| |
| |||||||
Log-Analyse und Auswertung: Firewall - Fehlercode 0x80070424, Windows Upadte und RootkitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
03.04.2013, 17:03
| #1 |
 |  Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit Hallo liebe Community ! Ich hab seit einigen Tagen Probleme mit meinem Laptop ( Acer Aspire 5750G) und da ich leider kein Computerspezialist bin, würde ich mich freuen, wenn Ihr mir helfen könntet, meine Probleme zu lösen Mein Hauptproblem ist, dass ich nach einigen Störungen am Laptop und nach längerer Suche darauf aufmerksam wurde, dass mein letztes Windowsupdate bereits rund 8 Monate her ist, ich - bzw mein Laptop - jedoch nicht in der Lage ist, neue zu downloaden. Link zu einem Bild des Fehlers: hxxp://imageshack.us/photo/my-images/600/updatexq.jpg/ Auch die Firewall macht Probleme und kann nicht aktiviert werden  Link zu einem Bild des Fehlers : hxxp://imageshack.us/photo/my-images/824/firei.jpg/ Nachdem ich mich selbst daran versucht habe, den/die Fehler aufzuspüren, kam ich auch ein Programm um Fehler zu finden, welches hier eigens im Forum "empfohlen" wurde .. Das Programm fand folgende "Fehler" :GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-03 17:42:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: 18t6du6v.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\fwlyiuod.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\services.exe [608:2160] 0000000000421c68
Thread C:\Windows\system32\services.exe [608:2192] 0000000000c2180c
Thread C:\Windows\system32\services.exe [608:2196] 0000000000c31670
Thread C:\Windows\system32\services.exe [608:2200] 0000000000c31518
---- EOF - GMER 2.1 ----
Auch wenn ich mich mit dem Computer ein kleines Stückweit auskenne, beiße ich bei diesen Problemen auf Granit .. Falls es bereits Theards zu diesen Problemen gibt, bitte meckert mich nicht an, sondern gebt mir einfach einen Link .. ich habe nach ca. 7 Stunden dauersuchen und ausprobieren immernoch keine Lösung gefunden  Ich bin für JEDE Hilfe dankbar, und werde all euren Anweisungen - sofern welche kommen - Folge leisten und hoffe, dass bald alles wieder rund läuft ! PS: Ich wäre auch bereit Windows neu aufzusetzen, habe jedoch keine Windowsdisk ( war von anfang an nicht dabei) , nur einen Code auf der Rückseite meines Laptops ( Windows 7 Home Premium ) DANKE im vorraus ... MfG Chris |
|
03.04.2013, 18:05
| #2 |
| /// TB-Ausbilder  |  Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
|
03.04.2013, 22:47
| #3 |
| | Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit Vielen Dank vorerst, für die so schnelle Antwort !
__________________ Ich versuche nun alles wie gewünscht weiter zu geben und hoffe, dass ich alles richtig mache  Schritt 1: Da ich leider nicht weiß, wie ich eine Datei hochlade, gebe ich dir den Inhalt von der Defogger Datei so her : Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:42 on 03/04/2013 (Christian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Schritt 2: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-03 23:19:31
-----------------------------
23:19:31.321 OS Version: Windows x64 6.1.7601 Service Pack 1
23:19:31.321 Number of processors: 4 586 0x2A07
23:19:31.321 ComputerName: CHRISTIAN-PC UserName: Christian
23:19:32.912 Initialize success
23:20:49.994 AVAST engine defs: 13040301
23:20:54.284 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:20:54.299 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
23:20:54.299 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\bScsiSDa1Port1Path0Target0Lun0
23:20:54.315 Disk 1 Vendor: Broadcom 0001 Size: 7659MB BusType: 1
23:20:54.455 Disk 0 MBR read successfully
23:20:54.455 Disk 0 MBR scan
23:20:54.471 Disk 0 Windows 7 default MBR code
23:20:54.486 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18432 MB offset 2048
23:20:54.502 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 37750784
23:20:54.518 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 458406 MB offset 37955584
23:20:54.549 Disk 0 scanning C:\Windows\system32\drivers
23:21:03.067 Service scanning
23:21:30.008 Modules scanning
23:21:30.023 Disk 0 trace - called modules:
23:21:30.039 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:21:30.055 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a618060]
23:21:30.055 3 CLASSPNP.SYS[fffff88001d6943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007e44050]
23:21:31.334 AVAST engine scan C:\Windows
23:21:34.111 AVAST engine scan C:\Windows\system32
23:22:31.347 File: C:\Windows\system32\services.exe **INFECTED** Win32:Patched-AKC [Trj]
23:23:48.052 AVAST engine scan C:\Windows\system32\drivers
23:23:58.692 AVAST engine scan C:\Users\Christian
23:26:25.332 File: C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\50e4dad4-49346361 **INFECTED** Win32:FakeAV-DVN [Trj]
23:28:25.141 AVAST engine scan C:\ProgramData
23:29:23.267 Scan finished successfully
23:29:38.134 Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"
23:29:38.134 The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt"
Hier gab es 2 verschiedene Datein ! 1. Code:
ATTFilter 23:31:22.0612 1356 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:31:22.0768 1356 ============================================================
23:31:22.0768 1356 Current date / time: 2013/04/03 23:31:22.0768
23:31:22.0768 1356 SystemInfo:
23:31:22.0768 1356
23:31:22.0768 1356 OS Version: 6.1.7601 ServicePack: 1.0
23:31:22.0768 1356 Product type: Workstation
23:31:22.0768 1356 ComputerName: CHRISTIAN-PC
23:31:22.0768 1356 UserName: Christian
23:31:22.0768 1356 Windows directory: C:\Windows
23:31:22.0768 1356 System windows directory: C:\Windows
23:31:22.0768 1356 Running under WOW64
23:31:22.0768 1356 Processor architecture: Intel x64
23:31:22.0768 1356 Number of processors: 4
23:31:22.0768 1356 Page size: 0x1000
23:31:22.0768 1356 Boot type: Normal boot
23:31:22.0768 1356 ============================================================
23:31:23.0267 1356 Drive \Device\Harddisk1\DR1 - Size: 0x1DEB00000 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
23:31:23.0298 1356 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:31:23.0314 1356 Drive \Device\Harddisk1\DR1 - Size: 0x1DEB00000 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:31:23.0314 1356 Drive \Device\Harddisk2\DR2 - Size: 0xEF1A8000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:31:23.0329 1356 ============================================================
23:31:23.0329 1356 \Device\Harddisk1\DR1:
23:31:23.0329 1356 MBR partitions:
23:31:23.0329 1356 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEF3800
23:31:23.0329 1356 \Device\Harddisk0\DR0:
23:31:23.0329 1356 MBR partitions:
23:31:23.0329 1356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
23:31:23.0329 1356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x37F53000
23:31:23.0329 1356 \Device\Harddisk1\DR1:
23:31:23.0329 1356 MBR partitions:
23:31:23.0329 1356 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEF3800
23:31:23.0329 1356 \Device\Harddisk2\DR2:
23:31:23.0329 1356 MBR partitions:
23:31:23.0329 1356 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x778D20
23:31:23.0329 1356 ============================================================
23:31:23.0345 1356 C: <-> \Device\Harddisk0\DR0\Partition2
23:31:23.0345 1356 ============================================================
23:31:23.0345 1356 Initialize success
23:31:23.0345 1356 ============================================================
23:31:37.0182 5240 Deinitialize success
Code:
ATTFilter 23:31:55.0870 6452 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:31:56.0151 6452 ============================================================
23:31:56.0151 6452 Current date / time: 2013/04/03 23:31:56.0151
23:31:56.0151 6452 SystemInfo:
23:31:56.0151 6452
23:31:56.0151 6452 OS Version: 6.1.7601 ServicePack: 1.0
23:31:56.0151 6452 Product type: Workstation
23:31:56.0151 6452 ComputerName: CHRISTIAN-PC
23:31:56.0151 6452 UserName: Christian
23:31:56.0151 6452 Windows directory: C:\Windows
23:31:56.0151 6452 System windows directory: C:\Windows
23:31:56.0151 6452 Running under WOW64
23:31:56.0151 6452 Processor architecture: Intel x64
23:31:56.0151 6452 Number of processors: 4
23:31:56.0151 6452 Page size: 0x1000
23:31:56.0151 6452 Boot type: Normal boot
23:31:56.0151 6452 ============================================================
23:31:56.0587 6452 Drive \Device\Harddisk1\DR1 - Size: 0x1DEB00000 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
23:31:56.0587 6452 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:31:56.0603 6452 Drive \Device\Harddisk1\DR1 - Size: 0x1DEB00000 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:31:56.0619 6452 Drive \Device\Harddisk2\DR2 - Size: 0xEF1A8000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:31:56.0619 6452 ============================================================
23:31:56.0619 6452 \Device\Harddisk1\DR1:
23:31:56.0619 6452 MBR partitions:
23:31:56.0619 6452 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEF3800
23:31:56.0619 6452 \Device\Harddisk0\DR0:
23:31:56.0619 6452 MBR partitions:
23:31:56.0619 6452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
23:31:56.0619 6452 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x37F53000
23:31:56.0619 6452 \Device\Harddisk1\DR1:
23:31:56.0619 6452 MBR partitions:
23:31:56.0619 6452 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEF3800
23:31:56.0619 6452 \Device\Harddisk2\DR2:
23:31:56.0619 6452 MBR partitions:
23:31:56.0619 6452 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x778D20
23:31:56.0619 6452 ============================================================
23:31:56.0650 6452 C: <-> \Device\Harddisk0\DR0\Partition2
23:31:56.0650 6452 ============================================================
23:31:56.0650 6452 Initialize success
23:31:56.0650 6452 ============================================================
23:32:03.0718 7096 ============================================================
23:32:03.0718 7096 Scan started
23:32:03.0718 7096 Mode: Manual; TDLFS;
23:32:03.0718 7096 ============================================================
23:32:04.0201 7096 ================ Scan system memory ========================
23:32:04.0201 7096 System memory - ok
23:32:04.0201 7096 ================ Scan services =============================
23:32:04.0466 7096 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:32:04.0466 7096 1394ohci - ok
23:32:04.0498 7096 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:32:04.0513 7096 ACPI - ok
23:32:04.0544 7096 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:32:04.0544 7096 AcpiPmi - ok
23:32:04.0732 7096 AddonsHelper - ok
23:32:04.0856 7096 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:32:04.0856 7096 AdobeARMservice - ok
23:32:05.0075 7096 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:32:05.0075 7096 AdobeFlashPlayerUpdateSvc - ok
23:32:05.0122 7096 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:32:05.0137 7096 adp94xx - ok
23:32:05.0168 7096 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:32:05.0168 7096 adpahci - ok
23:32:05.0200 7096 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:32:05.0200 7096 adpu320 - ok
23:32:05.0231 7096 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:32:05.0231 7096 AeLookupSvc - ok
23:32:05.0293 7096 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:32:05.0309 7096 AFD - ok
23:32:05.0356 7096 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:32:05.0356 7096 agp440 - ok
23:32:05.0387 7096 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:32:05.0387 7096 ALG - ok
23:32:05.0418 7096 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:32:05.0418 7096 aliide - ok
23:32:05.0434 7096 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:32:05.0434 7096 amdide - ok
23:32:05.0465 7096 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:32:05.0465 7096 AmdK8 - ok
23:32:05.0480 7096 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:32:05.0480 7096 AmdPPM - ok
23:32:05.0512 7096 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:32:05.0512 7096 amdsata - ok
23:32:05.0558 7096 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:32:05.0558 7096 amdsbs - ok
23:32:05.0574 7096 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:32:05.0574 7096 amdxata - ok
23:32:05.0636 7096 AntiVirSchedulerService - ok
23:32:05.0636 7096 AntiVirService - ok
23:32:05.0699 7096 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:32:05.0699 7096 AppID - ok
23:32:05.0730 7096 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:32:05.0730 7096 AppIDSvc - ok
23:32:05.0761 7096 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:32:05.0761 7096 Appinfo - ok
23:32:05.0824 7096 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:32:05.0824 7096 Apple Mobile Device - ok
23:32:05.0855 7096 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
23:32:05.0855 7096 arc - ok
23:32:05.0886 7096 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:32:05.0902 7096 arcsas - ok
23:32:05.0917 7096 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:32:05.0917 7096 AsyncMac - ok
23:32:05.0933 7096 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:32:05.0933 7096 atapi - ok
23:32:05.0995 7096 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:32:06.0011 7096 AudioEndpointBuilder - ok
23:32:06.0042 7096 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:32:06.0042 7096 AudioSrv - ok
23:32:06.0104 7096 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:32:06.0104 7096 avgntflt - ok
23:32:06.0120 7096 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:32:06.0120 7096 avipbb - ok
23:32:06.0151 7096 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:32:06.0151 7096 avkmgr - ok
23:32:06.0198 7096 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:32:06.0198 7096 AxInstSV - ok
23:32:06.0260 7096 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:32:06.0276 7096 b06bdrv - ok
23:32:06.0307 7096 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:32:06.0307 7096 b57nd60a - ok
23:32:06.0338 7096 [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd C:\Windows\system32\DRIVERS\b57xdbd.sys
23:32:06.0338 7096 b57xdbd - ok
23:32:06.0370 7096 [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp C:\Windows\system32\DRIVERS\b57xdmp.sys
23:32:06.0370 7096 b57xdmp - ok
23:32:06.0432 7096 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:32:06.0448 7096 BBSvc - ok
23:32:06.0479 7096 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:32:06.0479 7096 BBUpdate - ok
23:32:06.0619 7096 [ 11F844B46B631337395651ABE9C4167B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
23:32:06.0635 7096 BCM43XX - ok
23:32:06.0682 7096 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:32:06.0682 7096 BDESVC - ok
23:32:06.0728 7096 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:32:06.0728 7096 Beep - ok
23:32:06.0760 7096 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:32:06.0760 7096 blbdrive - ok
23:32:06.0838 7096 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:32:06.0853 7096 Bonjour Service - ok
23:32:06.0884 7096 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:32:06.0884 7096 bowser - ok
23:32:06.0916 7096 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:32:06.0916 7096 BrFiltLo - ok
23:32:06.0916 7096 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:32:06.0916 7096 BrFiltUp - ok
23:32:06.0962 7096 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
23:32:06.0962 7096 Browser - ok
23:32:06.0978 7096 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:32:06.0978 7096 Brserid - ok
23:32:06.0994 7096 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:32:06.0994 7096 BrSerWdm - ok
23:32:06.0994 7096 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:32:06.0994 7096 BrUsbMdm - ok
23:32:07.0025 7096 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:32:07.0025 7096 BrUsbSer - ok
23:32:07.0072 7096 [ 0970D8B7151E9113BF8D44CE2E954DF7 ] bScsiMSa C:\Windows\system32\DRIVERS\bScsiMSa.sys
23:32:07.0072 7096 bScsiMSa - ok
23:32:07.0087 7096 [ 0C1EEE5AF32402D306874B110DE237EC ] bScsiSDa C:\Windows\system32\DRIVERS\bScsiSDa.sys
23:32:07.0087 7096 bScsiSDa - ok
23:32:07.0103 7096 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:32:07.0103 7096 BTHMODEM - ok
23:32:07.0165 7096 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:32:07.0165 7096 bthserv - ok
23:32:07.0196 7096 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:32:07.0196 7096 cdfs - ok
23:32:07.0228 7096 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:32:07.0243 7096 cdrom - ok
23:32:07.0259 7096 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:32:07.0259 7096 CertPropSvc - ok
23:32:07.0290 7096 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
23:32:07.0290 7096 circlass - ok
23:32:07.0321 7096 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:32:07.0321 7096 CLFS - ok
23:32:07.0430 7096 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:32:07.0430 7096 clr_optimization_v2.0.50727_32 - ok
23:32:07.0462 7096 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:32:07.0462 7096 clr_optimization_v2.0.50727_64 - ok
23:32:07.0555 7096 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:32:07.0571 7096 clr_optimization_v4.0.30319_32 - ok
23:32:07.0618 7096 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:32:07.0618 7096 clr_optimization_v4.0.30319_64 - ok
23:32:07.0664 7096 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
23:32:07.0664 7096 CmBatt - ok
23:32:07.0696 7096 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:32:07.0696 7096 cmdide - ok
23:32:07.0758 7096 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:32:07.0774 7096 CNG - ok
23:32:07.0820 7096 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:32:07.0820 7096 Compbatt - ok
23:32:07.0836 7096 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:32:07.0836 7096 CompositeBus - ok
23:32:07.0867 7096 COMSysApp - ok
23:32:07.0883 7096 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:32:07.0883 7096 crcdisk - ok
23:32:07.0930 7096 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:32:07.0945 7096 CryptSvc - ok
23:32:07.0976 7096 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:32:07.0992 7096 DcomLaunch - ok
23:32:08.0054 7096 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:32:08.0054 7096 defragsvc - ok
23:32:08.0086 7096 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:32:08.0101 7096 DfsC - ok
23:32:08.0148 7096 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
23:32:08.0148 7096 dg_ssudbus - ok
23:32:08.0195 7096 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:32:08.0210 7096 Dhcp - ok
23:32:08.0257 7096 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:32:08.0257 7096 discache - ok
23:32:08.0288 7096 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
23:32:08.0304 7096 Disk - ok
23:32:08.0320 7096 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:32:08.0320 7096 Dnscache - ok
23:32:08.0351 7096 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:32:08.0351 7096 dot3svc - ok
23:32:08.0382 7096 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:32:08.0382 7096 DPS - ok
23:32:08.0413 7096 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:32:08.0429 7096 drmkaud - ok
23:32:08.0507 7096 [ 9DD3A22F804697606C2B7FF9E912FF6B ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
23:32:08.0507 7096 DsiWMIService - ok
23:32:08.0538 7096 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:32:08.0554 7096 DXGKrnl - ok
23:32:08.0569 7096 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:32:08.0569 7096 EapHost - ok
23:32:08.0663 7096 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:32:08.0772 7096 ebdrv - ok
23:32:08.0803 7096 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:32:08.0803 7096 EFS - ok
23:32:08.0851 7096 [ 18DD872DD46ACB24E106DC2C9C270466 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
23:32:08.0851 7096 EgisTec Ticket Service - ok
23:32:08.0945 7096 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:32:08.0960 7096 ehRecvr - ok
23:32:09.0007 7096 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:32:09.0007 7096 ehSched - ok
23:32:09.0069 7096 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:32:09.0069 7096 elxstor - ok
23:32:09.0179 7096 [ AC5C64F828C0A6A1350971501AC2A0C7 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
23:32:09.0194 7096 ePowerSvc - ok
23:32:09.0225 7096 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:32:09.0241 7096 ErrDev - ok
23:32:09.0303 7096 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:32:09.0303 7096 EventSystem - ok
23:32:09.0350 7096 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:32:09.0366 7096 exfat - ok
23:32:09.0381 7096 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:32:09.0381 7096 fastfat - ok
23:32:09.0428 7096 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:32:09.0459 7096 Fax - ok
23:32:09.0491 7096 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
23:32:09.0491 7096 fdc - ok
23:32:09.0553 7096 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:32:09.0553 7096 fdPHost - ok
23:32:09.0569 7096 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:32:09.0569 7096 FDResPub - ok
23:32:09.0600 7096 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:32:09.0600 7096 FileInfo - ok
23:32:09.0615 7096 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:32:09.0615 7096 Filetrace - ok
23:32:09.0662 7096 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:32:09.0678 7096 FLEXnet Licensing Service - ok
23:32:09.0756 7096 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:32:09.0756 7096 flpydisk - ok
23:32:09.0771 7096 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:32:09.0787 7096 FltMgr - ok
23:32:09.0849 7096 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:32:09.0881 7096 FontCache - ok
23:32:09.0959 7096 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:32:09.0959 7096 FontCache3.0.0.0 - ok
23:32:09.0974 7096 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:32:09.0974 7096 FsDepends - ok
23:32:10.0037 7096 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:32:10.0037 7096 Fs_Rec - ok
23:32:10.0068 7096 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:32:10.0083 7096 fvevol - ok
23:32:10.0115 7096 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:32:10.0115 7096 gagp30kx - ok
23:32:10.0146 7096 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:32:10.0146 7096 GEARAspiWDM - ok
23:32:10.0193 7096 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:32:10.0224 7096 gpsvc - ok
23:32:10.0302 7096 [ 84E58FEA8B1A7537696A20C59CB9B0C9 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
23:32:10.0302 7096 GREGService - ok
23:32:10.0317 7096 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:32:10.0317 7096 hcw85cir - ok
23:32:10.0364 7096 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:32:10.0364 7096 HdAudAddService - ok
23:32:10.0427 7096 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:32:10.0427 7096 HDAudBus - ok
23:32:10.0442 7096 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:32:10.0442 7096 HidBatt - ok
23:32:10.0458 7096 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:32:10.0458 7096 HidBth - ok
23:32:10.0489 7096 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
23:32:10.0489 7096 HidIr - ok
23:32:10.0520 7096 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:32:10.0520 7096 hidserv - ok
23:32:10.0551 7096 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:32:10.0551 7096 HidUsb - ok
23:32:10.0598 7096 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:32:10.0598 7096 hkmsvc - ok
23:32:10.0645 7096 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:32:10.0645 7096 HomeGroupListener - ok
23:32:10.0676 7096 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:32:10.0692 7096 HomeGroupProvider - ok
23:32:10.0739 7096 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:32:10.0739 7096 HpSAMD - ok
23:32:10.0785 7096 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:32:10.0801 7096 HTTP - ok
23:32:10.0848 7096 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:32:10.0848 7096 hwpolicy - ok
23:32:10.0879 7096 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:32:10.0895 7096 i8042prt - ok
23:32:10.0957 7096 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
23:32:10.0973 7096 iaStor - ok
23:32:11.0019 7096 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:32:11.0019 7096 IAStorDataMgrSvc - ok
23:32:11.0051 7096 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:32:11.0066 7096 iaStorV - ok
23:32:11.0129 7096 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:32:11.0175 7096 idsvc - ok
23:32:11.0409 7096 [ 9937600A1584FF00565D5379EB4C9EDB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:32:11.0659 7096 igfx - ok
23:32:11.0659 7096 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:32:11.0659 7096 iirsp - ok
23:32:11.0737 7096 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:32:11.0753 7096 IKEEXT - ok
23:32:11.0877 7096 [ 1CE438B31551746AB450D8FFA403BDB5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:32:11.0893 7096 IntcAzAudAddService - ok
23:32:11.0940 7096 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
23:32:11.0955 7096 IntcDAud - ok
23:32:12.0002 7096 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:32:12.0002 7096 intelide - ok
23:32:12.0033 7096 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:32:12.0033 7096 intelppm - ok
23:32:12.0065 7096 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:32:12.0065 7096 IPBusEnum - ok
23:32:12.0080 7096 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:32:12.0080 7096 IpFilterDriver - ok
23:32:12.0096 7096 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:32:12.0096 7096 IPMIDRV - ok
23:32:12.0127 7096 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:32:12.0127 7096 IPNAT - ok
23:32:12.0221 7096 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:32:12.0236 7096 iPod Service - ok
23:32:12.0252 7096 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:32:12.0252 7096 IRENUM - ok
23:32:12.0267 7096 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:32:12.0267 7096 isapnp - ok
23:32:12.0283 7096 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:32:12.0299 7096 iScsiPrt - ok
23:32:12.0345 7096 [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
23:32:12.0345 7096 k57nd60a - ok
23:32:12.0361 7096 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:32:12.0361 7096 kbdclass - ok
23:32:12.0377 7096 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:32:12.0377 7096 kbdhid - ok
23:32:12.0392 7096 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:32:12.0392 7096 KeyIso - ok
23:32:12.0423 7096 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:32:12.0423 7096 KSecDD - ok
23:32:12.0455 7096 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:32:12.0455 7096 KSecPkg - ok
23:32:12.0470 7096 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:32:12.0470 7096 ksthunk - ok
23:32:12.0517 7096 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:32:12.0533 7096 KtmRm - ok
23:32:12.0564 7096 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:32:12.0564 7096 LanmanServer - ok
23:32:12.0595 7096 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:32:12.0595 7096 LanmanWorkstation - ok
23:32:12.0657 7096 [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
23:32:12.0657 7096 Live Updater Service - ok
23:32:12.0704 7096 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:32:12.0704 7096 lltdio - ok
23:32:12.0751 7096 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:32:12.0751 7096 lltdsvc - ok
23:32:12.0782 7096 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:32:12.0782 7096 lmhosts - ok
23:32:12.0845 7096 [ 50C7CE53EF461870410355F1F2E7D515 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:32:12.0845 7096 LMS - ok
23:32:12.0876 7096 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:32:12.0891 7096 LSI_FC - ok
23:32:12.0923 7096 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:32:12.0923 7096 LSI_SAS - ok
23:32:12.0923 7096 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:32:12.0923 7096 LSI_SAS2 - ok
23:32:12.0938 7096 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:32:12.0938 7096 LSI_SCSI - ok
23:32:12.0969 7096 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:32:12.0969 7096 luafv - ok
23:32:12.0985 7096 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:32:12.0985 7096 Mcx2Svc - ok
23:32:13.0001 7096 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
23:32:13.0001 7096 megasas - ok
23:32:13.0016 7096 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:32:13.0032 7096 MegaSR - ok
23:32:13.0063 7096 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:32:13.0079 7096 MEIx64 - ok
23:32:13.0094 7096 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:32:13.0094 7096 MMCSS - ok
23:32:13.0110 7096 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:32:13.0110 7096 Modem - ok
23:32:13.0125 7096 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:32:13.0125 7096 monitor - ok
23:32:13.0172 7096 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:32:13.0172 7096 mouclass - ok
23:32:13.0203 7096 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:32:13.0203 7096 mouhid - ok
23:32:13.0219 7096 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:32:13.0219 7096 mountmgr - ok
23:32:13.0281 7096 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:32:13.0297 7096 MozillaMaintenance - ok
23:32:13.0313 7096 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:32:13.0313 7096 mpio - ok
23:32:13.0344 7096 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:32:13.0344 7096 mpsdrv - ok
23:32:13.0359 7096 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:32:13.0375 7096 MRxDAV - ok
23:32:13.0391 7096 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:32:13.0391 7096 mrxsmb - ok
23:32:13.0422 7096 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:32:13.0422 7096 mrxsmb10 - ok
23:32:13.0453 7096 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:32:13.0453 7096 mrxsmb20 - ok
23:32:13.0453 7096 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:32:13.0453 7096 msahci - ok
23:32:13.0484 7096 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:32:13.0484 7096 msdsm - ok
23:32:13.0500 7096 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:32:13.0500 7096 MSDTC - ok
23:32:13.0531 7096 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:32:13.0531 7096 Msfs - ok
23:32:13.0562 7096 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:32:13.0562 7096 mshidkmdf - ok
23:32:13.0562 7096 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:32:13.0562 7096 msisadrv - ok
23:32:13.0609 7096 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:32:13.0609 7096 MSiSCSI - ok
23:32:13.0625 7096 msiserver - ok
23:32:13.0640 7096 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:32:13.0640 7096 MSKSSRV - ok
23:32:13.0671 7096 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:32:13.0671 7096 MSPCLOCK - ok
23:32:13.0671 7096 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:32:13.0671 7096 MSPQM - ok
23:32:13.0703 7096 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:32:13.0718 7096 MsRPC - ok
23:32:13.0734 7096 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:32:13.0734 7096 mssmbios - ok
23:32:13.0749 7096 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:32:13.0749 7096 MSTEE - ok
23:32:13.0749 7096 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:32:13.0749 7096 MTConfig - ok
23:32:13.0781 7096 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:32:13.0781 7096 Mup - ok
23:32:13.0781 7096 [ C009123B206C56854F4E88596035231D ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
23:32:13.0781 7096 mwlPSDFilter - ok
23:32:13.0796 7096 [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
23:32:13.0796 7096 mwlPSDNServ - ok
23:32:13.0812 7096 [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
23:32:13.0812 7096 mwlPSDVDisk - ok
23:32:13.0843 7096 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:32:13.0859 7096 napagent - ok
23:32:13.0890 7096 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:32:13.0890 7096 NativeWifiP - ok
23:32:13.0952 7096 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:32:13.0983 7096 NDIS - ok
23:32:13.0999 7096 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:32:13.0999 7096 NdisCap - ok
23:32:14.0015 7096 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:32:14.0015 7096 NdisTapi - ok
23:32:14.0046 7096 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:32:14.0046 7096 Ndisuio - ok
23:32:14.0061 7096 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:32:14.0061 7096 NdisWan - ok
23:32:14.0077 7096 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:32:14.0077 7096 NDProxy - ok
23:32:14.0093 7096 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:32:14.0093 7096 NetBIOS - ok
23:32:14.0108 7096 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:32:14.0108 7096 NetBT - ok
23:32:14.0124 7096 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:32:14.0124 7096 Netlogon - ok
23:32:14.0186 7096 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:32:14.0186 7096 Netman - ok
23:32:14.0233 7096 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:32:14.0249 7096 netprofm - ok
23:32:14.0280 7096 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:32:14.0280 7096 NetTcpPortSharing - ok
23:32:14.0327 7096 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:32:14.0327 7096 nfrd960 - ok
23:32:14.0342 7096 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:32:14.0342 7096 NlaSvc - ok
23:32:14.0467 7096 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
23:32:14.0529 7096 NOBU - ok
23:32:14.0545 7096 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:32:14.0545 7096 Npfs - ok
23:32:14.0592 7096 npggsvc - ok
23:32:14.0607 7096 NPPTNT2 - ok
23:32:14.0639 7096 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:32:14.0639 7096 nsi - ok
23:32:14.0654 7096 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:32:14.0670 7096 nsiproxy - ok
23:32:14.0717 7096 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:32:14.0763 7096 Ntfs - ok
23:32:14.0826 7096 [ D27A4546417ED7C4AEA7B3420D4F1F50 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
23:32:14.0826 7096 NTI IScheduleSvc - ok
23:32:14.0841 7096 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
23:32:14.0857 7096 NTIDrvr - ok
23:32:14.0857 7096 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:32:14.0857 7096 Null - ok
23:32:15.0185 7096 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:32:15.0247 7096 nvlddmkm - ok
23:32:15.0278 7096 [ 715D45ED30003FC70CFA0D9C6DD0B538 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
23:32:15.0278 7096 nvpciflt - ok
23:32:15.0309 7096 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:32:15.0309 7096 nvraid - ok
23:32:15.0341 7096 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:32:15.0341 7096 nvstor - ok
23:32:15.0419 7096 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:32:15.0434 7096 nvsvc - ok
23:32:15.0528 7096 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:32:15.0559 7096 nvUpdatusService - ok
23:32:15.0575 7096 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:32:15.0575 7096 nv_agp - ok
23:32:15.0575 7096 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:32:15.0575 7096 ohci1394 - ok
23:32:15.0606 7096 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:32:15.0621 7096 p2pimsvc - ok
23:32:15.0637 7096 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:32:15.0637 7096 p2psvc - ok
23:32:15.0684 7096 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
23:32:15.0684 7096 Parport - ok
23:32:15.0731 7096 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:32:15.0731 7096 partmgr - ok
23:32:15.0746 7096 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:32:15.0762 7096 PcaSvc - ok
23:32:15.0777 7096 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:32:15.0777 7096 pci - ok
23:32:15.0793 7096 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:32:15.0793 7096 pciide - ok
23:32:15.0809 7096 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:32:15.0824 7096 pcmcia - ok
23:32:15.0840 7096 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:32:15.0840 7096 pcw - ok
23:32:15.0871 7096 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:32:15.0887 7096 PEAUTH - ok
23:32:16.0011 7096 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:32:16.0011 7096 PerfHost - ok
23:32:16.0089 7096 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:32:16.0136 7096 pla - ok
23:32:16.0261 7096 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:32:16.0277 7096 PlugPlay - ok
23:32:16.0323 7096 PnkBstrA - ok
23:32:16.0370 7096 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:32:16.0370 7096 PNRPAutoReg - ok
23:32:16.0386 7096 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:32:16.0401 7096 PNRPsvc - ok
23:32:16.0448 7096 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:32:16.0464 7096 PolicyAgent - ok
23:32:16.0495 7096 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:32:16.0511 7096 Power - ok
23:32:16.0557 7096 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:32:16.0557 7096 PptpMiniport - ok
23:32:16.0573 7096 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
23:32:16.0573 7096 Processor - ok
23:32:16.0604 7096 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:32:16.0604 7096 ProfSvc - ok
23:32:16.0635 7096 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:32:16.0635 7096 ProtectedStorage - ok
23:32:16.0651 7096 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:32:16.0651 7096 Psched - ok
23:32:16.0698 7096 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:32:16.0745 7096 ql2300 - ok
23:32:16.0745 7096 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:32:16.0745 7096 ql40xx - ok
23:32:16.0791 7096 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:32:16.0791 7096 QWAVE - ok
23:32:16.0807 7096 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:32:16.0807 7096 QWAVEdrv - ok
23:32:16.0838 7096 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:32:16.0838 7096 RasAcd - ok
23:32:16.0869 7096 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:32:16.0869 7096 RasAgileVpn - ok
23:32:16.0885 7096 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:32:16.0901 7096 RasAuto - ok
23:32:16.0916 7096 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:32:16.0916 7096 Rasl2tp - ok
23:32:16.0947 7096 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:32:16.0963 7096 RasMan - ok
23:32:16.0979 7096 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:32:16.0979 7096 RasPppoe - ok
23:32:16.0994 7096 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:32:17.0010 7096 RasSstp - ok
23:32:17.0025 7096 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:32:17.0025 7096 rdbss - ok
23:32:17.0041 7096 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
23:32:17.0041 7096 rdpbus - ok
23:32:17.0072 7096 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:32:17.0072 7096 RDPCDD - ok
23:32:17.0088 7096 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:32:17.0088 7096 RDPENCDD - ok
23:32:17.0103 7096 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:32:17.0103 7096 RDPREFMP - ok
23:32:17.0135 7096 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:32:17.0150 7096 RDPWD - ok
23:32:17.0166 7096 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:32:17.0166 7096 rdyboost - ok
23:32:17.0197 7096 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:32:17.0197 7096 RemoteAccess - ok
23:32:17.0228 7096 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:32:17.0244 7096 RemoteRegistry - ok
23:32:17.0259 7096 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:32:17.0259 7096 RpcEptMapper - ok
23:32:17.0291 7096 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:32:17.0291 7096 RpcLocator - ok
23:32:17.0322 7096 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:32:17.0322 7096 RpcSs - ok
23:32:17.0353 7096 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:32:17.0353 7096 rspndr - ok
23:32:17.0369 7096 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:32:17.0369 7096 SamSs - ok
23:32:17.0384 7096 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:32:17.0400 7096 sbp2port - ok
23:32:17.0415 7096 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:32:17.0415 7096 SCardSvr - ok
23:32:17.0431 7096 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:32:17.0431 7096 scfilter - ok
23:32:17.0478 7096 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:32:17.0509 7096 Schedule - ok
23:32:17.0556 7096 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:32:17.0556 7096 SCPolicySvc - ok
23:32:17.0571 7096 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
23:32:17.0571 7096 sdbus - ok
23:32:17.0603 7096 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:32:17.0603 7096 SDRSVC - ok
23:32:17.0727 7096 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Christian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
23:32:17.0727 7096 SearchAnonymizer - ok
23:32:17.0759 7096 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:32:17.0759 7096 secdrv - ok
23:32:17.0774 7096 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:32:17.0774 7096 seclogon - ok
23:32:17.0805 7096 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:32:17.0821 7096 SENS - ok
23:32:17.0837 7096 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:32:17.0837 7096 SensrSvc - ok
23:32:17.0883 7096 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
23:32:17.0883 7096 Serenum - ok
23:32:17.0899 7096 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
23:32:17.0899 7096 Serial - ok
23:32:17.0930 7096 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:32:17.0930 7096 sermouse - ok
23:32:17.0961 7096 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:32:17.0961 7096 SessionEnv - ok
23:32:17.0977 7096 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:32:17.0977 7096 sffdisk - ok
23:32:17.0977 7096 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:32:17.0977 7096 sffp_mmc - ok
23:32:17.0977 7096 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:32:17.0977 7096 sffp_sd - ok
23:32:17.0993 7096 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:32:17.0993 7096 sfloppy - ok
23:32:18.0024 7096 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:32:18.0024 7096 ShellHWDetection - ok
23:32:18.0039 7096 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:32:18.0039 7096 SiSRaid2 - ok
23:32:18.0055 7096 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:32:18.0055 7096 SiSRaid4 - ok
23:32:18.0071 7096 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:32:18.0071 7096 Smb - ok
23:32:18.0086 7096 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:32:18.0086 7096 SNMPTRAP - ok
23:32:18.0102 7096 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:32:18.0102 7096 spldr - ok
23:32:18.0133 7096 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
23:32:18.0149 7096 Spooler - ok
23:32:18.0273 7096 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:32:18.0320 7096 sppsvc - ok
23:32:18.0336 7096 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:32:18.0351 7096 sppuinotify - ok
23:32:18.0367 7096 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:32:18.0367 7096 srv - ok
23:32:18.0383 7096 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:32:18.0383 7096 srv2 - ok
23:32:18.0414 7096 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:32:18.0414 7096 srvnet - ok
23:32:18.0445 7096 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:32:18.0445 7096 SSDPSRV - ok
23:32:18.0461 7096 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:32:18.0461 7096 SstpSvc - ok
23:32:18.0507 7096 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
23:32:18.0507 7096 ssudmdm - ok
23:32:18.0585 7096 Steam Client Service - ok
23:32:18.0601 7096 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:32:18.0617 7096 stexstor - ok
23:32:18.0663 7096 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:32:18.0695 7096 stisvc - ok
23:32:18.0695 7096 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:32:18.0695 7096 swenum - ok
23:32:18.0726 7096 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:32:18.0741 7096 swprv - ok
23:32:18.0804 7096 [ EF51B22706DB03F0857FADE127C804EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:32:18.0819 7096 SynTP - ok
23:32:18.0866 7096 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:32:18.0913 7096 SysMain - ok
23:32:18.0929 7096 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:32:18.0944 7096 TabletInputService - ok
23:32:18.0975 7096 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:32:18.0975 7096 TapiSrv - ok
23:32:18.0991 7096 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:32:18.0991 7096 TBS - ok
23:32:19.0085 7096 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:32:19.0131 7096 Tcpip - ok
23:32:19.0194 7096 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:32:19.0209 7096 TCPIP6 - ok
23:32:19.0241 7096 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:32:19.0241 7096 tcpipreg - ok
23:32:19.0256 7096 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:32:19.0256 7096 TDPIPE - ok
23:32:19.0272 7096 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:32:19.0272 7096 TDTCP - ok
23:32:19.0287 7096 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:32:19.0287 7096 tdx - ok
23:32:19.0319 7096 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:32:19.0319 7096 TermDD - ok
23:32:19.0365 7096 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:32:19.0397 7096 TermService - ok
23:32:19.0412 7096 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:32:19.0412 7096 Themes - ok
23:32:19.0428 7096 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:32:19.0428 7096 THREADORDER - ok
23:32:19.0428 7096 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:32:19.0443 7096 TrkWks - ok
23:32:19.0490 7096 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:32:19.0490 7096 TrustedInstaller - ok
23:32:19.0521 7096 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:32:19.0521 7096 tssecsrv - ok
23:32:19.0553 7096 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:32:19.0553 7096 TsUsbFlt - ok
23:32:19.0568 7096 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:32:19.0568 7096 TsUsbGD - ok
23:32:19.0584 7096 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:32:19.0599 7096 tunnel - ok
23:32:19.0646 7096 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
23:32:19.0646 7096 TurboB - ok
23:32:19.0677 7096 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:32:19.0677 7096 TurboBoost - ok
23:32:19.0693 7096 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:32:19.0693 7096 uagp35 - ok
23:32:19.0709 7096 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
23:32:19.0709 7096 UBHelper - ok
23:32:19.0724 7096 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:32:19.0740 7096 udfs - ok
23:32:19.0771 7096 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:32:19.0771 7096 UI0Detect - ok
23:32:19.0787 7096 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:32:19.0787 7096 uliagpkx - ok
23:32:19.0802 7096 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:32:19.0802 7096 umbus - ok
23:32:19.0818 7096 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
23:32:19.0818 7096 UmPass - ok
23:32:19.0943 7096 [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:32:19.0989 7096 UNS - ok
23:32:20.0021 7096 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:32:20.0021 7096 upnphost - ok
23:32:20.0052 7096 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:32:20.0052 7096 USBAAPL64 - ok
23:32:20.0130 7096 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:32:20.0130 7096 usbaudio - ok
23:32:20.0177 7096 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:32:20.0177 7096 usbccgp - ok
23:32:20.0223 7096 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:32:20.0223 7096 usbcir - ok
23:32:20.0255 7096 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:32:20.0255 7096 usbehci - ok
23:32:20.0286 7096 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
23:32:20.0301 7096 usbhub - ok
23:32:20.0333 7096 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:32:20.0333 7096 usbohci - ok
23:32:20.0348 7096 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:32:20.0348 7096 usbprint - ok
23:32:20.0395 7096 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:32:20.0395 7096 usbscan - ok
23:32:20.0411 7096 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:32:20.0411 7096 USBSTOR - ok
23:32:20.0426 7096 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:32:20.0426 7096 usbuhci - ok
23:32:20.0473 7096 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:32:20.0473 7096 usbvideo - ok
23:32:20.0489 7096 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:32:20.0504 7096 UxSms - ok
23:32:20.0504 7096 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:32:20.0504 7096 VaultSvc - ok
23:32:20.0535 7096 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:32:20.0535 7096 vdrvroot - ok
23:32:20.0567 7096 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:32:20.0582 7096 vds - ok
23:32:20.0598 7096 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:32:20.0598 7096 vga - ok
23:32:20.0629 7096 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:32:20.0629 7096 VgaSave - ok
23:32:20.0629 7096 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:32:20.0629 7096 vhdmp - ok
23:32:20.0645 7096 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:32:20.0645 7096 viaide - ok
23:32:20.0660 7096 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:32:20.0660 7096 volmgr - ok
23:32:20.0676 7096 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:32:20.0676 7096 volmgrx - ok
23:32:20.0691 7096 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:32:20.0707 7096 volsnap - ok
23:32:20.0723 7096 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:32:20.0738 7096 vsmraid - ok
23:32:20.0785 7096 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:32:20.0816 7096 VSS - ok
23:32:20.0832 7096 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:32:20.0832 7096 vwifibus - ok
23:32:20.0863 7096 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:32:20.0879 7096 vwififlt - ok
23:32:20.0910 7096 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:32:20.0910 7096 vwifimp - ok
23:32:20.0941 7096 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:32:20.0957 7096 W32Time - ok
23:32:20.0972 7096 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:32:20.0972 7096 WacomPen - ok
23:32:21.0003 7096 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:32:21.0003 7096 WANARP - ok
23:32:21.0003 7096 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:32:21.0003 7096 Wanarpv6 - ok
23:32:21.0050 7096 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:32:21.0081 7096 wbengine - ok
23:32:21.0097 7096 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:32:21.0113 7096 WbioSrvc - ok
23:32:21.0128 7096 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:32:21.0128 7096 wcncsvc - ok
23:32:21.0159 7096 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:32:21.0159 7096 WcsPlugInService - ok
23:32:21.0159 7096 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
23:32:21.0159 7096 Wd - ok
23:32:21.0191 7096 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:32:21.0206 7096 Wdf01000 - ok
23:32:21.0222 7096 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:32:21.0222 7096 WdiServiceHost - ok
23:32:21.0222 7096 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:32:21.0222 7096 WdiSystemHost - ok
23:32:21.0253 7096 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:32:21.0253 7096 WebClient - ok
23:32:21.0269 7096 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:32:21.0284 7096 Wecsvc - ok
23:32:21.0300 7096 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:32:21.0300 7096 wercplsupport - ok
23:32:21.0347 7096 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:32:21.0347 7096 WerSvc - ok
23:32:21.0378 7096 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:32:21.0378 7096 WfpLwf - ok
23:32:21.0409 7096 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:32:21.0409 7096 WIMMount - ok
23:32:21.0409 7096 WinHttpAutoProxySvc - ok
23:32:21.0487 7096 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:32:21.0487 7096 Winmgmt - ok
23:32:21.0581 7096 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:32:21.0627 7096 WinRM - ok
23:32:21.0705 7096 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:32:21.0705 7096 WinUsb - ok
23:32:21.0752 7096 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:32:21.0799 7096 Wlansvc - ok
23:32:21.0830 7096 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:32:21.0846 7096 wlcrasvc - ok
23:32:21.0986 7096 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:32:22.0049 7096 wlidsvc - ok
23:32:22.0080 7096 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:32:22.0080 7096 WmiAcpi - ok
23:32:22.0111 7096 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:32:22.0127 7096 wmiApSrv - ok
23:32:22.0189 7096 WMPNetworkSvc - ok
23:32:22.0205 7096 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:32:22.0220 7096 WPCSvc - ok
23:32:22.0236 7096 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:32:22.0251 7096 WPDBusEnum - ok
23:32:22.0283 7096 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:32:22.0283 7096 ws2ifsl - ok
23:32:22.0283 7096 WSearch - ok
23:32:22.0314 7096 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:32:22.0314 7096 WudfPf - ok
23:32:22.0361 7096 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:32:22.0361 7096 WUDFRd - ok
23:32:22.0392 7096 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:32:22.0392 7096 wudfsvc - ok
23:32:22.0423 7096 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:32:22.0439 7096 WwanSvc - ok
23:32:22.0470 7096 ================ Scan global ===============================
23:32:22.0485 7096 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:32:22.0532 7096 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:32:22.0548 7096 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:32:22.0595 7096 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:32:22.0641 7096 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe
23:32:22.0657 7096 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
23:32:22.0657 7096 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
23:32:22.0657 7096 ================ Scan MBR ==================================
23:32:22.0657 7096 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
23:32:22.0829 7096 \Device\Harddisk1\DR1 - ok
23:32:22.0844 7096 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:32:23.0312 7096 \Device\Harddisk0\DR0 - ok
23:32:23.0312 7096 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
23:32:23.0468 7096 \Device\Harddisk1\DR1 - ok
23:32:23.0484 7096 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk2\DR2
23:32:24.0014 7096 \Device\Harddisk2\DR2 - ok
23:32:24.0014 7096 ================ Scan VBR ==================================
23:32:24.0014 7096 [ DB761C99D378A2D58E5D27AC15DF5A45 ] \Device\Harddisk1\DR1\Partition1
23:32:24.0014 7096 \Device\Harddisk1\DR1\Partition1 - ok
23:32:24.0030 7096 [ 0550BDB5B88588FC1CBCE8E49400A5F8 ] \Device\Harddisk0\DR0\Partition1
23:32:24.0030 7096 \Device\Harddisk0\DR0\Partition1 - ok
23:32:24.0077 7096 [ A5DFA8BE46009E6E525F61F136BFE3C5 ] \Device\Harddisk0\DR0\Partition2
23:32:24.0077 7096 \Device\Harddisk0\DR0\Partition2 - ok
23:32:24.0077 7096 [ DB761C99D378A2D58E5D27AC15DF5A45 ] \Device\Harddisk1\DR1\Partition1
23:32:24.0077 7096 \Device\Harddisk1\DR1\Partition1 - ok
23:32:24.0092 7096 [ A64BE5E1FD63B913D30801A797439667 ] \Device\Harddisk2\DR2\Partition1
23:32:24.0092 7096 \Device\Harddisk2\DR2\Partition1 - ok
23:32:24.0092 7096 ============================================================
23:32:24.0092 7096 Scan finished
23:32:24.0092 7096 ============================================================
23:32:24.0108 2644 Detected object count: 1
23:32:24.0108 2644 Actual detected object count: 1
23:32:31.0144 2644 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
23:32:31.0144 2644 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Skip
23:32:40.0582 6544 Deinitialize success
1. DDS : DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 1.6.0_31
Run by Christian at 23:35:50 on 2013-04-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8044.5246 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Users\Christian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
\\.\globalroot\systemroot\Installer\{ceddc4ab-85a7-ec95-7243-425c1730cbe9}\U
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe,
BHO: ICQ Sparberater: {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{5E5518B1-E563-4E1A-8B6E-BD1DF9FE3A2C} : DHCPNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://acer.msn.com
x64-mDefault_Page_URL = hxxp://acer.msn.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [Ocs_SM] C:\Users\Christian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\z2ougofk.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-02-11 12:54; dnshelp@dnshelp.com; C:\Users\Christian\AppData\Roaming\Helper
FF - ExtSQL: 2013-02-11 12:54; {F58A62EB-38DC-43C4-A539-DC52E135208D}; C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D}
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-8-8 28992]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-1-9 27760]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-7-22 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-7-22 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-7-22 62776]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-1-9 98848]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-22 353360]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-8-21 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-1-18 29696]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-22 13592]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-22 244624]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-1-5 256536]
R2 SearchAnonymizer;SearchAnonymizer;C:\Users\Christian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-2-6 40960]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-22 2656280]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-5-16 51240]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-5-6 86056]
R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-22 317440]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-10 425000]
S2 AddonsHelper;AddonsHelper;C:\Users\Christian\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe --> C:\Users\Christian\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [?]
S2 AntiVirSchedulerService;Avira Planer;"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [?]
S2 AntiVirService;Avira Echtzeit Scanner;"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S4 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-04-03 13:39:00 -------- d-----w- C:\Users\Christian\AppData\Roaming\TuneUp Software
2013-04-03 13:38:14 -------- d-----w- C:\ProgramData\TuneUp Software
2013-04-03 13:37:59 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-04-03 13:37:59 -------- d--h--w- C:\ProgramData\Common Files
2013-03-31 11:08:22 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-29 18:57:40 -------- d-----w- C:\Program Files (x86)\Amazon
2013-03-14 09:56:44 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-03-14 09:43:22 -------- d-----w- C:\Windows\System32\IO
2013-03-13 21:50:37 -------- d-----w- C:\Users\Christian\AppData\Local\Macromedia
2013-03-12 12:15:16 -------- d-----w- C:\Users\Christian\AppData\Roaming\Ozvyi
2013-03-12 12:15:16 -------- d-----w- C:\Users\Christian\AppData\Roaming\Moopo
2013-03-11 15:48:33 -------- d-----w- C:\Users\Christian\AppData\Local\EgisTec
.
==================== Find3M ====================
.
2013-03-31 11:43:27 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 23:36:33,55 ===============
2. attach : Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 09.01.2012 17:24:32
System Uptime: 03.04.2013 17:27:41 (6 hours ago)
.
Motherboard: Acer | | JE50_HR
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU1 | 2401/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 365,49 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP178: 31.03.2013 19:00:18 - Windows-Sicherung
RP179: 03.04.2013 15:38:22 - TuneUp Utilities 2013 wird installiert
RP180: 03.04.2013 15:58:10 - Removed Apple Software Update
RP181: 03.04.2013 15:58:34 - ICQ Sparberater wird entfernt
RP182: 03.04.2013 16:08:04 - TuneUp Utilities 2013 wird entfernt
RP183: 03.04.2013 16:09:21 - TuneUp Utilities Language Pack (de-DE) wird entfernt
RP184: 03.04.2013 16:10:02 - Removed Star Wars JK II Jedi Outcast
RP185: 03.04.2013 16:10:45 - Windows Modules Installer
RP186: 03.04.2013 16:30:26 - Windows-Sicherung
RP187: 03.04.2013 16:36:34 - Windows-Sicherung
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) MUI
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Backup Manager V3
Bing Bar
Bonjour
Broadcom Card Reader Driver Installer
Broadcom NetLink Controller
clear.fi
clear.fi Client
Counter-Strike: Source
D3DX10
Dolby Advanced Audio v2
Driver Detective
Flyff
Fotogalerija Windows Live
Free YouTube to MP3 Converter version 3.11.36.1201
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galeria fotogràfica del Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
GeoGebra 4
GeoGebra 4.2
ICQ Sparberater
Identity Card
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Launch Manager
Lazarus 1.0
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Age of Empires II
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 19.0.2 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
newsXpresso
Norton Online Backup
NTI Media Maker 9
NVIDIA Grafiktreiber 301.42
NVIDIA Install Application
NVIDIA Optimus 1.8.15
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.12.0213
NVIDIA Systemsteuerung 301.42
NVIDIA Update 1.8.15
NVIDIA Update Components
OpenOffice.org 3.3
Paint.NET v3.5.10
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
Preispilot für Firefox
PunkBuster Services
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
SearchAnonymizer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Shredder
Software Version Updater
SpeedUpMyPC
Steam
Stronghold
Stronghold Crusader Extreme
swMSM
Synaptics Pointing Device Driver
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Virtual DJ 6 Plus By DR.Ahmed Saker
Welcome Center
Windows Live
Windows Live ???
Windows Live ????
Windows Live Argazki Galeria
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinRAR 4.01 (32-Bit)
Xvid MPEG-4 Video Codec
Yontoo 1.12.02
.
==== End Of File ===========================
Hoffe das war so richtig ! |
|
04.04.2013, 09:00
| #4 |
| /// TB-Ausbilder | Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit Ja war korrekt so. Lesestoff: Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
Teile mir also mit, wie du dich entschieden hast. Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
04.04.2013, 11:32
| #5 |
| | Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit Combofix gibt mir einen Fehler an , dass angeblich eine Antispyware und ein Antivirusprogramm ( beides Avira Desktop) laufen würden, dabei finde ich diese Programme nicht und kann sie deshalb auch nicht ausschalten ... Ich lade im Folgenden mal einen Screenshot von den aktuell laufenden Prozessen hoch. hxxp://imageshack.us/photo/my-images/545/57917094.jpg/ Hier die Dateien auf Laufwerk C , die ich jedoch auch nicht löschen kann (Adminrechte) hxxp://imageshack.us/photo/my-images/802/93481658.jpg/ hxxp://imageshack.us/photo/my-images/109/avij.jpg/ Hoffe du kannst mir helfen, diese Antivieren Programme/Software zu schließen  So nach mehreren Durchgängen hat es nun doch funktioniert Ein Fehler kam während das programm durchgelaufen ist : hxxp://imageshack.us/photo/my-images/811/failbg.jpg/ Jedoch finde ich auf C: keine Datei namens Combofix.txt !! Dort befindet sich nur : hxxp://imageshack.us/photo/my-images/802/20717413.jpg/ Entschuldigung für eine weitere Meldung, aber mein Laptop möchte nun endlich updates laden !!! 40 wichtige 7 optionale verfügbar |
|
04.04.2013, 17:07
| #6 |
| /// TB-Ausbilder | Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit Lade Combofix nocheinmal neu. Benenne sie z.b. um in franz.exe oder was auch immer und starte. Bitte keine Bilder! Das macht mir die Arbeit nur schwerer.
__________________ --> Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit |
|
05.04.2013, 02:10
| #7 |
| | Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit Hat funktioniert Code:
ATTFilter ComboFix 13-04-04.01 - Christian 05.04.2013 2:52:19.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8044.5802 [GMT 2:00]
ausgeführt von:: C:\Users\Christian\Desktop\Simon.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
C:\ProgramData\00etadpu.pad
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\ProgramData\ism_0_llatsni.pad
C:\Users\Christian\AppData\Roaming\Help\coredb\storage
C:\Users\Christian\AppData\Roaming\Owsyra
C:\Users\Christian\AppData\Roaming\Owsyra\ygyno.efu
C:\Windows\Installer\{ceddc4ab-85a7-ec95-7243-425c1730cbe9}\@
C:\Windows\Installer\{ceddc4ab-85a7-ec95-7243-425c1730cbe9}\U\00000001.@
C:\Windows\Installer\{ceddc4ab-85a7-ec95-7243-425c1730cbe9}\U\80000000.@
C:\Windows\Installer\{ceddc4ab-85a7-ec95-7243-425c1730cbe9}\U\800000cb.@
C:\Windows\SysWow64\settings.ini
Infizierte Kopie von C:\Windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
((((((((((((((((((((((( Dateien erstellt von 2013-03-05 bis 2013-04-05 ))))))))))))))))))))))))))))))
2013-04-05 00:58:04 . 2013-04-05 00:58:04 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2013-04-05 00:58:04 . 2013-04-05 00:58:04 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-04-04 15:05:33 . 2013-04-04 15:05:33 328704 ----a-w- C:\Windows\system32\services.exe.9432DEB632ED58FE
2013-04-04 13:56:43 . 2012-07-26 07:46:05 2560 ----a-w- C:\Windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-04-04 13:56:42 . 2012-07-26 04:55:47 785512 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys
2013-04-04 13:56:42 . 2012-07-26 04:55:47 54376 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys
2013-04-04 13:56:42 . 2012-07-26 02:36:08 9728 ----a-w- C:\Windows\system32\Wdfres.dll
2013-04-04 13:54:38 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-04 13:54:38 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-04 13:51:28 . 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-04-04 13:51:28 . 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\system32\drivers\ntfs.sys
2013-04-04 13:51:27 . 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-04 13:51:27 . 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-04 13:51:23 . 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\system32\win32spl.dll
2013-04-04 13:51:23 . 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-04 13:51:10 . 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\system32\dhcpcsvc6.dll
2013-04-04 13:51:10 . 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\system32\dhcpcore6.dll
2013-04-04 13:51:10 . 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-04-04 13:51:10 . 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-04-04 13:51:06 . 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\system32\tzres.dll
2013-04-04 13:51:06 . 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-04-04 13:49:37 . 2013-02-02 07:37:58 182816 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-04-04 13:48:57 . 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\system32\taskhost.exe
2013-04-03 13:39:00 . 2013-04-03 13:39:00 -------- d-----w- C:\Users\Christian\AppData\Roaming\TuneUp Software
2013-04-03 13:38:14 . 2013-04-03 13:39:00 -------- d-----w- C:\ProgramData\TuneUp Software
2013-04-03 13:37:59 . 2013-04-03 13:47:19 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-04-03 13:37:59 . 2013-04-03 13:37:59 -------- d--h--w- C:\ProgramData\Common Files
2013-03-31 11:08:22 . 2013-03-31 11:43:27 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-29 18:58:07 . 2013-04-03 14:11:03 -------- d-----w- C:\Users\Christian\AppData\Roaming\Amazon
2013-03-29 18:57:40 . 2013-04-03 14:11:03 -------- d-----w- C:\Program Files (x86)\Amazon
2013-03-14 09:56:44 . 2013-03-14 09:56:44 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-03-14 09:43:22 . 2013-03-14 09:43:22 -------- d-----w- C:\Windows\system32\IO
2013-03-13 21:50:37 . 2013-03-13 21:50:37 -------- d-----w- C:\Users\Christian\AppData\Local\Macromedia
2013-03-13 21:36:52 . 2013-03-13 21:36:52 -------- d-----w- C:\Program Files\Java
2013-03-12 12:15:16 . 2013-03-14 09:21:47 -------- d-----w- C:\Users\Christian\AppData\Roaming\Moopo
2013-03-12 12:15:16 . 2013-03-12 12:15:16 -------- d-----w- C:\Users\Christian\AppData\Roaming\Ozvyi
2013-03-11 15:48:33 . 2013-03-11 15:48:33 -------- d-----w- C:\Users\Christian\AppData\Local\EgisTec
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-04-02 10:34:28 . 2010-11-21 03:27:21 282744 ------w- C:\Windows\system32\MpSigStub.exe
2013-03-31 11:43:27 . 2011-07-22 04:47:41 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-19 03:50:08 . 2013-04-04 13:41:24 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{22159797-922C-4383-BE04-D5AE18818F73}\mpengine.dll
2013-03-04 12:53:46 . 2012-03-31 17:11:02 72013344 ----a-w- C:\Windows\system32\MRT.exe
2013-02-12 05:45:24 . 2013-04-04 13:49:31 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 . 2013-04-04 13:49:31 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 . 2013-04-04 13:49:31 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 . 2013-04-04 13:49:31 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 . 2013-04-04 13:49:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 . 2013-04-04 13:49:31 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-01-10 22:05:01 197920 ----a-w- C:\Program Files (x86)\Yontoo\YontooIEClient.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 21:34:42 340848]
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 02:49:06 408432]
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 02:48:54 202608]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2011-07-01 02:51:12 1103440]
"Dolby Advanced Audio v2"="C:\Dolby PCEE4\pcee4.exe" [2011-02-03 11:50:24 506712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 03:24:28 73216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=C:\Windows\SysWOW64\nvinit.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
R1 fftfpauw;fftfpauw;C:\Windows\system32\drivers\fftfpauw.sys [x]
R2 AddonsHelper;AddonsHelper;C:\Users\Christian\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [x]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 10:25:12 191752]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys [2012-07-30 11:32:08 102240]
R3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 11:32:08 203104]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 13:00:56 149504]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-07-09 12:42:54 52736]
R4 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 21:09:38 173424]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 01:10:10 57184]
S0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 09:42:36 30056]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2011-12-15 14:00:00 27760]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-22 04:44:11 22648]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-22 04:44:11 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-22 04:44:11 62776]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 14:59:00 249648]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 02:51:12 353360]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 12:01:08 872552]
S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 06:40:48 29696]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 07:32:54 13592]
S2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 16:44:14 244624]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 13:22:10 256536]
S2 SearchAnonymizer;SearchAnonymizer;C:\Users\Christian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-02-06 17:02:11 40960]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-29 13:00:04 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 21:24:42 2656280]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 16:15:28 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 16:15:30 19496]
S3 bScsiMSa;bScsiMSa;C:\Windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 12:57:32 51240]
S3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 08:11:12 86056]
S3 IntcDAud;Intel(R) Display-Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 08:28:18 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 03:42:16 425000]
Inhalt des "geplante Tasks" Ordners
2013-04-05 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-31 11:08:22 . 2013-03-31 11:43:28]
2013-04-05 C:\Windows\Tasks\AmiUpdXp.job
- C:\Users\Christian\AppData\Local\SwvUpdater\Updater.exe [2013-02-06 17:01:45 . 2013-04-04 13:27:26]
2013-04-05 C:\Windows\Tasks\SpeedUpMyPC.job
- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe [2013-02-11 11:54:48 . 2013-01-08 10:27:24]
2013-04-05 C:\Windows\Tasks\spmonitor.job
- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-02-11 11:54:48 . 2013-01-08 10:27:24]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-06-21 02:19:12 167704]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-06-21 02:19:00 392472]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2011-06-21 02:19:06 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 01:39:57 168960]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 08:29:28 11786344]
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 06:59:22 2207848]
"Ocs_SM"="C:\Users\Christian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2013-02-06 17:02:11 106496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=C:\Windows\System32\nvinitx.dll
------- Zusätzlicher Suchlauf -------
uStart Page = hxxp://www.google.de/
uLocal Page = C:\Windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\z2ougofk.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-02-11 12:54; dnshelp@dnshelp.com; C:\Users\Christian\AppData\Roaming\Helper
FF - ExtSQL: 2013-02-11 12:54; {F58A62EB-38DC-43C4-A539-DC52E135208D}; C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D}
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - C:\Windows\system32\pbsvc_bc2.exe
AddRemove-GeoGebra 4 - C:\Windows\system32\javaws.exe
AddRemove-GeoGebra 4.2 - C:\Windows\system32\javaws.exe
|
|
05.04.2013, 09:20
| #8 |
| /// TB-Ausbilder | Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit Das war was ziemlich fieses. Fein. Wir gehen aber auf Nummer sicher: Scan mit MBAR Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
05.04.2013, 11:14
| #9 |
| | Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit So vorerst den Inhalt der Log Datei : Code:
ATTFilter Database version: v2013.03.21.13
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Christian :: CHRISTIAN-PC [administrator]
05.04.2013 11:39:20
mbar-log-2013-04-05 (11-39-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30504
Time elapsed: 10 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 10
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1 (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\Updater.AmiUpd (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1 (PUP.Software.Updater) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
c:\Windows\Installer\{ceddc4ab-85a7-ec95-7243-425c1730cbe9}\L (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{ceddc4ab-85a7-ec95-7243-425c1730cbe9}\U (Backdoor.0Access) -> Delete on reboot.
Files Detected: 2
c:\Users\Christian\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Delete on reboot.
c:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Delete on reboot.
(end)
Meine Firewall hat sich von selbst wieder aktiviert !! und gibt keinen Fehlercode mehr an, mein Windows Updater hat bereits seinen Job erledigt und ich bin einfach nur glücklich !! Ich danke dir "ryder" vielmals , ohne dich wäre ich vermutlich verzweifelt !! Ich nehme jedoch auch gerne noch tipps, welches Antivirenprogramm ich mir holen soll ( gerne Freeware, wäre jedoch auch bereit einen nicht all zu hohen Preis zu zahlen) MfG Chris ! |
|
05.04.2013, 15:58
| #10 |
| /// TB-Ausbilder | Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit Hab ich was von fertig erzählt? Bitte nochmal mit Combofix scannen und Log posten.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
07.04.2013, 12:51
| #11 |
| /// TB-Ausbilder | Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Keine Logfiles einsenden, nur kurzer Hinweis, nachdem du deine Logfiles hier eingestellt hast. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.04.2013, 20:01
| #12 |
| | Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit Leider gibt bei erneutem Durchlauf von Comboxfix (u.a. auch umbenannt und Laptop neugestartet ) keine .txt dabei in C:\ an ! Beim Durchlauf von Combofix kommt der Fehler : Fehler beim Überschreiben der Datei : "C:\32788R22FWJFW\pev.3XE" PS: Im Ordner C steht bzw existiert eine Datei (Ordner) names 32788R22FWJFW (angeblich ein Ordner mit 14mb und 3 Ordnern ) aber jedoch mit einem Pc als Symbol und bein Öffnen, öffnet sich lediglich wieder das Fenster von "Computer" jedoch steht in der Taskleiste : -> Computer -> Acer(C -> 32788R22...PS2: Im Taskmanager befinden sich die mir unbekannten Programme : - C:\32788R22FWJFW\cmd.3XE - C:\32788R22FWJFW\PEV.3XE sooo .. mein Laptop hat es nun doch geschafft endlich mal combofix in ruhe durchlaufen zu lassen ... hier die neue log datei Code:
ATTFilter ComboFix 13-04-08.02 - Christian 08.04.2013 21:15:34.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8044.5890 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\Anna.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\00etadpu.pad
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\ism_0_llatsni.pad
c:\users\Christian\AppData\Roaming\Help\coredb\storage
c:\users\Christian\AppData\Roaming\Owsyra\ygyno.efu
c:\windows\Installer\{ceddc4ab-85a7-ec95-7243-425c1730cbe9}\@
c:\windows\Installer\{ceddc4ab-85a7-ec95-7243-425c1730cbe9}\U\00000001.@
c:\windows\Installer\{ceddc4ab-85a7-ec95-7243-425c1730cbe9}\U\80000000.@
c:\windows\Installer\{ceddc4ab-85a7-ec95-7243-425c1730cbe9}\U\800000cb.@
c:\windows\SysWow64\settings.ini
.
-- Vorheriger Suchlauf --
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
--------
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-08 bis 2013-04-08 ))))))))))))))))))))))))))))))
.
.
2013-04-08 19:24 . 2013-04-08 19:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-08 19:24 . 2013-04-08 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-08 19:18 . 2013-04-08 19:18 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD152744-F15C-4247-BC50-47DA188A1DF9}\offreg.dll
2013-04-08 06:58 . 2013-03-19 03:50 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD152744-F15C-4247-BC50-47DA188A1DF9}\mpengine.dll
2013-04-06 17:05 . 2013-03-19 03:50 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-05 10:34 . 2012-10-23 05:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE9DC2AF-3B66-4DC5-AE8F-7E75EB750116}\gapaengine.dll
2013-04-05 10:31 . 2013-04-05 10:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-04-05 10:31 . 2013-04-05 10:31 -------- d-----w- c:\program files\Microsoft Security Client
2013-04-05 09:40 . 2013-03-19 03:50 9311288 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C594DE2E-8558-4217-A3E8-97DFBC8E11BD}\mpengine.dll
2013-04-04 15:05 . 2013-04-04 15:05 328704 ----a-w- c:\windows\system32\services.exe.9432DEB632ED58FE
2013-04-04 14:47 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-04 14:47 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-04 14:47 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-04-04 14:47 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-04 14:47 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-04-04 14:47 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-04-04 14:47 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-04-04 14:47 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-04-04 14:47 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-04-04 13:56 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-04-04 13:56 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-04-04 13:56 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-04-04 13:56 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-04-04 13:54 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-04 13:54 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-04 13:51 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-04 13:51 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 13:51 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-04 13:51 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-04 13:51 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-04-04 13:51 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-04 13:51 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-04-04 13:51 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-04-04 13:51 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-04-04 13:51 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-04-04 13:51 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-04-04 13:51 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-04-04 13:49 . 2013-02-02 07:37 182816 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-04-04 13:48 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-04-03 13:39 . 2013-04-03 13:39 -------- d-----w- c:\users\Christian\AppData\Roaming\TuneUp Software
2013-04-03 13:38 . 2013-04-03 13:39 -------- d-----w- c:\programdata\TuneUp Software
2013-04-03 13:37 . 2013-04-03 13:47 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-04-03 13:37 . 2013-04-03 13:37 -------- d--h--w- c:\programdata\Common Files
2013-03-31 11:08 . 2013-03-31 11:43 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-29 18:58 . 2013-04-03 14:11 -------- d-----w- c:\users\Christian\AppData\Roaming\Amazon
2013-03-29 18:57 . 2013-04-03 14:11 -------- d-----w- c:\program files (x86)\Amazon
2013-03-14 09:56 . 2013-03-14 09:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-03-14 09:43 . 2013-03-14 09:43 -------- d-----w- c:\windows\system32\IO
2013-03-13 21:50 . 2013-03-13 21:50 -------- d-----w- c:\users\Christian\AppData\Local\Macromedia
2013-03-13 21:36 . 2013-03-13 21:36 -------- d-----w- c:\program files\Java
2013-03-12 12:15 . 2013-03-14 09:21 -------- d-----w- c:\users\Christian\AppData\Roaming\Moopo
2013-03-12 12:15 . 2013-03-12 12:15 -------- d-----w- c:\users\Christian\AppData\Roaming\Ozvyi
2013-03-11 15:48 . 2013-03-11 15:48 -------- d-----w- c:\users\Christian\AppData\Local\EgisTec
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-31 11:43 . 2011-07-22 04:47 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-04 12:53 . 2012-03-31 17:11 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-04-04 13:49 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-04 13:49 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-04-04 13:49 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-04 13:49 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-04-04 13:49 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-04 13:49 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-20 13:59 . 2013-01-20 13:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 13:59 . 2013-01-20 13:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-01-10 22:05 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 fftfpauw;fftfpauw;c:\windows\system32\drivers\fftfpauw.sys [x]
R2 AddonsHelper;AddonsHelper;c:\users\Christian\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-22 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-22 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-22 62776]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\Christian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-02-06 40960]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-31 11:43]
.
2013-04-08 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\sump.exe [2013-02-11 10:27]
.
2013-04-08 c:\windows\Tasks\spmonitor.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-02-11 10:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"Ocs_SM"="c:\users\Christian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2013-02-06 106496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\z2ougofk.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-02-11 12:54; dnshelp@dnshelp.com; c:\users\Christian\AppData\Roaming\Helper
FF - ExtSQL: 2013-02-11 12:54; {F58A62EB-38DC-43C4-A539-DC52E135208D}; c:\users\Christian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}"=hex:51,66,7a,6c,4c,1d,38,12,d7,c2,75,
03,ee,fc,8b,03,f6,22,0c,7d,6e,1c,f5,a9
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:15,89,27,5f,3d,fa,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-08 21:27:33
ComboFix-quarantined-files.txt 2013-04-08 19:27
.
Vor Suchlauf: 14 Verzeichnis(se), 395.763.970.048 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 395.469.672.448 Bytes frei
.
- - End Of File - - 2182479045CB934120E3CD9D318BB056
|
|
09.04.2013, 12:44
| #13 |
| /// TB-Ausbilder | Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit Sehr schön, wir entfernen jetzt noch ein wenig Werbung: Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen
Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3: AdwCleaner wiederholen Die vorliegende Version der Werbeprogramme ist ziemlich hartnäckig und kann von AdwCleaner erfahrungsgemäss nur bei zweimaliger Anwendung entfernt werden. Also wiederhole diesen Schritt bitte und poste auch das Logfile. Schritt 4: Kontrolle mit Combofix.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
09.04.2013, 22:14
| #14 |
| | Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit So, 1. Durchlauf AdwCleaner: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 09/04/2013 um 16:45:52 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Christian - CHRISTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Christian\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Christian\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\foxydeal_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\foxydeal_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\z2ougofk.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [4892 octets] - [09/04/2013 16:45:52]
########## EOF - C:\AdwCleaner[S1].txt - [4952 octets] ##########
Combofix: Code:
ATTFilter ComboFix 13-04-08.02 - Christian 09.04.2013 23:03:47.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8044.6150 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\Anna.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-09 bis 2013-04-09 ))))))))))))))))))))))))))))))
.
.
2013-04-09 21:10 . 2013-04-09 21:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-09 21:10 . 2013-04-09 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-09 07:01 . 2013-03-19 03:50 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BD9612A-33D4-4C4D-82F2-C3F614C22256}\mpengine.dll
2013-04-08 06:58 . 2013-03-19 03:50 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-05 10:34 . 2012-10-23 05:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE9DC2AF-3B66-4DC5-AE8F-7E75EB750116}\gapaengine.dll
2013-04-05 10:31 . 2013-04-05 10:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-04-05 10:31 . 2013-04-05 10:31 -------- d-----w- c:\program files\Microsoft Security Client
2013-04-05 09:40 . 2013-03-19 03:50 9311288 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C594DE2E-8558-4217-A3E8-97DFBC8E11BD}\mpengine.dll
2013-04-04 15:05 . 2013-04-04 15:05 328704 ----a-w- c:\windows\system32\services.exe.9432DEB632ED58FE
2013-04-04 14:47 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-04 14:47 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-04 14:47 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-04-04 14:47 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-04 14:47 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-04-04 14:47 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-04-04 14:47 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-04-04 14:47 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-04-04 14:47 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-04-04 13:56 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-04-04 13:56 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-04-04 13:56 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-04-04 13:56 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-04-04 13:54 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-04 13:54 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-04 13:51 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-04 13:51 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 13:51 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-04 13:51 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-04 13:51 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-04-04 13:51 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-04 13:51 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-04-04 13:51 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-04-04 13:51 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-04-04 13:51 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-04-04 13:51 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-04-04 13:51 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-04-04 13:49 . 2013-02-02 07:37 182816 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-04-04 13:48 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-04-03 13:39 . 2013-04-03 13:39 -------- d-----w- c:\users\Christian\AppData\Roaming\TuneUp Software
2013-04-03 13:38 . 2013-04-03 13:39 -------- d-----w- c:\programdata\TuneUp Software
2013-04-03 13:37 . 2013-04-03 13:47 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-04-03 13:37 . 2013-04-03 13:37 -------- d--h--w- c:\programdata\Common Files
2013-03-31 11:08 . 2013-03-31 11:43 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-29 18:58 . 2013-04-03 14:11 -------- d-----w- c:\users\Christian\AppData\Roaming\Amazon
2013-03-29 18:57 . 2013-04-03 14:11 -------- d-----w- c:\program files (x86)\Amazon
2013-03-14 09:56 . 2013-03-14 09:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-03-14 09:43 . 2013-03-14 09:43 -------- d-----w- c:\windows\system32\IO
2013-03-13 21:50 . 2013-03-13 21:50 -------- d-----w- c:\users\Christian\AppData\Local\Macromedia
2013-03-13 21:36 . 2013-03-13 21:36 -------- d-----w- c:\program files\Java
2013-03-12 12:15 . 2013-03-14 09:21 -------- d-----w- c:\users\Christian\AppData\Roaming\Moopo
2013-03-12 12:15 . 2013-03-12 12:15 -------- d-----w- c:\users\Christian\AppData\Roaming\Ozvyi
2013-03-11 15:48 . 2013-03-11 15:48 -------- d-----w- c:\users\Christian\AppData\Local\EgisTec
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-31 11:43 . 2011-07-22 04:47 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-04 12:53 . 2012-03-31 17:11 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-04-04 13:49 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-04 13:49 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-04-04 13:49 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-04 13:49 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-04-04 13:49 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-04 13:49 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-20 13:59 . 2013-01-20 13:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 13:59 . 2013-01-20 13:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 fftfpauw;fftfpauw;c:\windows\system32\drivers\fftfpauw.sys [x]
R2 AddonsHelper;AddonsHelper;c:\users\Christian\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-22 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-22 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-22 62776]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-31 11:43]
.
2013-04-09 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\sump.exe [2013-02-11 10:27]
.
2013-04-09 c:\windows\Tasks\spmonitor.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-02-11 10:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\z2ougofk.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-02-11 12:54; dnshelp@dnshelp.com; c:\users\Christian\AppData\Roaming\Helper
FF - ExtSQL: 2013-02-11 12:54; {F58A62EB-38DC-43C4-A539-DC52E135208D}; c:\users\Christian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - (no file)
Toolbar-Locked - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}"=hex:51,66,7a,6c,4c,1d,38,12,d7,c2,75,
03,ee,fc,8b,03,f6,22,0c,7d,6e,1c,f5,a9
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:15,89,27,5f,3d,fa,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-09 23:11:59
ComboFix-quarantined-files.txt 2013-04-09 21:11
ComboFix2.txt 2013-04-08 19:27
.
Vor Suchlauf: 14 Verzeichnis(se), 395.262.525.440 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 394.831.339.520 Bytes frei
.
- - End Of File - - 590D5825864BADB3FE1412681509FC2B
|
|
10.04.2013, 13:27
| #15 |
| /// TB-Ausbilder | Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit Dann weiter Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Firewall - Fehlercode 0x80070424, Windows Upadte und Rootkit |
| 0x8007042, acer aspire, appdata, code, driver, firewall, folge, forum, harddisk, home, lösung, probleme, programm, rootkit, scan, services.exe, störungen, suche, system, system32, temp, virus.win64.zaccess.b, windows |
Hybrid-Darstellung
