3860 pla - ok
18:29:48.0634 3860 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:29:48.0666 3860 PlugPlay - ok
18:29:48.0712 3860 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:29:48.0728 3860 PNRPAutoReg - ok
18:29:48.0759 3860 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:29:48.0775 3860 PNRPsvc - ok
18:29:48.0822 3860 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:29:48.0853 3860 PolicyAgent - ok
18:29:48.0900 3860 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:29:48.0947 3860 Power - ok
18:29:48.0978 3860 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:29:49.0025 3860 PptpMiniport - ok
18:29:49.0041 3860 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
18:29:49.0072 3860 Processor - ok
18:29:49.0119 3860 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:29:49.0166 3860 ProfSvc - ok
18:29:49.0197 3860 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:29:49.0197 3860 ProtectedStorage - ok
18:29:49.0244 3860 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:29:49.0275 3860 Psched - ok
18:29:49.0353 3860 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:29:49.0416 3860 ql2300 - ok
18:29:49.0431 3860 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:29:49.0447 3860 ql40xx - ok
18:29:49.0494 3860 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:29:49.0525 3860 QWAVE - ok
18:29:49.0541 3860 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:29:49.0557 3860 QWAVEdrv - ok
18:29:49.0604 3860 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:29:49.0635 3860 RasAcd - ok
18:29:49.0713 3860 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:29:49.0745 3860 RasAgileVpn - ok
18:29:49.0776 3860 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:29:49.0823 3860 RasAuto - ok
18:29:49.0854 3860 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:49.0901 3860 Rasl2tp - ok
18:29:49.0932 3860 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:29:49.0979 3860 RasMan - ok
18:29:50.0026 3860 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:29:50.0057 3860 RasPppoe - ok
18:29:50.0088 3860 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:29:50.0135 3860 RasSstp - ok
18:29:50.0151 3860 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:29:50.0213 3860 rdbss - ok
18:29:50.0245 3860 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:29:50.0260 3860 rdpbus - ok
18:29:50.0276 3860 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:50.0323 3860 RDPCDD - ok
18:29:50.0354 3860 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:29:50.0401 3860 RDPDR - ok
18:29:50.0432 3860 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:29:50.0463 3860 RDPENCDD - ok
18:29:50.0495 3860 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:29:50.0526 3860 RDPREFMP - ok
18:29:50.0573 3860 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:29:50.0604 3860 RDPWD - ok
18:29:50.0651 3860 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:29:50.0666 3860 rdyboost - ok
18:29:50.0713 3860 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:29:50.0745 3860 RemoteAccess - ok
18:29:50.0776 3860 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:29:50.0807 3860 RemoteRegistry - ok
18:29:50.0854 3860 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:29:50.0901 3860 RpcEptMapper - ok
18:29:50.0948 3860 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:29:50.0963 3860 RpcLocator - ok
18:29:50.0995 3860 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:29:51.0026 3860 RpcSs - ok
18:29:51.0073 3860 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:29:51.0104 3860 rspndr - ok
18:29:51.0135 3860 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:29:51.0166 3860 s3cap - ok
18:29:51.0182 3860 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:29:51.0198 3860 SamSs - ok
18:29:51.0245 3860 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:29:51.0260 3860 sbp2port - ok
18:29:51.0291 3860 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:29:51.0338 3860 SCardSvr - ok
18:29:51.0370 3860 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:29:51.0401 3860 scfilter - ok
18:29:51.0448 3860 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:29:51.0495 3860 Schedule - ok
18:29:51.0526 3860 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:29:51.0557 3860 SCPolicySvc - ok
18:29:51.0588 3860 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:29:51.0620 3860 SDRSVC - ok
18:29:51.0666 3860 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:29:51.0729 3860 secdrv - ok
18:29:51.0760 3860 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:29:51.0807 3860 seclogon - ok
18:29:51.0838 3860 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:29:51.0885 3860 SENS - ok
18:29:51.0916 3860 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:29:51.0948 3860 SensrSvc - ok
18:29:51.0979 3860 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:29:52.0010 3860 Serenum - ok
18:29:52.0026 3860 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:29:52.0057 3860 Serial - ok
18:29:52.0073 3860 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:29:52.0088 3860 sermouse - ok
18:29:52.0135 3860 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:29:52.0166 3860 SessionEnv - ok
18:29:52.0198 3860 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:29:52.0229 3860 sffdisk - ok
18:29:52.0260 3860 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:29:52.0276 3860 sffp_mmc - ok
18:29:52.0291 3860 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:29:52.0323 3860 sffp_sd - ok
18:29:52.0338 3860 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:29:52.0354 3860 sfloppy - ok
18:29:52.0401 3860 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:29:52.0463 3860 ShellHWDetection - ok
18:29:52.0495 3860 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:29:52.0510 3860 SiSRaid2 - ok
18:29:52.0526 3860 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:29:52.0541 3860 SiSRaid4 - ok
18:29:52.0574 3860 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:29:52.0621 3860 Smb - ok
18:29:52.0667 3860 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:29:52.0683 3860 SNMPTRAP - ok
18:29:52.0714 3860 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:29:52.0730 3860 spldr - ok
18:29:52.0761 3860 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
18:29:52.0792 3860 Spooler - ok
18:29:52.0917 3860 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:29:53.0042 3860 sppsvc - ok
18:29:53.0074 3860 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:29:53.0105 3860 sppuinotify - ok
18:29:53.0152 3860 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:29:53.0183 3860 srv - ok
18:29:53.0230 3860 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:29:53.0246 3860 srv2 - ok
18:29:53.0292 3860 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:29:53.0308 3860 srvnet - ok
18:29:53.0339 3860 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:29:53.0386 3860 SSDPSRV - ok
18:29:53.0402 3860 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:29:53.0449 3860 SstpSvc - ok
18:29:53.0480 3860 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:29:53.0496 3860 stexstor - ok
18:29:53.0527 3860 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:29:53.0542 3860 StillCam - ok
18:29:53.0605 3860 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:29:53.0636 3860 StiSvc - ok
18:29:53.0714 3860 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:29:53.0730 3860 storflt - ok
18:29:53.0761 3860 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
18:29:53.0777 3860 StorSvc - ok
18:29:53.0824 3860 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:29:53.0839 3860 storvsc - ok
18:29:53.0871 3860 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:29:53.0886 3860 swenum - ok
18:29:53.0917 3860 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:29:53.0980 3860 swprv - ok
18:29:54.0042 3860 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:29:54.0074 3860 SysMain - ok
18:29:54.0105 3860 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:29:54.0136 3860 TabletInputService - ok
18:29:54.0167 3860 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:29:54.0214 3860 TapiSrv - ok
18:29:54.0230 3860 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:29:54.0277 3860 TBS - ok
18:29:54.0339 3860 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:29:54.0386 3860 Tcpip - ok
18:29:54.0449 3860 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:29:54.0496 3860 TCPIP6 - ok
18:29:54.0527 3860 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:29:54.0558 3860 tcpipreg - ok
18:29:54.0589 3860 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:29:54.0621 3860 TDPIPE - ok
18:29:54.0636 3860 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:29:54.0652 3860 TDTCP - ok
18:29:54.0761 3860 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:29:54.0792 3860 tdx - ok
18:29:54.0808 3860 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:29:54.0824 3860 TermDD - ok
18:29:54.0871 3860 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:29:54.0917 3860 TermService - ok
18:29:54.0933 3860 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:29:54.0964 3860 Themes - ok
18:29:54.0996 3860 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:29:55.0027 3860 THREADORDER - ok
18:29:55.0074 3860 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:29:55.0121 3860 TrkWks - ok
18:29:55.0167 3860 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:29:55.0199 3860 TrustedInstaller - ok
18:29:55.0230 3860 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:29:55.0277 3860 tssecsrv - ok
18:29:55.0292 3860 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:29:55.0324 3860 TsUsbFlt - ok
18:29:55.0371 3860 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:29:55.0386 3860 TsUsbGD - ok
18:29:55.0433 3860 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:29:55.0449 3860 tunnel - ok
18:29:55.0496 3860 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:29:55.0511 3860 uagp35 - ok
18:29:55.0527 3860 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:29:55.0589 3860 udfs - ok
18:29:55.0621 3860 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:29:55.0652 3860 UI0Detect - ok
18:29:55.0714 3860 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:29:55.0730 3860 uliagpkx - ok
18:29:55.0761 3860 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:29:55.0777 3860 umbus - ok
18:29:55.0808 3860 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
18:29:55.0839 3860 UmPass - ok
18:29:55.0871 3860 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
18:29:55.0902 3860 UmRdpService - ok
18:29:55.0933 3860 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:29:55.0980 3860 upnphost - ok
18:29:56.0011 3860 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:29:56.0042 3860 USBAAPL - ok
18:29:56.0074 3860 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:29:56.0089 3860 usbccgp - ok
18:29:56.0136 3860 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:29:56.0152 3860 usbcir - ok
18:29:56.0167 3860 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:29:56.0199 3860 usbehci - ok
18:29:56.0246 3860 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:29:56.0261 3860 usbhub - ok
18:29:56.0292 3860 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:29:56.0308 3860 usbohci - ok
18:29:56.0339 3860 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:29:56.0371 3860 usbprint - ok
18:29:56.0386 3860 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:29:56.0417 3860 USBSTOR - ok
18:29:56.0449 3860 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:29:56.0480 3860 usbuhci - ok
18:29:56.0511 3860 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:29:56.0542 3860 UxSms - ok
18:29:56.0574 3860 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:29:56.0589 3860 VaultSvc - ok
18:29:56.0622 3860 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:29:56.0637 3860 vdrvroot - ok
18:29:56.0731 3860 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:29:56.0778 3860 vds - ok
18:29:56.0825 3860 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:29:56.0856 3860 vga - ok
18:29:56.0872 3860 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:29:56.0903 3860 VgaSave - ok
18:29:56.0934 3860 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:29:56.0965 3860 vhdmp - ok
18:29:56.0997 3860 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:29:57.0012 3860 viaagp - ok
18:29:57.0028 3860 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:29:57.0043 3860 ViaC7 - ok
18:29:57.0075 3860 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:29:57.0090 3860 viaide - ok
18:29:57.0122 3860 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:29:57.0137 3860 vmbus - ok
18:29:57.0153 3860 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:29:57.0184 3860 VMBusHID - ok
18:29:57.0215 3860 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:29:57.0215 3860 volmgr - ok
18:29:57.0247 3860 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:29:57.0278 3860 volmgrx - ok
18:29:57.0293 3860 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:29:57.0325 3860 volsnap - ok
18:29:57.0340 3860 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:29:57.0356 3860 vsmraid - ok
18:29:57.0418 3860 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:29:57.0481 3860 VSS - ok
18:29:57.0497 3860 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:29:57.0512 3860 vwifibus - ok
18:29:57.0559 3860 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:29:57.0606 3860 W32Time - ok
18:29:57.0637 3860 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:29:57.0653 3860 WacomPen - ok
18:29:57.0731 3860 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:29:57.0762 3860 WANARP - ok
18:29:57.0778 3860 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:29:57.0809 3860 Wanarpv6 - ok
18:29:57.0856 3860 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:29:57.0918 3860 wbengine - ok
18:29:57.0934 3860 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:29:57.0965 3860 WbioSrvc - ok
18:29:58.0012 3860 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:29:58.0043 3860 wcncsvc - ok
18:29:58.0059 3860 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:29:58.0090 3860 WcsPlugInService - ok
18:29:58.0137 3860 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
18:29:58.0137 3860 Wd - ok
18:29:58.0168 3860 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:29:58.0200 3860 Wdf01000 - ok
18:29:58.0215 3860 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:29:58.0278 3860 WdiServiceHost - ok
18:29:58.0293 3860 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:29:58.0309 3860 WdiSystemHost - ok
18:29:58.0356 3860 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:29:58.0387 3860 WebClient - ok
18:29:58.0418 3860 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:29:58.0450 3860 Wecsvc - ok
18:29:58.0481 3860 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:29:58.0497 3860 wercplsupport - ok
18:29:58.0543 3860 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:29:58.0575 3860 WerSvc - ok
18:29:58.0606 3860 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:29:58.0637 3860 WfpLwf - ok
18:29:58.0715 3860 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:29:58.0731 3860 WIMMount - ok
18:29:58.0747 3860 WinHttpAutoProxySvc - ok
18:29:58.0809 3860 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:29:58.0840 3860 Winmgmt - ok
18:29:58.0903 3860 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:29:58.0965 3860 WinRM - ok
18:29:59.0043 3860 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:29:59.0059 3860 WinUsb - ok
18:29:59.0122 3860 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:29:59.0168 3860 Wlansvc - ok
18:29:59.0200 3860 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:29:59.0215 3860 WmiAcpi - ok
18:29:59.0262 3860 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:29:59.0293 3860 wmiApSrv - ok
18:29:59.0387 3860 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:29:59.0450 3860 WMPNetworkSvc - ok
18:29:59.0481 3860 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:29:59.0512 3860 WPCSvc - ok
18:29:59.0543 3860 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:29:59.0575 3860 WPDBusEnum - ok
18:29:59.0606 3860 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:29:59.0653 3860 ws2ifsl - ok
18:29:59.0715 3860 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
18:29:59.0731 3860 WSDPrintDevice - ok
18:29:59.0747 3860 WSearch - ok
18:29:59.0793 3860 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:29:59.0825 3860 WudfPf - ok
18:29:59.0872 3860 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:29:59.0934 3860 WUDFRd - ok
18:29:59.0981 3860 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:29:59.0997 3860 wudfsvc - ok
18:30:00.0028 3860 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:30:00.0075 3860 WwanSvc - ok
18:30:00.0137 3860 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
18:30:00.0184 3860 yukonw7 - ok
18:30:00.0200 3860 ================ Scan global ===============================
18:30:00.0215 3860 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:30:00.0262 3860 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
18:30:00.0278 3860 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
18:30:00.0293 3860 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:30:00.0340 3860 [ A302BBFF2A7278C0E239EE5D471D86A9 ] C:\Windows\system32\services.exe
18:30:00.0356 3860 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected
18:30:00.0356 3860 C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)
18:30:00.0356 3860 ================ Scan MBR ==================================
18:30:00.0372 3860 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
18:30:00.0450 3860 \Device\Harddisk1\DR1 - ok
18:30:00.0465 3860 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:30:00.0731 3860 \Device\Harddisk0\DR0 - ok
18:30:00.0731 3860 ================ Scan VBR ==================================
18:30:00.0747 3860 [ A6707D11D8A72967E3C58E361DF3035B ] \Device\Harddisk1\DR1\Partition1
18:30:00.0747 3860 \Device\Harddisk1\DR1\Partition1 - ok
18:30:00.0747 3860 [ A8F5E6CCD467797C4BF0E25B94FA0AEC ] \Device\Harddisk1\DR1\Partition2
18:30:00.0747 3860 \Device\Harddisk1\DR1\Partition2 - ok
18:30:00.0793 3860 [ 1FA1CAEB20DF487AE6C1A20CC4BF7F93 ] \Device\Harddisk0\DR0\Partition1
18:30:00.0793 3860 \Device\Harddisk0\DR0\Partition1 - ok
18:30:00.0793 3860 [ 1B9210AF6B2E796194C88F5C8B6A5C98 ] \Device\Harddisk0\DR0\Partition2
18:30:00.0809 3860 \Device\Harddisk0\DR0\Partition2 - ok
18:30:00.0809 3860 ============================================================
18:30:00.0809 3860 Scan finished
18:30:00.0809 3860 ============================================================
18:30:00.0840 3856 Detected object count: 1
18:30:00.0840 3856 Actual detected object count: 1
18:31:08.0677 3856 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - skipped by user
18:31:08.0677 3856 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Skip
|
|
12.09.2012, 20:27
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Sirefef.FC TrojanerCode:
ATTFilter C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m )
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Win32/Sirefef.FC Trojaner |
| 0x8007042, aufsetzen, eset, eset smart security, externe festplatte, festplatte, firewall, formatieren, frage, hängen, hängt, log-file, löschen, musik, netzwerk, neu aufsetzen, neustart, nicht mehr, programme, rechner, router, security, system32, trojaner, warnung, win, win32/sirefef.ez, win32/sirefef.fc, win7, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
