| |
| |||||||
Log-Analyse und Auswertung: S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
14.07.2012, 12:33
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.07.03 20:05:20 | 000,000,136 | ---- | M] () -- C:\ProgramData\-MYC7NlSPONnkXcr
[2012.07.03 20:05:20 | 000,000,000 | ---- | M] () -- C:\ProgramData\-MYC7NlSPONnkXc
[2012.07.03 20:05:08 | 000,000,256 | ---- | M] () -- C:\ProgramData\MYC7NlSPONnkXc
:Files
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.07.2012, 15:45
| #2 |
 | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\ProgramData\-MYC7NlSPONnkXcr moved successfully.
C:\ProgramData\-MYC7NlSPONnkXc moved successfully.
C:\ProgramData\MYC7NlSPONnkXc moved successfully.
========== FILES ==========
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 75 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mathias
->Temp folder emptied: 248193753 bytes
->Temporary Internet Files folder emptied: 374308796 bytes
->FireFox cache emptied: 347752645 bytes
->Flash cache emptied: 2980 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119939370 bytes
RecycleBin emptied: 233239941 bytes
Total Files Cleaned = 1.262,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Mathias
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.0 log created on 07142012_161932
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
14.07.2012, 16:12
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
15.07.2012, 12:21
| #4 |
| | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?Code:
ATTFilter 13:18:37.0598 4060 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
13:18:37.0770 4060 ============================================================
13:18:37.0770 4060 Current date / time: 2012/07/15 13:18:37.0770
13:18:37.0770 4060 SystemInfo:
13:18:37.0770 4060
13:18:37.0770 4060 OS Version: 6.1.7600 ServicePack: 0.0
13:18:37.0770 4060 Product type: Workstation
13:18:37.0770 4060 ComputerName: MATHIAS-LAPTOP
13:18:37.0770 4060 UserName: Mathias
13:18:37.0770 4060 Windows directory: C:\Windows
13:18:37.0770 4060 System windows directory: C:\Windows
13:18:37.0770 4060 Processor architecture: Intel x86
13:18:37.0770 4060 Number of processors: 2
13:18:37.0770 4060 Page size: 0x1000
13:18:37.0770 4060 Boot type: Normal boot
13:18:37.0770 4060 ============================================================
13:18:38.0332 4060 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:18:38.0332 4060 ============================================================
13:18:38.0332 4060 \Device\Harddisk0\DR0:
13:18:38.0332 4060 MBR partitions:
13:18:38.0332 4060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000
13:18:38.0332 4060 ============================================================
13:18:38.0347 4060 C: <-> \Device\Harddisk0\DR0\Partition0
13:18:38.0347 4060 ============================================================
13:18:38.0347 4060 Initialize success
13:18:38.0347 4060 ============================================================
13:18:53.0854 3656 ============================================================
13:18:53.0854 3656 Scan started
13:18:53.0854 3656 Mode: Manual; SigCheck; TDLFS;
13:18:53.0854 3656 ============================================================
13:18:54.0353 3656 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
13:18:54.0493 3656 1394ohci - ok
13:18:54.0556 3656 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
13:18:54.0587 3656 ACPI - ok
13:18:54.0665 3656 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
13:18:54.0712 3656 AcpiPmi - ok
13:18:54.0852 3656 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:18:54.0868 3656 AdobeFlashPlayerUpdateSvc - ok
13:18:54.0961 3656 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:18:55.0008 3656 adp94xx - ok
13:18:55.0071 3656 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:18:55.0102 3656 adpahci - ok
13:18:55.0117 3656 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:18:55.0133 3656 adpu320 - ok
13:18:55.0180 3656 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:18:55.0242 3656 AeLookupSvc - ok
13:18:55.0336 3656 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
13:18:55.0414 3656 AFD - ok
13:18:55.0445 3656 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
13:18:55.0476 3656 agp440 - ok
13:18:55.0554 3656 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:18:55.0585 3656 aic78xx - ok
13:18:55.0663 3656 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:18:55.0741 3656 ALG - ok
13:18:55.0773 3656 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
13:18:55.0804 3656 aliide - ok
13:18:55.0866 3656 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
13:18:55.0944 3656 AMD External Events Utility - ok
13:18:55.0944 3656 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
13:18:55.0960 3656 amdagp - ok
13:18:55.0975 3656 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
13:18:55.0991 3656 amdide - ok
13:18:56.0022 3656 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:18:56.0085 3656 AmdK8 - ok
13:18:56.0085 3656 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:18:56.0163 3656 AmdPPM - ok
13:18:56.0225 3656 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
13:18:56.0256 3656 amdsata - ok
13:18:56.0303 3656 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:18:56.0334 3656 amdsbs - ok
13:18:56.0350 3656 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
13:18:56.0365 3656 amdxata - ok
13:18:56.0506 3656 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:18:56.0521 3656 AntiVirSchedulerService - ok
13:18:56.0615 3656 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:18:56.0631 3656 AntiVirService - ok
13:18:56.0724 3656 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:18:56.0755 3656 AntiVirWebService - ok
13:18:56.0818 3656 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
13:18:56.0911 3656 AppID - ok
13:18:57.0005 3656 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:18:57.0161 3656 AppIDSvc - ok
13:18:57.0161 3656 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
13:18:57.0192 3656 Appinfo - ok
13:18:57.0317 3656 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:18:57.0317 3656 Apple Mobile Device - ok
13:18:57.0379 3656 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:18:57.0395 3656 arc - ok
13:18:57.0426 3656 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:18:57.0442 3656 arcsas - ok
13:18:57.0504 3656 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:18:57.0613 3656 AsyncMac - ok
13:18:57.0691 3656 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
13:18:57.0723 3656 atapi - ok
13:18:57.0847 3656 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
13:18:57.0925 3656 athr - ok
13:18:58.0378 3656 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
13:18:58.0581 3656 atikmdag - ok
13:18:58.0768 3656 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
13:18:58.0846 3656 AudioEndpointBuilder - ok
13:18:58.0846 3656 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
13:18:58.0893 3656 Audiosrv - ok
13:18:58.0986 3656 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
13:18:59.0017 3656 avgntflt - ok
13:18:59.0080 3656 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
13:18:59.0095 3656 avipbb - ok
13:18:59.0220 3656 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
13:18:59.0236 3656 avkmgr - ok
13:18:59.0345 3656 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
13:18:59.0392 3656 AxInstSV - ok
13:18:59.0501 3656 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:18:59.0610 3656 b06bdrv - ok
13:18:59.0704 3656 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:18:59.0751 3656 b57nd60x - ok
13:18:59.0844 3656 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:18:59.0922 3656 BDESVC - ok
13:18:59.0985 3656 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:19:00.0031 3656 Beep - ok
13:19:00.0094 3656 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
13:19:00.0156 3656 BFE - ok
13:19:00.0234 3656 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
13:19:00.0312 3656 BITS - ok
13:19:00.0328 3656 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:19:00.0359 3656 blbdrive - ok
13:19:00.0484 3656 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
13:19:00.0515 3656 Bonjour Service - ok
13:19:00.0593 3656 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
13:19:00.0624 3656 bowser - ok
13:19:00.0655 3656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:19:00.0687 3656 BrFiltLo - ok
13:19:00.0702 3656 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:19:00.0718 3656 BrFiltUp - ok
13:19:00.0780 3656 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
13:19:00.0843 3656 Browser - ok
13:19:00.0874 3656 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:19:00.0936 3656 Brserid - ok
13:19:00.0952 3656 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:19:01.0014 3656 BrSerWdm - ok
13:19:01.0014 3656 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:19:01.0061 3656 BrUsbMdm - ok
13:19:01.0077 3656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:19:01.0108 3656 BrUsbSer - ok
13:19:01.0108 3656 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:19:01.0139 3656 BTHMODEM - ok
13:19:01.0201 3656 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:19:01.0248 3656 bthserv - ok
13:19:01.0295 3656 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:19:01.0357 3656 cdfs - ok
13:19:01.0435 3656 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
13:19:01.0467 3656 cdrom - ok
13:19:01.0529 3656 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
13:19:01.0591 3656 CertPropSvc - ok
13:19:01.0607 3656 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:19:01.0623 3656 circlass - ok
13:19:01.0669 3656 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:19:01.0701 3656 CLFS - ok
13:19:01.0872 3656 CLHNService (2b272d0a6e5071829b516ffdc7f841ca) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
13:19:01.0888 3656 CLHNService - ok
13:19:02.0044 3656 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:19:02.0059 3656 clr_optimization_v2.0.50727_32 - ok
13:19:02.0153 3656 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:19:02.0169 3656 clr_optimization_v4.0.30319_32 - ok
13:19:02.0200 3656 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:19:02.0231 3656 CmBatt - ok
13:19:02.0262 3656 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
13:19:02.0278 3656 cmdide - ok
13:19:02.0340 3656 CNG (db5e008b3744dd60c8498cbbf2a1cfa6) C:\Windows\system32\Drivers\cng.sys
13:19:02.0403 3656 CNG - ok
13:19:02.0465 3656 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:19:02.0481 3656 Compbatt - ok
13:19:02.0559 3656 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:19:02.0590 3656 CompositeBus - ok
13:19:02.0605 3656 COMSysApp - ok
13:19:02.0637 3656 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:19:02.0652 3656 crcdisk - ok
13:19:02.0777 3656 CryptSvc (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll
13:19:02.0839 3656 CryptSvc - ok
13:19:02.0902 3656 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
13:19:02.0949 3656 DcomLaunch - ok
13:19:02.0995 3656 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:19:03.0073 3656 defragsvc - ok
13:19:03.0120 3656 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
13:19:03.0167 3656 DfsC - ok
13:19:03.0261 3656 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
13:19:03.0307 3656 Dhcp - ok
13:19:03.0339 3656 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:19:03.0417 3656 discache - ok
13:19:03.0479 3656 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:19:03.0495 3656 Disk - ok
13:19:03.0588 3656 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
13:19:03.0604 3656 DKbFltr - ok
13:19:03.0635 3656 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
13:19:03.0729 3656 Dnscache - ok
13:19:03.0791 3656 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
13:19:03.0853 3656 dot3svc - ok
13:19:03.0869 3656 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
13:19:03.0916 3656 DPS - ok
13:19:03.0978 3656 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:19:04.0009 3656 drmkaud - ok
13:19:04.0087 3656 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
13:19:04.0165 3656 DXGKrnl - ok
13:19:04.0197 3656 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:19:04.0228 3656 EapHost - ok
13:19:04.0524 3656 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:19:04.0680 3656 ebdrv - ok
13:19:04.0836 3656 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
13:19:04.0899 3656 EFS - ok
13:19:05.0023 3656 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
13:19:05.0117 3656 ehRecvr - ok
13:19:05.0148 3656 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:19:05.0195 3656 ehSched - ok
13:19:05.0320 3656 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:19:05.0367 3656 elxstor - ok
13:19:05.0523 3656 ePowerSvc (9bf5d9a187a5ca392c0dda4197092a8f) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
13:19:05.0554 3656 ePowerSvc - ok
13:19:05.0569 3656 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
13:19:05.0601 3656 ErrDev - ok
13:19:05.0694 3656 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:19:05.0757 3656 EventSystem - ok
13:19:05.0835 3656 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:19:05.0913 3656 exfat - ok
13:19:05.0944 3656 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:19:06.0006 3656 fastfat - ok
13:19:06.0069 3656 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
13:19:06.0131 3656 Fax - ok
13:19:06.0131 3656 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:19:06.0162 3656 fdc - ok
13:19:06.0178 3656 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:19:06.0256 3656 fdPHost - ok
13:19:06.0303 3656 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:19:06.0365 3656 FDResPub - ok
13:19:06.0396 3656 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:19:06.0412 3656 FileInfo - ok
13:19:06.0427 3656 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:19:06.0474 3656 Filetrace - ok
13:19:06.0490 3656 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:19:06.0521 3656 flpydisk - ok
13:19:06.0568 3656 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:19:06.0599 3656 FltMgr - ok
13:19:06.0724 3656 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
13:19:06.0786 3656 FontCache - ok
13:19:06.0911 3656 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:19:06.0927 3656 FontCache3.0.0.0 - ok
13:19:06.0958 3656 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:19:06.0973 3656 FsDepends - ok
13:19:07.0005 3656 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
13:19:07.0020 3656 Fs_Rec - ok
13:19:07.0098 3656 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
13:19:07.0129 3656 fvevol - ok
13:19:07.0207 3656 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:19:07.0223 3656 gagp30kx - ok
13:19:07.0254 3656 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:19:07.0270 3656 GEARAspiWDM - ok
13:19:07.0317 3656 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
13:19:07.0363 3656 gpsvc - ok
13:19:07.0395 3656 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:19:07.0441 3656 hcw85cir - ok
13:19:07.0504 3656 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:19:07.0535 3656 HDAudBus - ok
13:19:07.0551 3656 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:19:07.0582 3656 HidBatt - ok
13:19:07.0597 3656 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:19:07.0644 3656 HidBth - ok
13:19:07.0660 3656 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:19:07.0707 3656 HidIr - ok
13:19:07.0738 3656 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
13:19:07.0785 3656 hidserv - ok
13:19:07.0816 3656 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
13:19:07.0847 3656 HidUsb - ok
13:19:07.0878 3656 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
13:19:07.0941 3656 hkmsvc - ok
13:19:07.0972 3656 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
13:19:08.0034 3656 HomeGroupListener - ok
13:19:08.0112 3656 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
13:19:08.0175 3656 HomeGroupProvider - ok
13:19:08.0221 3656 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:19:08.0253 3656 HpSAMD - ok
13:19:08.0331 3656 HsfXAudioService (1e7c79cbaf71aa92e0eee924907dcb55) C:\Windows\system32\XAudio32.dll
13:19:08.0377 3656 HsfXAudioService - ok
13:19:08.0487 3656 HSF_DPV (efed6bd9b9d5f407adca918bbe2d410d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:19:08.0549 3656 HSF_DPV - ok
13:19:08.0580 3656 HSXHWAZL (c2eb8396c46e13f76037d70eae8820a9) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:19:08.0611 3656 HSXHWAZL - ok
13:19:08.0705 3656 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
13:19:08.0767 3656 HTTP - ok
13:19:08.0767 3656 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
13:19:08.0783 3656 hwpolicy - ok
13:19:08.0845 3656 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
13:19:08.0877 3656 i8042prt - ok
13:19:08.0923 3656 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
13:19:08.0986 3656 iaStor - ok
13:19:09.0079 3656 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
13:19:09.0157 3656 iaStorV - ok
13:19:09.0345 3656 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:19:09.0423 3656 idsvc - ok
13:19:09.0485 3656 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:19:09.0501 3656 iirsp - ok
13:19:09.0610 3656 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
13:19:09.0688 3656 IKEEXT - ok
13:19:09.0953 3656 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
13:19:10.0078 3656 IntcAzAudAddService - ok
13:19:10.0312 3656 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
13:19:10.0327 3656 intelide - ok
13:19:10.0374 3656 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:19:10.0405 3656 intelppm - ok
13:19:10.0437 3656 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:19:10.0515 3656 IPBusEnum - ok
13:19:10.0515 3656 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:19:10.0561 3656 IpFilterDriver - ok
13:19:10.0639 3656 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
13:19:10.0717 3656 iphlpsvc - ok
13:19:10.0733 3656 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:19:10.0749 3656 IPMIDRV - ok
13:19:10.0749 3656 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:19:10.0795 3656 IPNAT - ok
13:19:10.0936 3656 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
13:19:10.0967 3656 iPod Service - ok
13:19:11.0045 3656 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:19:11.0092 3656 IRENUM - ok
13:19:11.0107 3656 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
13:19:11.0123 3656 isapnp - ok
13:19:11.0170 3656 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
13:19:11.0201 3656 iScsiPrt - ok
13:19:11.0279 3656 k57nd60x (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
13:19:11.0341 3656 k57nd60x - ok
13:19:11.0404 3656 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:19:11.0419 3656 kbdclass - ok
13:19:11.0466 3656 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
13:19:11.0513 3656 kbdhid - ok
13:19:11.0529 3656 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
13:19:11.0544 3656 KeyIso - ok
13:19:11.0591 3656 KSecDD (52fc17c8589f11747d01d3cf592673d0) C:\Windows\system32\Drivers\ksecdd.sys
13:19:11.0607 3656 KSecDD - ok
13:19:11.0653 3656 KSecPkg (3e5474b03568cfab834da3c38e8c9efa) C:\Windows\system32\Drivers\ksecpkg.sys
13:19:11.0669 3656 KSecPkg - ok
13:19:11.0716 3656 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:19:11.0763 3656 KtmRm - ok
13:19:11.0825 3656 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
13:19:11.0872 3656 LanmanServer - ok
13:19:11.0903 3656 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
13:19:11.0934 3656 LanmanWorkstation - ok
13:19:12.0012 3656 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:19:12.0075 3656 lltdio - ok
13:19:12.0153 3656 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:19:12.0215 3656 lltdsvc - ok
13:19:12.0231 3656 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:19:12.0262 3656 lmhosts - ok
13:19:12.0309 3656 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:19:12.0324 3656 LSI_FC - ok
13:19:12.0340 3656 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:19:12.0355 3656 LSI_SAS - ok
13:19:12.0355 3656 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:19:12.0371 3656 LSI_SAS2 - ok
13:19:12.0387 3656 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:19:12.0402 3656 LSI_SCSI - ok
13:19:12.0449 3656 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:19:12.0511 3656 luafv - ok
13:19:12.0543 3656 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
13:19:12.0558 3656 Mcx2Svc - ok
13:19:12.0605 3656 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:19:12.0652 3656 mdmxsdk - ok
13:19:12.0699 3656 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:19:12.0714 3656 megasas - ok
13:19:12.0730 3656 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:19:12.0745 3656 MegaSR - ok
13:19:12.0808 3656 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:19:12.0870 3656 MMCSS - ok
13:19:12.0886 3656 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:19:12.0964 3656 Modem - ok
13:19:12.0995 3656 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:19:13.0026 3656 monitor - ok
13:19:13.0073 3656 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:19:13.0089 3656 mouclass - ok
13:19:13.0151 3656 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:19:13.0198 3656 mouhid - ok
13:19:13.0213 3656 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
13:19:13.0229 3656 mountmgr - ok
13:19:13.0401 3656 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:19:13.0432 3656 MozillaMaintenance - ok
13:19:13.0494 3656 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
13:19:13.0572 3656 mpio - ok
13:19:13.0588 3656 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:19:13.0666 3656 mpsdrv - ok
13:19:13.0713 3656 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
13:19:13.0806 3656 MpsSvc - ok
13:19:13.0822 3656 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
13:19:13.0837 3656 MRxDAV - ok
13:19:13.0915 3656 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:19:13.0978 3656 mrxsmb - ok
13:19:14.0025 3656 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:19:14.0040 3656 mrxsmb10 - ok
13:19:14.0071 3656 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:19:14.0071 3656 mrxsmb20 - ok
13:19:14.0118 3656 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
13:19:14.0118 3656 msahci - ok
13:19:14.0165 3656 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
13:19:14.0181 3656 msdsm - ok
13:19:14.0227 3656 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:19:14.0274 3656 MSDTC - ok
13:19:14.0305 3656 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:19:14.0352 3656 Msfs - ok
13:19:14.0368 3656 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:19:14.0399 3656 mshidkmdf - ok
13:19:14.0415 3656 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
13:19:14.0415 3656 msisadrv - ok
13:19:14.0477 3656 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:19:14.0539 3656 MSiSCSI - ok
13:19:14.0555 3656 msiserver - ok
13:19:14.0586 3656 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:19:14.0633 3656 MSKSSRV - ok
13:19:14.0664 3656 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:19:14.0758 3656 MSPCLOCK - ok
13:19:14.0758 3656 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:19:14.0789 3656 MSPQM - ok
13:19:14.0820 3656 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:19:14.0851 3656 MsRPC - ok
13:19:14.0898 3656 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
13:19:14.0914 3656 mssmbios - ok
13:19:14.0929 3656 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:19:14.0961 3656 MSTEE - ok
13:19:14.0976 3656 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:19:14.0992 3656 MTConfig - ok
13:19:15.0023 3656 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:19:15.0039 3656 Mup - ok
13:19:15.0101 3656 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
13:19:15.0117 3656 mwlPSDFilter - ok
13:19:15.0132 3656 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
13:19:15.0148 3656 mwlPSDNServ - ok
13:19:15.0163 3656 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
13:19:15.0179 3656 mwlPSDVDisk - ok
13:19:15.0304 3656 MWLService (fd257cd94057d02108b954156d7b2770) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
13:19:15.0335 3656 MWLService - ok
13:19:15.0366 3656 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
13:19:15.0429 3656 napagent - ok
13:19:15.0507 3656 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:19:15.0569 3656 NativeWifiP - ok
13:19:15.0663 3656 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
13:19:15.0725 3656 NDIS - ok
13:19:15.0803 3656 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:19:15.0850 3656 NdisCap - ok
13:19:15.0943 3656 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:19:15.0990 3656 NdisTapi - ok
13:19:16.0068 3656 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
13:19:16.0115 3656 Ndisuio - ok
13:19:16.0131 3656 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
13:19:16.0177 3656 NdisWan - ok
13:19:16.0193 3656 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
13:19:16.0240 3656 NDProxy - ok
13:19:16.0287 3656 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:19:16.0333 3656 NetBIOS - ok
13:19:16.0365 3656 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
13:19:16.0396 3656 NetBT - ok
13:19:16.0427 3656 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
13:19:16.0443 3656 Netlogon - ok
13:19:16.0536 3656 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:19:16.0599 3656 Netman - ok
13:19:16.0677 3656 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:19:16.0723 3656 netprofm - ok
13:19:16.0848 3656 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:19:16.0879 3656 NetTcpPortSharing - ok
13:19:16.0973 3656 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:19:16.0989 3656 nfrd960 - ok
13:19:17.0020 3656 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
13:19:17.0051 3656 NlaSvc - ok
13:19:17.0082 3656 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:19:17.0113 3656 Npfs - ok
13:19:17.0129 3656 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:19:17.0160 3656 nsi - ok
13:19:17.0176 3656 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:19:17.0223 3656 nsiproxy - ok
13:19:17.0347 3656 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
13:19:17.0425 3656 Ntfs - ok
13:19:17.0550 3656 NTI IScheduleSvc (944e3911888b9fffd843b91c8abbd3f6) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
13:19:17.0566 3656 NTI IScheduleSvc - ok
13:19:17.0613 3656 NTIBackupSvc (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
13:19:17.0613 3656 NTIBackupSvc - ok
13:19:17.0753 3656 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
13:19:17.0769 3656 NTIDrvr - ok
13:19:17.0800 3656 NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
13:19:17.0815 3656 NTISchedulerSvc - ok
13:19:17.0847 3656 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:19:17.0878 3656 Null - ok
13:19:17.0940 3656 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
13:19:18.0003 3656 nvraid - ok
13:19:18.0049 3656 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
13:19:18.0065 3656 nvstor - ok
13:19:18.0081 3656 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
13:19:18.0096 3656 nv_agp - ok
13:19:18.0268 3656 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:19:18.0330 3656 odserv - ok
13:19:18.0346 3656 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
13:19:18.0393 3656 ohci1394 - ok
13:19:18.0455 3656 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:19:18.0471 3656 ose - ok
13:19:18.0517 3656 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:19:18.0564 3656 p2pimsvc - ok
13:19:18.0642 3656 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:19:18.0673 3656 p2psvc - ok
13:19:18.0689 3656 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:19:18.0720 3656 Parport - ok
13:19:18.0767 3656 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
13:19:18.0783 3656 partmgr - ok
13:19:18.0814 3656 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:19:18.0845 3656 Parvdm - ok
13:19:18.0861 3656 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:19:18.0876 3656 PcaSvc - ok
13:19:18.0907 3656 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
13:19:18.0923 3656 pci - ok
13:19:18.0954 3656 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
13:19:18.0954 3656 pciide - ok
13:19:18.0970 3656 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:19:18.0985 3656 pcmcia - ok
13:19:19.0032 3656 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:19:19.0048 3656 pcw - ok
13:19:19.0157 3656 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:19:19.0297 3656 PEAUTH - ok
13:19:19.0469 3656 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
13:19:19.0594 3656 pla - ok
13:19:19.0750 3656 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
13:19:19.0797 3656 PlugPlay - ok
13:19:19.0812 3656 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:19:19.0859 3656 PNRPAutoReg - ok
13:19:19.0906 3656 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:19:19.0921 3656 PNRPsvc - ok
13:19:19.0984 3656 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
13:19:20.0062 3656 PolicyAgent - ok
13:19:20.0109 3656 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
13:19:20.0155 3656 Power - ok
13:19:20.0327 3656 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:19:20.0374 3656 PptpMiniport - ok
13:19:20.0467 3656 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:19:20.0514 3656 Processor - ok
13:19:20.0592 3656 ProfSvc (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll
13:19:20.0670 3656 ProfSvc - ok
13:19:20.0686 3656 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
13:19:20.0701 3656 ProtectedStorage - ok
13:19:20.0779 3656 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:19:20.0842 3656 Psched - ok
13:19:20.0967 3656 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:19:21.0045 3656 ql2300 - ok
13:19:21.0201 3656 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:19:21.0216 3656 ql40xx - ok
13:19:21.0294 3656 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:19:21.0388 3656 QWAVE - ok
13:19:21.0435 3656 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:19:21.0466 3656 QWAVEdrv - ok
13:19:21.0466 3656 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:19:21.0544 3656 RasAcd - ok
13:19:21.0606 3656 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:19:21.0669 3656 RasAgileVpn - ok
13:19:21.0731 3656 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:19:21.0825 3656 RasAuto - ok
13:19:21.0871 3656 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:19:21.0934 3656 Rasl2tp - ok
13:19:22.0012 3656 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
13:19:22.0059 3656 RasMan - ok
13:19:22.0090 3656 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:19:22.0137 3656 RasPppoe - ok
13:19:22.0183 3656 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:19:22.0230 3656 RasSstp - ok
13:19:22.0261 3656 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
13:19:22.0308 3656 rdbss - ok
13:19:22.0339 3656 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:19:22.0355 3656 rdpbus - ok
13:19:22.0371 3656 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:19:22.0402 3656 RDPCDD - ok
13:19:22.0464 3656 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:19:22.0511 3656 RDPENCDD - ok
13:19:22.0542 3656 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:19:22.0573 3656 RDPREFMP - ok
13:19:22.0636 3656 RDPWD (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
13:19:22.0698 3656 RDPWD - ok
13:19:22.0776 3656 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
13:19:22.0839 3656 rdyboost - ok
13:19:22.0885 3656 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:19:22.0932 3656 RemoteAccess - ok
13:19:22.0995 3656 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:19:23.0088 3656 RemoteRegistry - ok
13:19:23.0135 3656 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:19:23.0197 3656 RpcEptMapper - ok
13:19:23.0213 3656 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:19:23.0244 3656 RpcLocator - ok
13:19:23.0291 3656 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
13:19:23.0322 3656 RpcSs - ok
13:19:23.0400 3656 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:19:23.0463 3656 rspndr - ok
13:19:23.0525 3656 RTHDMIAzAudService (87407b31ea6ff0dc4765258164b98bea) C:\Windows\system32\drivers\RtHDMIV.sys
13:19:23.0572 3656 RTHDMIAzAudService - ok
13:19:23.0634 3656 RTSTOR (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS
13:19:23.0681 3656 RTSTOR - ok
13:19:23.0743 3656 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
13:19:23.0775 3656 SamSs - ok
13:19:23.0821 3656 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
13:19:23.0837 3656 sbp2port - ok
13:19:23.0931 3656 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:19:23.0977 3656 SCardSvr - ok
13:19:23.0993 3656 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
13:19:24.0024 3656 scfilter - ok
13:19:24.0102 3656 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
13:19:24.0196 3656 Schedule - ok
13:19:24.0227 3656 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
13:19:24.0274 3656 SCPolicySvc - ok
13:19:24.0305 3656 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
13:19:24.0383 3656 SDRSVC - ok
13:19:24.0430 3656 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:19:24.0492 3656 secdrv - ok
13:19:24.0508 3656 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:19:24.0555 3656 seclogon - ok
13:19:24.0601 3656 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
13:19:24.0648 3656 SENS - ok
13:19:24.0711 3656 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:19:24.0773 3656 SensrSvc - ok
13:19:24.0820 3656 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:19:24.0851 3656 Serenum - ok
13:19:24.0882 3656 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:19:24.0913 3656 Serial - ok
13:19:24.0929 3656 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:19:24.0945 3656 sermouse - ok
13:19:24.0991 3656 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
13:19:25.0023 3656 SessionEnv - ok
13:19:25.0038 3656 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
13:19:25.0069 3656 sffdisk - ok
13:19:25.0069 3656 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:19:25.0085 3656 sffp_mmc - ok
13:19:25.0101 3656 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:19:25.0132 3656 sffp_sd - ok
13:19:25.0132 3656 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:19:25.0147 3656 sfloppy - ok
13:19:25.0194 3656 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
13:19:25.0272 3656 SharedAccess - ok
13:19:25.0319 3656 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
13:19:25.0350 3656 ShellHWDetection - ok
13:19:25.0366 3656 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
13:19:25.0366 3656 sisagp - ok
13:19:25.0397 3656 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:19:25.0413 3656 SiSRaid2 - ok
13:19:25.0428 3656 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:19:25.0491 3656 SiSRaid4 - ok
13:19:25.0522 3656 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:19:25.0584 3656 Smb - ok
13:19:25.0678 3656 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:19:25.0725 3656 SNMPTRAP - ok
13:19:25.0756 3656 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:19:25.0771 3656 spldr - ok
13:19:25.0865 3656 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
13:19:25.0912 3656 Spooler - ok
13:19:26.0161 3656 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
13:19:26.0271 3656 sppsvc - ok
13:19:26.0411 3656 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
13:19:26.0442 3656 sppuinotify - ok
13:19:26.0520 3656 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
13:19:26.0551 3656 srv - ok
13:19:26.0598 3656 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
13:19:26.0614 3656 srv2 - ok
13:19:26.0676 3656 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
13:19:26.0707 3656 srvnet - ok
13:19:26.0739 3656 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:19:26.0801 3656 SSDPSRV - ok
13:19:26.0863 3656 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:19:26.0879 3656 ssmdrv - ok
13:19:26.0895 3656 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:19:26.0957 3656 SstpSvc - ok
13:19:26.0988 3656 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:19:27.0004 3656 stexstor - ok
13:19:27.0066 3656 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
13:19:27.0113 3656 StiSvc - ok
13:19:27.0144 3656 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
13:19:27.0160 3656 swenum - ok
13:19:27.0207 3656 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:19:27.0238 3656 swprv - ok
13:19:27.0347 3656 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
13:19:27.0409 3656 SynTP - ok
13:19:27.0534 3656 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
13:19:27.0643 3656 SysMain - ok
13:19:27.0690 3656 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
13:19:27.0737 3656 TabletInputService - ok
13:19:27.0768 3656 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
13:19:27.0846 3656 TapiSrv - ok
13:19:27.0877 3656 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:19:27.0924 3656 TBS - ok
13:19:28.0143 3656 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
13:19:28.0189 3656 Tcpip - ok
13:19:28.0236 3656 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
13:19:28.0283 3656 TCPIP6 - ok
13:19:28.0377 3656 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
13:19:28.0455 3656 tcpipreg - ok
13:19:28.0501 3656 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
13:19:28.0548 3656 TDPIPE - ok
13:19:28.0579 3656 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
13:19:28.0595 3656 TDTCP - ok
13:19:28.0611 3656 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
13:19:28.0657 3656 tdx - ok
13:19:28.0689 3656 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
13:19:28.0704 3656 TermDD - ok
13:19:28.0751 3656 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
13:19:28.0813 3656 TermService - ok
13:19:28.0829 3656 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
13:19:28.0860 3656 Themes - ok
13:19:28.0876 3656 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:19:28.0907 3656 THREADORDER - ok
13:19:28.0969 3656 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:19:29.0032 3656 TrkWks - ok
13:19:29.0094 3656 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
13:19:29.0141 3656 TrustedInstaller - ok
13:19:29.0188 3656 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:19:29.0235 3656 tssecsrv - ok
13:19:29.0328 3656 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
13:19:29.0375 3656 tunnel - ok
13:19:29.0406 3656 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:19:29.0422 3656 uagp35 - ok
13:19:29.0453 3656 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
13:19:29.0469 3656 UBHelper - ok
13:19:29.0484 3656 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
13:19:29.0531 3656 udfs - ok
13:19:29.0578 3656 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:19:29.0609 3656 UI0Detect - ok
13:19:29.0656 3656 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:19:29.0718 3656 uliagpkx - ok
13:19:29.0765 3656 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
13:19:29.0812 3656 umbus - ok
13:19:29.0827 3656 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:19:29.0843 3656 UmPass - ok
13:19:29.0874 3656 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:19:29.0921 3656 upnphost - ok
13:19:29.0999 3656 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:19:30.0046 3656 USBAAPL - ok
13:19:30.0077 3656 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
13:19:30.0124 3656 usbccgp - ok
13:19:30.0171 3656 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
13:19:30.0202 3656 usbcir - ok
13:19:30.0264 3656 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
13:19:30.0280 3656 usbehci - ok
13:19:30.0358 3656 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
13:19:30.0389 3656 usbhub - ok
13:19:30.0451 3656 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
13:19:30.0498 3656 usbohci - ok
13:19:30.0545 3656 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:19:30.0592 3656 usbprint - ok
13:19:30.0670 3656 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
13:19:30.0717 3656 usbscan - ok
13:19:30.0779 3656 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:19:30.0826 3656 USBSTOR - ok
13:19:30.0857 3656 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
13:19:30.0873 3656 usbuhci - ok
13:19:30.0935 3656 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
13:19:30.0997 3656 usbvideo - ok
13:19:31.0029 3656 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:19:31.0075 3656 UxSms - ok
13:19:31.0107 3656 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
13:19:31.0122 3656 VaultSvc - ok
13:19:31.0169 3656 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:19:31.0200 3656 vdrvroot - ok
13:19:31.0247 3656 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
13:19:31.0309 3656 vds - ok
13:19:31.0372 3656 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:19:31.0387 3656 vga - ok
13:19:31.0434 3656 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:19:31.0450 3656 VgaSave - ok
13:19:31.0465 3656 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
13:19:31.0481 3656 vhdmp - ok
13:19:31.0543 3656 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
13:19:31.0575 3656 viaagp - ok
13:19:31.0575 3656 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:19:31.0606 3656 ViaC7 - ok
13:19:31.0621 3656 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
13:19:31.0621 3656 viaide - ok
13:19:31.0653 3656 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
13:19:31.0668 3656 volmgr - ok
13:19:31.0731 3656 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:19:31.0762 3656 volmgrx - ok
13:19:31.0777 3656 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
13:19:31.0809 3656 volsnap - ok
13:19:31.0855 3656 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:19:31.0871 3656 vsmraid - ok
13:19:31.0996 3656 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
13:19:32.0058 3656 VSS - ok
13:19:32.0074 3656 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:19:32.0105 3656 vwifibus - ok
13:19:32.0167 3656 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:19:32.0199 3656 vwififlt - ok
13:19:32.0214 3656 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:19:32.0261 3656 W32Time - ok
13:19:32.0308 3656 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:19:32.0323 3656 WacomPen - ok
13:19:32.0370 3656 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
13:19:32.0401 3656 WANARP - ok
13:19:32.0401 3656 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
13:19:32.0433 3656 Wanarpv6 - ok
13:19:32.0589 3656 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
13:19:32.0682 3656 WatAdminSvc - ok
13:19:32.0791 3656 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
13:19:32.0885 3656 wbengine - ok
13:19:32.0901 3656 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:19:32.0932 3656 WbioSrvc - ok
13:19:32.0979 3656 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
13:19:33.0010 3656 wcncsvc - ok
13:19:33.0025 3656 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:19:33.0088 3656 WcsPlugInService - ok
13:19:33.0135 3656 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:19:33.0166 3656 Wd - ok
13:19:33.0213 3656 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:19:33.0244 3656 Wdf01000 - ok
13:19:33.0259 3656 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:19:33.0291 3656 WdiServiceHost - ok
13:19:33.0291 3656 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:19:33.0322 3656 WdiSystemHost - ok
13:19:33.0353 3656 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
13:19:33.0478 3656 WebClient - ok
13:19:33.0509 3656 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:19:33.0665 3656 Wecsvc - ok
13:19:33.0759 3656 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:19:33.0805 3656 wercplsupport - ok
13:19:33.0883 3656 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:19:33.0930 3656 WerSvc - ok
13:19:33.0977 3656 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:19:34.0024 3656 WfpLwf - ok
13:19:34.0039 3656 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:19:34.0055 3656 WIMMount - ok
13:19:34.0149 3656 winachsf (d0116c473ef3c381a42bb55036a1adb1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:19:34.0195 3656 winachsf - ok
13:19:34.0351 3656 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
13:19:34.0429 3656 WinDefend - ok
13:19:34.0445 3656 WinHttpAutoProxySvc - ok
13:19:34.0617 3656 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:19:34.0695 3656 Winmgmt - ok
13:19:34.0804 3656 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
13:19:34.0882 3656 WinRM - ok
13:19:34.0991 3656 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
13:19:35.0022 3656 WinUsb - ok
13:19:35.0163 3656 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:19:35.0241 3656 Wlansvc - ok
13:19:35.0303 3656 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:19:35.0334 3656 WmiAcpi - ok
13:19:35.0428 3656 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:19:35.0475 3656 wmiApSrv - ok
13:19:35.0693 3656 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:19:35.0787 3656 WMPNetworkSvc - ok
13:19:35.0818 3656 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:19:35.0849 3656 WPCSvc - ok
13:19:35.0880 3656 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
13:19:35.0911 3656 WPDBusEnum - ok
13:19:35.0989 3656 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:19:36.0036 3656 ws2ifsl - ok
13:19:36.0052 3656 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll
13:19:36.0099 3656 wscsvc - ok
13:19:36.0099 3656 WSearch - ok
13:19:36.0301 3656 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
13:19:36.0364 3656 wuauserv - ok
13:19:36.0504 3656 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
13:19:36.0551 3656 WudfPf - ok
13:19:36.0613 3656 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:19:36.0645 3656 WUDFRd - ok
13:19:36.0691 3656 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
13:19:36.0738 3656 wudfsvc - ok
13:19:36.0769 3656 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:19:36.0801 3656 WwanSvc - ok
13:19:36.0832 3656 XAudio (22a08b9faecd6a306868f59b7f03f188) C:\Windows\system32\DRIVERS\XAudio32.sys
13:19:36.0847 3656 XAudio - ok
13:19:36.0910 3656 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:19:37.0269 3656 \Device\Harddisk0\DR0 - ok
13:19:37.0269 3656 Boot (0x1200) (cb488b7dc49fb432a3e67692bedfc159) \Device\Harddisk0\DR0\Partition0
13:19:37.0269 3656 \Device\Harddisk0\DR0\Partition0 - ok
13:19:37.0269 3656 ============================================================
13:19:37.0269 3656 Scan finished
13:19:37.0269 3656 ============================================================
13:19:37.0284 1668 Detected object count: 0
13:19:37.0284 1668 Actual detected object count: 0
|
|
15.07.2012, 17:32
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.07.2012, 19:51
| #6 |
| | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? So, Combofix ist durch, Log ist unten. Ist es normal, dass mein alter Desktophintergrund jetzt weg ist? Code:
ATTFilter ComboFix 12-07-14.01 - Mathias 15.07.2012 20:28:43.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.43.1031.18.3067.2258 [GMT 2:00]
ausgeführt von:: c:\users\Mathias\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-15 bis 2012-07-15 ))))))))))))))))))))))))))))))
.
.
2012-07-15 18:40 . 2012-07-15 18:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 14:19 . 2012-07-14 14:19 -------- d-----w- C:\_OTL
2012-07-14 10:14 . 2012-07-14 10:14 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-14 10:14 . 2012-07-14 10:14 -------- d-----w- c:\program files\Java
2012-07-13 21:42 . 2012-06-12 02:44 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 15:37 . 2012-06-02 04:51 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 15:37 . 2012-06-02 04:51 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 15:37 . 2012-06-02 04:50 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 15:37 . 2012-06-02 04:48 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 15:37 . 2012-06-02 04:47 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 15:37 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 15:37 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 15:37 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-07 09:14 . 2012-07-07 09:14 -------- d-----w- c:\program files\ESET
2012-07-05 18:00 . 2012-07-05 18:00 -------- d-----w- c:\users\Mathias\AppData\Roaming\Malwarebytes
2012-07-05 18:00 . 2012-07-05 18:00 -------- d-----w- c:\programdata\Malwarebytes
2012-07-05 18:00 . 2012-07-05 18:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-05 18:00 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 20:50 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-03 20:50 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-03 20:50 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-03 20:50 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-03 20:50 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-03 20:50 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-03 20:50 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-03 20:49 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-03 20:49 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 20:56 . 2012-06-25 20:56 -------- d-----w- c:\users\Mathias\AppData\Local\PDF24
2012-06-25 20:54 . 2012-07-03 20:43 -------- d-----w- c:\program files\PDF24
2012-06-25 20:20 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2012-06-25 20:20 . 2010-07-20 00:39 389120 ----a-w- c:\windows\system32\actskn43.ocx
2012-06-22 07:21 . 2012-06-22 07:21 -------- d-----w- c:\users\Mathias\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 10:14 . 2011-08-23 12:15 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-12 16:15 . 2012-03-30 20:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 16:15 . 2011-08-22 21:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-11 07:29 . 2011-10-26 17:35 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-11 07:29 . 2011-10-26 17:35 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-02 04:52 . 2012-06-13 11:32 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:19 . 2012-06-13 11:32 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:48 . 2012-06-13 11:32 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:48 . 2012-06-13 11:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:43 . 2012-06-13 11:32 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:47 . 2012-06-13 11:32 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 11:32 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 11:32 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-05-11 07:18 . 2011-08-22 21:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-26 494112]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"PLFSetI"="c:\windows\PLFSetI.exe" [2011-08-21 200704]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-27 1194504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-11 348624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\5pn5sgzq.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2104)
c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-15 20:47:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-15 18:47
.
Vor Suchlauf: 15 Verzeichnis(se), 97.639.481.344 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 97.764.229.120 Bytes frei
.
- - End Of File - - 3AEC809E3E5AC154F8B246C095AF2DD3
|
|
15.07.2012, 20:36
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.07.2012, 21:26
| #8 |
| | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-16 21:50:29
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: vomherxq.exe; Driver: C:\Users\Mathias\AppData\Local\Temp\kwriqkog.sys
---- System - GMER 1.0.15 ----
SSDT 97C53FC6 ZwCreateSection
SSDT 97C53FD0 ZwRequestWaitReplyPort
SSDT 97C53FCB ZwSetContextThread
SSDT 97C53FD5 ZwSetSecurityObject
SSDT 97C53FDA ZwSystemDebugControl
SSDT 97C53F67 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 83285599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832AA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 832B1990 4 Bytes [C6, 3F, C5, 97]
.text ntkrnlpa.exe!RtlSidHashLookup + 69C 832B1CEC 4 Bytes [D0, 3F, C5, 97]
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 832B1D30 4 Bytes [CB, 3F, C5, 97]
.text ntkrnlpa.exe!RtlSidHashLookup + 75C 832B1DAC 4 Bytes [D5, 3F, C5, 97]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B0 832B1E00 4 Bytes [DA, 3F, C5, 97]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91203000, 0x2D5378, 0xE8000020]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9C9AE000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9C9AE123 629 Bytes [95, 9A, 9C, FE, 05, 34, 95, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 9C9AE399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 9C9AE3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 9C9AE4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [00961210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.DLL (Backup Manager Module/NewTech Infosystems, Inc.)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [01571E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [01572A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [015711D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[3616] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75345E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[3616] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75345E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[3616] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75345E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[3616] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75345E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mwlPSDFilter.sys (PSD Filter Driver/Egis Incorporated.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B0C661A5755946340A759F646D476ECA\Usage@WinMailFeat 1089407521
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:24:49 on 16.07.2012 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 12.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\Mathias\AppData\Local\Temp\catchme.sys (File not found) "mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys "mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys "mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler "ProductReg" - "Acer" - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k "CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe "mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe "PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "PLFSetI" - ? - C:\Windows\PLFSetI.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe "NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-16 21:57:03
-----------------------------
21:57:03.094 OS Version: Windows 6.1.7600
21:57:03.094 Number of processors: 2 586 0x170A
21:57:03.094 ComputerName: MATHIAS-LAPTOP UserName: Mathias
21:57:32.937 Initialize success
21:59:19.429 AVAST engine defs: 12071601
21:59:36.838 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:59:36.838 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
21:59:36.854 Disk 0 MBR read successfully
21:59:36.870 Disk 0 MBR scan
21:59:36.870 Disk 0 Windows 7 default MBR code
21:59:36.885 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
21:59:36.901 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 466938 MB offset 20482048
21:59:36.916 Disk 0 scanning sectors +976771072
21:59:36.979 Disk 0 scanning C:\Windows\system32\drivers
21:59:56.775 Service scanning
22:00:26.291 Modules scanning
22:00:43.170 Disk 0 trace - called modules:
22:00:43.217 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
22:00:43.217 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86edc638]
22:00:43.232 3 CLASSPNP.SYS[8bb8059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8608d028]
22:00:45.245 AVAST engine scan C:\Windows
22:00:53.263 AVAST engine scan C:\Windows\system32
22:05:02.380 AVAST engine scan C:\Windows\system32\drivers
22:05:15.983 AVAST engine scan C:\Users\Mathias
22:22:36.115 AVAST engine scan C:\ProgramData
22:23:06.207 Scan finished successfully
22:23:33.024 Disk 0 MBR has been saved successfully to "C:\Users\Mathias\Desktop\MBR.dat"
22:23:33.024 The log file has been saved successfully to "C:\Users\Mathias\Desktop\aswMBR.txt"
|
|
17.07.2012, 11:10
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.07.2012, 20:03
| #10 |
| | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Super, vielen Dank für deine kompetente und ausdauernde Hilfe! Muss ich sonst noch etwas machen, bspw. mit Funden in Quarantäne, Programme wieder deinstallieren (oder das ausdrücklich nicht tun?), bzw. kann ich wieder auch sensible Daten über diesen Computer behandeln? Danke nochmal! Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.18.08 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Mathias :: MATHIAS-LAPTOP [Administrator] 18.07.2012 20:44:32 mbam-log-2012-07-18 (20-44-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 381285 Laufzeit: 2 Stunde(n), 11 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) SUPERAntiSpyware: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/19/2012 at 08:53 PM
Application Version : 5.5.1006
Core Rules Database Version : 8914
Trace Rules Database Version: 6726
Scan type : Complete Scan
Total Scan Time : 02:45:50
Operating System Information
Windows 7 Home Premium 32-bit (Build 6.01.7600)
UAC On - Limited User
Memory items scanned : 712
Memory threats detected : 0
Registry items scanned : 34754
Registry threats detected : 0
File items scanned : 161804
File threats detected : 57
Adware.Tracking Cookie
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\0GVBH43A.txt [ /ad.zanox.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\ARA1BZI7.txt [ /atdmt.combing.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\EDAKTY35.txt [ /smartadserver.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\NDRJXEU9.txt [ /doubleclick.net ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\UKVN2JPQ.txt [ /dyntracker.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\9NGGH48S.txt [ /atdmt.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\VNGFTGUH.txt [ /ad.dyntracker.de ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\WJU4XBLX.txt [ /mediaplex.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\IB1M9MJU.txt [ /zanox.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\CAIK2Q79.txt [ /www.zanox-affiliate.de ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\ZXQSZHWU.txt [ /zanox-affiliate.de ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\LDE2DNIW.txt [ /fastclick.net ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\AVTM8MDO.txt [ /apmebf.com ]
C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5EZ3QZ0.txt [ Cookie:mathias@atdmt.combing.com/ ]
C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathias@2o7[1].txt [ Cookie:mathias@2o7.net/ ]
C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathias@statse.webtrendslive[1].txt [ Cookie:mathias@statse.webtrendslive.com/ ]
C:\USERS\MATHIAS\Cookies\ARA1BZI7.txt [ Cookie:mathias@atdmt.combing.com/ ]
C:\USERS\MATHIAS\Cookies\NDRJXEU9.txt [ Cookie:mathias@doubleclick.net/ ]
C:\USERS\MATHIAS\Cookies\UKVN2JPQ.txt [ Cookie:mathias@dyntracker.com/ ]
C:\USERS\MATHIAS\Cookies\WJU4XBLX.txt [ Cookie:mathias@mediaplex.com/ ]
C:\USERS\MATHIAS\Cookies\IB1M9MJU.txt [ Cookie:mathias@zanox.com/ ]
C:\USERS\MATHIAS\Cookies\ZXQSZHWU.txt [ Cookie:mathias@zanox-affiliate.de/ ]
C:\USERS\MATHIAS\Cookies\LDE2DNIW.txt [ Cookie:mathias@fastclick.net/ ]
.yadro.ru [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
livestat.derstandard.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.countomat.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
servestats.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
servestats.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
stats.vertriebsassistent.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
ebusiness.springer-business-media.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.c.gigcount.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
|
|
19.07.2012, 20:45
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.07.2012, 18:55
| #12 |
| | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Ach Mist, du hast natürlich Recht. Also hier nochmal: EDIT: Komisch, jetzt steht wieder Limited User da, dabei bin ich mir sicher, dass ich es als Administrator ausgeführt habe. Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/20/2012 at 07:24 PM
Application Version : 5.5.1006
Core Rules Database Version : 8914
Trace Rules Database Version: 6726
Scan type : Complete Scan
Total Scan Time : 02:40:22
Operating System Information
Windows 7 Home Premium 32-bit (Build 6.01.7600)
UAC On - Limited User
Memory items scanned : 727
Memory threats detected : 0
Registry items scanned : 34754
Registry threats detected : 0
File items scanned : 162069
File threats detected : 57
Adware.Tracking Cookie
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\0GVBH43A.txt [ /ad.zanox.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\ARA1BZI7.txt [ /atdmt.combing.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\EDAKTY35.txt [ /smartadserver.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\NDRJXEU9.txt [ /doubleclick.net ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\UKVN2JPQ.txt [ /dyntracker.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\9NGGH48S.txt [ /atdmt.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\VNGFTGUH.txt [ /ad.dyntracker.de ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\W5T7LJQC.txt [ /mediaplex.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\IB1M9MJU.txt [ /zanox.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\CAIK2Q79.txt [ /www.zanox-affiliate.de ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\ZXQSZHWU.txt [ /zanox-affiliate.de ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\MHLHEE00.txt [ /fastclick.net ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\AVTM8MDO.txt [ /apmebf.com ]
C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5EZ3QZ0.txt [ Cookie:mathias@atdmt.combing.com/ ]
C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathias@2o7[1].txt [ Cookie:mathias@2o7.net/ ]
C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathias@statse.webtrendslive[1].txt [ Cookie:mathias@statse.webtrendslive.com/ ]
C:\USERS\MATHIAS\Cookies\ARA1BZI7.txt [ Cookie:mathias@atdmt.combing.com/ ]
C:\USERS\MATHIAS\Cookies\NDRJXEU9.txt [ Cookie:mathias@doubleclick.net/ ]
C:\USERS\MATHIAS\Cookies\UKVN2JPQ.txt [ Cookie:mathias@dyntracker.com/ ]
C:\USERS\MATHIAS\Cookies\W5T7LJQC.txt [ Cookie:mathias@mediaplex.com/ ]
C:\USERS\MATHIAS\Cookies\IB1M9MJU.txt [ Cookie:mathias@zanox.com/ ]
C:\USERS\MATHIAS\Cookies\ZXQSZHWU.txt [ Cookie:mathias@zanox-affiliate.de/ ]
C:\USERS\MATHIAS\Cookies\MHLHEE00.txt [ Cookie:mathias@fastclick.net/ ]
.yadro.ru [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
livestat.derstandard.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.countomat.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
servestats.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
servestats.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
stats.vertriebsassistent.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
ebusiness.springer-business-media.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.c.gigcount.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/21/2012 at 03:40 PM
Application Version : 5.5.1006
Core Rules Database Version : 8914
Trace Rules Database Version: 6726
Scan type : Complete Scan
Total Scan Time : 02:48:04
Operating System Information
Windows 7 Home Premium 32-bit (Build 6.01.7600)
UAC On - Limited User
Memory items scanned : 716
Memory threats detected : 0
Registry items scanned : 34753
Registry threats detected : 0
File items scanned : 162624
File threats detected : 58
Adware.Tracking Cookie
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\FQM7062M.txt [ /ad.zanox.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\ARA1BZI7.txt [ /atdmt.combing.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\EDAKTY35.txt [ /smartadserver.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\NDRJXEU9.txt [ /doubleclick.net ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\UKVN2JPQ.txt [ /dyntracker.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\9NGGH48S.txt [ /atdmt.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\VNGFTGUH.txt [ /ad.dyntracker.de ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\TF8N5GBC.txt [ /mediaplex.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\MVVH56T4.txt [ /zanox.com ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\CAIK2Q79.txt [ /www.zanox-affiliate.de ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\ZXQSZHWU.txt [ /zanox-affiliate.de ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\88Q0T3K3.txt [ /fastclick.net ]
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\AVTM8MDO.txt [ /apmebf.com ]
C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5EZ3QZ0.txt [ Cookie:mathias@atdmt.combing.com/ ]
C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathias@2o7[1].txt [ Cookie:mathias@2o7.net/ ]
C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathias@statse.webtrendslive[1].txt [ Cookie:mathias@statse.webtrendslive.com/ ]
C:\USERS\MATHIAS\Cookies\ARA1BZI7.txt [ Cookie:mathias@atdmt.combing.com/ ]
C:\USERS\MATHIAS\Cookies\NDRJXEU9.txt [ Cookie:mathias@doubleclick.net/ ]
C:\USERS\MATHIAS\Cookies\UKVN2JPQ.txt [ Cookie:mathias@dyntracker.com/ ]
C:\USERS\MATHIAS\Cookies\TF8N5GBC.txt [ Cookie:mathias@mediaplex.com/ ]
C:\USERS\MATHIAS\Cookies\MVVH56T4.txt [ Cookie:mathias@zanox.com/ ]
C:\USERS\MATHIAS\Cookies\ZXQSZHWU.txt [ Cookie:mathias@zanox-affiliate.de/ ]
C:\USERS\MATHIAS\Cookies\88Q0T3K3.txt [ Cookie:mathias@fastclick.net/ ]
.yadro.ru [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
livestat.derstandard.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.countomat.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
servestats.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
servestats.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
stats.vertriebsassistent.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
ebusiness.springer-business-media.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.c.gigcount.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]
|
|
21.07.2012, 15:28
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Evtl. ist das ein Bug von SUPERAntiSpyware das ist mir schön öfter aufgefallen, aber nicht in jedem Log steht das. Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2012, 08:20
| #14 |
| | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Ok danke für den Tipp, um die Cookies werde ich mich kümmern. Bei meinem System läuft alles ohne Probleme, zumindest ohne für mich ersichtliche. Muss ich sonst noch etwas machen, mit den Funden in Quarantäne bspw.? Danke für deine Hilfe, Arne! |
|
23.07.2012, 14:23
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? |
| 7-zip, antivir, avira, avira searchfree toolbar, bho, bonjour, computer, error, firefox, flash player, helper, home, install.exe, ip-adresse, launch, locker, logfile, microsoft office word, mozilla, mywinlocker, nicht öffnen, plug-in, popup, problem, realtek, registry, scan, searchscopes, security, senden, software, svchost.exe, usb 2.0, virus, warnung, windows, zugriff verweigert, ändern |
Hybrid-Darstellung
