| |
| |||||||
Log-Analyse und Auswertung: Smart Fortress 2012-BefallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
03.04.2012, 22:58
| #1 |
| |  Smart Fortress 2012-Befall Hallo, ich habe ein kleines Problem und hoffe, dass mir jemand helfen kann. Ansonsten habe ich bald ein größeres Problem mit meinen Arbeiten an der Uni...  Aber ich will ja nicht rumheulen.Problem: Mein Computer von Smart Fortress befallen, was bisher jedoch noch keine gravierenden Auswirkungen auf die Funktionsfähigkeit des Computers im Normalmodus zu haben scheint. Es kam zu einer englischsprachigen Meldung, die auf vermeintlichen Schadsoftwarebefall hinwies. Als erste Reaktion habe ich darauf Smart Fortress in der Systemsteuerung deinstalliert, da ich in diesem Moment weder auf Antivir noch auf die Prozesskontrolle im TaskManager zugreifen konnte. Danach konnte ich dies wieder. Antivir hat keinerlei Meldung gemacht. Generelle Computerinfos System: Windows 7 64bit Gerät: Acer Aspire 5920G Bisher standardmäßig verwendeter Virenscanner: AntiVir Firewall: Windows Defender (beide regelmäßig aktualisiert) Erste Maßnahmen in chronologischer Reihenfolge Zunächst habe ich den Computer mit Malwarebytes und darauf mit ESET Online-Scan auf Malware gescannt. Danach habe ich einen OTL-Log erstellt sowie das Rootkill-Tool angewendet. Die Viren/Malware-Scanns liefen bis zum Ende durch und letzteren beiden Programme funktionierten. Im Folgenden die Logs: Malwarebytes: Malwarebytes Anti-Malware 1.60.1.1000In der Folge habe ich nochmal einen Scan mit ESET online Scanner gemacht. Dieser fand 2 Dinge: C:\Users\Dominik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7ff8dfd3-70881085 a variant of Java/TrojanDownloader.Agent.NCJ trojanNächste Handlung: OTL-Scan OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.04.2012 22:29:48 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Dominik\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,02% Memory free
6,00 Gb Paging File | 4,70 Gb Available in Paging File | 78,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 228,60 Gb Free Space | 76,69% Space Free | Partition Type: NTFS
Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{377672F0-6B8A-467D-8DDC-79338BCCD531}" = 64 Bit HP CIO Components Installer
"{4B0373F5-8401-5B8B-43CE-99501128E470}" = ccc-utility64
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5B210B8A-B66E-4702-B44D-0D6F388D29EB}" = SpyHunter
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B3F0A88-790D-3AD9-9F96-B19CF2746452}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E4C65E9C-1DC8-1F28-CDF8-D808B210E4F3}" = ATI Catalyst Install Manager
"{F00E8682-43E6-4D3C-C695-9FD56617877F}" = ATI AVIVO64 Codecs
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F4ADD72-A2A9-F6E1-25D4-2BE67EECF488}" = Catalyst Control Center Graphics Light
"{17B2670B-DB33-4F5E-9273-0E5CDF39DA5F}" = Windows Phone Intro Video (DEU)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF6E75E-5717-AC97-4F5A-C40B4678D3A6}" = Catalyst Control Center Core Implementation
"{21D98271-AFC5-CF76-D141-A01CB1913066}" = CCC Help Chinese Standard
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{27335674-0E4D-1762-CEC5-6C7FBD7994E7}" = CCC Help Spanish
"{275D0AE3-B9B4-22AB-3C7F-2DD1D6B1C9F1}" = CCC Help German
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{36E15666-43C1-91A7-0281-498F9D383B2C}" = simfy
"{3E3B1A7E-04C4-1BEB-4725-94B1457F2844}" = CCC Help Japanese
"{463D45C1-3C87-D10A-9445-A51EB0D54BA9}" = CCC Help Czech
"{47C8D2F6-E62F-11E2-8611-C8782E5435E6}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3B172A-7D5E-23A5-9FE7-8187D39E610B}" = CCC Help French
"{4D6ED6C6-CE6C-1A27-827D-6C5F14E230A9}" = CCC Help Russian
"{51611411-AB18-D3A4-0226-DD59AD9B6795}" = Catalyst Control Center Localization All
"{55958C76-EAC8-5E5B-E555-18E5384A5FBA}" = CCC Help Turkish
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5FB36A4E-C181-0500-E8EF-4041961D49B7}" = CCC Help Italian
"{68E1D296-666D-64FE-1F94-7068FF9D8F6F}" = CCC Help Finnish
"{693EA431-2EE9-A392-AD07-89B7459CDA60}" = CCC Help Polish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72C0C051-4B7B-1078-BEC3-F6F8B69A61E7}" = CCC Help Danish
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{77DE7C44-9539-B54F-B4D7-44CFE5CF34D2}" = CCC Help Portuguese
"{79F2C94B-3FFE-0091-AFA9-9F107DE76683}" = Catalyst Control Center Graphics Previews Vista
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8978B727-244B-998B-7964-08D2C163C5B4}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C7F5C58-5193-841E-70FA-A5F4DDA4BA20}" = CCC Help Swedish
"{8D4EA8D8-6573-5942-B15A-A8DF17AD1B65}" = Catalyst Control Center Graphics Full Existing
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.de-de_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.07.07
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{B0AE10DB-3C4E-14D0-1D5D-BE8CCFFA657F}" = ccc-core-static
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C47B4C99-9181-6C1E-DFA1-D9DB91E77DC3}" = Catalyst Control Center Graphics Full New
"{C9C98419-970E-464A-1E81-B20D7EDF4A9A}" = CCC Help Hungarian
"{CA36A06F-C898-C109-FDC3-1F7083327244}" = CCC Help Korean
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D4AAA6F1-8230-2931-0CBC-0E959731063E}" = CCC Help Greek
"{D89BB13D-474A-FA51-07D2-86D633FA8032}" = CCC Help Thai
"{DD38F611-6F62-0F01-B8A7-8E54A7723823}" = CCC Help Norwegian
"{DD5FB3E8-643B-6764-7AFD-C834DD0D411B}" = CCC Help Dutch
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F0EE142F-6CA2-3FCB-20A3-9111E750BE65}" = CCC Help Chinese Traditional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF1C72E2-203C-4E95-8D24-735196D29E04}" = HP Install Network Printer Wizard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Burn4Free DVD Burning_is1" = Burn4Free DVD Burning 5.5.0.0
"Freecorder5.01" = Freecorder 5
"HP Download Manager" = HP Download Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 fr)" = Mozilla Firefox 11.0 (x86 fr)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Simfy" = simfy
"UltraISO_is1" = UltraISO Premium V9.12
"Winamp" = Winamp
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Détection de l'application Winamp
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Schließlich noch die Ergebnisse der Rootkill-Durchläufe 1 This log file is located at C:\rkill.log. 2 This log file is located at C:\rkill.log.3 This log file is located at C:\rkill.log.4 This log file is located at C:\rkill.log. 5 This log file is located at C:\rkill.log. Offene Fragen Ehrlich gesagt bin ich völlig ahnungslos, was weiter zu tun ist und für jede Hilfe dankbar. Der Antivir-Schirm ist grafisch in der Taskleiste als geschlossen dargestellt, obwohl das Programm läuft, aktiviert ist und reagiert. In der Auswahlliste für Benachrichtigungen in der Task-Leiste ist mehrmals ein Programm namens Proxy-Check aufgeführt (Proxyeinstellungen im Internetexplorer allerdings nicht definiert), und ein Programm, dessen Name aus folgender Zahlen-Buchstaben-Kombi besteht: F4D55F3E000C4EBP0060677DB4EB2331 Wer kann helfen? Was soll ich tun? Ich hoffe jemand kann helfen.... Liebe Grüße und vielen Dank im Voraus, Dominik Geändert von Dominik55118 (03.04.2012 um 23:04 Uhr) |
|
04.04.2012, 14:35
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Smart Fortress 2012-Befall Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
04.04.2012, 14:56
| #3 |
| | Smart Fortress 2012-Befall Lieber Arne,
__________________erstmal danke, dass du dich meines Problems angenommen hast. Vorher hatte ich noch nicht mit Malwarebytes gescannt, aber nach dem veröffentlichten Log noch mehrmals. Hier alle Logs, die im Reiter stehen Malwarebytes Anti-Malware 1.60.1.1000Zweiter log Malwarebytes Anti-Malware 1.60.1.1000dritter Log: Malwarebytes Anti-Malware 1.60.1.1000 und vierter (letzter) Log Malwarebytes Anti-Malware 1.60.1.1000 .... Hoppla, ein Log (3 und 4) ist wohl doppelt (hatte wohl manuell gespeichert)... sry Was könnte ich noch tun? Merci und LG, Dominik |
|
04.04.2012, 15:14
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012-Befall Hätte da mal dreiFragen bevor es weiter geht 1.) Geht der normale Modus wieder uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? 3.) Du hast nur das Extras Log von OTL gepostet, wo ist das Log OTL.txt?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.04.2012, 15:49
| #5 |
| | Smart Fortress 2012-Befall Hello Arne, zu 1) ja, der normale Modus funktioniert uneingeschränkt. zu 2) alles da im Startmenü, keine Verluste von Einträgen. zu 3) hmmm gute Frage. Den finde ich nicht. Ich führe einen neuen OTS-Scan durch. Hier das Resultat: OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.04.2012 16:39:35 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Dominik\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 47,99% Memory free 6,00 Gb Paging File | 3,97 Gb Available in Paging File | 66,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298,09 Gb Total Space | 229,13 Gb Free Space | 76,87% Space Free | Partition Type: NTFS Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Dominik\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.) PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Windows\PLFSetI.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL () MOD - C:\Windows\PLFSetI.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (ZuneWlanCfgSvc) -- c:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- c:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- c:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools) DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools) DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (nuvotoncir) -- C:\Windows\SysNative\drivers\nuvotoncir.sys (Nuvoton Technology Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 48 E6 FA BC 11 CD 01 [binary data] IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.01 20:14:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.09 22:28:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.29 12:52:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.01.28 00:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions [2011.01.28 00:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.04.01 20:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\ik12mzv0.default\extensions [2012.04.01 20:14:56 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\ik12mzv0.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.11.11 02:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\DOMINIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IK12MZV0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\DOMINIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IK12MZV0.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.04.01 20:14:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.03 22:53:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.09.26 19:22:31 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml [2011.09.26 19:22:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.26 19:22:31 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2011.09.26 19:22:31 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml [2011.09.26 19:22:31 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml [2011.09.26 19:22:31 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found. O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3 - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4780B17-0A95-423A-A887-C9723D7415DA}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.04 13:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire [2012.04.04 13:06:06 | 000,074,824 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys [2012.04.04 13:06:06 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys [2012.04.04 13:06:06 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys [2012.04.04 13:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire [2012.04.04 13:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012.04.04 01:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.04.03 21:41:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\Logs [2012.04.03 20:16:50 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe [2012.04.03 19:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.04.03 17:50:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes [2012.04.03 17:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.03 17:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.03 17:50:03 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.04.03 17:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.04.03 09:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E000C4EBD0060677DB4EB2331 [2012.04.01 03:49:15 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.04.01 03:49:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.04.01 03:49:13 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.03.31 18:39:26 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.03.31 18:38:59 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.03.31 18:38:59 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.03.31 18:38:59 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.03.31 18:38:48 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.03.31 18:38:48 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.04 13:03:51 | 000,021,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.04 13:03:51 | 000,021,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.04 13:01:02 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.04.04 13:01:02 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.04.04 13:01:02 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.04.04 13:01:02 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.04.04 13:01:02 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.04 12:56:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.04 12:56:10 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2012.04.03 22:45:48 | 001,008,141 | ---- | M] () -- C:\Users\Dominik\Desktop\rkill.com [2012.04.03 20:16:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe [2012.04.03 17:50:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.01 20:12:46 | 000,414,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.03 22:45:40 | 001,008,141 | ---- | C] () -- C:\Users\Dominik\Desktop\rkill.com [2012.04.03 17:50:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.08.16 12:30:45 | 000,000,092 | ---- | C] () -- C:\Windows\TraceSrv.ini [2011.08.16 12:23:37 | 000,835,584 | ---- | C] () -- C:\Windows\tls7912d.dll [2011.08.16 12:23:37 | 000,040,960 | ---- | C] () -- C:\Windows\uninstallrq.exe [2011.07.11 16:16:09 | 000,007,597 | ---- | C] () -- C:\Users\Dominik\AppData\Local\Resmon.ResmonCfg [2011.01.26 19:57:13 | 000,015,656 | ---- | C] () -- C:\Windows\SysWow64\drivers\int15_64.sys [2011.01.26 19:51:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.Shell32.dll [2011.01.26 19:51:27 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\ScrollBarLib.dll [2011.01.26 16:36:51 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2011.01.26 12:28:03 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2011.01.26 12:28:03 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011.01.26 12:28:03 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2011.01.26 12:28:03 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2011.01.26 12:04:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin < End of report > Nochmals dankeschön für die Hilfe!! LG, Dom |
|
04.04.2012, 21:04
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012-Befall Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2:64bit: - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
[2012.04.03 09:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E000C4EBD0060677DB4EB2331
[2011.08.16 12:30:45 | 000,000,092 | ---- | C] () -- C:\Windows\TraceSrv.ini
[2011.08.16 12:23:37 | 000,835,584 | ---- | C] () -- C:\Windows\tls7912d.dll
[2011.08.16 12:23:37 | 000,040,960 | ---- | C] () -- C:\Windows\uninstallrq.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Smart Fortress 2012-Befall |
|
05.04.2012, 13:12
| #7 |
| | Smart Fortress 2012-Befall Hallo nochmal, danke für die Antwort. Ich hab den Fix ausgeführt. Hier der Log All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-4178791177-2408624748-2417051294-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Folder C:\ProgramData\F4D55F3E000C4EBD0060677DB4EB2331\ not found. C:\Windows\TraceSrv.ini moved successfully. C:\Windows\tls7912d.dll moved successfully. C:\Windows\uninstallrq.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Dominik ->Temp folder emptied: 932302336 bytes ->Temporary Internet Files folder emptied: 110997038 bytes ->Java cache emptied: 2996750 bytes ->FireFox cache emptied: 49877714 bytes ->Flash cache emptied: 67640 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1523485 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 1017856 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 193922964 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.267,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Dominik ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.39.2 log created on 04052012_140316 Files\Folders moved on Reboot... C:\Users\Dominik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Dominik\AppData\Local\Temp\RtkBtMnt.exe moved successfully. Registry entries deleted on Reboot... Alles Richtig gelaufen? LG, Dominik |
|
05.04.2012, 14:12
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012-Befall Die Logs bitte in CODE-Tags posten!! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2012, 14:34
| #9 |
| | Smart Fortress 2012-Befall Ok, wurde gemacht. Hier der Log Code:
ATTFilter 15:26:16.0377 5036 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
15:26:16.0388 5036 ============================================================
15:26:16.0388 5036 Current date / time: 2012/04/05 15:26:16.0388
15:26:16.0388 5036 SystemInfo:
15:26:16.0388 5036
15:26:16.0388 5036 OS Version: 6.1.7601 ServicePack: 1.0
15:26:16.0388 5036 Product type: Workstation
15:26:16.0389 5036 ComputerName: DOMINIK-PC
15:26:16.0389 5036 UserName: Dominik
15:26:16.0389 5036 Windows directory: C:\Windows
15:26:16.0389 5036 System windows directory: C:\Windows
15:26:16.0389 5036 Running under WOW64
15:26:16.0389 5036 Processor architecture: Intel x64
15:26:16.0389 5036 Number of processors: 2
15:26:16.0389 5036 Page size: 0x1000
15:26:16.0389 5036 Boot type: Normal boot
15:26:16.0389 5036 ============================================================
15:26:17.0418 5036 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:26:17.0471 5036 \Device\Harddisk0\DR0:
15:26:17.0472 5036 MBR used
15:26:17.0472 5036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
15:26:17.0505 5036 Initialize success
15:26:17.0505 5036 ============================================================
15:27:16.0432 3880 ============================================================
15:27:16.0432 3880 Scan started
15:27:16.0432 3880 Mode: Manual; SigCheck; TDLFS;
15:27:16.0432 3880 ============================================================
15:27:16.0993 3880 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:27:17.0149 3880 1394ohci - ok
15:27:17.0181 3880 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:27:17.0212 3880 ACPI - ok
15:27:17.0259 3880 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:27:17.0337 3880 AcpiPmi - ok
15:27:17.0383 3880 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:27:17.0415 3880 adp94xx - ok
15:27:17.0430 3880 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:27:17.0461 3880 adpahci - ok
15:27:17.0493 3880 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:27:17.0508 3880 adpu320 - ok
15:27:17.0555 3880 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:27:17.0711 3880 AeLookupSvc - ok
15:27:17.0867 3880 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:27:17.0961 3880 AFD - ok
15:27:17.0992 3880 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:27:18.0023 3880 agp440 - ok
15:27:18.0070 3880 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:27:18.0148 3880 ALG - ok
15:27:18.0179 3880 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:27:18.0210 3880 aliide - ok
15:27:18.0241 3880 AMD External Events Utility (322a2c5d390109a4e50679ab58dea870) C:\Windows\system32\atiesrxx.exe
15:27:18.0304 3880 AMD External Events Utility - ok
15:27:18.0335 3880 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:27:18.0351 3880 amdide - ok
15:27:18.0397 3880 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:27:18.0491 3880 AmdK8 - ok
15:27:18.0507 3880 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:27:18.0569 3880 AmdPPM - ok
15:27:18.0631 3880 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:27:18.0663 3880 amdsata - ok
15:27:18.0678 3880 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:27:18.0694 3880 amdsbs - ok
15:27:18.0709 3880 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:27:18.0725 3880 amdxata - ok
15:27:18.0834 3880 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:27:18.0850 3880 AntiVirSchedulerService - ok
15:27:18.0912 3880 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:27:18.0943 3880 AntiVirService - ok
15:27:19.0053 3880 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:27:19.0209 3880 AppID - ok
15:27:19.0333 3880 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:27:19.0396 3880 AppIDSvc - ok
15:27:19.0474 3880 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:27:19.0552 3880 Appinfo - ok
15:27:19.0630 3880 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:27:19.0692 3880 AppMgmt - ok
15:27:19.0770 3880 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:27:19.0786 3880 arc - ok
15:27:19.0801 3880 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:27:19.0817 3880 arcsas - ok
15:27:19.0848 3880 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:27:19.0911 3880 AsyncMac - ok
15:27:19.0942 3880 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:27:19.0973 3880 atapi - ok
15:27:20.0129 3880 atikmdag (de0ede41bc530f1759c6fffcb8c7a0cf) C:\Windows\system32\DRIVERS\atikmdag.sys
15:27:20.0332 3880 atikmdag - ok
15:27:20.0488 3880 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:27:20.0566 3880 AudioEndpointBuilder - ok
15:27:20.0581 3880 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:27:20.0628 3880 AudioSrv - ok
15:27:20.0722 3880 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
15:27:20.0769 3880 avgntflt - ok
15:27:20.0800 3880 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
15:27:20.0800 3880 avipbb - ok
15:27:20.0987 3880 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:27:21.0112 3880 AxInstSV - ok
15:27:21.0283 3880 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:27:21.0361 3880 b06bdrv - ok
15:27:21.0424 3880 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:27:21.0502 3880 b57nd60a - ok
15:27:21.0564 3880 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:27:21.0611 3880 BDESVC - ok
15:27:21.0642 3880 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:27:21.0736 3880 Beep - ok
15:27:21.0814 3880 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:27:21.0876 3880 BFE - ok
15:27:21.0907 3880 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:27:21.0985 3880 BITS - ok
15:27:22.0079 3880 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:27:22.0141 3880 blbdrive - ok
15:27:22.0188 3880 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:27:22.0251 3880 bowser - ok
15:27:22.0297 3880 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:27:22.0391 3880 BrFiltLo - ok
15:27:22.0407 3880 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:27:22.0422 3880 BrFiltUp - ok
15:27:22.0469 3880 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:27:22.0563 3880 Browser - ok
15:27:22.0594 3880 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:27:22.0672 3880 Brserid - ok
15:27:22.0687 3880 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:27:22.0719 3880 BrSerWdm - ok
15:27:22.0750 3880 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:27:22.0781 3880 BrUsbMdm - ok
15:27:22.0797 3880 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:27:22.0812 3880 BrUsbSer - ok
15:27:22.0843 3880 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:27:22.0875 3880 BTHMODEM - ok
15:27:22.0937 3880 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:27:23.0031 3880 bthserv - ok
15:27:23.0077 3880 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
15:27:23.0155 3880 CAXHWAZL - ok
15:27:23.0187 3880 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:27:23.0265 3880 cdfs - ok
15:27:23.0327 3880 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:27:23.0374 3880 cdrom - ok
15:27:23.0452 3880 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:27:23.0514 3880 CertPropSvc - ok
15:27:23.0561 3880 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:27:23.0608 3880 circlass - ok
15:27:23.0655 3880 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:27:23.0670 3880 CLFS - ok
15:27:23.0748 3880 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:27:23.0779 3880 clr_optimization_v2.0.50727_32 - ok
15:27:23.0857 3880 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:27:23.0873 3880 clr_optimization_v2.0.50727_64 - ok
15:27:23.0967 3880 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:27:24.0029 3880 clr_optimization_v4.0.30319_32 - ok
15:27:24.0060 3880 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:27:24.0091 3880 clr_optimization_v4.0.30319_64 - ok
15:27:24.0201 3880 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:27:24.0247 3880 CmBatt - ok
15:27:24.0294 3880 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:27:24.0310 3880 cmdide - ok
15:27:24.0357 3880 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:27:24.0388 3880 CNG - ok
15:27:24.0419 3880 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:27:24.0435 3880 Compbatt - ok
15:27:24.0466 3880 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:27:24.0513 3880 CompositeBus - ok
15:27:24.0528 3880 COMSysApp - ok
15:27:24.0684 3880 cpuz135 - ok
15:27:24.0731 3880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:27:24.0762 3880 crcdisk - ok
15:27:24.0809 3880 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:27:24.0887 3880 CryptSvc - ok
15:27:24.0934 3880 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:27:24.0996 3880 CSC - ok
15:27:25.0043 3880 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:27:25.0090 3880 CscService - ok
15:27:25.0137 3880 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:27:25.0199 3880 DcomLaunch - ok
15:27:25.0246 3880 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:27:25.0339 3880 defragsvc - ok
15:27:25.0417 3880 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:27:25.0495 3880 DfsC - ok
15:27:25.0573 3880 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:27:25.0651 3880 Dhcp - ok
15:27:25.0683 3880 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:27:25.0745 3880 discache - ok
15:27:25.0776 3880 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:27:25.0792 3880 Disk - ok
15:27:25.0901 3880 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
15:27:25.0917 3880 DKbFltr - ok
15:27:25.0948 3880 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:27:26.0041 3880 Dnscache - ok
15:27:26.0088 3880 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:27:26.0197 3880 dot3svc - ok
15:27:26.0229 3880 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:27:26.0291 3880 DPS - ok
15:27:26.0385 3880 DritekPortIO - ok
15:27:26.0463 3880 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:27:26.0509 3880 drmkaud - ok
15:27:26.0572 3880 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:27:26.0603 3880 DXGKrnl - ok
15:27:26.0650 3880 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:27:26.0728 3880 EapHost - ok
15:27:26.0853 3880 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:27:26.0946 3880 ebdrv - ok
15:27:27.0055 3880 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:27:27.0102 3880 EFS - ok
15:27:27.0180 3880 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:27:27.0274 3880 ehRecvr - ok
15:27:27.0321 3880 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:27:27.0399 3880 ehSched - ok
15:27:27.0508 3880 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:27:27.0539 3880 elxstor - ok
15:27:27.0679 3880 eNet Service (fc8671bd2363bffa29c2217d882c227a) C:\Acer\Empowering Technology\eNet\eNet Service.exe
15:27:27.0695 3880 eNet Service ( UnsignedFile.Multi.Generic ) - warning
15:27:27.0695 3880 eNet Service - detected UnsignedFile.Multi.Generic (1)
15:27:27.0711 3880 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:27:27.0757 3880 ErrDev - ok
15:27:27.0835 3880 eSettingsService (a9745687a57cdd71237915859aba8dac) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
15:27:27.0867 3880 eSettingsService ( UnsignedFile.Multi.Generic ) - warning
15:27:27.0867 3880 eSettingsService - detected UnsignedFile.Multi.Generic (1)
15:27:27.0913 3880 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:27:28.0007 3880 EventSystem - ok
15:27:28.0069 3880 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:27:28.0163 3880 exfat - ok
15:27:28.0194 3880 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:27:28.0257 3880 fastfat - ok
15:27:28.0319 3880 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:27:28.0397 3880 Fax - ok
15:27:28.0413 3880 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:27:28.0444 3880 fdc - ok
15:27:28.0491 3880 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:27:28.0600 3880 fdPHost - ok
15:27:28.0631 3880 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:27:28.0725 3880 FDResPub - ok
15:27:28.0740 3880 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:27:28.0756 3880 FileInfo - ok
15:27:28.0787 3880 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:27:28.0818 3880 Filetrace - ok
15:27:28.0849 3880 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:27:28.0865 3880 flpydisk - ok
15:27:29.0349 3880 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:27:29.0380 3880 FltMgr - ok
15:27:29.0442 3880 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:27:29.0520 3880 FontCache - ok
15:27:29.0645 3880 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:27:29.0661 3880 FontCache3.0.0.0 - ok
15:27:29.0754 3880 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:27:29.0785 3880 FsDepends - ok
15:27:29.0817 3880 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:27:29.0817 3880 Fs_Rec - ok
15:27:29.0863 3880 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:27:29.0910 3880 fvevol - ok
15:27:29.0926 3880 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:27:29.0941 3880 gagp30kx - ok
15:27:29.0988 3880 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:27:30.0051 3880 gpsvc - ok
15:27:30.0082 3880 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:27:30.0144 3880 hcw85cir - ok
15:27:30.0191 3880 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:27:30.0222 3880 HdAudAddService - ok
15:27:30.0269 3880 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:27:30.0300 3880 HDAudBus - ok
15:27:30.0347 3880 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:27:30.0378 3880 HidBatt - ok
15:27:30.0409 3880 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:27:30.0456 3880 HidBth - ok
15:27:30.0503 3880 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:27:30.0534 3880 HidIr - ok
15:27:30.0581 3880 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:27:30.0643 3880 hidserv - ok
15:27:30.0706 3880 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:27:30.0737 3880 HidUsb - ok
15:27:30.0784 3880 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:27:30.0862 3880 hkmsvc - ok
15:27:30.0893 3880 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:27:30.0971 3880 HomeGroupListener - ok
15:27:31.0018 3880 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:27:31.0049 3880 HomeGroupProvider - ok
15:27:31.0127 3880 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:27:31.0143 3880 HpSAMD - ok
15:27:31.0267 3880 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
15:27:31.0314 3880 HsfXAudioService - ok
15:27:31.0377 3880 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
15:27:31.0439 3880 HSF_DPV - ok
15:27:31.0626 3880 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:27:31.0704 3880 HTTP - ok
15:27:31.0751 3880 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:27:31.0767 3880 hwpolicy - ok
15:27:31.0798 3880 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:27:31.0813 3880 i8042prt - ok
15:27:31.0860 3880 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:27:31.0907 3880 iaStorV - ok
15:27:32.0063 3880 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:27:32.0110 3880 idsvc - ok
15:27:32.0235 3880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:27:32.0250 3880 iirsp - ok
15:27:32.0328 3880 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:27:32.0391 3880 IKEEXT - ok
15:27:32.0515 3880 int15 (91b61589bb2915e81d436efe07548507) C:\Windows\SysWOW64\drivers\int15_64.sys
15:27:32.0547 3880 int15 - ok
15:27:32.0671 3880 IntcAzAudAddService (1a6241b70453a6629a83db942aa6b08c) C:\Windows\system32\drivers\RTKVHD64.sys
15:27:32.0718 3880 IntcAzAudAddService - ok
15:27:32.0874 3880 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:27:32.0890 3880 intelide - ok
15:27:32.0937 3880 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:27:32.0983 3880 intelppm - ok
15:27:33.0046 3880 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:27:33.0108 3880 IPBusEnum - ok
15:27:33.0171 3880 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:27:33.0264 3880 IpFilterDriver - ok
15:27:33.0311 3880 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:27:33.0358 3880 iphlpsvc - ok
15:27:33.0389 3880 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:27:33.0436 3880 IPMIDRV - ok
15:27:33.0467 3880 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:27:33.0561 3880 IPNAT - ok
15:27:33.0592 3880 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:27:33.0639 3880 IRENUM - ok
15:27:33.0701 3880 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:27:33.0717 3880 isapnp - ok
15:27:33.0732 3880 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:27:33.0748 3880 iScsiPrt - ok
15:27:33.0873 3880 ISODrive (7ebda65260289c9043ba48b85135702c) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
15:27:33.0904 3880 ISODrive - ok
15:27:33.0919 3880 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:27:33.0935 3880 kbdclass - ok
15:27:33.0966 3880 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:27:34.0013 3880 kbdhid - ok
15:27:34.0044 3880 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:34.0075 3880 KeyIso - ok
15:27:34.0075 3880 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:27:34.0091 3880 KSecDD - ok
15:27:34.0107 3880 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:27:34.0122 3880 KSecPkg - ok
15:27:34.0169 3880 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:27:34.0231 3880 ksthunk - ok
15:27:34.0278 3880 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:27:34.0341 3880 KtmRm - ok
15:27:34.0387 3880 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:27:34.0465 3880 LanmanServer - ok
15:27:34.0512 3880 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:27:34.0590 3880 LanmanWorkstation - ok
15:27:34.0699 3880 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:27:34.0762 3880 lltdio - ok
15:27:34.0824 3880 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:27:34.0902 3880 lltdsvc - ok
15:27:34.0933 3880 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:27:34.0980 3880 lmhosts - ok
15:27:35.0011 3880 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:27:35.0027 3880 LSI_FC - ok
15:27:35.0058 3880 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:27:35.0074 3880 LSI_SAS - ok
15:27:35.0105 3880 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:27:35.0121 3880 LSI_SAS2 - ok
15:27:35.0136 3880 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:27:35.0152 3880 LSI_SCSI - ok
15:27:35.0167 3880 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:27:35.0230 3880 luafv - ok
15:27:35.0370 3880 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:27:35.0495 3880 Mcx2Svc - ok
15:27:35.0542 3880 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:27:35.0573 3880 mdmxsdk - ok
15:27:35.0604 3880 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:27:35.0620 3880 megasas - ok
15:27:35.0635 3880 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:27:35.0651 3880 MegaSR - ok
15:27:35.0760 3880 Microsoft SharePoint Workspace Audit Service - ok
15:27:35.0807 3880 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:27:35.0916 3880 MMCSS - ok
15:27:35.0932 3880 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:27:35.0994 3880 Modem - ok
15:27:36.0025 3880 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:27:36.0088 3880 monitor - ok
15:27:36.0150 3880 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:27:36.0166 3880 mouclass - ok
15:27:36.0213 3880 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:27:36.0259 3880 mouhid - ok
15:27:36.0306 3880 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:27:36.0322 3880 mountmgr - ok
15:27:36.0369 3880 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:27:36.0400 3880 mpio - ok
15:27:36.0415 3880 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:27:36.0462 3880 mpsdrv - ok
15:27:36.0509 3880 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:27:36.0603 3880 MpsSvc - ok
15:27:36.0649 3880 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:27:36.0665 3880 MRxDAV - ok
15:27:36.0712 3880 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:27:36.0774 3880 mrxsmb - ok
15:27:36.0821 3880 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:27:36.0868 3880 mrxsmb10 - ok
15:27:36.0883 3880 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:27:36.0915 3880 mrxsmb20 - ok
15:27:36.0946 3880 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:27:36.0961 3880 msahci - ok
15:27:36.0993 3880 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:27:37.0008 3880 msdsm - ok
15:27:37.0055 3880 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:27:37.0117 3880 MSDTC - ok
15:27:37.0180 3880 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:27:37.0227 3880 Msfs - ok
15:27:37.0242 3880 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:27:37.0305 3880 mshidkmdf - ok
15:27:37.0351 3880 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:27:37.0367 3880 msisadrv - ok
15:27:37.0414 3880 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:27:37.0476 3880 MSiSCSI - ok
15:27:37.0492 3880 msiserver - ok
15:27:37.0539 3880 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:27:37.0617 3880 MSKSSRV - ok
15:27:37.0617 3880 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:27:37.0663 3880 MSPCLOCK - ok
15:27:37.0695 3880 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:27:37.0757 3880 MSPQM - ok
15:27:37.0819 3880 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:27:37.0851 3880 MsRPC - ok
15:27:37.0897 3880 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:27:37.0913 3880 mssmbios - ok
15:27:37.0929 3880 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:27:38.0007 3880 MSTEE - ok
15:27:38.0007 3880 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:27:38.0022 3880 MTConfig - ok
15:27:38.0069 3880 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:27:38.0100 3880 Mup - ok
15:27:38.0147 3880 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:27:38.0209 3880 napagent - ok
15:27:38.0287 3880 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:27:38.0365 3880 NativeWifiP - ok
15:27:38.0443 3880 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:27:38.0490 3880 NDIS - ok
15:27:38.0537 3880 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:27:38.0584 3880 NdisCap - ok
15:27:38.0631 3880 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:27:38.0693 3880 NdisTapi - ok
15:27:38.0740 3880 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:27:38.0802 3880 Ndisuio - ok
15:27:38.0833 3880 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:27:38.0927 3880 NdisWan - ok
15:27:38.0974 3880 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:27:39.0021 3880 NDProxy - ok
15:27:39.0099 3880 Net Driver HPZ12 (2c723e42fc8d7b0209492828f921fb50) C:\Windows\system32\HPZinw12.dll
15:27:39.0130 3880 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:27:39.0130 3880 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:27:39.0177 3880 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:27:39.0270 3880 NetBIOS - ok
15:27:39.0317 3880 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:27:39.0348 3880 NetBT - ok
15:27:39.0379 3880 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:39.0395 3880 Netlogon - ok
15:27:39.0457 3880 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:27:39.0535 3880 Netman - ok
15:27:39.0567 3880 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:27:39.0645 3880 netprofm - ok
15:27:39.0769 3880 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:27:39.0801 3880 NetTcpPortSharing - ok
15:27:39.0988 3880 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:27:40.0175 3880 netw5v64 - ok
15:27:40.0315 3880 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:27:40.0347 3880 nfrd960 - ok
15:27:40.0393 3880 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:27:40.0456 3880 NlaSvc - ok
15:27:40.0471 3880 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:27:40.0518 3880 Npfs - ok
15:27:40.0659 3880 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:27:40.0737 3880 nsi - ok
15:27:40.0768 3880 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:27:40.0815 3880 nsiproxy - ok
15:27:40.0908 3880 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:27:40.0971 3880 Ntfs - ok
15:27:41.0017 3880 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:27:41.0111 3880 Null - ok
15:27:41.0173 3880 nuvotoncir (6f09cb36c344b98356978b37ba9ad42b) C:\Windows\system32\DRIVERS\nuvotoncir.sys
15:27:41.0236 3880 nuvotoncir - ok
15:27:41.0283 3880 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:27:41.0314 3880 nvraid - ok
15:27:41.0329 3880 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:27:41.0345 3880 nvstor - ok
15:27:41.0392 3880 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:27:41.0407 3880 nv_agp - ok
15:27:41.0423 3880 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:27:41.0470 3880 ohci1394 - ok
15:27:41.0548 3880 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:27:41.0579 3880 ose - ok
15:27:41.0797 3880 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:27:41.0953 3880 osppsvc - ok
15:27:42.0094 3880 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:27:42.0156 3880 p2pimsvc - ok
15:27:42.0203 3880 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:27:42.0234 3880 p2psvc - ok
15:27:42.0328 3880 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:27:42.0359 3880 Parport - ok
15:27:42.0390 3880 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:27:42.0406 3880 partmgr - ok
15:27:42.0421 3880 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:27:42.0468 3880 PcaSvc - ok
15:27:42.0515 3880 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:27:42.0531 3880 pci - ok
15:27:42.0546 3880 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:27:42.0562 3880 pciide - ok
15:27:42.0577 3880 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:27:42.0593 3880 pcmcia - ok
15:27:42.0624 3880 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:27:42.0640 3880 pcw - ok
15:27:42.0671 3880 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:27:42.0733 3880 PEAUTH - ok
15:27:42.0796 3880 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:27:42.0874 3880 PeerDistSvc - ok
15:27:42.0999 3880 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:27:43.0045 3880 PerfHost - ok
15:27:43.0170 3880 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:27:43.0264 3880 pla - ok
15:27:43.0373 3880 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:27:43.0435 3880 PlugPlay - ok
15:27:43.0498 3880 Pml Driver HPZ12 (171e6d91a20aac8d02172a64e82ce90b) C:\Windows\system32\HPZipm12.dll
15:27:43.0513 3880 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:27:43.0513 3880 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:27:43.0560 3880 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:27:43.0607 3880 PNRPAutoReg - ok
15:27:43.0654 3880 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:27:43.0685 3880 PNRPsvc - ok
15:27:43.0747 3880 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:27:43.0810 3880 PolicyAgent - ok
15:27:43.0857 3880 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:27:43.0919 3880 Power - ok
15:27:43.0997 3880 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:27:44.0091 3880 PptpMiniport - ok
15:27:44.0122 3880 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:27:44.0169 3880 Processor - ok
15:27:44.0215 3880 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:27:44.0293 3880 ProfSvc - ok
15:27:44.0340 3880 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:44.0356 3880 ProtectedStorage - ok
15:27:44.0449 3880 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:27:44.0527 3880 Psched - ok
15:27:44.0590 3880 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:27:44.0621 3880 ql2300 - ok
15:27:44.0652 3880 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:27:44.0668 3880 ql40xx - ok
15:27:44.0699 3880 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:27:44.0746 3880 QWAVE - ok
15:27:44.0777 3880 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:27:44.0808 3880 QWAVEdrv - ok
15:27:44.0902 3880 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
15:27:44.0917 3880 RapiMgr - ok
15:27:44.0949 3880 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:27:45.0027 3880 RasAcd - ok
15:27:45.0089 3880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:27:45.0136 3880 RasAgileVpn - ok
15:27:45.0167 3880 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:27:45.0229 3880 RasAuto - ok
15:27:45.0276 3880 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:27:45.0354 3880 Rasl2tp - ok
15:27:45.0417 3880 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:27:45.0495 3880 RasMan - ok
15:27:45.0557 3880 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:27:45.0635 3880 RasPppoe - ok
15:27:45.0682 3880 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:27:45.0729 3880 RasSstp - ok
15:27:45.0775 3880 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:27:45.0853 3880 rdbss - ok
15:27:45.0885 3880 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:27:45.0931 3880 rdpbus - ok
15:27:45.0963 3880 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:27:46.0025 3880 RDPCDD - ok
15:27:46.0072 3880 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:27:46.0103 3880 RDPDR - ok
15:27:46.0119 3880 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:27:46.0181 3880 RDPENCDD - ok
15:27:46.0212 3880 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:27:46.0259 3880 RDPREFMP - ok
15:27:46.0290 3880 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:27:46.0353 3880 RDPWD - ok
15:27:46.0399 3880 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:27:46.0415 3880 rdyboost - ok
15:27:46.0446 3880 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:27:46.0509 3880 RemoteAccess - ok
15:27:46.0555 3880 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:27:46.0633 3880 RemoteRegistry - ok
15:27:46.0696 3880 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
15:27:46.0743 3880 rimmptsk - ok
15:27:46.0774 3880 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
15:27:46.0821 3880 rimsptsk - ok
15:27:46.0852 3880 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
15:27:46.0899 3880 rismxdp - ok
15:27:46.0945 3880 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:27:47.0023 3880 RpcEptMapper - ok
15:27:47.0055 3880 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:27:47.0101 3880 RpcLocator - ok
15:27:47.0148 3880 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:27:47.0195 3880 RpcSs - ok
15:27:47.0257 3880 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:27:47.0351 3880 rspndr - ok
15:27:47.0413 3880 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
15:27:47.0429 3880 RTHDMIAzAudService - ok
15:27:47.0476 3880 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:27:47.0538 3880 s3cap - ok
15:27:47.0554 3880 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:47.0569 3880 SamSs - ok
15:27:47.0616 3880 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:27:47.0632 3880 sbp2port - ok
15:27:47.0663 3880 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:27:47.0725 3880 SCardSvr - ok
15:27:47.0757 3880 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:27:47.0850 3880 scfilter - ok
15:27:47.0897 3880 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:27:47.0975 3880 Schedule - ok
15:27:48.0006 3880 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:27:48.0053 3880 SCPolicySvc - ok
15:27:48.0147 3880 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:27:48.0193 3880 sdbus - ok
15:27:48.0225 3880 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:27:48.0287 3880 SDRSVC - ok
15:27:48.0334 3880 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:27:48.0381 3880 secdrv - ok
15:27:48.0412 3880 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:27:48.0505 3880 seclogon - ok
15:27:48.0537 3880 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:27:48.0568 3880 SENS - ok
15:27:48.0599 3880 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:27:48.0646 3880 SensrSvc - ok
15:27:48.0661 3880 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:27:48.0677 3880 Serenum - ok
15:27:48.0708 3880 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:27:48.0739 3880 Serial - ok
15:27:48.0786 3880 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:27:48.0802 3880 sermouse - ok
15:27:48.0849 3880 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:27:48.0911 3880 SessionEnv - ok
15:27:48.0958 3880 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:27:48.0989 3880 sffdisk - ok
15:27:49.0005 3880 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:27:49.0051 3880 sffp_mmc - ok
15:27:49.0067 3880 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:27:49.0114 3880 sffp_sd - ok
15:27:49.0145 3880 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:27:49.0161 3880 sfloppy - ok
15:27:49.0207 3880 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:27:49.0270 3880 SharedAccess - ok
15:27:49.0317 3880 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:27:49.0363 3880 ShellHWDetection - ok
15:27:49.0379 3880 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:27:49.0395 3880 SiSRaid2 - ok
15:27:49.0410 3880 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:27:49.0426 3880 SiSRaid4 - ok
15:27:49.0457 3880 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:27:49.0519 3880 Smb - ok
15:27:49.0582 3880 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:27:49.0613 3880 SNMPTRAP - ok
15:27:49.0644 3880 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:27:49.0660 3880 spldr - ok
15:27:49.0707 3880 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:27:49.0769 3880 Spooler - ok
15:27:49.0878 3880 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:27:49.0987 3880 sppsvc - ok
15:27:50.0112 3880 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:27:50.0190 3880 sppuinotify - ok
15:27:50.0284 3880 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:27:50.0362 3880 srv - ok
15:27:50.0377 3880 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:27:50.0424 3880 srv2 - ok
15:27:50.0502 3880 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:27:50.0533 3880 SrvHsfHDA - ok
15:27:50.0580 3880 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:27:50.0627 3880 SrvHsfV92 - ok
15:27:50.0674 3880 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:27:50.0705 3880 SrvHsfWinac - ok
15:27:50.0752 3880 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:27:50.0783 3880 srvnet - ok
15:27:50.0845 3880 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:27:50.0939 3880 SSDPSRV - ok
15:27:50.0970 3880 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:27:51.0017 3880 SstpSvc - ok
15:27:51.0064 3880 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:27:51.0079 3880 stexstor - ok
15:27:51.0142 3880 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:27:51.0189 3880 stisvc - ok
15:27:51.0235 3880 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:27:51.0251 3880 storflt - ok
15:27:51.0282 3880 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:27:51.0345 3880 StorSvc - ok
15:27:51.0376 3880 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:27:51.0391 3880 storvsc - ok
15:27:51.0407 3880 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:27:51.0423 3880 swenum - ok
15:27:51.0501 3880 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:27:51.0594 3880 swprv - ok
15:27:51.0672 3880 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:27:51.0735 3880 SysMain - ok
15:27:51.0859 3880 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:27:51.0922 3880 TabletInputService - ok
15:27:51.0969 3880 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:27:52.0031 3880 TapiSrv - ok
15:27:52.0078 3880 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:27:52.0156 3880 TBS - ok
15:27:52.0281 3880 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:27:52.0327 3880 Tcpip - ok
15:27:52.0515 3880 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:27:52.0561 3880 TCPIP6 - ok
15:27:52.0702 3880 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:27:52.0795 3880 tcpipreg - ok
15:27:52.0827 3880 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:27:52.0842 3880 TDPIPE - ok
15:27:52.0889 3880 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:27:52.0936 3880 TDTCP - ok
15:27:52.0998 3880 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:27:53.0061 3880 tdx - ok
15:27:53.0092 3880 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:27:53.0123 3880 TermDD - ok
15:27:53.0170 3880 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:27:53.0232 3880 TermService - ok
15:27:53.0263 3880 TfFsMon (fa5bfb71e561d279edae7e118435c1c9) C:\Windows\system32\drivers\TfFsMon.sys
15:27:53.0279 3880 TfFsMon - ok
15:27:53.0310 3880 TfNetMon (fa8400d74345ec4bf10e476ca0aaa2df) C:\Windows\system32\drivers\TfNetMon.sys
15:27:53.0326 3880 TfNetMon - ok
15:27:53.0373 3880 TfSysMon (f11aa1a704a4c027e5e8e0f355523834) C:\Windows\system32\drivers\TfSysMon.sys
15:27:53.0388 3880 TfSysMon - ok
15:27:53.0435 3880 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:27:53.0482 3880 Themes - ok
15:27:53.0513 3880 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:27:53.0575 3880 THREADORDER - ok
15:27:53.0638 3880 ThreatFire - ok
15:27:53.0685 3880 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:27:53.0747 3880 TrkWks - ok
15:27:53.0825 3880 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:27:53.0903 3880 TrustedInstaller - ok
15:27:53.0965 3880 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:27:54.0012 3880 tssecsrv - ok
15:27:54.0043 3880 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:27:54.0121 3880 TsUsbFlt - ok
15:27:54.0184 3880 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:27:54.0262 3880 tunnel - ok
15:27:54.0293 3880 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:27:54.0309 3880 uagp35 - ok
15:27:54.0355 3880 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:27:54.0433 3880 udfs - ok
15:27:54.0480 3880 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:27:54.0527 3880 UI0Detect - ok
15:27:54.0589 3880 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:27:54.0605 3880 uliagpkx - ok
15:27:54.0652 3880 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:27:54.0699 3880 umbus - ok
15:27:54.0745 3880 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:27:54.0777 3880 UmPass - ok
15:27:54.0808 3880 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:27:54.0839 3880 UmRdpService - ok
15:27:54.0886 3880 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:27:54.0933 3880 upnphost - ok
15:27:54.0979 3880 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:27:55.0026 3880 usbccgp - ok
15:27:55.0089 3880 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:27:55.0120 3880 usbcir - ok
15:27:55.0135 3880 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:27:55.0182 3880 usbehci - ok
15:27:55.0245 3880 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:27:55.0307 3880 usbhub - ok
15:27:55.0338 3880 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:27:55.0369 3880 usbohci - ok
15:27:55.0416 3880 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:27:55.0432 3880 usbprint - ok
15:27:55.0463 3880 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
15:27:55.0525 3880 USBSTOR - ok
15:27:55.0557 3880 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:27:55.0588 3880 usbuhci - ok
15:27:55.0650 3880 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:27:55.0681 3880 usbvideo - ok
15:27:55.0728 3880 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:27:55.0759 3880 UxSms - ok
15:27:55.0806 3880 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:55.0822 3880 VaultSvc - ok
15:27:55.0869 3880 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:27:55.0884 3880 vdrvroot - ok
15:27:55.0947 3880 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:27:55.0993 3880 vds - ok
15:27:56.0040 3880 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:27:56.0056 3880 vga - ok
15:27:56.0071 3880 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:27:56.0149 3880 VgaSave - ok
15:27:56.0196 3880 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:27:56.0227 3880 vhdmp - ok
15:27:56.0259 3880 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:27:56.0259 3880 viaide - ok
15:27:56.0290 3880 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:27:56.0305 3880 vmbus - ok
15:27:56.0321 3880 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:27:56.0368 3880 VMBusHID - ok
15:27:56.0415 3880 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:27:56.0430 3880 volmgr - ok
15:27:56.0477 3880 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:27:56.0508 3880 volmgrx - ok
15:27:56.0555 3880 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:27:56.0586 3880 volsnap - ok
15:27:56.0617 3880 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:27:56.0633 3880 vsmraid - ok
15:27:56.0727 3880 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:27:56.0805 3880 VSS - ok
15:27:56.0883 3880 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:27:56.0929 3880 vwifibus - ok
15:27:57.0007 3880 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:27:57.0039 3880 W32Time - ok
15:27:57.0070 3880 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:27:57.0117 3880 WacomPen - ok
15:27:57.0179 3880 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:27:57.0257 3880 WANARP - ok
15:27:57.0288 3880 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:27:57.0319 3880 Wanarpv6 - ok
15:27:57.0413 3880 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:27:57.0475 3880 WatAdminSvc - ok
15:27:57.0522 3880 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:27:57.0585 3880 wbengine - ok
15:27:57.0631 3880 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:27:57.0663 3880 WbioSrvc - ok
15:27:57.0725 3880 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
15:27:57.0756 3880 WcesComm - ok
15:27:57.0803 3880 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:27:57.0850 3880 wcncsvc - ok
15:27:57.0881 3880 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:27:57.0912 3880 WcsPlugInService - ok
15:27:57.0975 3880 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:27:58.0006 3880 Wd - ok
15:27:58.0037 3880 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:27:58.0053 3880 Wdf01000 - ok
15:27:58.0068 3880 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:27:58.0177 3880 WdiServiceHost - ok
15:27:58.0177 3880 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:27:58.0193 3880 WdiSystemHost - ok
15:27:58.0240 3880 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:27:58.0287 3880 WebClient - ok
15:27:58.0333 3880 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:27:58.0396 3880 Wecsvc - ok
15:27:58.0427 3880 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:27:58.0474 3880 wercplsupport - ok
15:27:58.0505 3880 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:27:58.0552 3880 WerSvc - ok
15:27:58.0645 3880 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:27:58.0692 3880 WfpLwf - ok
15:27:58.0723 3880 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:27:58.0739 3880 WIMMount - ok
15:27:58.0801 3880 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
15:27:58.0833 3880 winachsf - ok
15:27:58.0895 3880 WinDefend - ok
15:27:58.0911 3880 WinHttpAutoProxySvc - ok
15:27:58.0989 3880 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:27:59.0035 3880 Winmgmt - ok
15:27:59.0129 3880 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:27:59.0207 3880 WinRM - ok
15:27:59.0815 3880 winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.SYS
15:27:59.0862 3880 winusb - ok
15:27:59.0925 3880 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:27:59.0987 3880 Wlansvc - ok
15:28:00.0034 3880 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:28:00.0065 3880 WmiAcpi - ok
15:28:00.0143 3880 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:28:00.0205 3880 wmiApSrv - ok
15:28:00.0315 3880 WMIService (eee826cad5ae9eb3d226deb576027d10) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
15:28:00.0330 3880 WMIService ( UnsignedFile.Multi.Generic ) - warning
15:28:00.0330 3880 WMIService - detected UnsignedFile.Multi.Generic (1)
15:28:00.0393 3880 WMPNetworkSvc - ok
15:28:00.0533 3880 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
15:28:00.0564 3880 WMZuneComm - ok
15:28:00.0673 3880 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:28:00.0720 3880 WPCSvc - ok
15:28:00.0767 3880 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:28:00.0814 3880 WPDBusEnum - ok
15:28:00.0892 3880 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:28:00.0954 3880 ws2ifsl - ok
15:28:00.0985 3880 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:28:01.0017 3880 wscsvc - ok
15:28:01.0032 3880 WSearch - ok
15:28:01.0110 3880 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:28:01.0188 3880 wuauserv - ok
15:28:01.0329 3880 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:28:01.0407 3880 WudfPf - ok
15:28:01.0453 3880 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:28:01.0500 3880 WUDFRd - ok
15:28:01.0563 3880 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:28:01.0609 3880 wudfsvc - ok
15:28:01.0641 3880 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:28:01.0703 3880 WwanSvc - ok
15:28:01.0750 3880 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
15:28:01.0797 3880 XAudio - ok
15:28:02.0093 3880 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
15:28:02.0358 3880 ZuneNetworkSvc - ok
15:28:02.0499 3880 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
15:28:02.0530 3880 ZuneWlanCfgSvc - ok
15:28:02.0561 3880 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:28:02.0701 3880 \Device\Harddisk0\DR0 - ok
15:28:02.0701 3880 Boot (0x1200) (b69035dd48ee5857f68dc83b44d46484) \Device\Harddisk0\DR0\Partition0
15:28:02.0701 3880 \Device\Harddisk0\DR0\Partition0 - ok
15:28:02.0701 3880 ============================================================
15:28:02.0701 3880 Scan finished
15:28:02.0701 3880 ============================================================
15:28:02.0733 5052 Detected object count: 5
15:28:02.0733 5052 Actual detected object count: 5
15:28:28.0535 5052 eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052 eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:28:28.0535 5052 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:28:28.0535 5052 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:28:28.0535 5052 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:28:28.0535 5052 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Vielen Dank nochmal. Ich hoffe es wird richtig als Code-Box angezeigt.... LG, Dom |
|
05.04.2012, 14:40
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012-Befall Ja ist richtig so, siehst du doch  Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2012, 15:37
| #11 |
| | Smart Fortress 2012-Befall Hello, hat alles prima funktioniert. Hier der Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-04-05.06 - Dominik 05.04.2012 15:58:19.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.2013 [GMT 2:00]
ausgeführt von:: c:\users\Dominik\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dominik\AppData\Local\Temp\RtkBtMnt.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-05 bis 2012-04-05 ))))))))))))))))))))))))))))))
.
.
2012-04-05 14:11 . 2012-04-05 14:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 12:03 . 2012-04-05 12:03 -------- d-----w- C:\_OTL
2012-04-04 11:06 . 2011-02-22 11:57 74824 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-04-04 11:06 . 2011-02-22 11:57 41888 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-04-04 11:06 . 2011-02-22 11:57 65072 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-04-04 11:06 . 2012-04-04 11:06 -------- d-----w- c:\program files (x86)\ThreatFire
2012-04-04 11:06 . 2012-04-04 11:06 -------- d-----w- c:\programdata\PC Tools
2012-04-03 23:19 . 2012-04-03 23:19 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-03 17:15 . 2012-04-03 17:15 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-03 15:50 . 2012-04-03 15:50 -------- d-----w- c:\users\Dominik\AppData\Roaming\Malwarebytes
2012-04-03 15:50 . 2012-04-03 15:50 -------- d-----w- c:\programdata\Malwarebytes
2012-04-03 15:50 . 2012-04-03 15:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-03 15:50 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 07:59 . 2012-03-20 01:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0CB5BE9-8BA2-49C6-82D7-00C23DFD2B82}\mpengine.dll
2012-04-03 07:47 . 2012-04-03 07:53 -------- d-----w- c:\programdata\F4D55F3E000C4EBD0060677DB4EB2331
2012-04-01 18:14 . 2012-04-01 18:14 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-01 18:14 . 2012-04-01 18:14 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-01 01:49 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-01 01:49 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-01 01:49 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 16:39 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-31 16:39 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-31 16:39 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-31 16:38 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-31 16:38 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-31 16:38 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-31 16:38 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-31 16:38 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-31 16:38 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-31 16:38 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 09:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-29 09:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-23 07:18 . 2011-01-26 14:32 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 08:45 . 2012-02-22 08:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-22 08:45 . 2012-02-22 08:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-22 08:45 . 2012-02-22 08:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-22 08:45 . 2012-02-22 08:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-22 08:45 . 2012-02-22 08:45 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-22 08:45 . 2012-02-22 08:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-22 08:45 . 2012-02-22 08:45 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-22 08:45 . 2012-02-22 08:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-22 08:45 . 2012-02-22 08:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-22 08:45 . 2012-02-22 08:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-22 08:45 . 2012-02-22 08:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-22 08:45 . 2012-02-22 08:45 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-22 08:45 . 2012-02-22 08:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-22 08:45 . 2012-02-22 08:45 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-22 08:45 . 2012-02-22 08:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-22 08:45 . 2012-02-22 08:45 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-22 08:45 . 2012-02-22 08:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 08:45 . 2012-02-22 08:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-22 08:45 . 2012-02-22 08:45 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-02-22 08:45 . 2012-02-22 08:45 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-22 08:45 . 2012-02-22 08:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-22 08:45 . 2012-02-22 08:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-22 08:45 . 2012-02-22 08:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-22 08:45 . 2012-02-22 08:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-22 08:45 . 2012-02-22 08:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-22 08:45 . 2012-02-22 08:45 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-22 08:45 . 2012-02-22 08:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-22 08:45 . 2012-02-22 08:45 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-22 08:45 . 2012-02-22 08:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-22 08:45 . 2012-02-22 08:45 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-22 08:45 . 2012-02-22 08:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-22 08:45 . 2012-02-22 08:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-22 08:45 . 2012-02-22 08:45 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-22 08:45 . 2012-02-22 08:45 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-22 08:45 . 2012-02-22 08:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-22 08:45 . 2012-02-22 08:45 448512 ----a-w- c:\windows\system32\html.iec
2012-02-22 08:45 . 2012-02-22 08:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-22 08:45 . 2012-02-22 08:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-22 08:45 . 2012-02-22 08:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-22 08:45 . 2012-02-22 08:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-22 08:45 . 2012-02-22 08:45 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-22 08:45 . 2012-02-22 08:45 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2011-1-26 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz135;cpuz135;c:\users\Dominik\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\ik12mzv0.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ThreatFire\TFService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-05 16:27:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-05 14:27
.
Vor Suchlauf: 14 Verzeichnis(se), 246.968.156.160 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 246.574.608.384 Bytes frei
.
- - End Of File - - 5366063E5CF978EF33D14076C6654E7D
und nun? THX nochmal.... weiß zwar nicht, was das Programm konkret gemacht hat... sieht aber gut aus |
|
05.04.2012, 16:56
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012-Befall Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\programdata\F4D55F3E000C4EBD0060677DB4EB2331
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2012, 20:01
| #13 |
| | Smart Fortress 2012-Befall Ok. Gemacht. Hier der Log. Sry für die Verspätung. [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-04-05.06 - Dominik 05.04.2012 20:27:16.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.2090 [GMT 2:00]
ausgeführt von:: c:\users\Dominik\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Dominik\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\F4D55F3E000C4EBD0060677DB4EB2331
c:\programdata\F4D55F3E000C4EBD0060677DB4EB2331\F4D55F3E000C4EBD0060677DB4EB2331
c:\users\Dominik\AppData\Local\Temp\RtkBtMnt.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-05 bis 2012-04-05 ))))))))))))))))))))))))))))))
.
.
2012-04-05 18:39 . 2012-04-05 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 12:03 . 2012-04-05 12:03 -------- d-----w- C:\_OTL
2012-04-04 11:06 . 2011-02-22 11:57 74824 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-04-04 11:06 . 2011-02-22 11:57 41888 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-04-04 11:06 . 2011-02-22 11:57 65072 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-04-04 11:06 . 2012-04-04 11:06 -------- d-----w- c:\program files (x86)\ThreatFire
2012-04-04 11:06 . 2012-04-04 11:06 -------- d-----w- c:\programdata\PC Tools
2012-04-03 23:19 . 2012-04-03 23:19 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-03 17:15 . 2012-04-03 17:15 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-03 15:50 . 2012-04-03 15:50 -------- d-----w- c:\users\Dominik\AppData\Roaming\Malwarebytes
2012-04-03 15:50 . 2012-04-03 15:50 -------- d-----w- c:\programdata\Malwarebytes
2012-04-03 15:50 . 2012-04-03 15:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-03 15:50 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 07:59 . 2012-03-20 01:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0CB5BE9-8BA2-49C6-82D7-00C23DFD2B82}\mpengine.dll
2012-04-01 18:14 . 2012-04-01 18:14 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-01 18:14 . 2012-04-01 18:14 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-01 01:49 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-01 01:49 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-01 01:49 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 16:39 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-31 16:39 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-31 16:39 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-31 16:38 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-31 16:38 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-31 16:38 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-31 16:38 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-31 16:38 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-31 16:38 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-31 16:38 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 09:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-29 09:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-23 07:18 . 2011-01-26 14:32 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 08:45 . 2012-02-22 08:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-22 08:45 . 2012-02-22 08:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-22 08:45 . 2012-02-22 08:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-22 08:45 . 2012-02-22 08:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-22 08:45 . 2012-02-22 08:45 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-22 08:45 . 2012-02-22 08:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-22 08:45 . 2012-02-22 08:45 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-22 08:45 . 2012-02-22 08:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-22 08:45 . 2012-02-22 08:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-22 08:45 . 2012-02-22 08:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-22 08:45 . 2012-02-22 08:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-22 08:45 . 2012-02-22 08:45 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-22 08:45 . 2012-02-22 08:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-22 08:45 . 2012-02-22 08:45 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-22 08:45 . 2012-02-22 08:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-22 08:45 . 2012-02-22 08:45 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-22 08:45 . 2012-02-22 08:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 08:45 . 2012-02-22 08:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-22 08:45 . 2012-02-22 08:45 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-02-22 08:45 . 2012-02-22 08:45 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-22 08:45 . 2012-02-22 08:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-22 08:45 . 2012-02-22 08:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-22 08:45 . 2012-02-22 08:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-22 08:45 . 2012-02-22 08:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-22 08:45 . 2012-02-22 08:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-22 08:45 . 2012-02-22 08:45 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-22 08:45 . 2012-02-22 08:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-22 08:45 . 2012-02-22 08:45 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-22 08:45 . 2012-02-22 08:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-22 08:45 . 2012-02-22 08:45 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-22 08:45 . 2012-02-22 08:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-22 08:45 . 2012-02-22 08:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-22 08:45 . 2012-02-22 08:45 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-22 08:45 . 2012-02-22 08:45 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-22 08:45 . 2012-02-22 08:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-22 08:45 . 2012-02-22 08:45 448512 ----a-w- c:\windows\system32\html.iec
2012-02-22 08:45 . 2012-02-22 08:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-22 08:45 . 2012-02-22 08:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-22 08:45 . 2012-02-22 08:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-22 08:45 . 2012-02-22 08:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-22 08:45 . 2012-02-22 08:45 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-22 08:45 . 2012-02-22 08:45 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-05_14.18.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-26 17:05 . 2012-04-05 14:34 35002 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-05 18:44 40046 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-26 14:19 . 2012-04-05 18:44 12778 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4178791177-2408624748-2417051294-1000_UserData.bin
- 2012-04-05 14:17 . 2012-04-05 14:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-05 18:42 . 2012-04-05 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-05 14:17 . 2012-04-05 14:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-05 18:42 . 2012-04-05 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-27 15:07 . 2012-04-05 17:56 280308 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2012-04-05 12:10 620384 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-05 14:36 620384 c:\windows\system32\perfh009.dat
- 2009-07-14 17:58 . 2012-04-05 12:10 659238 c:\windows\system32\perfh007.dat
+ 2009-07-14 17:58 . 2012-04-05 14:36 659238 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-04-05 14:36 108566 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-05 12:10 108566 c:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2012-04-05 12:10 132776 c:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2012-04-05 14:36 132776 c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-04-05 14:12 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-05 18:39 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-10 00:37 . 2012-04-05 18:39 1456308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4178791177-2408624748-2417051294-1000-8192.dat
- 2011-07-10 00:37 . 2012-04-05 14:12 1456308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4178791177-2408624748-2417051294-1000-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2011-1-26 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz135;cpuz135;c:\users\Dominik\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\ik12mzv0.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ThreatFire\TFService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-05 20:51:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-05 18:51
ComboFix2.txt 2012-04-05 14:27
.
Vor Suchlauf: 18 Verzeichnis(se), 246.636.650.496 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 246.577.725.440 Bytes frei
.
- - End Of File - - 3F4DD0846BAF7EA7130951A931392BBB
LG, DOm |
|
05.04.2012, 20:31
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012-Befall Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2012, 20:54
| #15 |
| | Smart Fortress 2012-Befall ok. gemacht Hier der Log: Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-05 21:51:33
-----------------------------
21:51:33.128 OS Version: Windows x64 6.1.7601 Service Pack 1
21:51:33.128 Number of processors: 2 586 0xF0D
21:51:33.128 ComputerName: DOMINIK-PC UserName: Dominik
21:51:33.752 Initialize success
21:51:38.074 AVAST engine defs: 12040501
21:51:53.284 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
21:51:53.299 Disk 0 Vendor: SAMSUNG_HM321HI 2AJ10001 Size: 305245MB BusType: 11
21:51:53.315 Disk 0 MBR read successfully
21:51:53.315 Disk 0 MBR scan
21:51:53.315 Disk 0 Windows 7 default MBR code
21:51:53.330 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
21:51:53.346 Disk 0 scanning C:\Windows\system32\drivers
21:52:06.356 Service scanning
21:52:35.716 Modules scanning
21:52:35.731 Disk 0 trace - called modules:
21:52:35.778 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:52:35.794 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003430060]
21:52:35.794 3 CLASSPNP.SYS[fffff8800195a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8002ea0680]
21:52:35.809 Scan finished successfully
21:52:58.710 Disk 0 MBR has been saved successfully to "C:\Users\Dominik\Desktop\Logs\MBR.dat"
21:52:58.710 The log file has been saved successfully to "C:\Users\Dominik\Desktop\Logs\aswMBR.txt"
Dom |
|
| Themen zu Smart Fortress 2012-Befall |
| acer aspire, administrator, adobe, ahnungslos, antivir, avira, benachrichtigungen, computer, dateisystem, dll, error, excel, explorer, flash player, format, frage, heuristiks/extra, heuristiks/shuriken, install.exe, java/trojandownloader.agent.ncj, launch, log file, logfile, maßnahme, microsoft office word, mozilla, mozilla thunderbird, opera, problem, proxyeinstellungen, realtek, registry, rundll, security, taskleiste, taskmanager, win32/softonicdownloader.a, windows |
Hybrid-Darstellung
