| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.07.2012, 19:31
| #16 |
 |  GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? hier das Ergebnis, ganz sauber scheints noch nicht zu sein? Code:
ATTFilter 14:43:52.0056 7316 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
14:43:52.0196 7316 ============================================================
14:43:52.0196 7316 Current date / time: 2012/07/16 14:43:52.0196
14:43:52.0196 7316 SystemInfo:
14:43:52.0196 7316
14:43:52.0196 7316 OS Version: 6.1.7600 ServicePack: 0.0
14:43:52.0196 7316 Product type: Workstation
14:43:52.0196 7316 ComputerName: xxxxxxxxx-PC
14:43:52.0196 7316 UserName: xxxx xxxxx
14:43:52.0196 7316 Windows directory: C:\Windows
14:43:52.0196 7316 System windows directory: C:\Windows
14:43:52.0196 7316 Running under WOW64
14:43:52.0196 7316 Processor architecture: Intel x64
14:43:52.0196 7316 Number of processors: 4
14:43:52.0196 7316 Page size: 0x1000
14:43:52.0196 7316 Boot type: Normal boot
14:43:52.0196 7316 ============================================================
14:43:52.0566 7316 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:43:52.0576 7316 ============================================================
14:43:52.0576 7316 \Device\Harddisk0\DR0:
14:43:52.0576 7316 MBR partitions:
14:43:52.0576 7316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F40800, BlocksNum 0x32000
14:43:52.0576 7316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F72800, BlocksNum 0x2AA86800
14:43:52.0576 7316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2C9F9000, BlocksNum 0x2AB4C800
14:43:52.0576 7316 ============================================================
14:43:52.0606 7316 C: <-> \Device\Harddisk0\DR0\Partition1
14:43:52.0736 7316 D: <-> \Device\Harddisk0\DR0\Partition2
14:43:52.0736 7316 ============================================================
14:43:52.0736 7316 Initialize success
14:43:52.0736 7316 ============================================================
14:44:28.0141 9656 ============================================================
14:44:28.0141 9656 Scan started
14:44:28.0141 9656 Mode: Manual; SigCheck; TDLFS;
14:44:28.0141 9656 ============================================================
14:44:29.0389 9656 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:44:29.0452 9656 1394ohci - ok
14:44:29.0483 9656 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:44:29.0499 9656 ACPI - ok
14:44:29.0530 9656 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:44:29.0577 9656 AcpiPmi - ok
14:44:29.0670 9656 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:44:29.0670 9656 AdobeARMservice - ok
14:44:29.0795 9656 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:44:29.0795 9656 AdobeFlashPlayerUpdateSvc - ok
14:44:29.0873 9656 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:44:29.0904 9656 adp94xx - ok
14:44:29.0951 9656 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:44:29.0967 9656 adpahci - ok
14:44:30.0013 9656 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:44:30.0029 9656 adpu320 - ok
14:44:30.0060 9656 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:44:30.0201 9656 AeLookupSvc - ok
14:44:30.0263 9656 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
14:44:30.0310 9656 AFD - ok
14:44:30.0372 9656 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:44:30.0388 9656 agp440 - ok
14:44:30.0435 9656 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:44:30.0466 9656 ALG - ok
14:44:30.0513 9656 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:44:30.0528 9656 aliide - ok
14:44:30.0575 9656 AMD External Events Utility (893d2125996bb8b92054d743d75fdc09) C:\Windows\system32\atiesrxx.exe
14:44:30.0637 9656 AMD External Events Utility - ok
14:44:30.0684 9656 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:44:30.0684 9656 amdide - ok
14:44:30.0731 9656 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:44:30.0762 9656 AmdK8 - ok
14:44:31.0246 9656 amdkmdag (6aa57c2c6b586cac8910a142928a79c7) C:\Windows\system32\DRIVERS\atikmdag.sys
14:44:31.0417 9656 amdkmdag - ok
14:44:31.0558 9656 amdkmdap (2705b5af991eff9396109fbe63635fc9) C:\Windows\system32\DRIVERS\atikmpag.sys
14:44:31.0589 9656 amdkmdap - ok
14:44:31.0620 9656 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:44:31.0651 9656 AmdPPM - ok
14:44:31.0698 9656 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:44:31.0698 9656 amdsata - ok
14:44:31.0729 9656 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:44:31.0745 9656 amdsbs - ok
14:44:31.0776 9656 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:44:31.0776 9656 amdxata - ok
14:44:31.0901 9656 AntiVirFirewallService (6acc11e9d2f01c88251123d26c1c5489) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
14:44:31.0932 9656 AntiVirFirewallService - ok
14:44:31.0995 9656 AntiVirMailService (b7fa28aefa586fb5a04876c7b31d03e6) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
14:44:32.0010 9656 AntiVirMailService - ok
14:44:32.0073 9656 AntiVirSchedulerService (2e35310d600f4cc64624786a813a041e) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:44:32.0073 9656 AntiVirSchedulerService - ok
14:44:32.0119 9656 AntiVirService (984102b9e2f6513008ed4e0c5ac4151d) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:44:32.0135 9656 AntiVirService - ok
14:44:32.0213 9656 AntiVirWebService (9bc7247fd7379307bcff92cf8eb64b87) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:44:32.0229 9656 AntiVirWebService - ok
14:44:32.0353 9656 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:44:32.0385 9656 AppID - ok
14:44:32.0416 9656 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:44:32.0478 9656 AppIDSvc - ok
14:44:32.0525 9656 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
14:44:32.0556 9656 Appinfo - ok
14:44:32.0603 9656 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:44:32.0619 9656 arc - ok
14:44:32.0634 9656 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:44:32.0650 9656 arcsas - ok
14:44:32.0681 9656 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:44:32.0728 9656 AsyncMac - ok
14:44:32.0775 9656 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:44:32.0790 9656 atapi - ok
14:44:32.0837 9656 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
14:44:32.0837 9656 AthBTPort - ok
14:44:32.0899 9656 AtherosSvc (147d5c092d116e3e4768d7be532add79) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
14:44:32.0899 9656 AtherosSvc - ok
14:44:33.0040 9656 athr (931884f5f2d7e6973366782690bf1754) C:\Windows\system32\DRIVERS\athrx.sys
14:44:33.0087 9656 athr - ok
14:44:33.0258 9656 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
14:44:33.0336 9656 AtiHdmiService - ok
14:44:33.0399 9656 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:44:33.0461 9656 AudioEndpointBuilder - ok
14:44:33.0461 9656 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:44:33.0508 9656 AudioSrv - ok
14:44:33.0539 9656 avfwim (f3a3859d006783a0e0d40e227e52c35c) C:\Windows\system32\DRIVERS\avfwim.sys
14:44:33.0555 9656 avfwim - ok
14:44:33.0617 9656 avfwot (bc06315a7bdbcad0c7719d1c1306a4db) C:\Windows\system32\DRIVERS\avfwot.sys
14:44:33.0633 9656 avfwot - ok
14:44:33.0679 9656 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
14:44:33.0695 9656 avgntflt - ok
14:44:33.0742 9656 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
14:44:33.0742 9656 avipbb - ok
14:44:33.0773 9656 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
14:44:33.0789 9656 avkmgr - ok
14:44:33.0835 9656 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
14:44:33.0882 9656 AxInstSV - ok
14:44:33.0945 9656 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:44:33.0976 9656 b06bdrv - ok
14:44:33.0991 9656 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:44:34.0023 9656 b57nd60a - ok
14:44:34.0101 9656 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:44:34.0116 9656 BDESVC - ok
14:44:34.0147 9656 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:44:34.0194 9656 Beep - ok
14:44:34.0272 9656 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
14:44:34.0319 9656 BFE - ok
14:44:34.0381 9656 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
14:44:34.0444 9656 BITS - ok
14:44:34.0522 9656 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:44:34.0569 9656 blbdrive - ok
14:44:34.0615 9656 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:44:34.0662 9656 bowser - ok
14:44:34.0693 9656 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:44:34.0725 9656 BrFiltLo - ok
14:44:34.0740 9656 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:44:34.0756 9656 BrFiltUp - ok
14:44:34.0787 9656 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
14:44:34.0834 9656 Browser - ok
14:44:34.0881 9656 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:44:34.0896 9656 Brserid - ok
14:44:34.0912 9656 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:44:34.0927 9656 BrSerWdm - ok
14:44:34.0974 9656 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:44:35.0005 9656 BrUsbMdm - ok
14:44:35.0021 9656 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:44:35.0052 9656 BrUsbSer - ok
14:44:35.0099 9656 BTATH_A2DP (2ecf188c1d4246efc6419f118f7b8ec6) C:\Windows\system32\drivers\btath_a2dp.sys
14:44:35.0115 9656 BTATH_A2DP - ok
14:44:35.0130 9656 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
14:44:35.0146 9656 BTATH_BUS - ok
14:44:35.0161 9656 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
14:44:35.0177 9656 BTATH_HCRP - ok
14:44:35.0208 9656 BTATH_LWFLT (701c4fd9e8f2315bb1732e24093e7e8b) C:\Windows\system32\DRIVERS\btath_lwflt.sys
14:44:35.0208 9656 BTATH_LWFLT - ok
14:44:35.0224 9656 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
14:44:35.0239 9656 BTATH_RCP - ok
14:44:35.0271 9656 BtFilter (6e7427156de0f0601dc0df42caff971d) C:\Windows\system32\DRIVERS\btfilter.sys
14:44:35.0286 9656 BtFilter - ok
14:44:35.0317 9656 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:44:35.0333 9656 BthEnum - ok
14:44:35.0380 9656 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:44:35.0411 9656 BTHMODEM - ok
14:44:35.0442 9656 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:44:35.0473 9656 BthPan - ok
14:44:35.0520 9656 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
14:44:35.0551 9656 BTHPORT - ok
14:44:35.0598 9656 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:44:35.0645 9656 bthserv - ok
14:44:35.0676 9656 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
14:44:35.0707 9656 BTHUSB - ok
14:44:35.0739 9656 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:44:35.0785 9656 cdfs - ok
14:44:35.0832 9656 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:44:35.0895 9656 cdrom - ok
14:44:35.0941 9656 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:44:35.0988 9656 CertPropSvc - ok
14:44:36.0035 9656 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:44:36.0066 9656 circlass - ok
14:44:36.0097 9656 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:44:36.0113 9656 CLFS - ok
14:44:36.0191 9656 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:44:36.0191 9656 clr_optimization_v2.0.50727_32 - ok
14:44:36.0253 9656 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:44:36.0253 9656 clr_optimization_v2.0.50727_64 - ok
14:44:36.0347 9656 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:44:36.0363 9656 clr_optimization_v4.0.30319_32 - ok
14:44:36.0409 9656 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:44:36.0425 9656 clr_optimization_v4.0.30319_64 - ok
14:44:36.0456 9656 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:44:36.0472 9656 CmBatt - ok
14:44:36.0503 9656 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:44:36.0503 9656 cmdide - ok
14:44:36.0581 9656 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
14:44:36.0628 9656 CNG - ok
14:44:36.0643 9656 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:44:36.0659 9656 Compbatt - ok
14:44:36.0690 9656 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:44:36.0721 9656 CompositeBus - ok
14:44:36.0737 9656 COMSysApp - ok
14:44:36.0753 9656 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:44:36.0753 9656 crcdisk - ok
14:44:36.0799 9656 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
14:44:36.0862 9656 CryptSvc - ok
14:44:36.0909 9656 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:44:36.0955 9656 DcomLaunch - ok
14:44:36.0987 9656 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:44:37.0049 9656 defragsvc - ok
14:44:37.0096 9656 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:44:37.0127 9656 DfsC - ok
14:44:37.0158 9656 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
14:44:37.0236 9656 Dhcp - ok
14:44:37.0283 9656 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:44:37.0330 9656 discache - ok
14:44:37.0361 9656 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:44:37.0377 9656 Disk - ok
14:44:37.0408 9656 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
14:44:37.0423 9656 Dnscache - ok
14:44:37.0470 9656 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
14:44:37.0533 9656 dot3svc - ok
14:44:37.0548 9656 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
14:44:37.0595 9656 DPS - ok
14:44:37.0626 9656 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:44:37.0642 9656 drmkaud - ok
14:44:37.0735 9656 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:44:37.0751 9656 DsiWMIService - ok
14:44:37.0813 9656 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
14:44:37.0845 9656 DXGKrnl - ok
14:44:37.0891 9656 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:44:37.0923 9656 E1G60 - ok
14:44:37.0969 9656 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:44:38.0016 9656 EapHost - ok
14:44:38.0141 9656 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:44:38.0266 9656 ebdrv - ok
14:44:38.0359 9656 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
14:44:38.0391 9656 EFS - ok
14:44:38.0453 9656 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
14:44:38.0484 9656 ehRecvr - ok
14:44:38.0515 9656 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:44:38.0531 9656 ehSched - ok
14:44:38.0625 9656 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:44:38.0640 9656 elxstor - ok
14:44:38.0734 9656 ePowerSvc (eb78fbd1c3db8223eeb364d485627ef1) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
14:44:38.0765 9656 ePowerSvc - ok
14:44:38.0859 9656 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:44:38.0890 9656 ErrDev - ok
14:44:38.0937 9656 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:44:38.0983 9656 EventSystem - ok
14:44:39.0030 9656 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:44:39.0077 9656 exfat - ok
14:44:39.0108 9656 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:44:39.0155 9656 fastfat - ok
14:44:39.0217 9656 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
14:44:39.0264 9656 Fax - ok
14:44:39.0264 9656 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:44:39.0295 9656 fdc - ok
14:44:39.0342 9656 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:44:39.0373 9656 fdPHost - ok
14:44:39.0389 9656 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:44:39.0420 9656 FDResPub - ok
14:44:39.0451 9656 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:44:39.0451 9656 FileInfo - ok
14:44:39.0467 9656 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:44:39.0514 9656 Filetrace - ok
14:44:39.0529 9656 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:44:39.0545 9656 flpydisk - ok
14:44:39.0561 9656 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:44:39.0576 9656 FltMgr - ok
14:44:39.0623 9656 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
14:44:39.0670 9656 FontCache - ok
14:44:39.0779 9656 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:44:39.0795 9656 FontCache3.0.0.0 - ok
14:44:39.0841 9656 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:44:39.0857 9656 FsDepends - ok
14:44:39.0904 9656 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
14:44:39.0904 9656 Fs_Rec - ok
14:44:39.0951 9656 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:44:39.0966 9656 fvevol - ok
14:44:40.0013 9656 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:44:40.0029 9656 gagp30kx - ok
14:44:40.0091 9656 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
14:44:40.0138 9656 gpsvc - ok
14:44:40.0231 9656 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
14:44:40.0231 9656 GREGService - ok
14:44:40.0278 9656 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:44:40.0294 9656 hcw85cir - ok
14:44:40.0356 9656 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:44:40.0403 9656 HdAudAddService - ok
14:44:40.0419 9656 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:44:40.0450 9656 HDAudBus - ok
14:44:40.0481 9656 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:44:40.0481 9656 HECIx64 - ok
14:44:40.0512 9656 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:44:40.0528 9656 HidBatt - ok
14:44:40.0543 9656 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:44:40.0575 9656 HidBth - ok
14:44:40.0590 9656 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:44:40.0606 9656 HidIr - ok
14:44:40.0637 9656 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:44:40.0684 9656 hidserv - ok
14:44:40.0715 9656 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:44:40.0746 9656 HidUsb - ok
14:44:40.0777 9656 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
14:44:40.0824 9656 hkmsvc - ok
14:44:40.0855 9656 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
14:44:40.0887 9656 HomeGroupListener - ok
14:44:40.0918 9656 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
14:44:40.0933 9656 HomeGroupProvider - ok
14:44:40.0965 9656 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:44:40.0980 9656 HpSAMD - ok
14:44:41.0027 9656 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:44:41.0074 9656 HTTP - ok
14:44:41.0136 9656 hwdatacard (cdaa8e257bb625b2387219e605dde37d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:44:41.0152 9656 hwdatacard - ok
14:44:41.0183 9656 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:44:41.0183 9656 hwpolicy - ok
14:44:41.0214 9656 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:44:41.0230 9656 i8042prt - ok
14:44:41.0277 9656 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
14:44:41.0292 9656 iaStor - ok
14:44:41.0386 9656 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:44:41.0386 9656 IAStorDataMgrSvc - ok
14:44:41.0464 9656 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:44:41.0479 9656 iaStorV - ok
14:44:41.0511 9656 IDMWFP (a31673b073652f56571acae61c3c25e2) C:\Windows\system32\DRIVERS\idmwfp.sys
14:44:41.0526 9656 IDMWFP - ok
14:44:41.0651 9656 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:44:41.0682 9656 idsvc - ok
14:44:41.0713 9656 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:44:41.0729 9656 iirsp - ok
14:44:41.0791 9656 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
14:44:41.0838 9656 IKEEXT - ok
14:44:41.0901 9656 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
14:44:41.0932 9656 Impcd - ok
14:44:42.0072 9656 IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\Windows\system32\drivers\RTKVHD64.sys
14:44:42.0119 9656 IntcAzAudAddService - ok
14:44:42.0244 9656 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:44:42.0244 9656 intelide - ok
14:44:42.0681 9656 intelkmd (b744e1375cd1db3eb7b89781b8c93d9f) C:\Windows\system32\DRIVERS\igdpmd64.sys
14:44:42.0899 9656 intelkmd - ok
14:44:43.0008 9656 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:44:43.0024 9656 intelppm - ok
14:44:43.0071 9656 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:44:43.0133 9656 IPBusEnum - ok
14:44:43.0149 9656 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:44:43.0195 9656 IpFilterDriver - ok
14:44:43.0242 9656 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
14:44:43.0289 9656 iphlpsvc - ok
14:44:43.0320 9656 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:44:43.0336 9656 IPMIDRV - ok
14:44:43.0351 9656 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:44:43.0398 9656 IPNAT - ok
14:44:43.0429 9656 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:44:43.0445 9656 IRENUM - ok
14:44:43.0476 9656 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:44:43.0476 9656 isapnp - ok
14:44:43.0507 9656 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:44:43.0523 9656 iScsiPrt - ok
14:44:43.0539 9656 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:44:43.0554 9656 kbdclass - ok
14:44:43.0585 9656 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:44:43.0601 9656 kbdhid - ok
14:44:43.0632 9656 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:43.0648 9656 KeyIso - ok
14:44:43.0679 9656 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
14:44:43.0695 9656 KSecDD - ok
14:44:43.0710 9656 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
14:44:43.0710 9656 KSecPkg - ok
14:44:43.0741 9656 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:44:43.0804 9656 ksthunk - ok
14:44:43.0835 9656 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:44:43.0882 9656 KtmRm - ok
14:44:43.0913 9656 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
14:44:43.0913 9656 L1C - ok
14:44:43.0975 9656 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
14:44:43.0991 9656 LanmanServer - ok
14:44:44.0022 9656 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
14:44:44.0069 9656 LanmanWorkstation - ok
14:44:44.0100 9656 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:44:44.0147 9656 lltdio - ok
14:44:44.0178 9656 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:44:44.0225 9656 lltdsvc - ok
14:44:44.0256 9656 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:44:44.0287 9656 lmhosts - ok
14:44:44.0397 9656 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:44:44.0428 9656 LMS ( UnsignedFile.Multi.Generic ) - warning
14:44:44.0428 9656 LMS - detected UnsignedFile.Multi.Generic (1)
14:44:44.0459 9656 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:44:44.0475 9656 LSI_FC - ok
14:44:44.0506 9656 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:44:44.0506 9656 LSI_SAS - ok
14:44:44.0537 9656 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:44:44.0537 9656 LSI_SAS2 - ok
14:44:44.0553 9656 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:44:44.0553 9656 LSI_SCSI - ok
14:44:44.0584 9656 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:44:44.0631 9656 luafv - ok
14:44:44.0693 9656 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:44:44.0709 9656 MBAMProtector - ok
14:44:44.0787 9656 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:44:44.0802 9656 MBAMService - ok
14:44:44.0833 9656 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
14:44:44.0865 9656 Mcx2Svc - ok
14:44:44.0896 9656 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:44:44.0911 9656 megasas - ok
14:44:44.0927 9656 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:44:44.0943 9656 MegaSR - ok
14:44:44.0974 9656 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:44:45.0021 9656 MMCSS - ok
14:44:45.0052 9656 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:44:45.0114 9656 Modem - ok
14:44:45.0145 9656 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:44:45.0161 9656 monitor - ok
14:44:45.0192 9656 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:44:45.0208 9656 mouclass - ok
14:44:45.0223 9656 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:44:45.0239 9656 mouhid - ok
14:44:45.0270 9656 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:44:45.0270 9656 mountmgr - ok
14:44:45.0379 9656 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:44:45.0395 9656 MozillaMaintenance - ok
14:44:45.0411 9656 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:44:45.0426 9656 mpio - ok
14:44:45.0457 9656 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:44:45.0489 9656 mpsdrv - ok
14:44:45.0551 9656 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
14:44:45.0629 9656 MpsSvc - ok
14:44:45.0645 9656 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:44:45.0691 9656 MRxDAV - ok
14:44:45.0707 9656 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:44:45.0754 9656 mrxsmb - ok
14:44:45.0785 9656 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:44:45.0801 9656 mrxsmb10 - ok
14:44:45.0816 9656 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:44:45.0832 9656 mrxsmb20 - ok
14:44:45.0832 9656 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:44:45.0847 9656 msahci - ok
14:44:45.0863 9656 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:44:45.0879 9656 msdsm - ok
14:44:45.0910 9656 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:44:45.0941 9656 MSDTC - ok
14:44:45.0941 9656 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:44:45.0988 9656 Msfs - ok
14:44:46.0003 9656 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:44:46.0035 9656 mshidkmdf - ok
14:44:46.0035 9656 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:44:46.0050 9656 msisadrv - ok
14:44:46.0081 9656 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:44:46.0113 9656 MSiSCSI - ok
14:44:46.0113 9656 msiserver - ok
14:44:46.0144 9656 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:44:46.0175 9656 MSKSSRV - ok
14:44:46.0191 9656 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:44:46.0222 9656 MSPCLOCK - ok
14:44:46.0237 9656 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:44:46.0284 9656 MSPQM - ok
14:44:46.0300 9656 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:44:46.0315 9656 MsRPC - ok
14:44:46.0331 9656 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:44:46.0347 9656 mssmbios - ok
14:44:46.0378 9656 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:44:46.0425 9656 MSTEE - ok
14:44:46.0440 9656 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:44:46.0471 9656 MTConfig - ok
14:44:46.0487 9656 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:44:46.0487 9656 Mup - ok
14:44:46.0534 9656 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
14:44:46.0581 9656 napagent - ok
14:44:46.0643 9656 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:44:46.0659 9656 NativeWifiP - ok
14:44:46.0705 9656 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:44:46.0737 9656 NDIS - ok
14:44:46.0783 9656 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:44:46.0830 9656 NdisCap - ok
14:44:46.0861 9656 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:44:46.0908 9656 NdisTapi - ok
14:44:46.0924 9656 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:44:46.0955 9656 Ndisuio - ok
14:44:46.0971 9656 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:44:47.0002 9656 NdisWan - ok
14:44:47.0033 9656 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:44:47.0064 9656 NDProxy - ok
14:44:47.0080 9656 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:44:47.0127 9656 NetBIOS - ok
14:44:47.0158 9656 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:44:47.0205 9656 NetBT - ok
14:44:47.0236 9656 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:47.0251 9656 Netlogon - ok
14:44:47.0298 9656 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:44:47.0345 9656 Netman - ok
14:44:47.0376 9656 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:44:47.0423 9656 netprofm - ok
14:44:47.0517 9656 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:44:47.0532 9656 NetTcpPortSharing - ok
14:44:47.0563 9656 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:44:47.0579 9656 nfrd960 - ok
14:44:47.0626 9656 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
14:44:47.0673 9656 NlaSvc - ok
14:44:47.0688 9656 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:44:47.0735 9656 Npfs - ok
14:44:47.0766 9656 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:44:47.0813 9656 nsi - ok
14:44:47.0829 9656 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:44:47.0860 9656 nsiproxy - ok
14:44:47.0938 9656 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:44:47.0985 9656 Ntfs - ok
14:44:48.0078 9656 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:44:48.0125 9656 Null - ok
14:44:48.0156 9656 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:44:48.0172 9656 nvraid - ok
14:44:48.0187 9656 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:44:48.0203 9656 nvstor - ok
14:44:48.0219 9656 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:44:48.0234 9656 nv_agp - ok
14:44:48.0312 9656 ODDPwrSvc (ba7dac1b8a86d9402c3e04e1fcaa600d) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
14:44:48.0328 9656 ODDPwrSvc - ok
14:44:48.0359 9656 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:44:48.0359 9656 ohci1394 - ok
14:44:48.0437 9656 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:44:48.0453 9656 ose - ok
14:44:48.0733 9656 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:44:48.0843 9656 osppsvc - ok
14:44:48.0967 9656 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:44:48.0983 9656 p2pimsvc - ok
14:44:49.0014 9656 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:44:49.0030 9656 p2psvc - ok
14:44:49.0108 9656 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:44:49.0123 9656 Parport - ok
14:44:49.0170 9656 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
14:44:49.0170 9656 partmgr - ok
14:44:49.0201 9656 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:44:49.0233 9656 PcaSvc - ok
14:44:49.0233 9656 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:44:49.0248 9656 pci - ok
14:44:49.0264 9656 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:44:49.0279 9656 pciide - ok
14:44:49.0295 9656 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:44:49.0311 9656 pcmcia - ok
14:44:49.0326 9656 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:44:49.0326 9656 pcw - ok
14:44:49.0357 9656 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:44:49.0420 9656 PEAUTH - ok
14:44:49.0482 9656 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:44:49.0513 9656 PerfHost - ok
14:44:49.0591 9656 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
14:44:49.0669 9656 pla - ok
14:44:49.0732 9656 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
14:44:49.0763 9656 PlugPlay - ok
14:44:49.0779 9656 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:44:49.0810 9656 PNRPAutoReg - ok
14:44:49.0841 9656 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:44:49.0857 9656 PNRPsvc - ok
14:44:49.0903 9656 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
14:44:49.0966 9656 PolicyAgent - ok
14:44:49.0997 9656 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:44:50.0028 9656 Power - ok
14:44:50.0091 9656 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:44:50.0137 9656 PptpMiniport - ok
14:44:50.0153 9656 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:44:50.0184 9656 Processor - ok
14:44:50.0215 9656 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
14:44:50.0231 9656 ProfSvc - ok
14:44:50.0247 9656 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:50.0262 9656 ProtectedStorage - ok
14:44:50.0309 9656 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:44:50.0340 9656 Psched - ok
14:44:50.0387 9656 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
14:44:50.0387 9656 PSI - ok
14:44:50.0465 9656 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:44:50.0512 9656 ql2300 - ok
14:44:50.0605 9656 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:44:50.0621 9656 ql40xx - ok
14:44:50.0652 9656 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:44:50.0683 9656 QWAVE - ok
14:44:50.0683 9656 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:44:50.0730 9656 QWAVEdrv - ok
14:44:50.0746 9656 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:44:50.0777 9656 RasAcd - ok
14:44:50.0824 9656 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:44:50.0855 9656 RasAgileVpn - ok
14:44:50.0886 9656 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:44:50.0933 9656 RasAuto - ok
14:44:50.0949 9656 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:44:51.0011 9656 Rasl2tp - ok
14:44:51.0058 9656 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
14:44:51.0120 9656 RasMan - ok
14:44:51.0136 9656 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:44:51.0183 9656 RasPppoe - ok
14:44:51.0214 9656 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:44:51.0261 9656 RasSstp - ok
14:44:51.0292 9656 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:44:51.0339 9656 rdbss - ok
14:44:51.0370 9656 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:44:51.0386 9656 rdpbus - ok
14:44:51.0386 9656 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:44:51.0417 9656 RDPCDD - ok
14:44:51.0432 9656 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:44:51.0479 9656 RDPENCDD - ok
14:44:51.0479 9656 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:44:51.0510 9656 RDPREFMP - ok
14:44:51.0557 9656 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
14:44:51.0573 9656 RDPWD - ok
14:44:51.0620 9656 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
14:44:51.0635 9656 rdyboost - ok
14:44:51.0666 9656 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:44:51.0713 9656 RemoteAccess - ok
14:44:51.0744 9656 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:44:51.0791 9656 RemoteRegistry - ok
14:44:51.0838 9656 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:44:51.0869 9656 RFCOMM - ok
14:44:51.0963 9656 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
14:44:51.0994 9656 RichVideo ( UnsignedFile.Multi.Generic ) - warning
14:44:51.0994 9656 RichVideo - detected UnsignedFile.Multi.Generic (1)
14:44:52.0025 9656 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:44:52.0072 9656 RpcEptMapper - ok
14:44:52.0088 9656 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:44:52.0103 9656 RpcLocator - ok
14:44:52.0134 9656 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:44:52.0166 9656 RpcSs - ok
14:44:52.0212 9656 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:44:52.0259 9656 rspndr - ok
14:44:52.0290 9656 RS_Service (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
14:44:52.0306 9656 RS_Service - ok
14:44:52.0337 9656 SaiK0CD5 (858c15a70af2900c03daa4419b973903) C:\Windows\system32\DRIVERS\SaiK0CD5.sys
14:44:52.0353 9656 SaiK0CD5 - ok
14:44:52.0400 9656 SaiMini (e124bcfb55adcd4aa273e73c3d666f9f) C:\Windows\system32\DRIVERS\SaiMini.sys
14:44:52.0415 9656 SaiMini - ok
14:44:52.0431 9656 SaiNtBus (94ab59e2d3f301dc2b6ea97a027cebfa) C:\Windows\system32\drivers\SaiBus.sys
14:44:52.0431 9656 SaiNtBus - ok
14:44:52.0462 9656 SaiU0CD5 (866efd804302483de27e3947b25d0fab) C:\Windows\system32\DRIVERS\SaiU0CD5.sys
14:44:52.0462 9656 SaiU0CD5 - ok
14:44:52.0493 9656 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:52.0509 9656 SamSs - ok
14:44:52.0524 9656 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:44:52.0540 9656 sbp2port - ok
14:44:52.0571 9656 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:44:52.0618 9656 SCardSvr - ok
14:44:52.0649 9656 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:44:52.0696 9656 scfilter - ok
14:44:52.0758 9656 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
14:44:52.0790 9656 Schedule - ok
14:44:52.0821 9656 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:44:52.0852 9656 SCPolicySvc - ok
14:44:52.0883 9656 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
14:44:52.0914 9656 SDRSVC - ok
14:44:52.0992 9656 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:44:53.0024 9656 secdrv - ok
14:44:53.0039 9656 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
14:44:53.0086 9656 seclogon - ok
14:44:53.0195 9656 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
14:44:53.0226 9656 Secunia PSI Agent - ok
14:44:53.0320 9656 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
14:44:53.0336 9656 Secunia Update Agent - ok
14:44:53.0429 9656 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:44:53.0476 9656 SENS - ok
14:44:53.0507 9656 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:44:53.0538 9656 SensrSvc - ok
14:44:53.0585 9656 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:44:53.0601 9656 Serenum - ok
14:44:53.0632 9656 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:44:53.0663 9656 Serial - ok
14:44:53.0694 9656 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:44:53.0710 9656 sermouse - ok
14:44:53.0757 9656 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
14:44:53.0788 9656 SessionEnv - ok
14:44:53.0819 9656 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:44:53.0850 9656 sffdisk - ok
14:44:53.0866 9656 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:44:53.0897 9656 sffp_mmc - ok
14:44:53.0913 9656 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:44:53.0913 9656 sffp_sd - ok
14:44:53.0928 9656 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:44:53.0944 9656 sfloppy - ok
14:44:53.0991 9656 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:44:54.0038 9656 SharedAccess - ok
14:44:54.0069 9656 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
14:44:54.0100 9656 ShellHWDetection - ok
14:44:54.0162 9656 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:44:54.0162 9656 SiSRaid2 - ok
14:44:54.0178 9656 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:44:54.0194 9656 SiSRaid4 - ok
14:44:54.0287 9656 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:44:54.0303 9656 SkypeUpdate - ok
14:44:54.0365 9656 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:44:54.0412 9656 Smb - ok
14:44:54.0443 9656 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:44:54.0474 9656 SNMPTRAP - ok
14:44:54.0490 9656 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:44:54.0506 9656 spldr - ok
14:44:54.0537 9656 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
14:44:54.0568 9656 Spooler - ok
14:44:54.0724 9656 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
14:44:54.0818 9656 sppsvc - ok
14:44:54.0911 9656 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:44:54.0942 9656 sppuinotify - ok
14:44:54.0989 9656 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:44:55.0052 9656 srv - ok
14:44:55.0067 9656 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:44:55.0083 9656 srv2 - ok
14:44:55.0098 9656 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:44:55.0114 9656 srvnet - ok
14:44:55.0176 9656 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:44:55.0223 9656 SSDPSRV - ok
14:44:55.0254 9656 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:44:55.0286 9656 SstpSvc - ok
14:44:55.0348 9656 Steam Client Service - ok
14:44:55.0379 9656 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:44:55.0395 9656 stexstor - ok
14:44:55.0457 9656 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
14:44:55.0473 9656 stisvc - ok
14:44:55.0488 9656 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:44:55.0504 9656 swenum - ok
14:44:55.0535 9656 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:44:55.0598 9656 swprv - ok
14:44:55.0660 9656 SynTP (ce9b5a79aee330bc7e88c0441e5727bb) C:\Windows\system32\DRIVERS\SynTP.sys
14:44:55.0676 9656 SynTP - ok
14:44:55.0769 9656 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
14:44:55.0816 9656 SysMain - ok
14:44:55.0910 9656 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
14:44:55.0956 9656 TabletInputService - ok
14:44:55.0972 9656 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
14:44:56.0019 9656 TapiSrv - ok
14:44:56.0034 9656 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:44:56.0066 9656 TBS - ok
14:44:56.0222 9656 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
14:44:56.0253 9656 Tcpip - ok
14:44:56.0440 9656 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
14:44:56.0471 9656 TCPIP6 - ok
14:44:56.0534 9656 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:44:56.0580 9656 tcpipreg - ok
14:44:56.0612 9656 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:44:56.0643 9656 TDPIPE - ok
14:44:56.0658 9656 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
14:44:56.0690 9656 TDTCP - ok
14:44:56.0705 9656 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:44:56.0752 9656 tdx - ok
14:44:56.0768 9656 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:44:56.0783 9656 TermDD - ok
14:44:56.0846 9656 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
14:44:56.0908 9656 TermService - ok
14:44:56.0924 9656 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:44:56.0955 9656 Themes - ok
14:44:56.0970 9656 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:44:57.0002 9656 THREADORDER - ok
14:44:57.0017 9656 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:44:57.0064 9656 TrkWks - ok
14:44:57.0111 9656 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
14:44:57.0142 9656 TrustedInstaller - ok
14:44:57.0173 9656 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:57.0204 9656 tssecsrv - ok
14:44:57.0407 9656 TuneUp.UtilitiesSvc (6dc7b7342148636c6751d9f7b8aaea91) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
14:44:57.0454 9656 TuneUp.UtilitiesSvc - ok
14:44:57.0548 9656 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
14:44:57.0563 9656 TuneUpUtilitiesDrv - ok
14:44:57.0672 9656 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:44:57.0735 9656 tunnel - ok
14:44:57.0766 9656 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
14:44:57.0766 9656 TurboB - ok
14:44:57.0813 9656 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
14:44:57.0828 9656 TurboBoost - ok
14:44:57.0844 9656 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:44:57.0844 9656 uagp35 - ok
14:44:57.0875 9656 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:44:57.0922 9656 udfs - ok
14:44:57.0953 9656 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:44:57.0969 9656 UI0Detect - ok
14:44:58.0000 9656 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:44:58.0000 9656 uliagpkx - ok
14:44:58.0031 9656 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:44:58.0062 9656 umbus - ok
14:44:58.0094 9656 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:44:58.0109 9656 UmPass - ok
14:44:58.0265 9656 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:44:58.0296 9656 UNS ( UnsignedFile.Multi.Generic ) - warning
14:44:58.0296 9656 UNS - detected UnsignedFile.Multi.Generic (1)
14:44:58.0390 9656 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:44:58.0406 9656 Updater Service - ok
14:44:58.0515 9656 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:44:58.0546 9656 upnphost - ok
14:44:58.0624 9656 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
14:44:58.0655 9656 usbaudio - ok
14:44:58.0702 9656 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:58.0718 9656 usbccgp - ok
14:44:58.0749 9656 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:44:58.0780 9656 usbcir - ok
14:44:58.0811 9656 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
14:44:58.0811 9656 usbehci - ok
14:44:58.0874 9656 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
14:44:58.0889 9656 usbhub - ok
14:44:58.0936 9656 usbkey (a13334591800e55184857e4090e4bbe9) C:\Windows\system32\DRIVERS\USBKey64.sys
14:44:58.0936 9656 usbkey - ok
14:44:58.0967 9656 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
14:44:58.0998 9656 usbohci - ok
14:44:59.0030 9656 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:44:59.0045 9656 usbprint - ok
14:44:59.0076 9656 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:44:59.0092 9656 usbscan - ok
14:44:59.0123 9656 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:59.0139 9656 USBSTOR - ok
14:44:59.0154 9656 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
14:44:59.0186 9656 usbuhci - ok
14:44:59.0248 9656 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
14:44:59.0279 9656 usbvideo - ok
14:44:59.0310 9656 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:44:59.0342 9656 UxSms - ok
14:44:59.0373 9656 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:59.0388 9656 VaultSvc - ok
14:44:59.0420 9656 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:44:59.0435 9656 vdrvroot - ok
14:44:59.0482 9656 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
14:44:59.0513 9656 vds - ok
14:44:59.0544 9656 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:59.0544 9656 vga - ok
14:44:59.0560 9656 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:44:59.0607 9656 VgaSave - ok
14:44:59.0638 9656 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:44:59.0638 9656 vhdmp - ok
14:44:59.0654 9656 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:44:59.0654 9656 viaide - ok
14:44:59.0685 9656 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:44:59.0685 9656 volmgr - ok
14:44:59.0700 9656 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:44:59.0716 9656 volmgrx - ok
14:44:59.0732 9656 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:44:59.0747 9656 volsnap - ok
14:44:59.0841 9656 vpnagent (3b98ab9849754cb88265111422441df7) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
14:44:59.0856 9656 vpnagent - ok
14:44:59.0903 9656 vpnva (13e6d95e7ac67abb7a1196557ef8849f) C:\Windows\system32\DRIVERS\vpnva64.sys
14:44:59.0903 9656 vpnva - ok
14:44:59.0950 9656 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:44:59.0966 9656 vsmraid - ok
14:45:00.0059 9656 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
14:45:00.0106 9656 VSS - ok
14:45:00.0200 9656 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:45:00.0215 9656 vwifibus - ok
14:45:00.0231 9656 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:45:00.0262 9656 vwififlt - ok
14:45:00.0324 9656 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:45:00.0356 9656 W32Time - ok
14:45:00.0387 9656 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:45:00.0418 9656 WacomPen - ok
14:45:00.0449 9656 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:45:00.0480 9656 WANARP - ok
14:45:00.0480 9656 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:45:00.0512 9656 Wanarpv6 - ok
14:45:00.0590 9656 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
14:45:00.0621 9656 wbengine - ok
14:45:00.0714 9656 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:45:00.0746 9656 WbioSrvc - ok
14:45:00.0777 9656 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
14:45:00.0808 9656 wcncsvc - ok
14:45:00.0808 9656 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:45:00.0824 9656 WcsPlugInService - ok
14:45:00.0870 9656 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:45:00.0886 9656 Wd - ok
14:45:00.0902 9656 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:45:00.0933 9656 Wdf01000 - ok
14:45:00.0948 9656 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:45:00.0980 9656 WdiServiceHost - ok
14:45:00.0980 9656 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:45:00.0995 9656 WdiSystemHost - ok
14:45:01.0042 9656 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
14:45:01.0058 9656 WebClient - ok
14:45:01.0104 9656 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:45:01.0151 9656 Wecsvc - ok
14:45:01.0167 9656 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:45:01.0229 9656 wercplsupport - ok
14:45:01.0245 9656 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:45:01.0276 9656 WerSvc - ok
14:45:01.0354 9656 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:45:01.0385 9656 WfpLwf - ok
14:45:01.0401 9656 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:45:01.0416 9656 WIMMount - ok
14:45:01.0463 9656 WinDefend - ok
14:45:01.0463 9656 WinHttpAutoProxySvc - ok
14:45:01.0541 9656 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:45:01.0572 9656 Winmgmt - ok
14:45:01.0666 9656 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
14:45:01.0728 9656 WinRM - ok
14:45:01.0884 9656 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:45:01.0900 9656 Wlansvc - ok
14:45:01.0962 9656 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:45:01.0962 9656 WmiAcpi - ok
14:45:02.0040 9656 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:45:02.0056 9656 wmiApSrv - ok
14:45:02.0134 9656 WMPNetworkSvc - ok
14:45:02.0165 9656 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:45:02.0181 9656 WPCSvc - ok
14:45:02.0196 9656 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
14:45:02.0228 9656 WPDBusEnum - ok
14:45:02.0243 9656 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:45:02.0306 9656 ws2ifsl - ok
14:45:02.0321 9656 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
14:45:02.0352 9656 wscsvc - ok
14:45:02.0352 9656 WSearch - ok
14:45:02.0430 9656 WTGService (d7e88349be0f01e4d8d776adb1f325bf) C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
14:45:02.0446 9656 WTGService - ok
14:45:02.0571 9656 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:45:02.0633 9656 wuauserv - ok
14:45:02.0742 9656 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:45:02.0774 9656 WudfPf - ok
14:45:02.0820 9656 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:45:02.0867 9656 WUDFRd - ok
14:45:02.0898 9656 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
14:45:02.0945 9656 wudfsvc - ok
14:45:02.0976 9656 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:45:03.0008 9656 WwanSvc - ok
14:45:03.0039 9656 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:45:03.0257 9656 \Device\Harddisk0\DR0 - ok
14:45:03.0257 9656 Boot (0x1200) (a0f7c052509503fe32add634215fade1) \Device\Harddisk0\DR0\Partition0
14:45:03.0273 9656 \Device\Harddisk0\DR0\Partition0 - ok
14:45:03.0288 9656 Boot (0x1200) (e6c66b71605680f02a9cbb6fdce8b0b3) \Device\Harddisk0\DR0\Partition1
14:45:03.0288 9656 \Device\Harddisk0\DR0\Partition1 - ok
14:45:03.0304 9656 Boot (0x1200) (dbac78ea438e0cc864cba620e834fd17) \Device\Harddisk0\DR0\Partition2
14:45:03.0304 9656 \Device\Harddisk0\DR0\Partition2 - ok
14:45:03.0304 9656 ============================================================
14:45:03.0304 9656 Scan finished
14:45:03.0304 9656 ============================================================
14:45:03.0320 6880 Detected object count: 3
14:45:03.0320 6880 Actual detected object count: 3
14:45:53.0630 6880 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:53.0630 6880 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:53.0630 6880 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:53.0630 6880 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:53.0630 6880 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:53.0630 6880 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
17.07.2012, 10:52
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
17.07.2012, 18:35
| #18 |
| | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Beim ersten Durchlauf von Combofix hatte ich leider vergessen den Windows Defender auszumachen:
__________________Combofix Logfile: Code:
ATTFilter ComboFix 12-07-16.01 - xxxx xxxxx 17.07.2012 12:00:47.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3767.2406 [GMT 2:00]
ausgeführt von:: c:\users\xxxx xxxxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\xxxx xxxxx\Documents\~WRL0412.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-17 bis 2012-07-17 ))))))))))))))))))))))))))))))
.
.
2012-07-17 10:06 . 2012-07-17 10:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 10:05 . 2012-07-17 10:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18C86E3E-2C1A-4677-A04D-3591DDB2C790}\offreg.dll
2012-07-15 19:46 . 2012-07-15 19:46 -------- d-----w- C:\_OTL
2012-07-13 20:13 . 2012-07-13 20:13 -------- d-----w- c:\program files (x86)\ESET
2012-07-13 15:33 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18C86E3E-2C1A-4677-A04D-3591DDB2C790}\mpengine.dll
2012-07-12 09:55 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 07:22 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 07:22 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-04 20:59 . 2012-07-04 20:59 -------- d-----w- c:\users\xxxx xxxxx\AppData\Local\Skyrim
2012-07-04 18:07 . 2012-07-17 07:27 -------- d-----w- c:\program files (x86)\Steam
2012-07-04 18:07 . 2012-07-04 18:32 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-04 12:07 . 2012-07-04 12:07 -------- d--h--w- c:\programdata\Common Files
2012-07-04 12:07 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-07-04 12:07 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-07-04 12:06 . 2012-07-04 12:07 -------- d-----w- c:\program files (x86)\PDFCreator
2012-07-04 12:06 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2012-07-04 12:06 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2012-07-04 12:06 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2012-07-04 12:06 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-07-04 12:03 . 2012-06-15 04:51 95232 ----a-w- c:\windows\system32\pdfcmon.dll
2012-07-02 22:58 . 2012-07-02 22:58 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-02 21:39 . 2012-07-02 21:39 -------- d-----w- c:\users\xxxx xxxxx\AppData\Roaming\Malwarebytes
2012-07-02 21:39 . 2012-07-02 21:39 -------- d-----w- c:\programdata\Malwarebytes
2012-07-02 21:39 . 2012-07-02 21:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 21:39 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 08:03 . 2012-06-24 08:03 -------- d-----w- c:\users\xxxx xxxxx\AppData\Local\Macromedia
2012-06-21 05:26 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 05:26 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 05:26 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 05:26 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 05:26 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 05:26 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 05:26 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 05:26 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 05:26 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 21:40 . 2012-06-19 21:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-19 21:40 . 2012-06-19 21:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 09:48 . 2012-04-15 14:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 09:48 . 2012-01-12 22:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-02 22:58 . 2012-02-28 15:05 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-15 03:56 . 2012-06-13 05:31 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:08 . 2012-06-13 05:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-14 13:52 . 2012-01-17 20:18 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-14 13:52 . 2012-01-17 20:18 139360 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-05-14 13:52 . 2012-01-17 20:18 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-14 13:52 . 2012-01-17 20:18 114128 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-05-04 10:52 . 2012-06-13 05:31 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 05:31 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 05:31 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-13 05:31 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 05:31 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 05:31 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 05:31 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 05:31 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 05:31 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 05:31 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 05:31 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 05:31 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 05:31 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 05:31 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-20 06:22 . 2012-06-13 05:31 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-20 05:05 . 2012-06-13 05:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-20 05:00 . 2012-06-13 05:31 482816 ----a-w- c:\windows\system32\html.iec
2012-04-20 04:15 . 2012-06-13 05:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-20 03:58 . 2012-06-13 05:31 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-04-20 03:24 . 2012-06-13 05:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-01-16 3462552]
"SimpleSYN.NET"="c:\program files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe" [2011-06-21 2275696]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-07-04 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2011-02-17 124136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-07-29 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-07-29 295072]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-07-29 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-07-29 51872]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-07-29 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-07-29 270496]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys [2011-09-20 183104]
R3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys [2011-09-20 47168]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 usbkey;USB Dongle;c:\windows\system32\DRIVERS\USBKey64.sys [2012-01-16 38496]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-07-29 52896]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-05-14 139360]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-20 203264]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-14 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-12-20 148104]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2009-03-03 296400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-20 6856704]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-20 264704]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-05-14 114128]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-07-29 28832]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-10-20 10331840]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-18 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2010-04-28 02:47]
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-12-19 18:46 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-20 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-20 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-20 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-13 2103912]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-07-29 594080]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-07-29 377504]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2782096]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Download aller Links mit IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{7F66CAB7-3D90-4CF2-A86C-94A6431474BB}: NameServer = 130.75.1.32,130.75.1.40
FF - ProfilePath - c:\users\xxxx xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bild4i5m.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,ff,7b,bf,d7,5f,b4,0b,d9,1a,03,12,1d,71,8b,a0,53,ca,0f,f4,33,
8b,2f,75,5c,60,87,6c,1c,5b,30,b6,4d,79,52,2b,34,63,25,78,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{95fef388-361b-4e2e-92ff-1fc552c6a1a3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000085
"Therad"=dword:0000001b
"MData"=hex(0):20,35,e9,2b,74,59,03,68,be,b2,5b,74,b4,62,9e,77,fc,22,df,59,02,
94,28,03,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-17 12:09:09
ComboFix-quarantined-files.txt 2012-07-17 10:09
.
Vor Suchlauf: 10 Verzeichnis(se), 307.955.322.880 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 307.837.960.192 Bytes frei
.
- - End Of File - - 0D280481D3FA0D4CC83DA164D6E1D95D
Dann habe ich gemerkt, dass der Windows Defender an war während Comnofix lief, hab den Defender Aus gemacht und Combofix nochmal laufen lassen: Combofix Logfile: Code:
ATTFilter ComboFix 12-07-16.01 - xxxx xxxxx 17.07.2012 12:20:14.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3767.2315 [GMT 2:00]
ausgeführt von:: c:\users\xxxx xxxxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-17 bis 2012-07-17 ))))))))))))))))))))))))))))))
.
.
2012-07-17 10:23 . 2012-07-17 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 19:46 . 2012-07-15 19:46 -------- d-----w- C:\_OTL
2012-07-13 20:13 . 2012-07-13 20:13 -------- d-----w- c:\program files (x86)\ESET
2012-07-13 15:33 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18C86E3E-2C1A-4677-A04D-3591DDB2C790}\mpengine.dll
2012-07-12 09:55 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 07:22 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 07:22 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-04 20:59 . 2012-07-04 20:59 -------- d-----w- c:\users\xxxx xxxxx\AppData\Local\Skyrim
2012-07-04 18:07 . 2012-07-17 07:27 -------- d-----w- c:\program files (x86)\Steam
2012-07-04 18:07 . 2012-07-04 18:32 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-04 12:07 . 2012-07-04 12:07 -------- d--h--w- c:\programdata\Common Files
2012-07-04 12:07 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-07-04 12:07 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-07-04 12:06 . 2012-07-04 12:07 -------- d-----w- c:\program files (x86)\PDFCreator
2012-07-04 12:06 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2012-07-04 12:06 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2012-07-04 12:06 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2012-07-04 12:06 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-07-04 12:03 . 2012-06-15 04:51 95232 ----a-w- c:\windows\system32\pdfcmon.dll
2012-07-02 22:58 . 2012-07-02 22:58 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-02 21:39 . 2012-07-02 21:39 -------- d-----w- c:\users\xxxx xxxxx\AppData\Roaming\Malwarebytes
2012-07-02 21:39 . 2012-07-02 21:39 -------- d-----w- c:\programdata\Malwarebytes
2012-07-02 21:39 . 2012-07-02 21:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 21:39 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 08:03 . 2012-06-24 08:03 -------- d-----w- c:\users\xxxx xxxxx\AppData\Local\Macromedia
2012-06-21 05:26 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 05:26 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 05:26 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 05:26 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 05:26 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 05:26 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 05:26 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 05:26 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 05:26 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 21:40 . 2012-06-19 21:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-19 21:40 . 2012-06-19 21:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 09:48 . 2012-04-15 14:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 09:48 . 2012-01-12 22:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-02 22:58 . 2012-02-28 15:05 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-15 03:56 . 2012-06-13 05:31 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:08 . 2012-06-13 05:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-14 13:52 . 2012-01-17 20:18 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-14 13:52 . 2012-01-17 20:18 139360 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-05-14 13:52 . 2012-01-17 20:18 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-14 13:52 . 2012-01-17 20:18 114128 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-05-04 10:52 . 2012-06-13 05:31 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 05:31 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 05:31 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-13 05:31 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 05:31 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 05:31 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 05:31 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 05:31 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 05:31 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 05:31 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 05:31 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 05:31 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 05:31 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 05:31 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-20 06:22 . 2012-06-13 05:31 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-20 05:05 . 2012-06-13 05:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-20 05:00 . 2012-06-13 05:31 482816 ----a-w- c:\windows\system32\html.iec
2012-04-20 04:15 . 2012-06-13 05:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-20 03:58 . 2012-06-13 05:31 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-04-20 03:24 . 2012-06-13 05:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-17_10.07.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-01-12 19:45 . 2012-07-17 09:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-12 19:45 . 2012-07-17 10:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-12 19:45 . 2012-07-17 10:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-12 19:45 . 2012-07-17 09:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-01-16 3462552]
"SimpleSYN.NET"="c:\program files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe" [2011-06-21 2275696]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-07-04 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2011-02-17 124136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-07-29 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-07-29 295072]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-07-29 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-07-29 51872]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-07-29 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-07-29 270496]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys [2011-09-20 183104]
R3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys [2011-09-20 47168]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 usbkey;USB Dongle;c:\windows\system32\DRIVERS\USBKey64.sys [2012-01-16 38496]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-07-29 52896]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-05-14 139360]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-20 203264]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-14 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-12-20 148104]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2009-03-03 296400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-20 6856704]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-20 264704]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-05-14 114128]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-07-29 28832]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-10-20 10331840]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-18 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2010-04-28 02:47]
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-12-19 18:46 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-20 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-20 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-20 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-13 2103912]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-07-29 594080]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-07-29 377504]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2782096]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Download aller Links mit IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{7F66CAB7-3D90-4CF2-A86C-94A6431474BB}: NameServer = 130.75.1.32,130.75.1.40
FF - ProfilePath - c:\users\xxxx xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bild4i5m.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,ff,7b,bf,d7,5f,b4,0b,d9,1a,03,12,1d,71,8b,a0,53,ca,0f,f4,33,
8b,2f,75,5c,60,87,6c,1c,5b,30,b6,4d,79,52,2b,34,63,25,78,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{95fef388-361b-4e2e-92ff-1fc552c6a1a3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000085
"Therad"=dword:0000001b
"MData"=hex(0):20,35,e9,2b,74,59,03,68,be,b2,5b,74,b4,62,9e,77,fc,22,df,59,02,
94,28,03,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-17 12:24:59
ComboFix-quarantined-files.txt 2012-07-17 10:24
.
Vor Suchlauf: 15 Verzeichnis(se), 307.901.198.336 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 307.711.479.808 Bytes frei
.
- - End Of File - - BEFB51BDD65641397A468E56BAF895A5
Wie geht´s weiter? Viele Grüße, Dirk |
|
18.07.2012, 15:42
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.07.2012, 19:47
| #20 |
| | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Das GMER.log: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-18 18:46:45
Windows 6.1.7600
Running: yyq9y06i.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46a95ca8a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46a95ca8a (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Das OSAM.log: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:57:52 on 18.07.2012 OS: Windows 7 Home Premium Edition (Build 7600), 64-bit Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Acer Registration - Data Sending task.job" - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREG.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office14\MLCFG32.CPL "Nero BackItUp and BurnRights" - "Nero AG" - C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BurnRights\NeroBurnRights_bb.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AvFw Packet Filter Miniport" (avfwim) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avfwim.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "IDMWFP" (IDMWFP) - "Tonec Inc." - C:\Windows\System32\DRIVERS\idmwfp.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office14\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-win32.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll {0055C089-8582-441B-A0BF-17B458C2A3A8} "IDM integration (IDMIEHlprObj Class)" - "Internet Download Manager, Tonec Inc." - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "IDMan" - "Tonec Inc." - C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot "SimpleSYN.NET" - "creativbox.net, Torsten Leithold & Georg von Kries GbR" - "C:\Program Files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe" "Steam" - "Valve Corporation" - "C:\Program Files (x86)\Steam\Steam.exe" -silent -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ArcadeMovieService" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "CanonSolutionMenuEx" - "CANON INC." - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon "IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe "MDS_Menu" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMN6PPM.DLL "HP Discovery Port Monitor (HP Deskjet 3050 J610 series)" - "Hewlett-Packard Co." - C:\Windows\system32\HPDiscoPM9311.dll "pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll "RICOH Language Monitor2" - "RICOH CO.,Ltd." - C:\Windows\system32\rc4mon64.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe "Acer ODD Power Service" (ODDPwrSvc) - "Acer Incorporated" - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe "Avira FireWall" (AntiVirFirewallService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe "Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\PSIA.exe "Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\sua.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe "TurboBoost" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe "Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe "WTGService" (WTGService) - ? - C:\Program Files (x86)\Verbindungsassistent\WTGService.exe (File found, but it contains no detailed information) [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\System32\Acer.scr [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== --- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-18 19:13:15
-----------------------------
19:13:15.998 OS Version: Windows x64 6.1.7600
19:13:15.998 Number of processors: 4 586 0x2505
19:13:15.998 ComputerName: xxxxxxxxx-PC UserName: xxxx xxxxx
19:13:17.044 Initialize success
19:13:21.006 AVAST engine defs: 12071800
19:13:27.698 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:13:27.714 Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 715404MB BusType: 3
19:13:27.730 Disk 0 MBR read successfully
19:13:27.730 Disk 0 MBR scan
19:13:27.745 Disk 0 Windows 7 default MBR code
19:13:27.745 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16000 MB offset 2048
19:13:27.776 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 32770048
19:13:27.792 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 349453 MB offset 32974848
19:13:27.823 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 349849 MB offset 748654592
19:13:27.839 Disk 0 scanning C:\Windows\system32\drivers
19:13:38.072 Service scanning
19:13:58.056 Modules scanning
19:13:58.056 Disk 0 trace - called modules:
19:13:58.087 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:13:58.087 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069c3060]
19:13:58.087 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049a3050]
19:13:58.103 Scan finished successfully
19:14:12.720 Disk 0 MBR has been saved successfully to "C:\Users\xxxx xxxxx\Desktop\MBR.dat"
19:14:12.720 The log file has been saved successfully to "C:\Users\xxxx xxxxx\Desktop\aswMBR.txt"
Dirk |
|
19.07.2012, 11:11
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? |
|
19.07.2012, 21:52
| #22 |
| | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Das Malwarebyte Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.19.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 xxxx xxxxx :: xxxxxxxxx-PC [Administrator] 19.07.2012 12:43:22 mbam-log-2012-07-19 (12-43-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 333594 Laufzeit: 31 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/19/2012 at 04:53 PM
Application Version : 5.5.1006
Core Rules Database Version : 8924
Trace Rules Database Version: 6736
Scan type : Complete Scan
Total Scan Time : 01:17:09
Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User
Memory items scanned : 705
Memory threats detected : 0
Registry items scanned : 65625
Registry threats detected : 0
File items scanned : 150239
File threats detected : 34
Adware.Tracking Cookie
C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\TAMP3IAE.txt [ /fastclick.net ]
C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\MI5TGJAB.txt [ /ad.yieldmanager.com ]
C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\5WES2EBW.txt [ /atdmt.com ]
C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\35KCSXLE.txt [ /doubleclick.net ]
C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\ABG74ZZF.txt [ /c.atdmt.com ]
C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\T3YBU0K2.txt [ /msnportal.112.2o7.net ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@invitemedia[2].txt [ Cookie:xxxx xxxxx@invitemedia.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@perfectadserver[1].txt [ Cookie:xxxx xxxxx@perfectadserver.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adx.chip[1].txt [ Cookie:xxxx xxxxx@adx.chip.de/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@www.adserver[1].txt [ Cookie:xxxx xxxxx@www.adserver.bz/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad.yieldmanager[2].txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@revsci[1].txt [ Cookie:xxxx xxxxx@revsci.net/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2D8K0VV.txt [ Cookie:xxxx xxxxx@apmebf.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@doubleclick[1].txt [ Cookie:xxxx xxxxx@doubleclick.net/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP2VJAUQ.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adxpansion[2].txt [ Cookie:xxxx xxxxx@adxpansion.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@zedo[1].txt [ Cookie:xxxx xxxxx@zedo.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\A617VEFO.txt [ Cookie:xxxx xxxxx@overture.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@adfarm1.adition.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@exoclick[2].txt [ Cookie:xxxx xxxxx@exoclick.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@specificclick[1].txt [ Cookie:xxxx xxxxx@specificclick.net/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ru4[2].txt [ Cookie:xxxx xxxxx@ru4.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad2.adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@ad2.adfarm1.adition.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZQRDA07.txt [ Cookie:xxxx xxxxx@mediaplex.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@imrworldwide[2].txt [ Cookie:xxxx xxxxx@imrworldwide.com/cgi-bin ]
C:\USERS\xxxx xxxxx\Cookies\TAMP3IAE.txt [ Cookie:xxxx xxxxx@fastclick.net/ ]
C:\USERS\xxxx xxxxx\Cookies\MI5TGJAB.txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ]
C:\USERS\xxxx xxxxx\Cookies\35KCSXLE.txt [ Cookie:xxxx xxxxx@doubleclick.net/ ]
C:\USERS\xxxx xxxxx\Cookies\ABG74ZZF.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ]
C:\USERS\xxxx xxxxx\Cookies\T3YBU0K2.txt [ Cookie:xxxx xxxxx@msnportal.112.2o7.net/ ]
C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.FLING[2].TXT [ /ADS.FLING ]
C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS2.ZEUSCLICKS[1].TXT [ /ADS2.ZEUSCLICKS ]
C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.CREATIVE-SERVING[1].TXT [ /ADS.CREATIVE-SERVING ]
C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
|
|
19.07.2012, 22:23
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist?Zitat:
 Kannst du SUPERAntiSpyware per Rechtsklick als Adminstrator ausführen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.07.2012, 07:55
| #24 |
| | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Sorry, hier das ganze als Admin: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/20/2012 at 02:18 AM
Application Version : 5.5.1006
Core Rules Database Version : 8924
Trace Rules Database Version: 6736
Scan type : Complete Scan
Total Scan Time : 01:18:04
Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Administrator
Memory items scanned : 704
Memory threats detected : 0
Registry items scanned : 65734
Registry threats detected : 0
File items scanned : 150290
File threats detected : 34
Adware.Tracking Cookie
C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\TAMP3IAE.txt [ /fastclick.net ]
C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\MI5TGJAB.txt [ /ad.yieldmanager.com ]
C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\5WES2EBW.txt [ /atdmt.com ]
C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\35KCSXLE.txt [ /doubleclick.net ]
C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\ABG74ZZF.txt [ /c.atdmt.com ]
C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\T3YBU0K2.txt [ /msnportal.112.2o7.net ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@invitemedia[2].txt [ Cookie:xxxx xxxxx@invitemedia.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@perfectadserver[1].txt [ Cookie:xxxx xxxxx@perfectadserver.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adx.chip[1].txt [ Cookie:xxxx xxxxx@adx.chip.de/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@www.adserver[1].txt [ Cookie:xxxx xxxxx@www.adserver.bz/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad.yieldmanager[2].txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@revsci[1].txt [ Cookie:xxxx xxxxx@revsci.net/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2D8K0VV.txt [ Cookie:xxxx xxxxx@apmebf.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@doubleclick[1].txt [ Cookie:xxxx xxxxx@doubleclick.net/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP2VJAUQ.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adxpansion[2].txt [ Cookie:xxxx xxxxx@adxpansion.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@zedo[1].txt [ Cookie:xxxx xxxxx@zedo.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\A617VEFO.txt [ Cookie:xxxx xxxxx@overture.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@adfarm1.adition.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@exoclick[2].txt [ Cookie:xxxx xxxxx@exoclick.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@specificclick[1].txt [ Cookie:xxxx xxxxx@specificclick.net/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ru4[2].txt [ Cookie:xxxx xxxxx@ru4.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad2.adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@ad2.adfarm1.adition.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZQRDA07.txt [ Cookie:xxxx xxxxx@mediaplex.com/ ]
C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@imrworldwide[2].txt [ Cookie:xxxx xxxxx@imrworldwide.com/cgi-bin ]
C:\USERS\xxxx xxxxx\Cookies\TAMP3IAE.txt [ Cookie:xxxx xxxxx@fastclick.net/ ]
C:\USERS\xxxx xxxxx\Cookies\MI5TGJAB.txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ]
C:\USERS\xxxx xxxxx\Cookies\35KCSXLE.txt [ Cookie:xxxx xxxxx@doubleclick.net/ ]
C:\USERS\xxxx xxxxx\Cookies\ABG74ZZF.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ]
C:\USERS\xxxx xxxxx\Cookies\T3YBU0K2.txt [ Cookie:xxxx xxxxx@msnportal.112.2o7.net/ ]
C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.FLING[2].TXT [ /ADS.FLING ]
C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS2.ZEUSCLICKS[1].TXT [ /ADS2.ZEUSCLICKS ]
C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.CREATIVE-SERVING[1].TXT [ /ADS.CREATIVE-SERVING ]
C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
|
|
20.07.2012, 15:55
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2012, 12:02
| #26 |
| | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Servus, das System läuft zurzeit einwandfrei. Danke für die Hinweise mit den Cookies. Hätte nochmal ne Frage zum Infektionsweg: Hatte festgestellt, dass zum Zeitpunkt der Infektion Java und Flashplayer nicht auf dem neuesten Stand waren, das sind doch wahrscheinlich die wahrscheinlichsten Kandidaten, oder? Flashplayer ist jetzt aktuell, Java habe ich deinstalliert (wie kann ich sicher gehen, das das wirklich komplett weg ist?) Hast du ev. sonst noch Tips für die Zukunft? Gruß Dirk |
|
23.07.2012, 14:28
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? |
| 0_0u_l.exe, administrator, affiliate.downloader, anti-malware, avira, betriebssystem, bild, booten, datei, datei gelöscht, dateien, dateisystem, explorer, folge, gelöscht, gvu/bka, heuristiks/extra, heuristiks/shuriken, internet, löschen, neuinstallation, nicht mehr, prüfen, quarantäne, registry, sicherstellen, speicher, starten, system, test, trojaner, version, webcam |
Linear-Darstellung
