Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Rootkit.XCP.B.1!E2

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.08.2012, 20:46   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.08.2012, 21:13   #17
HSK
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



So nun hat der Killer zugeschlagen


Code:
ATTFilter
22:08:39.0852 3652  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:08:39.0883 3652  ============================================================
22:08:39.0883 3652  Current date / time: 2012/08/31 22:08:39.0883
22:08:39.0883 3652  SystemInfo:
22:08:39.0883 3652  
22:08:39.0883 3652  OS Version: 6.1.7601 ServicePack: 1.0
22:08:39.0883 3652  Product type: Workstation
22:08:39.0883 3652  ComputerName: MARTIN-PC
22:08:39.0883 3652  UserName: Martin
22:08:39.0883 3652  Windows directory: C:\Windows
22:08:39.0883 3652  System windows directory: C:\Windows
22:08:39.0883 3652  Running under WOW64
22:08:39.0883 3652  Processor architecture: Intel x64
22:08:39.0883 3652  Number of processors: 2
22:08:39.0883 3652  Page size: 0x1000
22:08:39.0883 3652  Boot type: Normal boot
22:08:39.0883 3652  ============================================================
22:08:45.0468 3652  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:08:45.0483 3652  ============================================================
22:08:45.0483 3652  \Device\Harddisk0\DR0:
22:08:45.0483 3652  MBR partitions:
22:08:45.0483 3652  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2328800, BlocksNum 0x32000
22:08:45.0483 3652  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x235A800, BlocksNum 0x1C015800
22:08:45.0483 3652  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E370000, BlocksNum 0x1C015830
22:08:45.0483 3652  ============================================================
22:08:45.0515 3652  C: <-> \Device\Harddisk0\DR0\Partition2
22:08:45.0561 3652  D: <-> \Device\Harddisk0\DR0\Partition3
22:08:45.0561 3652  ============================================================
22:08:45.0561 3652  Initialize success
22:08:45.0561 3652  ============================================================
         

Danke für die schnelle Antwort -)
__________________


Alt 01.09.2012, 10:24   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



Log ist unvollständig
__________________
__________________

Alt 01.09.2012, 11:18   #19
HSK
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



Hallo,

Danke für deine Geduld.

Ich hoffe, nun ist es vollständig.

Ein Fund wurde gemeldet.

Code:
ATTFilter
12:07:09.0131 0940  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:07:09.0240 0940  ============================================================
12:07:09.0240 0940  Current date / time: 2012/09/01 12:07:09.0240
12:07:09.0240 0940  SystemInfo:
12:07:09.0240 0940  
12:07:09.0240 0940  OS Version: 6.1.7601 ServicePack: 1.0
12:07:09.0240 0940  Product type: Workstation
12:07:09.0240 0940  ComputerName: MARTIN-PC
12:07:09.0240 0940  UserName: Martin
12:07:09.0240 0940  Windows directory: C:\Windows
12:07:09.0240 0940  System windows directory: C:\Windows
12:07:09.0240 0940  Running under WOW64
12:07:09.0240 0940  Processor architecture: Intel x64
12:07:09.0240 0940  Number of processors: 2
12:07:09.0240 0940  Page size: 0x1000
12:07:09.0240 0940  Boot type: Normal boot
12:07:09.0240 0940  ============================================================
12:07:10.0800 0940  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:07:10.0816 0940  ============================================================
12:07:10.0816 0940  \Device\Harddisk0\DR0:
12:07:10.0816 0940  MBR partitions:
12:07:10.0816 0940  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2328800, BlocksNum 0x32000
12:07:10.0816 0940  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x235A800, BlocksNum 0x1C015800
12:07:10.0816 0940  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E370000, BlocksNum 0x1C015830
12:07:10.0816 0940  ============================================================
12:07:10.0847 0940  C: <-> \Device\Harddisk0\DR0\Partition2
12:07:10.0972 0940  D: <-> \Device\Harddisk0\DR0\Partition3
12:07:10.0972 0940  ============================================================
12:07:10.0972 0940  Initialize success
12:07:10.0972 0940  ============================================================
12:07:43.0763 4644  ============================================================
12:07:43.0763 4644  Scan started
12:07:43.0763 4644  Mode: Manual; SigCheck; TDLFS; 
12:07:43.0763 4644  ============================================================
12:07:44.0028 4644  ================ Scan services =============================
12:07:44.0091 4644  [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:07:44.0184 4644  !SASCORE - ok
12:07:44.0278 4644  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:07:44.0325 4644  1394ohci - ok
12:07:44.0356 4644  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:07:44.0371 4644  ACPI - ok
12:07:44.0387 4644  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:07:44.0434 4644  AcpiPmi - ok
12:07:44.0527 4644  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:07:44.0543 4644  AdobeARMservice - ok
12:07:44.0605 4644  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:07:44.0652 4644  adp94xx - ok
12:07:44.0668 4644  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:07:44.0699 4644  adpahci - ok
12:07:44.0715 4644  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:07:44.0730 4644  adpu320 - ok
12:07:44.0746 4644  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:07:44.0839 4644  AeLookupSvc - ok
12:07:44.0886 4644  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:07:44.0917 4644  AFD - ok
12:07:44.0949 4644  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:07:44.0964 4644  agp440 - ok
12:07:44.0980 4644  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:07:44.0995 4644  ALG - ok
12:07:45.0027 4644  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:07:45.0042 4644  aliide - ok
12:07:45.0058 4644  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:07:45.0058 4644  amdide - ok
12:07:45.0089 4644  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:07:45.0120 4644  AmdK8 - ok
12:07:45.0120 4644  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:07:45.0151 4644  AmdPPM - ok
12:07:45.0167 4644  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:07:45.0183 4644  amdsata - ok
12:07:45.0198 4644  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:07:45.0214 4644  amdsbs - ok
12:07:45.0229 4644  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:07:45.0245 4644  amdxata - ok
12:07:45.0292 4644  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:07:45.0339 4644  AppID - ok
12:07:45.0370 4644  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:07:45.0432 4644  AppIDSvc - ok
12:07:45.0463 4644  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
12:07:45.0510 4644  Appinfo - ok
12:07:45.0541 4644  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:07:45.0541 4644  arc - ok
12:07:45.0557 4644  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:07:45.0573 4644  arcsas - ok
12:07:45.0588 4644  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:07:45.0619 4644  AsyncMac - ok
12:07:45.0651 4644  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:07:45.0666 4644  atapi - ok
12:07:45.0682 4644  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:07:45.0729 4644  AudioEndpointBuilder - ok
12:07:45.0744 4644  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:07:45.0775 4644  AudioSrv - ok
12:07:45.0869 4644  [ BF3B991E0E22F9E6A82CCF6512CB51D0 ] AVKProxy        C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
12:07:45.0900 4644  AVKProxy - ok
12:07:45.0963 4644  [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService      C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
12:07:45.0994 4644  AVKService - ok
12:07:46.0025 4644  [ BD66948F382D077AC9833B6414D1F06E ] AVKWCtl         C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe
12:07:46.0072 4644  AVKWCtl - ok
12:07:46.0119 4644  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:07:46.0197 4644  AxInstSV - ok
12:07:46.0243 4644  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:07:46.0290 4644  b06bdrv - ok
12:07:46.0321 4644  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:07:46.0337 4644  b57nd60a - ok
12:07:46.0368 4644  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:07:46.0415 4644  BDESVC - ok
12:07:46.0415 4644  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:07:46.0493 4644  Beep - ok
12:07:46.0540 4644  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:07:46.0587 4644  BFE - ok
12:07:46.0602 4644  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
12:07:46.0649 4644  BITS - ok
12:07:46.0696 4644  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:07:46.0711 4644  blbdrive - ok
12:07:46.0743 4644  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:07:46.0774 4644  bowser - ok
12:07:46.0774 4644  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:07:46.0836 4644  BrFiltLo - ok
12:07:46.0836 4644  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:07:46.0867 4644  BrFiltUp - ok
12:07:46.0899 4644  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:07:46.0945 4644  Browser - ok
12:07:46.0961 4644  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:07:46.0992 4644  Brserid - ok
12:07:47.0008 4644  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:07:47.0039 4644  BrSerWdm - ok
12:07:47.0055 4644  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:07:47.0070 4644  BrUsbMdm - ok
12:07:47.0086 4644  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:07:47.0086 4644  BrUsbSer - ok
12:07:47.0117 4644  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:07:47.0148 4644  BTHMODEM - ok
12:07:47.0164 4644  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:07:47.0211 4644  bthserv - ok
12:07:47.0242 4644  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:07:47.0273 4644  cdfs - ok
12:07:47.0304 4644  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
12:07:47.0320 4644  cdrom - ok
12:07:47.0367 4644  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:07:47.0413 4644  CertPropSvc - ok
12:07:47.0445 4644  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:07:47.0460 4644  circlass - ok
12:07:47.0476 4644  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:07:47.0491 4644  CLFS - ok
12:07:47.0523 4644  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:07:47.0538 4644  clr_optimization_v2.0.50727_32 - ok
12:07:47.0569 4644  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:07:47.0569 4644  clr_optimization_v2.0.50727_64 - ok
12:07:47.0632 4644  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:07:47.0647 4644  clr_optimization_v4.0.30319_32 - ok
12:07:47.0679 4644  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:07:47.0679 4644  clr_optimization_v4.0.30319_64 - ok
12:07:47.0710 4644  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:07:47.0725 4644  CmBatt - ok
12:07:47.0757 4644  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:07:47.0772 4644  cmdide - ok
12:07:47.0788 4644  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:07:47.0819 4644  CNG - ok
12:07:47.0819 4644  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:07:47.0835 4644  Compbatt - ok
12:07:47.0850 4644  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:07:47.0881 4644  CompositeBus - ok
12:07:47.0897 4644  COMSysApp - ok
12:07:47.0897 4644  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:07:47.0913 4644  crcdisk - ok
12:07:47.0928 4644  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:07:47.0975 4644  CryptSvc - ok
12:07:48.0006 4644  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:07:48.0069 4644  DcomLaunch - ok
12:07:48.0084 4644  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:07:48.0131 4644  defragsvc - ok
12:07:48.0162 4644  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:07:48.0225 4644  DfsC - ok
12:07:48.0256 4644  [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:07:48.0271 4644  dg_ssudbus - ok
12:07:48.0303 4644  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:07:48.0334 4644  Dhcp - ok
12:07:48.0349 4644  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:07:48.0381 4644  discache - ok
12:07:48.0396 4644  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:07:48.0412 4644  Disk - ok
12:07:48.0427 4644  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:07:48.0459 4644  Dnscache - ok
12:07:48.0490 4644  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:07:48.0537 4644  dot3svc - ok
12:07:48.0552 4644  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:07:48.0615 4644  DPS - ok
12:07:48.0646 4644  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:07:48.0677 4644  drmkaud - ok
12:07:48.0724 4644  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:07:48.0755 4644  DXGKrnl - ok
12:07:48.0786 4644  [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y60x64.sys
12:07:48.0817 4644  e1yexpress - ok
12:07:48.0849 4644  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:07:48.0880 4644  EapHost - ok
12:07:48.0942 4644  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:07:49.0051 4644  ebdrv - ok
12:07:49.0067 4644  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:07:49.0083 4644  EFS - ok
12:07:49.0114 4644  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:07:49.0129 4644  elxstor - ok
12:07:49.0192 4644  [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
12:07:49.0239 4644  EPSON_PM_RPCV4_01 - ok
12:07:49.0254 4644  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:07:49.0270 4644  ErrDev - ok
12:07:49.0317 4644  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:07:49.0363 4644  EventSystem - ok
12:07:49.0379 4644  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:07:49.0410 4644  exfat - ok
12:07:49.0410 4644  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:07:49.0457 4644  fastfat - ok
12:07:49.0504 4644  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:07:49.0535 4644  Fax - ok
12:07:49.0566 4644  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:07:49.0566 4644  fdc - ok
12:07:49.0597 4644  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:07:49.0644 4644  fdPHost - ok
12:07:49.0660 4644  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:07:49.0691 4644  FDResPub - ok
12:07:49.0707 4644  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:07:49.0722 4644  FileInfo - ok
12:07:49.0738 4644  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:07:49.0769 4644  Filetrace - ok
12:07:49.0800 4644  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:07:49.0800 4644  flpydisk - ok
12:07:49.0831 4644  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:07:49.0847 4644  FltMgr - ok
12:07:49.0878 4644  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
12:07:49.0925 4644  FontCache - ok
12:07:49.0972 4644  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:07:49.0987 4644  FontCache3.0.0.0 - ok
12:07:50.0003 4644  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:07:50.0034 4644  FsDepends - ok
12:07:50.0050 4644  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:07:50.0065 4644  Fs_Rec - ok
12:07:50.0081 4644  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:07:50.0097 4644  fvevol - ok
12:07:50.0112 4644  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:07:50.0128 4644  gagp30kx - ok
12:07:50.0190 4644  [ 0A7B2688460070F4EE311E8F7D4D31B5 ] GDBackupSvc     C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
12:07:50.0237 4644  GDBackupSvc - ok
12:07:50.0284 4644  [ 116F4672A804DA33E1159C005AE88B9C ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
12:07:50.0315 4644  GDBehave - ok
12:07:50.0362 4644  [ CC011FABE68CDC2EC9B0DEA07B8414C9 ] GDFwSvc         C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe
12:07:50.0409 4644  GDFwSvc - ok
12:07:50.0440 4644  [ E02AC68F1FC31D38EAD729E00BD68C93 ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
12:07:50.0440 4644  GDMnIcpt - ok
12:07:50.0471 4644  [ 290DDB8C97249F99569B77E9DF2F76FC ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
12:07:50.0471 4644  GDPkIcpt - ok
12:07:50.0518 4644  [ B7D4DF09A86A5DC98F74A2FA2875C154 ] GDScan          C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
12:07:50.0533 4644  GDScan - ok
12:07:50.0565 4644  [ 546BAE77CA5C147A222EB1A4B0E8D60D ] GDTunerSvc      C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe
12:07:50.0611 4644  GDTunerSvc - ok
12:07:50.0627 4644  [ E64C471DBD91ADEB0B4C78C204326ECD ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd64.sys
12:07:50.0627 4644  gdwfpcd - ok
12:07:50.0643 4644  [ 7508FCFB8D93556213F530DFFAEDEC45 ] GearAspiWDM     C:\Windows\system32\drivers\GEARAspiWDM.sys
12:07:50.0658 4644  GearAspiWDM - ok
12:07:50.0674 4644  GLogin - ok
12:07:50.0705 4644  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:07:50.0752 4644  gpsvc - ok
12:07:50.0767 4644  [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD             C:\Windows\system32\drivers\GRD.sys
12:07:50.0783 4644  GRD - ok
12:07:50.0814 4644  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
12:07:50.0814 4644  GREGService - ok
12:07:50.0845 4644  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:07:50.0877 4644  hcw85cir - ok
12:07:50.0908 4644  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:07:50.0923 4644  HdAudAddService - ok
12:07:50.0955 4644  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:07:50.0986 4644  HDAudBus - ok
12:07:51.0001 4644  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:07:51.0017 4644  HidBatt - ok
12:07:51.0033 4644  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:07:51.0048 4644  HidBth - ok
12:07:51.0064 4644  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:07:51.0079 4644  HidIr - ok
12:07:51.0095 4644  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
12:07:51.0142 4644  hidserv - ok
12:07:51.0157 4644  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
12:07:51.0157 4644  HidUsb - ok
12:07:51.0189 4644  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:07:51.0235 4644  hkmsvc - ok
12:07:51.0251 4644  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:07:51.0282 4644  HomeGroupListener - ok
12:07:51.0313 4644  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:07:51.0345 4644  HomeGroupProvider - ok
12:07:51.0391 4644  [ 3CD18F0B3681FB267E67763CC3152D4E ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
12:07:51.0407 4644  HookCentre - ok
12:07:51.0423 4644  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:07:51.0438 4644  HpSAMD - ok
12:07:51.0485 4644  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:07:51.0532 4644  HTTP - ok
12:07:51.0547 4644  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:07:51.0563 4644  hwpolicy - ok
12:07:51.0579 4644  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:07:51.0594 4644  i8042prt - ok
12:07:51.0641 4644  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:07:51.0672 4644  IAANTMON - ok
12:07:51.0703 4644  [ BF5442DC14608D18949DC83DE37E667A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:07:51.0735 4644  iaStor - ok
12:07:51.0750 4644  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:07:51.0781 4644  iaStorV - ok
12:07:51.0828 4644  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:07:51.0859 4644  idsvc - ok
12:07:52.0047 4644  [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:07:52.0296 4644  igfx - ok
12:07:52.0327 4644  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:07:52.0343 4644  iirsp - ok
12:07:52.0374 4644  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:07:52.0421 4644  IKEEXT - ok
12:07:52.0483 4644  [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:07:52.0515 4644  IntcAzAudAddService - ok
12:07:52.0546 4644  [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
12:07:52.0577 4644  IntcHdmiAddService - ok
12:07:52.0593 4644  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:07:52.0608 4644  intelide - ok
12:07:52.0639 4644  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:07:52.0671 4644  intelppm - ok
12:07:52.0686 4644  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:07:52.0749 4644  IPBusEnum - ok
12:07:52.0780 4644  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:07:52.0811 4644  IpFilterDriver - ok
12:07:52.0842 4644  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:07:52.0873 4644  iphlpsvc - ok
12:07:52.0889 4644  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:07:52.0905 4644  IPMIDRV - ok
12:07:52.0936 4644  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:07:52.0967 4644  IPNAT - ok
12:07:52.0983 4644  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:07:53.0014 4644  IRENUM - ok
12:07:53.0029 4644  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:07:53.0029 4644  isapnp - ok
12:07:53.0045 4644  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:07:53.0061 4644  iScsiPrt - ok
12:07:53.0092 4644  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
12:07:53.0107 4644  kbdclass - ok
12:07:53.0139 4644  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:07:53.0154 4644  kbdhid - ok
12:07:53.0170 4644  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:07:53.0185 4644  KeyIso - ok
12:07:53.0201 4644  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:07:53.0217 4644  KSecDD - ok
12:07:53.0232 4644  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:07:53.0248 4644  KSecPkg - ok
12:07:53.0279 4644  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:07:53.0310 4644  ksthunk - ok
12:07:53.0341 4644  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:07:53.0388 4644  KtmRm - ok
12:07:53.0435 4644  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:07:53.0466 4644  LanmanServer - ok
12:07:53.0497 4644  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:07:53.0544 4644  LanmanWorkstation - ok
12:07:53.0575 4644  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:07:53.0622 4644  lltdio - ok
12:07:53.0653 4644  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:07:53.0700 4644  lltdsvc - ok
12:07:53.0716 4644  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:07:53.0747 4644  lmhosts - ok
12:07:53.0763 4644  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:07:53.0778 4644  LSI_FC - ok
12:07:53.0794 4644  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:07:53.0809 4644  LSI_SAS - ok
12:07:53.0825 4644  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:07:53.0825 4644  LSI_SAS2 - ok
12:07:53.0841 4644  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:07:53.0856 4644  LSI_SCSI - ok
12:07:53.0872 4644  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:07:53.0903 4644  luafv - ok
12:07:53.0919 4644  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:07:53.0919 4644  megasas - ok
12:07:53.0934 4644  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:07:53.0950 4644  MegaSR - ok
12:07:53.0965 4644  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:07:53.0997 4644  MMCSS - ok
12:07:54.0012 4644  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:07:54.0059 4644  Modem - ok
12:07:54.0106 4644  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:07:54.0137 4644  monitor - ok
12:07:54.0184 4644  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
12:07:54.0199 4644  mouclass - ok
12:07:54.0215 4644  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:07:54.0231 4644  mouhid - ok
12:07:54.0262 4644  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:07:54.0277 4644  mountmgr - ok
12:07:54.0324 4644  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:07:54.0340 4644  MozillaMaintenance - ok
12:07:54.0371 4644  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:07:54.0371 4644  mpio - ok
12:07:54.0402 4644  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:07:54.0433 4644  mpsdrv - ok
12:07:54.0465 4644  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:07:54.0511 4644  MpsSvc - ok
12:07:54.0543 4644  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:07:54.0558 4644  MRxDAV - ok
12:07:54.0589 4644  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:07:54.0621 4644  mrxsmb - ok
12:07:54.0636 4644  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:07:54.0667 4644  mrxsmb10 - ok
12:07:54.0683 4644  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:07:54.0714 4644  mrxsmb20 - ok
12:07:54.0730 4644  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:07:54.0745 4644  msahci - ok
12:07:54.0761 4644  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:07:54.0777 4644  msdsm - ok
12:07:54.0792 4644  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:07:54.0823 4644  MSDTC - ok
12:07:54.0839 4644  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:07:54.0870 4644  Msfs - ok
12:07:54.0901 4644  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:07:54.0948 4644  mshidkmdf - ok
12:07:54.0964 4644  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:07:54.0964 4644  msisadrv - ok
12:07:54.0995 4644  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:07:55.0042 4644  MSiSCSI - ok
12:07:55.0042 4644  msiserver - ok
12:07:55.0057 4644  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:07:55.0089 4644  MSKSSRV - ok
12:07:55.0089 4644  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:07:55.0135 4644  MSPCLOCK - ok
12:07:55.0135 4644  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:07:55.0167 4644  MSPQM - ok
12:07:55.0182 4644  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:07:55.0198 4644  MsRPC - ok
12:07:55.0213 4644  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:07:55.0229 4644  mssmbios - ok
12:07:55.0245 4644  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:07:55.0276 4644  MSTEE - ok
12:07:55.0291 4644  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:07:55.0291 4644  MTConfig - ok
12:07:55.0307 4644  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:07:55.0323 4644  Mup - ok
12:07:55.0354 4644  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:07:55.0354 4644  mwlPSDFilter - ok
12:07:55.0369 4644  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:07:55.0385 4644  mwlPSDNServ - ok
12:07:55.0401 4644  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:07:55.0401 4644  mwlPSDVDisk - ok
12:07:55.0447 4644  [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService      C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
12:07:55.0463 4644  MWLService - ok
12:07:55.0494 4644  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:07:55.0541 4644  napagent - ok
12:07:55.0572 4644  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:07:55.0603 4644  NativeWifiP - ok
12:07:55.0650 4644  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:07:55.0681 4644  NDIS - ok
12:07:55.0697 4644  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:07:55.0728 4644  NdisCap - ok
12:07:55.0744 4644  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:07:55.0775 4644  NdisTapi - ok
12:07:55.0822 4644  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:07:55.0853 4644  Ndisuio - ok
12:07:55.0884 4644  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:07:55.0915 4644  NdisWan - ok
12:07:55.0962 4644  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:07:56.0025 4644  NDProxy - ok
12:07:56.0040 4644  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:07:56.0087 4644  NetBIOS - ok
12:07:56.0103 4644  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:07:56.0134 4644  NetBT - ok
12:07:56.0149 4644  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:07:56.0165 4644  Netlogon - ok
12:07:56.0196 4644  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:07:56.0243 4644  Netman - ok
12:07:56.0243 4644  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:07:56.0290 4644  netprofm - ok
12:07:56.0305 4644  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:07:56.0321 4644  NetTcpPortSharing - ok
12:07:56.0337 4644  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:07:56.0352 4644  nfrd960 - ok
12:07:56.0383 4644  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:07:56.0430 4644  NlaSvc - ok
12:07:56.0461 4644  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:07:56.0477 4644  Npfs - ok
12:07:56.0508 4644  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:07:56.0539 4644  nsi - ok
12:07:56.0539 4644  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:07:56.0586 4644  nsiproxy - ok
12:07:56.0649 4644  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:07:56.0711 4644  Ntfs - ok
12:07:56.0727 4644  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:07:56.0758 4644  Null - ok
12:07:56.0773 4644  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:07:56.0789 4644  nvraid - ok
12:07:56.0820 4644  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:07:56.0836 4644  nvstor - ok
12:07:56.0851 4644  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:07:56.0851 4644  nv_agp - ok
12:07:56.0867 4644  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:07:56.0883 4644  ohci1394 - ok
12:07:56.0914 4644  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:07:56.0945 4644  p2pimsvc - ok
12:07:56.0976 4644  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:07:56.0992 4644  p2psvc - ok
12:07:57.0007 4644  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:07:57.0023 4644  Parport - ok
12:07:57.0039 4644  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:07:57.0054 4644  partmgr - ok
12:07:57.0054 4644  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:07:57.0085 4644  PcaSvc - ok
12:07:57.0101 4644  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:07:57.0117 4644  pci - ok
12:07:57.0132 4644  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:07:57.0132 4644  pciide - ok
12:07:57.0148 4644  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:07:57.0163 4644  pcmcia - ok
12:07:57.0179 4644  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:07:57.0195 4644  pcw - ok
12:07:57.0195 4644  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:07:57.0241 4644  PEAUTH - ok
12:07:57.0304 4644  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:07:57.0335 4644  PerfHost - ok
12:07:57.0366 4644  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:07:57.0444 4644  pla - ok
12:07:57.0475 4644  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:07:57.0491 4644  PlugPlay - ok
12:07:57.0507 4644  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:07:57.0538 4644  PNRPAutoReg - ok
12:07:57.0553 4644  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:07:57.0569 4644  PNRPsvc - ok
12:07:57.0585 4644  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:07:57.0631 4644  PolicyAgent - ok
12:07:57.0663 4644  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:07:57.0709 4644  Power - ok
12:07:57.0741 4644  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:07:57.0772 4644  PptpMiniport - ok
12:07:57.0803 4644  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:07:57.0834 4644  Processor - ok
12:07:57.0865 4644  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:07:57.0897 4644  ProfSvc - ok
12:07:57.0912 4644  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:07:57.0928 4644  ProtectedStorage - ok
12:07:57.0959 4644  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:07:58.0006 4644  Psched - ok
12:07:58.0053 4644  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
12:07:58.0068 4644  PSI - ok
12:07:58.0099 4644  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:07:58.0146 4644  ql2300 - ok
12:07:58.0162 4644  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:07:58.0177 4644  ql40xx - ok
12:07:58.0193 4644  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:07:58.0224 4644  QWAVE - ok
12:07:58.0240 4644  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:07:58.0271 4644  QWAVEdrv - ok
12:07:58.0271 4644  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:07:58.0302 4644  RasAcd - ok
12:07:58.0333 4644  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:07:58.0365 4644  RasAgileVpn - ok
12:07:58.0380 4644  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:07:58.0411 4644  RasAuto - ok
12:07:58.0427 4644  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:07:58.0489 4644  Rasl2tp - ok
12:07:58.0521 4644  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:07:58.0583 4644  RasMan - ok
12:07:58.0599 4644  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:07:58.0645 4644  RasPppoe - ok
12:07:58.0661 4644  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:07:58.0692 4644  RasSstp - ok
12:07:58.0723 4644  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:07:58.0755 4644  rdbss - ok
12:07:58.0770 4644  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:07:58.0786 4644  rdpbus - ok
12:07:58.0786 4644  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:07:58.0833 4644  RDPCDD - ok
12:07:58.0848 4644  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:07:58.0879 4644  RDPENCDD - ok
12:07:58.0895 4644  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:07:58.0911 4644  RDPREFMP - ok
12:07:58.0942 4644  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:07:58.0957 4644  RDPWD - ok
12:07:59.0004 4644  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:07:59.0020 4644  rdyboost - ok
12:07:59.0035 4644  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:07:59.0067 4644  RemoteAccess - ok
12:07:59.0082 4644  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:07:59.0113 4644  RemoteRegistry - ok
12:07:59.0160 4644  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo       C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
12:07:59.0191 4644  RichVideo ( UnsignedFile.Multi.Generic ) - warning
12:07:59.0191 4644  RichVideo - detected UnsignedFile.Multi.Generic (1)
12:07:59.0191 4644  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:07:59.0238 4644  RpcEptMapper - ok
12:07:59.0269 4644  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:07:59.0285 4644  RpcLocator - ok
12:07:59.0316 4644  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:07:59.0347 4644  RpcSs - ok
12:07:59.0363 4644  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:07:59.0410 4644  rspndr - ok
12:07:59.0425 4644  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:07:59.0441 4644  SamSs - ok
12:07:59.0472 4644  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:07:59.0488 4644  SASDIFSV - ok
12:07:59.0503 4644  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:07:59.0519 4644  SASKUTIL - ok
12:07:59.0535 4644  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:07:59.0550 4644  sbp2port - ok
12:07:59.0581 4644  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:07:59.0628 4644  SCardSvr - ok
12:07:59.0644 4644  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:07:59.0675 4644  scfilter - ok
12:07:59.0722 4644  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:07:59.0784 4644  Schedule - ok
12:07:59.0800 4644  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:07:59.0831 4644  SCPolicySvc - ok
12:07:59.0847 4644  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:07:59.0862 4644  SDRSVC - ok
12:07:59.0893 4644  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:07:59.0925 4644  secdrv - ok
12:07:59.0940 4644  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:07:59.0987 4644  seclogon - ok
12:08:00.0065 4644  [ F70A51EB03EE7046784EF62EFCE9528E ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
12:08:00.0112 4644  Secunia PSI Agent - ok
12:08:00.0159 4644  [ AD56CEB08EEB517332355FDE9E5939C8 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
12:08:00.0190 4644  Secunia Update Agent - ok
12:08:00.0205 4644  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
12:08:00.0237 4644  SENS - ok
12:08:00.0252 4644  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:08:00.0283 4644  SensrSvc - ok
12:08:00.0315 4644  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:08:00.0346 4644  Serenum - ok
12:08:00.0361 4644  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:08:00.0377 4644  Serial - ok
12:08:00.0408 4644  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:08:00.0439 4644  sermouse - ok
12:08:00.0471 4644  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:08:00.0517 4644  SessionEnv - ok
12:08:00.0549 4644  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:08:00.0595 4644  sffdisk - ok
12:08:00.0595 4644  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:08:00.0627 4644  sffp_mmc - ok
12:08:00.0642 4644  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:08:00.0673 4644  sffp_sd - ok
12:08:00.0689 4644  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:08:00.0720 4644  sfloppy - ok
12:08:00.0736 4644  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:08:00.0783 4644  SharedAccess - ok
12:08:00.0814 4644  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:08:00.0861 4644  ShellHWDetection - ok
12:08:00.0861 4644  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:08:00.0876 4644  SiSRaid2 - ok
12:08:00.0892 4644  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:08:00.0907 4644  SiSRaid4 - ok
12:08:00.0923 4644  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:08:00.0954 4644  Smb - ok
12:08:00.0985 4644  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:08:01.0017 4644  SNMPTRAP - ok
12:08:01.0032 4644  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:08:01.0048 4644  spldr - ok
12:08:01.0063 4644  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:08:01.0110 4644  Spooler - ok
12:08:01.0173 4644  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:08:01.0251 4644  sppsvc - ok
12:08:01.0251 4644  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:08:01.0297 4644  sppuinotify - ok
12:08:01.0329 4644  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:08:01.0375 4644  srv - ok
12:08:01.0391 4644  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:08:01.0422 4644  srv2 - ok
12:08:01.0438 4644  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:08:01.0453 4644  srvnet - ok
12:08:01.0485 4644  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:08:01.0516 4644  SSDPSRV - ok
12:08:01.0516 4644  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:08:01.0547 4644  SstpSvc - ok
12:08:01.0578 4644  [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:08:01.0594 4644  ssudmdm - ok
12:08:01.0609 4644  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:08:01.0625 4644  stexstor - ok
12:08:01.0656 4644  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:08:01.0672 4644  stisvc - ok
12:08:01.0687 4644  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:08:01.0703 4644  swenum - ok
12:08:01.0719 4644  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:08:01.0765 4644  swprv - ok
12:08:01.0828 4644  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:08:01.0890 4644  SysMain - ok
12:08:01.0906 4644  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:08:01.0921 4644  TabletInputService - ok
12:08:01.0953 4644  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:08:01.0984 4644  TapiSrv - ok
12:08:02.0015 4644  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:08:02.0031 4644  TBS - ok
12:08:02.0093 4644  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:08:02.0140 4644  Tcpip - ok
12:08:02.0187 4644  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:08:02.0218 4644  TCPIP6 - ok
12:08:02.0249 4644  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:08:02.0280 4644  tcpipreg - ok
12:08:02.0311 4644  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:08:02.0327 4644  TDPIPE - ok
12:08:02.0358 4644  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:08:02.0374 4644  TDTCP - ok
12:08:02.0405 4644  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:08:02.0452 4644  tdx - ok
12:08:02.0467 4644  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:08:02.0483 4644  TermDD - ok
12:08:02.0499 4644  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:08:02.0545 4644  TermService - ok
12:08:02.0577 4644  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:08:02.0608 4644  Themes - ok
12:08:02.0623 4644  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:08:02.0639 4644  THREADORDER - ok
12:08:02.0701 4644  [ E319535A8124F25C1C9C5288CACF3101 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
12:08:02.0717 4644  TomTomHOMEService - ok
12:08:02.0733 4644  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:08:02.0779 4644  TrkWks - ok
12:08:02.0826 4644  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:08:02.0857 4644  TrustedInstaller - ok
12:08:02.0873 4644  [ 59BD43714E1034A913F019413905D387 ] TS4NT           C:\Windows\system32\Drivers\TS4nt.sys
12:08:02.0889 4644  TS4NT - ok
12:08:02.0935 4644  [ 9F03649CB5EA2A8AE4560B4FF866FD37 ] TSNxGService    C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe
12:08:02.0951 4644  TSNxGService - ok
12:08:02.0967 4644  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:08:02.0998 4644  tssecsrv - ok
12:08:03.0029 4644  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:08:03.0060 4644  TsUsbFlt - ok
12:08:03.0107 4644  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:08:03.0169 4644  tunnel - ok
12:08:03.0201 4644  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:08:03.0201 4644  uagp35 - ok
12:08:03.0232 4644  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:08:03.0279 4644  udfs - ok
12:08:03.0310 4644  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:08:03.0310 4644  UI0Detect - ok
12:08:03.0325 4644  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:08:03.0341 4644  uliagpkx - ok
12:08:03.0372 4644  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
12:08:03.0388 4644  umbus - ok
12:08:03.0403 4644  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:08:03.0435 4644  UmPass - ok
12:08:03.0466 4644  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:08:03.0497 4644  Updater Service - ok
12:08:03.0513 4644  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:08:03.0559 4644  upnphost - ok
12:08:03.0575 4644  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:08:03.0606 4644  usbccgp - ok
12:08:03.0637 4644  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:08:03.0653 4644  usbcir - ok
12:08:03.0669 4644  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:08:03.0669 4644  usbehci - ok
12:08:03.0684 4644  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:08:03.0715 4644  usbhub - ok
12:08:03.0731 4644  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:08:03.0747 4644  usbohci - ok
12:08:03.0778 4644  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:08:03.0809 4644  usbprint - ok
12:08:03.0840 4644  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:08:03.0856 4644  usbscan - ok
12:08:03.0871 4644  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:08:03.0903 4644  USBSTOR - ok
12:08:03.0918 4644  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:08:03.0934 4644  usbuhci - ok
12:08:03.0949 4644  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:08:04.0012 4644  UxSms - ok
12:08:04.0027 4644  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:08:04.0043 4644  VaultSvc - ok
12:08:04.0059 4644  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:08:04.0074 4644  vdrvroot - ok
12:08:04.0105 4644  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:08:04.0137 4644  vds - ok
12:08:04.0152 4644  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:08:04.0168 4644  vga - ok
12:08:04.0183 4644  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:08:04.0215 4644  VgaSave - ok
12:08:04.0230 4644  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:08:04.0246 4644  vhdmp - ok
12:08:04.0246 4644  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:08:04.0261 4644  viaide - ok
12:08:04.0277 4644  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:08:04.0277 4644  volmgr - ok
12:08:04.0308 4644  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:08:04.0339 4644  volmgrx - ok
12:08:04.0355 4644  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:08:04.0371 4644  volsnap - ok
12:08:04.0386 4644  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:08:04.0386 4644  vsmraid - ok
12:08:04.0433 4644  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:08:04.0511 4644  VSS - ok
12:08:04.0527 4644  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:08:04.0558 4644  vwifibus - ok
12:08:04.0589 4644  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:08:04.0620 4644  W32Time - ok
12:08:04.0620 4644  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:08:04.0636 4644  WacomPen - ok
12:08:04.0667 4644  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:08:04.0729 4644  WANARP - ok
12:08:04.0745 4644  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:08:04.0776 4644  Wanarpv6 - ok
12:08:04.0807 4644  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:08:04.0885 4644  wbengine - ok
12:08:04.0901 4644  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:08:04.0917 4644  WbioSrvc - ok
12:08:04.0948 4644  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:08:04.0963 4644  wcncsvc - ok
12:08:04.0979 4644  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:08:05.0010 4644  WcsPlugInService - ok
12:08:05.0026 4644  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:08:05.0041 4644  Wd - ok
12:08:05.0073 4644  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:08:05.0088 4644  Wdf01000 - ok
12:08:05.0104 4644  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:08:05.0213 4644  WdiServiceHost - ok
12:08:05.0213 4644  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:08:05.0229 4644  WdiSystemHost - ok
12:08:05.0260 4644  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:08:05.0275 4644  WebClient - ok
12:08:05.0307 4644  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:08:05.0353 4644  Wecsvc - ok
12:08:05.0369 4644  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:08:05.0416 4644  wercplsupport - ok
12:08:05.0431 4644  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:08:05.0463 4644  WerSvc - ok
12:08:05.0494 4644  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:08:05.0525 4644  WfpLwf - ok
12:08:05.0541 4644  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:08:05.0556 4644  WIMMount - ok
12:08:05.0572 4644  WinDefend - ok
12:08:05.0572 4644  WinHttpAutoProxySvc - ok
12:08:05.0619 4644  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:08:05.0681 4644  Winmgmt - ok
12:08:05.0728 4644  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:08:05.0806 4644  WinRM - ok
12:08:05.0837 4644  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:08:05.0853 4644  WinUsb - ok
12:08:05.0884 4644  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:08:05.0915 4644  Wlansvc - ok
12:08:05.0946 4644  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:08:05.0962 4644  wlcrasvc - ok
12:08:06.0040 4644  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:08:06.0087 4644  wlidsvc - ok
12:08:06.0118 4644  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:08:06.0149 4644  WmiAcpi - ok
12:08:06.0180 4644  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:08:06.0211 4644  wmiApSrv - ok
12:08:06.0227 4644  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:08:06.0258 4644  WPCSvc - ok
12:08:06.0289 4644  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:08:06.0321 4644  WPDBusEnum - ok
12:08:06.0336 4644  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:08:06.0383 4644  ws2ifsl - ok
12:08:06.0399 4644  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
12:08:06.0430 4644  wscsvc - ok
12:08:06.0430 4644  WSearch - ok
12:08:06.0492 4644  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:08:06.0523 4644  wuauserv - ok
12:08:06.0555 4644  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:08:06.0586 4644  WudfPf - ok
12:08:06.0617 4644  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:08:06.0679 4644  WUDFRd - ok
12:08:06.0711 4644  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:08:06.0742 4644  wudfsvc - ok
12:08:06.0757 4644  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:08:06.0789 4644  WwanSvc - ok
12:08:06.0789 4644  ================ Scan global ===============================
12:08:06.0820 4644  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:08:06.0851 4644  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:08:06.0851 4644  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:08:06.0867 4644  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:08:06.0898 4644  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:08:06.0898 4644  [Global] - ok
12:08:06.0898 4644  ================ Scan MBR ==================================
12:08:06.0898 4644  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:08:07.0116 4644  \Device\Harddisk0\DR0 - ok
12:08:07.0116 4644  ================ Scan VBR ==================================
12:08:07.0116 4644  [ C865E07B3B0B145278BA8E8F5310755F ] \Device\Harddisk0\DR0\Partition1
12:08:07.0116 4644  \Device\Harddisk0\DR0\Partition1 - ok
12:08:07.0132 4644  [ 20B3C7CE76E6C893AC6BC7178E928ADD ] \Device\Harddisk0\DR0\Partition2
12:08:07.0132 4644  \Device\Harddisk0\DR0\Partition2 - ok
12:08:07.0163 4644  [ 7144DF73999BB890CDD7DA51C50339FF ] \Device\Harddisk0\DR0\Partition3
12:08:07.0163 4644  \Device\Harddisk0\DR0\Partition3 - ok
12:08:07.0163 4644  ============================================================
12:08:07.0163 4644  Scan finished
12:08:07.0163 4644  ============================================================
12:08:07.0179 3520  Detected object count: 1
12:08:07.0179 3520  Actual detected object count: 1
12:08:23.0138 3520  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:23.0138 3520  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Geändert von HSK (01.09.2012 um 11:26 Uhr)

Alt 01.09.2012, 12:22   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.09.2012, 13:26   #21
HSK
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



Hallo


Combofix laueft nun ueber eine stunde und haengt bei punkt vie
R

Wad soll ich jetzt machen

Alt 01.09.2012, 13:47   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



Warte noch etwas ab
Tut sich nach längerer Zeit immer noch nichts: Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.09.2012, 16:37   #23
HSK
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



Hallo

CF geloescht -> neu geladen und gestartet.

CF hat funktioniert -> Windows wurde neu gestartet.

Nun warte ich seit 1.5 stunden auf den LOG.

Soll ich weiter warten?

Hallo,

hab das nun mal abgebrochen:

So lange sollte die LOG Erstellung ja nicht dauern; oder?

Gruß

Hallo,

habe das vor einer Stunde abgebrochen.

So lange sollte die LOG Erstellung nicht dauern oder?

Gruß

Zitat:
Zitat von HSK Beitrag anzeigen
Hallo

CF geloescht -> neu geladen und gestartet.

CF hat funktioniert -> Windows wurde neu gestartet.

Nun warte ich seit 1.5 stunden auf den LOG.

Soll ich weiter warten?

Hallo,

hab das nun mal abgebrochen:

So lange sollte die LOG Erstellung ja nicht dauern; oder?

Gruß

Hallo,

habe das vor einer Stunde abgebrochen.

So lange sollte die LOG Erstellung nicht dauern oder?

Gruß


Wieso kann ich in einer Antwort die gegen 17.15 erstellt wurde ume 21.50 erneut Antworten?

Geändert von HSK (01.09.2012 um 17:18 Uhr)

Alt 03.09.2012, 13:58   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



Letzter Versuch: Lade combofix.exe nochmal neu runter und starte es im abgesicherten Modus mit Netzwerktreibern
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.09.2012, 16:57   #25
HSK
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



Hallo,

das scheint geklappt zu haben.

Code:
ATTFilter
ComboFix 12-09-03.06 - Martin 03.09.2012  17:41:14.4.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4061.2595 [GMT 2:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
AV: G Data TotalProtection 2013 *Enabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data TotalProtection 2013 *Enabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-03 bis 2012-09-03  ))))))))))))))))))))))))))))))
.
.
2012-09-01 16:48 . 2012-09-01 16:48	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-09-01 16:48 . 2012-09-01 16:48	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-01 16:48 . 2012-09-01 16:48	--------	d-----w-	c:\program files (x86)\Java
2012-08-31 19:11 . 2012-08-31 19:11	--------	d-----w-	c:\windows\system32\%LOCALAPPDATA%
2012-08-31 19:10 . 2012-08-31 19:10	--------	d-----w-	C:\_OTL
2012-08-31 14:12 . 2012-08-27 23:49	9310152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E206C7A8-FA61-43BB-8634-BD7BB35DB578}\mpengine.dll
2012-08-30 22:00 . 2012-08-30 22:00	--------	d-----w-	c:\program files (x86)\ESET
2012-08-30 21:55 . 2012-08-30 21:55	--------	d-----w-	c:\users\Martin\AppData\Roaming\OpenOffice.org
2012-08-17 16:02 . 2012-09-01 21:36	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2012-08-17 15:55 . 2012-08-17 15:55	--------	d-----w-	c:\users\Martin\AppData\Local\Macromedia
2012-08-15 21:25 . 2012-08-30 15:55	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 21:25 . 2012-08-30 15:55	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 19:02 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2012-08-15 19:02 . 2012-05-05 07:46	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2012-08-15 19:02 . 2012-02-11 06:43	751104	----a-w-	c:\windows\system32\win32spl.dll
2012-08-15 19:02 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-15 19:02 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2012-08-15 19:02 . 2012-02-11 05:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2012-08-15 19:02 . 2012-07-04 22:16	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-08-15 19:02 . 2012-07-04 22:13	59392	----a-w-	c:\windows\system32\browcli.dll
2012-08-15 19:02 . 2012-07-04 22:13	136704	----a-w-	c:\windows\system32\browser.dll
2012-08-15 19:02 . 2012-07-04 21:14	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-08-15 19:02 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 19:02 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
2012-08-13 18:23 . 2012-08-13 18:23	--------	d-----w-	c:\programdata\TomTom
2012-08-13 18:23 . 2012-08-13 18:23	--------	d-----w-	c:\users\Netz\AppData\Roaming\TomTom
2012-08-13 18:23 . 2012-08-13 18:23	--------	d-----w-	c:\users\Netz\AppData\Local\TomTom
2012-08-13 18:22 . 2012-08-13 18:22	--------	d-----w-	c:\program files (x86)\TomTom HOME 2
2012-08-13 18:21 . 2012-08-13 18:21	--------	d-----w-	c:\program files (x86)\TomTom International B.V
2012-08-13 18:21 . 2012-08-13 18:21	--------	d-----w-	c:\users\Netz\AppData\Local\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 16:48 . 2012-05-03 17:21	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-09-01 16:48 . 2012-01-02 13:49	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-15 19:02 . 2012-01-02 15:02	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-07-03 11:46 . 2012-02-16 20:30	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-26 14:03 . 2012-08-02 16:23	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2012-06-26 14:02 . 2012-06-26 14:02	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2012-06-26 14:02 . 2012-06-26 14:02	330240	----a-w-	c:\windows\MASetupCaller.dll
2012-06-26 14:02 . 2012-06-26 14:02	30568	----a-w-	c:\windows\MusiccityDownload.exe
2012-06-26 14:02 . 2012-06-26 14:02	974848	----a-w-	c:\windows\SysWow64\cis-2.4.dll
2012-06-26 14:02 . 2012-06-26 14:02	81920	----a-w-	c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-06-26 14:02 . 2012-06-26 14:02	65536	----a-w-	c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-06-26 14:02 . 2012-06-26 14:02	57344	----a-w-	c:\windows\SysWow64\MTXSYNCICON.dll
2012-06-26 14:02 . 2012-06-26 14:02	57344	----a-w-	c:\windows\SysWow64\MK_Lyric.dll
2012-06-26 14:02 . 2012-06-26 14:02	57344	----a-w-	c:\windows\SysWow64\issacapi_se-2.3.dll
2012-06-26 14:02 . 2012-06-26 14:02	569344	----a-w-	c:\windows\SysWow64\muzdecode.ax
2012-06-26 14:02 . 2012-06-26 14:02	491520	----a-w-	c:\windows\SysWow64\muzapp.dll
2012-06-26 14:02 . 2012-06-26 14:02	49152	----a-w-	c:\windows\SysWow64\MaJGUILib.dll
2012-06-26 14:02 . 2012-06-26 14:02	45320	----a-w-	c:\windows\SysWow64\MAMACExtract.dll
2012-06-26 14:02 . 2012-06-26 14:02	45056	----a-w-	c:\windows\SysWow64\MaXMLProto.dll
2012-06-26 14:02 . 2012-06-26 14:02	45056	----a-w-	c:\windows\SysWow64\MACXMLProto.dll
2012-06-26 14:02 . 2012-06-26 14:02	40960	----a-w-	c:\windows\SysWow64\MTTELECHIP.dll
2012-06-26 14:02 . 2012-06-26 14:02	352256	----a-w-	c:\windows\SysWow64\MSLUR71.dll
2012-06-26 14:02 . 2012-06-26 14:02	258048	----a-w-	c:\windows\SysWow64\muzoggsp.ax
2012-06-26 14:02 . 2012-06-26 14:02	245760	----a-w-	c:\windows\SysWow64\MSCLib.dll
2012-06-26 14:02 . 2012-06-26 14:02	24576	----a-w-	c:\windows\SysWow64\MASetupCleaner.exe
2012-06-26 14:02 . 2012-06-26 14:02	200704	----a-w-	c:\windows\SysWow64\muzwmts.dll
2012-06-26 14:02 . 2012-06-26 14:02	155648	----a-w-	c:\windows\SysWow64\MSFLib.dll
2012-06-26 14:02 . 2012-06-26 14:02	143360	----a-w-	c:\windows\SysWow64\3DAudio.ax
2012-06-26 14:02 . 2012-06-26 14:02	135168	----a-w-	c:\windows\SysWow64\muzaf1.dll
2012-06-26 14:02 . 2012-06-26 14:02	131072	----a-w-	c:\windows\SysWow64\muzmpgsp.ax
2012-06-26 14:02 . 2012-06-26 14:02	122880	----a-w-	c:\windows\SysWow64\muzeffect.ax
2012-06-26 14:02 . 2012-06-26 14:02	118784	----a-w-	c:\windows\SysWow64\MaDRM.dll
2012-06-26 14:02 . 2012-06-26 14:02	110592	----a-w-	c:\windows\SysWow64\muzmp4sp.ax
2012-06-26 14:02 . 2012-08-02 16:23	821824	----a-w-	c:\windows\SysWow64\dgderapi.dll
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-06-09 05:43 . 2012-07-10 19:12	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 19:12	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 19:12	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 19:11	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 19:12	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 19:12	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 19:11	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecureBanking"="c:\program files (x86)\Secure Banking\SecureBanking.exe" [2012-05-23 364544]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe" [2012-01-27 985080]
"GDFirewallTray"="c:\program files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Netz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 GLogin;GLogin; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-07-25 681056]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 GDTunerSvc;G Data Tuner Service;c:\program files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [2012-03-08 1218040]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 114144]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-04-19 54136]
S0 TS4NT;TS4nt driver;c:\windows\System32\Drivers\TS4nt.sys [2012-04-19 98760]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-04-19 122744]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-04-19 65912]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-04-19 106648]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-04-19 64376]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [2012-02-02 1524728]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\TotalProtection\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe [2012-01-27 2006872]
S2 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2012-03-13 1609208]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-07-26 92632]
S2 TSNxGService;G Data Datensafe Service;c:\program files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [2012-03-09 306184]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [2012-01-27 1765352]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-04-19 59768]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe [2012-01-27 471048]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 80.69.100.230 80.69.100.174
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ravn2b8y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-TSNxG4Tray - c:\program files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-03  17:50:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-03 15:50
.
Vor Suchlauf: 16 Verzeichnis(se), 202.045.431.808 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 201.807.761.408 Bytes frei
.
- - End Of File - - BBC9D5C8880BAB63D9941ADE2EED9D62
         

Alt 03.09.2012, 20:30   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.09.2012, 21:18   #27
HSK
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



Hallo,

geschrieben und erledigt.

GMER hat nichts gefunden

Hier der Log von OSAM

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:01:31 on 03.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"G Data Rootkit Detector Driver" (GRD) - "G Data Software" - C:\Windows\system32\drivers\GRD.sys
"G Data WFP CD" (gdwfpcd) - "G Data Software AG" - C:\Windows\System32\drivers\gdwfpcd64.sys
"GDBehave" (GDBehave) - "G Data Software AG" - C:\Windows\System32\drivers\GDBehave.sys
"GDMnIcpt" (GDMnIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys
"GDPkIcpt" (GDPkIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\PktIcpt.sys
"GLogin" (GLogin) - ? - C:\Windows\system32\drivers\GLogin.sys  (File not found)
"HookCentre" (HookCentre) - "G Data Software AG" - C:\Windows\system32\drivers\HookCentre.sys
"PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
"TS4nt driver" (TS4NT) - "G Data Software" - C:\Windows\System32\Drivers\TS4nt.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{04184942-D1DF-4B17-BD72-81C230531CA6} "AVKVirtualFolder Class" - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupNSE.dll
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files (x86)\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files (x86)\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files (x86)\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files (x86)\WinZip\wzshlstb.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} "G Data BankGuard" - "G Data Software AG" - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.4.1.lnk" - ? - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"KiesPreload" - "Samsung" - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
"SecureBanking" - ? - C:\Program Files (x86)\Secure Banking\SecureBanking.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"EgisTecPMMUpdate" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"EgisUpdate" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
"G Data AntiVirus Tray Application" - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe
"GDFirewallTray" - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
"Hotkey Utility" - ? - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
"MDS_Menu" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
"SuiteTray" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
"G Data AntiVirus Proxy" (AVKProxy) - "G Data Software AG" - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
"G Data Backup Service" (GDBackupSvc) - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
"G Data Dateisystem Wächter" (AVKWCtl) - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe
"G Data Datensafe Service" (TSNxGService) - "G Data Software" - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe
"G Data Personal Firewall" (GDFwSvc) - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe
"G Data Scanner" (GDScan) - "G Data Software AG" - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
"G Data Scheduler" (AVKService) - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
"G Data Tuner Service" (GDTunerSvc) - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe
"GREGService" (GREGService) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\sua.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
"Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "G Data Software AG" - C:\Windows\syswow64\GdScrSv.scr

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Hier der Log von aswMBR

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-03 22:04:25
-----------------------------
22:04:25.714    OS Version: Windows x64 6.1.7601 Service Pack 1
22:04:25.714    Number of processors: 2 586 0x170A
22:04:25.714    ComputerName: MARTIN-PC  UserName: Martin
22:04:30.597    Initialize success
22:05:16.998    AVAST engine defs: 12090300
22:05:22.707    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:05:22.707    Disk 0 Vendor: ST350041 JC45 Size: 476940MB BusType: 3
22:05:22.723    Disk 0 MBR read successfully
22:05:22.723    Disk 0 MBR scan
22:05:22.785    Disk 0 Windows 7 default MBR code
22:05:22.801    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        18000 MB offset 2048
22:05:22.817    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 36866048
22:05:22.832    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       229419 MB offset 37070848
22:05:22.848    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       229419 MB offset 506920960
22:05:22.895    Disk 0 scanning C:\Windows\system32\drivers
22:05:33.456    Service scanning
22:05:51.193    Modules scanning
22:05:51.193    Disk 0 trace - called modules:
22:05:51.224    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
22:05:51.552    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069eb060]
22:05:51.567    3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800472b050]
22:05:58.010    AVAST engine scan C:\Windows
22:06:00.756    AVAST engine scan C:\Windows\system32
22:09:05.647    AVAST engine scan C:\Windows\system32\drivers
22:09:27.706    AVAST engine scan C:\Users\Martin
22:10:04.288    AVAST engine scan C:\ProgramData
22:11:00.354    Scan finished successfully
22:12:58.108    Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
22:12:58.124    The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"
         

Und hier ein grosses

Alt 03.09.2012, 21:28   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.09.2012, 01:35   #29
HSK
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



Hallo,

ier die beiden Logs:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [Administrator]

03.09.2012 22:42:25
mbam-log-2012-09-03 (22-42-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395445
Laufzeit: 1 Stunde(n), 2 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


Code:
ATTFilter
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 09/04/2012 bei 01:12 AM

Version der Applikation : 5.5.1012

Version der Kern-Datenbank : 9168
Version der Spur-Datenbank : 6980

Scan Art       : kompletter Scann
Totale Scann-Zeit : 01:18:35

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Gescannte Speicherelemente  : 679
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 64637
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 218341
Erfasste Datei-Elemente   : 0
         

Kanst du mir sagen was das vor ein Schädling war?

Code:
ATTFilter
Rootkit.XCP.B.1!E2
         
Mit Gruß und einem

Alt 04.09.2012, 14:39   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.XCP.B.1!E2 - Standard

Rootkit.XCP.B.1!E2



Nein kann ich nicht

Code:
ATTFilter
C:\$Recycle.Bin\S-1-5-21-2686819147-3779546801-4134725738-1003\$REYJ2JT.exe  RKIT.Rootkit.XCP.B.1!E2
         
Das Teil war ein Fund im Papierkorb, mit diesem kryptischen Namen lässt sich nicht sagen was da vorher war
Das es bei dieser Datei ein Fehlalarm war ist ebenfalls möglich
Was man unter Rootkit versteht wirst du ja wohl selbst finden
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Rootkit.XCP.B.1!E2
administrator, anti-malware, appdata, autostart, bösartige, dateien, default, einstellungen, emsisoft, explorer, files, gen, html, laufen, malwarebytes, methode, minute, proxyserver, recycle.bin, registrierung, rootkits, service, software, speicher, temp, traces, update, version



Ähnliche Themen: Rootkit.XCP.B.1!E2


  1. - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ?
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (13)
  2. GMER - Rootkit Scanner - VMAUTHSERVICE Rootkit
    Log-Analyse und Auswertung - 27.10.2013 (5)
  3. Rootkit, Bootkit, Rootkit.win32.tdss.ld4 - ich weiss nicht weiter..
    Log-Analyse und Auswertung - 18.03.2013 (1)
  4. Rootkit Infektion, danach Windows-Neuinstallation, GMER zeigt erneut Rootkit Aktivitäten an (Avast! false positive?)
    Log-Analyse und Auswertung - 05.03.2013 (2)
  5. Rootkit.0Access / Rootkit.Agent
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  6. Rootkit.gen gefunden/Rootkit-Befall - Bin ich im dran? Brauche dringend Beratung !!!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (3)
  7. Starforce? Rootkit Rootkit.TDSS! Bluescreens und Mbr laufend beschädigt!
    Plagegeister aller Art und deren Bekämpfung - 02.03.2011 (9)
  8. Absturz durch Rootkit beim GMER Rootkit Scan
    Plagegeister aller Art und deren Bekämpfung - 16.12.2010 (4)
  9. Pc Absturz durch Rootkit bei GMER Rootkit Scan
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (20)
  10. Tr/rootkit.gen windows/system32/Drivers.lnuuf.sys (rootkit Agent)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2010 (1)
  11. TR/Rootkit.Gen
    Plagegeister aller Art und deren Bekämpfung - 05.04.2010 (12)
  12. Ist 'TR/Rootkit.Gen' ein Rootkit, oder nicht?
    Log-Analyse und Auswertung - 06.03.2010 (41)
  13. MBR Rootkit? Was nun tun?
    Plagegeister aller Art und deren Bekämpfung - 07.06.2009 (1)
  14. TR/Crypt.XDR.gen, Rootkit.Kobcka.B, Trojan/Win32.Agent, Rootkit-Agent.CW atd.
    Plagegeister aller Art und deren Bekämpfung - 11.04.2009 (1)
  15. TR/Rootkit.Gen
    Antiviren-, Firewall- und andere Schutzprogramme - 31.03.2009 (1)
  16. TR/Rootkit.Gen
    Plagegeister aller Art und deren Bekämpfung - 14.09.2006 (1)
  17. Rootkit?!
    Log-Analyse und Auswertung - 12.08.2006 (2)

Zum Thema Rootkit.XCP.B.1!E2 - Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis : Bitte den Virenscanner abstellen bevor du den - Rootkit.XCP.B.1!E2...
Archiv
Du betrachtest: Rootkit.XCP.B.1!E2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.