Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PSV.Fareit.H.174 von Avira gemeldet (https://www.trojaner-board.de/129927-psv-fareit-h-174-avira-gemeldet.html)

BumBum 22.01.2013 15:03
PSV.Fareit.H.174 von Avira gemeldet
 
Habe von Avira heute erneut die Meldung bzgl. des Trojaners bekommen, hab den dann in die Quarantäne verschieben lassen und gelöscht. Scheint aber immer wieder zu kommen. :(
Ich hoffe es kann mir jemand helfen, wie ich den Trojaner loswerde. Vielen lieben Dank im Vorraus.

defogger
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:33 on 22/01/2013 (Andreas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
aswMBR
Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-22 14:34:20
-----------------------------
14:34:20.382    OS Version: Windows x64 6.1.7601 Service Pack 1
14:34:20.382    Number of processors: 4 586 0x2505
14:34:20.382    ComputerName: ANDREAS-PC  UserName: Andreas
14:34:22.145    Initialize success
14:35:04.849    AVAST engine defs: 13012200
14:35:20.761    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:35:20.761    Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 8
14:35:20.777    Disk 0 MBR read successfully
14:35:20.777    Disk 0 MBR scan
14:35:20.793    Disk 0 Windows 7 default MBR code
14:35:20.808    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
14:35:20.824    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
14:35:20.839    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      468942 MB offset 31664128
14:35:20.839    Disk 0 Partition - 00    0F Extended LBA            469465 MB offset 992057344
14:35:20.886    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      469464 MB offset 992059392
14:35:20.917    Disk 0 scanning C:\Windows\system32\drivers
14:35:31.526    Service scanning
14:35:54.333    Modules scanning
14:35:54.333    Disk 0 trace - called modules:
14:35:54.364    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:35:54.364    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d18060]
14:35:54.364    3 CLASSPNP.SYS[fffff8800186543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049e4050]
14:35:56.330    AVAST engine scan C:\Windows
14:35:58.560    AVAST engine scan C:\Windows\system32
14:39:17.466    AVAST engine scan C:\Windows\system32\drivers
14:39:32.614    AVAST engine scan C:\Users\Andreas
14:45:24.906    File: C:\Users\Andreas\AppData\Roaming\Idxa\ocul.exe  **INFECTED** Win32:Trojan-gen
14:45:55.059    AVAST engine scan C:\ProgramData
14:49:32.481    Scan finished successfully
14:50:02.713    Disk 0 MBR has been saved successfully to "C:\Users\Andreas\Desktop\MBR.dat"
14:50:02.723    The log file has been saved successfully to "C:\Users\Andreas\Desktop\aswMBR.txt"
tdskiller
hat nichts gefunden

dds

Code:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_29
Run by Andreas at 14:53:32 on 2013-01-22
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4023.2125 [GMT 1:00]
.
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\Andreas\AppData\Roaming\Idxa\ocul.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://trassenauskunft-kabel.telekom.de/html/index.html
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Wezyyr] C:\Users\Andreas\AppData\Roaming\Idxa\ocul.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: Interfaces\{AD5C7358-D537-4965-9BB5-045A5089DC69} : NameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 relog_ap
x64-mStart Page = hxxp://acer.msn.com
x64-mDefault_Page_URL = hxxp://acer.msn.com
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\q3n3tl22.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-4-4 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-4-4 269480]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-4-4 88288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-31 243232]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-14 76320]
R3 fwlanusb4;FRITZ!WLAN N/G;C:\Windows\System32\drivers\fwlanusb4.sys [2011-4-4 1293824]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-31 346144]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 avmeject;AVM Eject;C:\Windows\System32\drivers\avmeject.sys [2011-4-4 14120]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-4-1 1436424]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-27 59392]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-01-18 12:10:55        --------        d-----w-        C:\Users\Andreas\AppData\Roaming\Ytyxe
2013-01-18 09:31:46        --------        d-----w-        C:\Users\Andreas\AppData\Roaming\Malwarebytes
2013-01-18 09:31:38        --------        d-----w-        C:\ProgramData\Malwarebytes
2013-01-18 09:31:37        24176        ----a-w-        C:\Windows\System32\drivers\mbam.sys
2013-01-18 09:31:37        --------        d-----w-        C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-18 09:31:25        --------        d-----w-        C:\Users\Andreas\AppData\Local\Programs
2013-01-11 11:31:20        --------        d-----w-        C:\Users\Andreas\AppData\Local\KONICA MINOLTA
2013-01-11 10:30:48        --------        d-----w-        C:\Users\Andreas\AppData\Local\Adobe
.
==================== Find3M  ====================
.
2013-01-09 08:17:12        74248        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 08:17:12        697864        ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11:22        46080        ----a-w-        C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03        367616        ----a-w-        C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28        295424        ----a-w-        C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20        34304        ----a-w-        C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16        441856        ----a-w-        C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31        2746368        ----a-w-        C:\Windows\System32\gameux.dll
2012-12-07 12:26:17        308736        ----a-w-        C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43        2576384        ----a-w-        C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04        30720        ----a-w-        C:\Windows\System32\usk.rs
2012-12-07 11:20:03        43520        ----a-w-        C:\Windows\System32\csrr.rs
2012-12-07 11:20:03        23552        ----a-w-        C:\Windows\System32\oflc.rs
2012-12-07 11:20:01        45568        ----a-w-        C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01        44544        ----a-w-        C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01        20480        ----a-w-        C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00        20480        ----a-w-        C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59        20480        ----a-w-        C:\Windows\System32\pegi.rs
2012-12-07 11:19:58        46592        ----a-w-        C:\Windows\System32\fpb.rs
2012-12-07 11:19:57        40960        ----a-w-        C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57        21504        ----a-w-        C:\Windows\System32\grb.rs
2012-12-07 11:19:57        15360        ----a-w-        C:\Windows\System32\djctq.rs
2012-12-07 11:19:56        55296        ----a-w-        C:\Windows\System32\cero.rs
2012-12-07 11:19:55        51712        ----a-w-        C:\Windows\System32\esrb.rs
2012-11-30 05:45:35        362496        ----a-w-        C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35        243200        ----a-w-        C:\Windows\System32\wow64.dll
2012-11-30 05:45:35        13312        ----a-w-        C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14        215040        ----a-w-        C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12        16384        ----a-w-        C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07        424448        ----a-w-        C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00        5120        ----a-w-        C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59        274944        ----a-w-        C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48        338432        ----a-w-        C:\Windows\System32\conhost.exe
2012-11-30 02:44:06        25600        ----a-w-        C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04        7680        ----a-w-        C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04        14336        ----a-w-        C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03        2048        ----a-w-        C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59        6144        ---ha-w-        C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59        4608        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59        3584        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59        3072        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31        3149824        ----a-w-        C:\Windows\System32\win32k.sys
2012-11-23 03:13:57        68608        ----a-w-        C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23        800768        ----a-w-        C:\Windows\System32\usp10.dll
2012-11-22 04:45:03        626688        ----a-w-        C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49        307200        ----a-w-        C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09        220160        ----a-w-        C:\Windows\SysWow64\ncrypt.dll
2012-11-12 12:28:37        1638912        ----a-w-        C:\Windows\System32\mshtml.tlb
2012-11-12 11:52:18        1638912        ----a-w-        C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:32        750592        ----a-w-        C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09        2048        ----a-w-        C:\Windows\System32\tzres.dll
2012-11-09 04:43:04        492032        ----a-w-        C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49        2048        ----a-w-        C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11        478208        ----a-w-        C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31        376832        ----a-w-        C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42        2002432        ----a-w-        C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42        1882624        ----a-w-        C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54        1389568        ----a-w-        C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54        1236992        ----a-w-        C:\Windows\SysWow64\msxml3.dll
2012-10-27 06:26:55        981504        ----a-w-        C:\Windows\SysWow64\wininet.dll
2012-10-27 05:51:21        1188864        ----a-w-        C:\Windows\System32\wininet.dll
.
============= FINISH: 14:53:58,98 ===============

Attach
Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 01.04.2011 14:19:36
System Uptime: 22.01.2013 07:10:37 (7 hours ago)
.
Motherboard: Acer |  | Aspire M3910
Processor: Intel(R) Core(TM) i5 CPU        650  @ 3.20GHz | CPU 1 | 3201/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 458 GiB total, 374,962 GiB free.
D: is FIXED (NTFS) - 458 GiB total, 430,231 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2-Maus
Device ID: ACPI\PNP0F03\4&DC382E&0
Manufacturer: Microsoft
Name: Microsoft PS/2-Maus
PNP Device ID: ACPI\PNP0F03\4&DC382E&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP118: 04.10.2012 08:46:00 - Geplanter Prüfpunkt
RP119: 11.10.2012 13:46:08 - Geplanter Prüfpunkt
RP120: 11.10.2012 17:02:26 - Windows Update
RP121: 23.10.2012 12:05:28 - Geplanter Prüfpunkt
RP122: 31.10.2012 13:34:20 - Geplanter Prüfpunkt
RP123: 08.11.2012 12:12:51 - Geplanter Prüfpunkt
RP124: 12.11.2012 12:58:09 - Installed mkv2vob
RP125: 14.11.2012 17:00:39 - Windows Update
RP126: 19.11.2012 17:04:39 - Windows Update
RP127: 27.11.2012 15:14:36 - Geplanter Prüfpunkt
RP128: 28.11.2012 17:03:54 - Windows Update
RP129: 06.12.2012 08:43:54 - Geplanter Prüfpunkt
RP130: 13.12.2012 11:48:55 - Geplanter Prüfpunkt
RP131: 13.12.2012 12:58:59 - Windows Update
RP132: 21.12.2012 13:15:15 - Windows Update
RP133: 07.01.2013 08:26:59 - Geplanter Prüfpunkt
RP134: 09.01.2013 14:39:44 - Windows Update
RP135: 15.01.2013 11:46:22 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 4.57
7-Zip 9.20 (x64 edition)
Acer eRecovery Management
Acer Registration
Acer Updater
Acrobat.com
Acronis*True*Image*Home
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1 MUI
Advertising Center
Apple Application Support
Apple Software Update
AutoCAD 2011 - Deutsch
AutoCAD 2011 Language Pack - Deutsch
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
Avira AntiVir Personal - Free Antivirus
AVM FRITZ!WLAN
Canon IJ Network Tool
Canon Inkjet Printer Driver Add-On Module V2.00
Canon iX7000 series Printer Driver
CCleaner
CutePDF Writer 2.8
Der Kleine Turnierplaner 6.7.3.1a
Design to Field Importers
Dummy File Creator
FARO LS 1.1.406.58
FlexNet Activation Service 11.8.0
GPL Ghostscript 9.01
HijackThis 2.0.2
Identity Card
ImagXpress
IrfanView (remove only)
Java 2 Runtime Environment, SE v1.4.2_19
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 6 Update 31 (64-bit)
Junk Mail filter update
Leica Geo Office 8.1
Leica Geosystems CLM Activation Wizard 1.0
Leica Geosystems CLM Administrator 1.0
Malwarebytes Anti-Malware Version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Klick-und-Los 2010
Microsoft Office Starter 2010 - Deutsch
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mkv2vob
Mozilla Firefox 18.0.1 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.2 (x86 de)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker Suite
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Notepad++
NVIDIA 3D Vision Treiber 306.97
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Grafiktreiber 306.97
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 306.97
NVIDIA Update 1.10.8
NVIDIA Update Components
PDF Blender
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Recuva
RocketDock 1.3.5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Shredder
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Winamp
Winamp Erkennungs-Plug-in
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
WinISO
.
==== End Of File ===========================

markusg 22.01.2013 15:15
hi
was heißt erneut...?
öffne Avira, Verwaltung, Quarantäne, poste alle Funde mit Pfadangabe

BumBum 22.01.2013 15:23
Danke für die schnelle Antwort! Wow :daumenhoc

Avirameldung von heute
- Protokoll gestern hatte meine eifrige Kollegin versehentlich gelöscht.

Code:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Dienstag, 22. Januar 2013  14:08

Es wird nach 4699360 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : ANDREAS-PC

Versionsinformationen:
BUILD.DAT      : 10.2.0.719    36070 Bytes  25.10.2012 10:38:00
AVSCAN.EXE    : 10.3.0.7      484008 Bytes  29.06.2011 05:17:14
AVSCAN.DLL    : 10.0.5.0      57192 Bytes  29.06.2011 05:17:14
LUKE.DLL      : 10.3.0.5      45416 Bytes  29.06.2011 05:17:14
LUKERES.DLL    : 10.0.0.0      13672 Bytes  14.01.2010 09:59:47
AVSCPLR.DLL    : 10.3.0.7      119656 Bytes  29.06.2011 05:17:14
AVREG.DLL      : 10.3.0.9      88833 Bytes  18.07.2011 07:03:16
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 07:05:36
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 12:36:27
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 06:55:53
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 07:08:16
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 05:51:21
VBASE005.VDF  : 7.11.34.116  4034048 Bytes  29.06.2012 05:17:04
VBASE006.VDF  : 7.11.41.250  4902400 Bytes  06.09.2012 12:13:36
VBASE007.VDF  : 7.11.50.230  3904512 Bytes  22.11.2012 06:52:02
VBASE008.VDF  : 7.11.55.142  2214912 Bytes  03.01.2013 06:54:50
VBASE009.VDF  : 7.11.55.143    2048 Bytes  03.01.2013 06:54:50
VBASE010.VDF  : 7.11.55.144    2048 Bytes  03.01.2013 06:54:50
VBASE011.VDF  : 7.11.55.145    2048 Bytes  03.01.2013 06:54:50
VBASE012.VDF  : 7.11.55.146    2048 Bytes  03.01.2013 06:54:50
VBASE013.VDF  : 7.11.55.196  260096 Bytes  04.01.2013 06:54:50
VBASE014.VDF  : 7.11.56.23    206848 Bytes  07.01.2013 06:28:03
VBASE015.VDF  : 7.11.56.83    186880 Bytes  08.01.2013 06:28:03
VBASE016.VDF  : 7.11.56.145  135168 Bytes  09.01.2013 06:28:03
VBASE017.VDF  : 7.11.56.211  139776 Bytes  11.01.2013 06:22:12
VBASE018.VDF  : 7.11.57.11    153088 Bytes  13.01.2013 06:22:12
VBASE019.VDF  : 7.11.57.75    165888 Bytes  15.01.2013 09:27:30
VBASE020.VDF  : 7.11.57.163  190976 Bytes  17.01.2013 09:27:31
VBASE021.VDF  : 7.11.57.219  119808 Bytes  18.01.2013 06:34:55
VBASE022.VDF  : 7.11.57.220    2048 Bytes  18.01.2013 06:34:55
VBASE023.VDF  : 7.11.57.221    2048 Bytes  18.01.2013 06:34:55
VBASE024.VDF  : 7.11.57.222    2048 Bytes  18.01.2013 06:34:55
VBASE025.VDF  : 7.11.57.223    2048 Bytes  18.01.2013 06:34:55
VBASE026.VDF  : 7.11.57.224    2048 Bytes  18.01.2013 06:34:55
VBASE027.VDF  : 7.11.57.225    2048 Bytes  18.01.2013 06:34:55
VBASE028.VDF  : 7.11.57.226    2048 Bytes  18.01.2013 06:34:55
VBASE029.VDF  : 7.11.57.227    2048 Bytes  18.01.2013 06:34:55
VBASE030.VDF  : 7.11.57.228    2048 Bytes  18.01.2013 06:34:55
VBASE031.VDF  : 7.11.57.254  147456 Bytes  21.01.2013 06:34:56
Engineversion  : 8.2.10.232
AEVDF.DLL      : 8.1.2.10      102772 Bytes  11.07.2012 05:10:53
AESCRIPT.DLL  : 8.1.4.82      467323 Bytes  18.01.2013 09:27:32
AESCN.DLL      : 8.1.10.0      131445 Bytes  17.12.2012 06:29:25
AESBX.DLL      : 8.2.5.12      606578 Bytes  18.06.2012 05:15:42
AERDL.DLL      : 8.2.0.88      643444 Bytes  11.01.2013 06:28:06
AEPACK.DLL    : 8.3.1.2      819574 Bytes  05.01.2013 06:54:54
AEOFFICE.DLL  : 8.1.2.50      201084 Bytes  06.11.2012 06:51:24
AEHEUR.DLL    : 8.1.4.174    5615991 Bytes  11.01.2013 06:28:06
AEHELP.DLL    : 8.1.25.2      258423 Bytes  15.10.2012 05:49:31
AEGEN.DLL      : 8.1.6.14      434548 Bytes  11.01.2013 06:28:04
AEEXP.DLL      : 8.3.0.10      188789 Bytes  18.01.2013 09:27:32
AEEMU.DLL      : 8.1.3.2      393587 Bytes  11.07.2012 05:10:52
AECORE.DLL    : 8.1.30.0      201079 Bytes  17.12.2012 06:29:24
AEBB.DLL      : 8.1.1.4        53619 Bytes  06.11.2012 06:51:22
AVWINLL.DLL    : 10.0.0.0      19304 Bytes  04.03.2011 12:36:13
AVPREF.DLL    : 10.0.3.2      44904 Bytes  29.06.2011 05:17:14
AVREP.DLL      : 10.0.0.10    174120 Bytes  23.05.2011 05:33:15
AVARKT.DLL    : 10.0.26.1    255336 Bytes  29.06.2011 05:17:14
AVEVTLOG.DLL  : 10.0.0.9      203112 Bytes  29.06.2011 05:17:14
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  17.06.2010 12:27:02
AVSMTP.DLL    : 10.0.0.17      63848 Bytes  04.03.2011 12:36:12
NETNT.DLL      : 10.0.0.0      11624 Bytes  17.06.2010 12:27:01
RCIMAGE.DLL    : 10.0.0.35    2589544 Bytes  29.06.2011 05:17:14
RCTEXT.DLL    : 10.0.64.0      98664 Bytes  29.06.2011 05:17:14

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_512fa49c\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Dienstag, 22. Januar 2013  14:08

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OfficeVirt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winampa.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TimounterMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueImageMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLanGUI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PmmUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ocul.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RocketDock.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedhlp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'USBS3S4Detection.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueImageTryStartService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WlanNetService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\437192a9-5ea69402'
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\437192a9-5ea69402
  [FUND]      Ist das Trojanische Pferd TR/PSW.Fareit.H.174
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '546f20d8.qua' verschoben!


Ende des Suchlaufs: Dienstag, 22. Januar 2013  14:08
Benötigte Zeit: 00:03 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    36 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    35 Dateien ohne Befall
      3 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise

markusg 22.01.2013 15:44
öffne, mal wie gesagt, Avira, Verwaltung, Quarantäne und poste die Fundmeldungen mit Pfadangabe.

BumBum 22.01.2013 15:46
Da ist nur der heute gefundene drin :)

Code:
Typ:        Datei
Quelle:        C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\437192a9-5ea69402
Status:        Infiziert
Quarantäne-Objekt:        546f20d8.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows 2000/XP/VISTA Workstation
Suchengine:        8.02.10.232
Virendefinitionsdatei:        7.11.57.254
Meldung:        Ist das Trojanische Pferd TR/PSW.Fareit.H.174
Datum/Uhrzeit:        22.01.2013, 14:08

markusg 22.01.2013 16:24
hi
du hast doch gesagt, es gab wieder einen Fund.
also schaun wir mal
avira öffnen, ereignisse, poste alle fundmeldungen.
Öffne Avira, berichte, poste Logs mit Funden

BumBum 22.01.2013 17:57
Zitat:
Zitat von markusg (Beitrag 996474)
hi
du hast doch gesagt, es gab wieder einen Fund.
also schaun wir mal
avira öffnen, ereignisse, poste alle fundmeldungen.
Öffne Avira, berichte, poste Logs mit Funden
Ja, es war der zweite Fund, ist aber nichts anderes mehr im Avira. Meine Kollegin hat mich gestern ganz angerufen dass Avira einen Virus/Trojaner gefunden hätte. Hatte er gesagt Sie soll in in die Quarantäne schieben und alles löschen. Hat es nun zu gut gemeint und eben auch die Logs/Protokolle gelöscht. Nachdem sich nun Avira heute wieder gemeldet hat und sie meinte dass er so ähnlich hieß, wollte ich mal danach schauen. :) Das ist also der Ist Zustand im Moment. Hab leider nicht mehr. Danke

markusg 22.01.2013 17:58
hi
heißt kolegin, dass das ein Firmen gerät ist?
wenn ja, habt ihr ne IT abteilung?

BumBum 22.01.2013 18:05
Zitat:
Zitat von markusg (Beitrag 996570)
hi
heißt kolegin, dass das ein Firmen gerät ist?
wenn ja, habt ihr ne IT abteilung?
Ja,
und nein - keine IT Abteilung, sind 3 Rechner die per WLan vernetzt sind und ich bin der einzige der ein wenig Ahnung hat - nur eben wie ich den Trojaner weiß ich nun auch nicht. WIll auch alle anderen durchgucken, man weiß ja nie.

markusg 22.01.2013 18:07
hmm
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

BumBum 22.01.2013 18:14
Danke :daumenhoc - mache ich morgen früh gleich mal wenn ich wieder im Büro bin. Melde mich dann! Schönen Abend noch!!

markusg 22.01.2013 18:48
lass bitte solche zwischenposts, und melde dich, wenn du so weit bist, bzw bei Fragen

BumBum 23.01.2013 07:36
Danke - so hier der Scan

Code:
07:33:40.0346 4056  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:33:40.0736 4056  ============================================================
07:33:40.0736 4056  Current date / time: 2013/01/23 07:33:40.0736
07:33:40.0736 4056  SystemInfo:
07:33:40.0736 4056 
07:33:40.0736 4056  OS Version: 6.1.7601 ServicePack: 1.0
07:33:40.0736 4056  Product type: Workstation
07:33:40.0736 4056  ComputerName: ANDREAS-PC
07:33:40.0736 4056  UserName: Andreas
07:33:40.0736 4056  Windows directory: C:\Windows
07:33:40.0736 4056  System windows directory: C:\Windows
07:33:40.0736 4056  Running under WOW64
07:33:40.0736 4056  Processor architecture: Intel x64
07:33:40.0736 4056  Number of processors: 4
07:33:40.0736 4056  Page size: 0x1000
07:33:40.0736 4056  Boot type: Normal boot
07:33:40.0736 4056  ============================================================
07:33:41.0033 4056  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:33:41.0048 4056  ============================================================
07:33:41.0048 4056  \Device\Harddisk0\DR0:
07:33:41.0048 4056  MBR partitions:
07:33:41.0048 4056  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
07:33:41.0048 4056  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x393E7000
07:33:41.0064 4056  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B21A000, BlocksNum 0x394EC000
07:33:41.0064 4056  ============================================================
07:33:41.0111 4056  C: <-> \Device\Harddisk0\DR0\Partition2
07:33:41.0158 4056  D: <-> \Device\Harddisk0\DR0\Partition3
07:33:41.0158 4056  ============================================================
07:33:41.0158 4056  Initialize success
07:33:41.0158 4056  ============================================================
07:34:11.0890 3840  ============================================================
07:34:11.0890 3840  Scan started
07:34:11.0890 3840  Mode: Manual; SigCheck; TDLFS;
07:34:11.0890 3840  ============================================================
07:34:12.0077 3840  ================ Scan system memory ========================
07:34:12.0077 3840  System memory - ok
07:34:12.0077 3840  ================ Scan services =============================
07:34:12.0233 3840  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
07:34:12.0326 3840  1394ohci - ok
07:34:12.0358 3840  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:34:12.0373 3840  ACPI - ok
07:34:12.0389 3840  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
07:34:12.0451 3840  AcpiPmi - ok
07:34:12.0529 3840  [ 4C096D550B6BC71D9D9A8716995C1879 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
07:34:12.0560 3840  AcrSch2Svc - ok
07:34:12.0638 3840  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:34:12.0654 3840  AdobeFlashPlayerUpdateSvc - ok
07:34:12.0701 3840  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
07:34:12.0748 3840  adp94xx - ok
07:34:12.0763 3840  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
07:34:12.0794 3840  adpahci - ok
07:34:12.0810 3840  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
07:34:12.0826 3840  adpu320 - ok
07:34:12.0857 3840  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
07:34:12.0997 3840  AeLookupSvc - ok
07:34:13.0028 3840  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
07:34:13.0075 3840  AFD - ok
07:34:13.0106 3840  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
07:34:13.0138 3840  agp440 - ok
07:34:13.0153 3840  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
07:34:13.0216 3840  ALG - ok
07:34:13.0247 3840  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:34:13.0278 3840  aliide - ok
07:34:13.0278 3840  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
07:34:13.0294 3840  amdide - ok
07:34:13.0325 3840  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
07:34:13.0356 3840  AmdK8 - ok
07:34:13.0372 3840  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
07:34:13.0403 3840  AmdPPM - ok
07:34:13.0450 3840  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
07:34:13.0465 3840  amdsata - ok
07:34:13.0481 3840  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
07:34:13.0496 3840  amdsbs - ok
07:34:13.0512 3840  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
07:34:13.0528 3840  amdxata - ok
07:34:13.0574 3840  [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
07:34:13.0590 3840  AntiVirSchedulerService - ok
07:34:13.0606 3840  [ 72D90E56563165984224493069C69ED4 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
07:34:13.0621 3840  AntiVirService - ok
07:34:13.0652 3840  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
07:34:13.0793 3840  AppID - ok
07:34:13.0808 3840  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:34:13.0855 3840  AppIDSvc - ok
07:34:13.0886 3840  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
07:34:13.0964 3840  Appinfo - ok
07:34:13.0996 3840  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
07:34:14.0011 3840  arc - ok
07:34:14.0011 3840  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
07:34:14.0027 3840  arcsas - ok
07:34:14.0042 3840  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:34:14.0089 3840  AsyncMac - ok
07:34:14.0120 3840  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
07:34:14.0120 3840  atapi - ok
07:34:14.0167 3840  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:34:14.0214 3840  AudioEndpointBuilder - ok
07:34:14.0214 3840  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
07:34:14.0245 3840  AudioSrv - ok
07:34:14.0276 3840  [ B1224E6B086CD6548315B04AB575A23E ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
07:34:14.0292 3840  avgntflt - ok
07:34:14.0308 3840  [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
07:34:14.0323 3840  avipbb - ok
07:34:14.0370 3840  [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
07:34:14.0401 3840  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
07:34:14.0401 3840  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
07:34:14.0417 3840  [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject        C:\Windows\system32\drivers\avmeject.sys
07:34:14.0432 3840  avmeject - ok
07:34:14.0464 3840  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:34:14.0557 3840  AxInstSV - ok
07:34:14.0588 3840  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
07:34:14.0635 3840  b06bdrv - ok
07:34:14.0651 3840  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
07:34:14.0698 3840  b57nd60a - ok
07:34:14.0729 3840  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:34:14.0760 3840  BDESVC - ok
07:34:14.0776 3840  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:34:14.0854 3840  Beep - ok
07:34:14.0885 3840  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
07:34:14.0963 3840  BITS - ok
07:34:14.0978 3840  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
07:34:15.0010 3840  blbdrive - ok
07:34:15.0041 3840  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:34:15.0072 3840  bowser - ok
07:34:15.0088 3840  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:34:15.0119 3840  BrFiltLo - ok
07:34:15.0119 3840  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:34:15.0134 3840  BrFiltUp - ok
07:34:15.0166 3840  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
07:34:15.0212 3840  Browser - ok
07:34:15.0228 3840  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
07:34:15.0290 3840  Brserid - ok
07:34:15.0306 3840  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:34:15.0337 3840  BrSerWdm - ok
07:34:15.0353 3840  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:34:15.0368 3840  BrUsbMdm - ok
07:34:15.0384 3840  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:34:15.0415 3840  BrUsbSer - ok
07:34:15.0415 3840  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
07:34:15.0446 3840  BTHMODEM - ok
07:34:15.0462 3840  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
07:34:15.0524 3840  bthserv - ok
07:34:15.0540 3840  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:34:15.0587 3840  cdfs - ok
07:34:15.0618 3840  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\drivers\cdrom.sys
07:34:15.0665 3840  cdrom - ok
07:34:15.0712 3840  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
07:34:15.0774 3840  CertPropSvc - ok
07:34:15.0790 3840  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
07:34:15.0821 3840  circlass - ok
07:34:15.0836 3840  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
07:34:15.0852 3840  CLFS - ok
07:34:15.0899 3840  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:34:15.0930 3840  clr_optimization_v2.0.50727_32 - ok
07:34:15.0961 3840  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:34:15.0977 3840  clr_optimization_v2.0.50727_64 - ok
07:34:16.0008 3840  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:34:16.0024 3840  clr_optimization_v4.0.30319_32 - ok
07:34:16.0055 3840  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:34:16.0055 3840  clr_optimization_v4.0.30319_64 - ok
07:34:16.0086 3840  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
07:34:16.0102 3840  CmBatt - ok
07:34:16.0133 3840  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:34:16.0148 3840  cmdide - ok
07:34:16.0195 3840  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
07:34:16.0226 3840  CNG - ok
07:34:16.0242 3840  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
07:34:16.0258 3840  Compbatt - ok
07:34:16.0289 3840  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
07:34:16.0320 3840  CompositeBus - ok
07:34:16.0320 3840  COMSysApp - ok
07:34:16.0336 3840  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
07:34:16.0351 3840  crcdisk - ok
07:34:16.0382 3840  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:34:16.0414 3840  CryptSvc - ok
07:34:16.0507 3840  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
07:34:16.0523 3840  cvhsvc - ok
07:34:16.0585 3840  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:34:16.0632 3840  DcomLaunch - ok
07:34:16.0648 3840  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
07:34:16.0710 3840  defragsvc - ok
07:34:16.0741 3840  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:34:16.0804 3840  DfsC - ok
07:34:16.0835 3840  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:34:16.0866 3840  Dhcp - ok
07:34:16.0897 3840  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
07:34:16.0944 3840  discache - ok
07:34:16.0975 3840  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
07:34:16.0975 3840  Disk - ok
07:34:17.0006 3840  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:34:17.0053 3840  Dnscache - ok
07:34:17.0084 3840  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
07:34:17.0162 3840  dot3svc - ok
07:34:17.0178 3840  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
07:34:17.0225 3840  DPS - ok
07:34:17.0240 3840  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
07:34:17.0272 3840  drmkaud - ok
07:34:17.0303 3840  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
07:34:17.0365 3840  DXGKrnl - ok
07:34:17.0381 3840  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
07:34:17.0428 3840  EapHost - ok
07:34:17.0474 3840  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
07:34:17.0552 3840  ebdrv - ok
07:34:17.0568 3840  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
07:34:17.0599 3840  EFS - ok
07:34:17.0646 3840  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
07:34:17.0724 3840  ehRecvr - ok
07:34:17.0755 3840  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
07:34:17.0786 3840  ehSched - ok
07:34:17.0818 3840  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
07:34:17.0849 3840  elxstor - ok
07:34:17.0864 3840  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:34:17.0896 3840  ErrDev - ok
07:34:17.0911 3840  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
07:34:17.0958 3840  EventSystem - ok
07:34:17.0989 3840  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
07:34:18.0036 3840  exfat - ok
07:34:18.0052 3840  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
07:34:18.0098 3840  fastfat - ok
07:34:18.0130 3840  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
07:34:18.0176 3840  Fax - ok
07:34:18.0192 3840  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
07:34:18.0208 3840  fdc - ok
07:34:18.0239 3840  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
07:34:18.0270 3840  fdPHost - ok
07:34:18.0286 3840  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:34:18.0348 3840  FDResPub - ok
07:34:18.0364 3840  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:34:18.0379 3840  FileInfo - ok
07:34:18.0395 3840  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
07:34:18.0442 3840  Filetrace - ok
07:34:18.0504 3840  [ FCF24AEA6B57103FD8700CD6E843B4D1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
07:34:18.0551 3840  FLEXnet Licensing Service - ok
07:34:18.0613 3840  [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
07:34:18.0660 3840  FLEXnet Licensing Service 64 - ok
07:34:18.0676 3840  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
07:34:18.0707 3840  flpydisk - ok
07:34:18.0738 3840  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:34:18.0769 3840  FltMgr - ok
07:34:18.0800 3840  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
07:34:18.0847 3840  FontCache - ok
07:34:18.0878 3840  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:34:18.0894 3840  FontCache3.0.0.0 - ok
07:34:18.0910 3840  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
07:34:18.0925 3840  FsDepends - ok
07:34:18.0956 3840  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:34:18.0972 3840  Fs_Rec - ok
07:34:19.0003 3840  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:34:19.0019 3840  fvevol - ok
07:34:19.0050 3840  [ 4632BB93B668004965246D7911E2DD05 ] fwlanusb4      C:\Windows\system32\DRIVERS\fwlanusb4.sys
07:34:19.0097 3840  fwlanusb4 - ok
07:34:19.0128 3840  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
07:34:19.0144 3840  gagp30kx - ok
07:34:19.0175 3840  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
07:34:19.0237 3840  gpsvc - ok
07:34:19.0284 3840  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
07:34:19.0284 3840  GREGService - ok
07:34:19.0300 3840  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:34:19.0315 3840  hcw85cir - ok
07:34:19.0362 3840  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:34:19.0378 3840  HdAudAddService - ok
07:34:19.0409 3840  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
07:34:19.0424 3840  HDAudBus - ok
07:34:19.0440 3840  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
07:34:19.0471 3840  HidBatt - ok
07:34:19.0487 3840  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
07:34:19.0518 3840  HidBth - ok
07:34:19.0534 3840  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
07:34:19.0565 3840  HidIr - ok
07:34:19.0580 3840  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
07:34:19.0627 3840  hidserv - ok
07:34:19.0658 3840  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:34:19.0674 3840  HidUsb - ok
07:34:19.0721 3840  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:34:19.0783 3840  hkmsvc - ok
07:34:19.0814 3840  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:34:19.0877 3840  HomeGroupListener - ok
07:34:19.0892 3840  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:34:19.0924 3840  HomeGroupProvider - ok
07:34:19.0970 3840  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:34:19.0986 3840  HpSAMD - ok
07:34:20.0064 3840  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:34:20.0095 3840  HTTP - ok
07:34:20.0126 3840  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:34:20.0142 3840  hwpolicy - ok
07:34:20.0204 3840  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
07:34:20.0220 3840  i8042prt - ok
07:34:20.0251 3840  [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
07:34:20.0267 3840  iaStor - ok
07:34:20.0298 3840  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
07:34:20.0314 3840  iaStorV - ok
07:34:20.0345 3840  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:34:20.0392 3840  idsvc - ok
07:34:20.0423 3840  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
07:34:20.0438 3840  iirsp - ok
07:34:20.0501 3840  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
07:34:20.0548 3840  IKEEXT - ok
07:34:20.0610 3840  [ DCF6AFBA140AF3F880A427C2656BE44D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:34:20.0688 3840  IntcAzAudAddService - ok
07:34:20.0704 3840  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
07:34:20.0719 3840  intelide - ok
07:34:20.0735 3840  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:34:20.0750 3840  intelppm - ok
07:34:20.0797 3840  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
07:34:20.0875 3840  IPBusEnum - ok
07:34:20.0906 3840  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:34:20.0953 3840  IpFilterDriver - ok
07:34:20.0969 3840  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
07:34:21.0000 3840  IPMIDRV - ok
07:34:21.0031 3840  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
07:34:21.0109 3840  IPNAT - ok
07:34:21.0109 3840  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:34:21.0140 3840  IRENUM - ok
07:34:21.0172 3840  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:34:21.0187 3840  isapnp - ok
07:34:21.0187 3840  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:34:21.0218 3840  iScsiPrt - ok
07:34:21.0218 3840  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:34:21.0234 3840  kbdclass - ok
07:34:21.0265 3840  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
07:34:21.0281 3840  kbdhid - ok
07:34:21.0296 3840  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
07:34:21.0312 3840  KeyIso - ok
07:34:21.0328 3840  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:34:21.0343 3840  KSecDD - ok
07:34:21.0359 3840  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
07:34:21.0374 3840  KSecPkg - ok
07:34:21.0390 3840  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
07:34:21.0437 3840  ksthunk - ok
07:34:21.0452 3840  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
07:34:21.0499 3840  KtmRm - ok
07:34:21.0546 3840  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
07:34:21.0608 3840  LanmanServer - ok
07:34:21.0624 3840  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:34:21.0655 3840  LanmanWorkstation - ok
07:34:21.0702 3840  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:34:21.0733 3840  lltdio - ok
07:34:21.0764 3840  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
07:34:21.0811 3840  lltdsvc - ok
07:34:21.0827 3840  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
07:34:21.0858 3840  lmhosts - ok
07:34:21.0874 3840  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
07:34:21.0889 3840  LSI_FC - ok
07:34:21.0889 3840  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
07:34:21.0905 3840  LSI_SAS - ok
07:34:21.0920 3840  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:34:21.0920 3840  LSI_SAS2 - ok
07:34:21.0936 3840  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:34:21.0952 3840  LSI_SCSI - ok
07:34:21.0967 3840  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
07:34:22.0014 3840  luafv - ok
07:34:22.0030 3840  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
07:34:22.0045 3840  Mcx2Svc - ok
07:34:22.0061 3840  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
07:34:22.0061 3840  megasas - ok
07:34:22.0076 3840  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
07:34:22.0092 3840  MegaSR - ok
07:34:22.0108 3840  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
07:34:22.0154 3840  MMCSS - ok
07:34:22.0170 3840  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
07:34:22.0217 3840  Modem - ok
07:34:22.0232 3840  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
07:34:22.0264 3840  monitor - ok
07:34:22.0295 3840  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:34:22.0310 3840  mouclass - ok
07:34:22.0357 3840  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:34:22.0388 3840  mouhid - ok
07:34:22.0420 3840  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:34:22.0435 3840  mountmgr - ok
07:34:22.0498 3840  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:34:22.0513 3840  MozillaMaintenance - ok
07:34:22.0529 3840  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:34:22.0544 3840  mpio - ok
07:34:22.0560 3840  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:34:22.0622 3840  mpsdrv - ok
07:34:22.0638 3840  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:34:22.0685 3840  MRxDAV - ok
07:34:22.0716 3840  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:34:22.0763 3840  mrxsmb - ok
07:34:22.0794 3840  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:34:22.0825 3840  mrxsmb10 - ok
07:34:22.0841 3840  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:34:22.0856 3840  mrxsmb20 - ok
07:34:22.0888 3840  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
07:34:22.0903 3840  msahci - ok
07:34:22.0919 3840  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
07:34:22.0934 3840  msdsm - ok
07:34:22.0950 3840  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
07:34:22.0981 3840  MSDTC - ok
07:34:22.0997 3840  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:34:23.0044 3840  Msfs - ok
07:34:23.0044 3840  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
07:34:23.0090 3840  mshidkmdf - ok
07:34:23.0106 3840  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:34:23.0122 3840  msisadrv - ok
07:34:23.0153 3840  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
07:34:23.0215 3840  MSiSCSI - ok
07:34:23.0215 3840  msiserver - ok
07:34:23.0246 3840  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
07:34:23.0278 3840  MSKSSRV - ok
07:34:23.0293 3840  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:34:23.0340 3840  MSPCLOCK - ok
07:34:23.0340 3840  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
07:34:23.0371 3840  MSPQM - ok
07:34:23.0402 3840  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
07:34:23.0418 3840  MsRPC - ok
07:34:23.0434 3840  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
07:34:23.0449 3840  mssmbios - ok
07:34:23.0465 3840  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
07:34:23.0496 3840  MSTEE - ok
07:34:23.0496 3840  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
07:34:23.0512 3840  MTConfig - ok
07:34:23.0527 3840  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
07:34:23.0543 3840  Mup - ok
07:34:23.0574 3840  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
07:34:23.0574 3840  mwlPSDFilter - ok
07:34:23.0590 3840  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ    C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
07:34:23.0605 3840  mwlPSDNServ - ok
07:34:23.0605 3840  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk    C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
07:34:23.0621 3840  mwlPSDVDisk - ok
07:34:23.0652 3840  [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService      C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
07:34:23.0668 3840  MWLService - ok
07:34:23.0699 3840  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
07:34:23.0746 3840  napagent - ok
07:34:23.0792 3840  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
07:34:23.0839 3840  NativeWifiP - ok
07:34:23.0886 3840  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:34:23.0933 3840  NDIS - ok
07:34:23.0933 3840  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
07:34:23.0980 3840  NdisCap - ok
07:34:23.0995 3840  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:34:24.0042 3840  NdisTapi - ok
07:34:24.0058 3840  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
07:34:24.0136 3840  Ndisuio - ok
07:34:24.0151 3840  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
07:34:24.0198 3840  NdisWan - ok
07:34:24.0229 3840  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
07:34:24.0276 3840  NDProxy - ok
07:34:24.0338 3840  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
07:34:24.0385 3840  Nero BackItUp Scheduler 4.0 - ok
07:34:24.0416 3840  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
07:34:24.0448 3840  NetBIOS - ok
07:34:24.0479 3840  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
07:34:24.0510 3840  NetBT - ok
07:34:24.0526 3840  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
07:34:24.0541 3840  Netlogon - ok
07:34:24.0572 3840  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
07:34:24.0619 3840  Netman - ok
07:34:24.0650 3840  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
07:34:24.0713 3840  netprofm - ok
07:34:24.0744 3840  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:34:24.0775 3840  NetTcpPortSharing - ok
07:34:24.0822 3840  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
07:34:24.0838 3840  nfrd960 - ok
07:34:24.0900 3840  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:34:24.0962 3840  NlaSvc - ok
07:34:24.0978 3840  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:34:25.0009 3840  Npfs - ok
07:34:25.0040 3840  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
07:34:25.0072 3840  nsi - ok
07:34:25.0087 3840  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:34:25.0118 3840  nsiproxy - ok
07:34:25.0150 3840  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:34:25.0196 3840  Ntfs - ok
07:34:25.0212 3840  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
07:34:25.0259 3840  Null - ok
07:34:25.0290 3840  [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
07:34:25.0306 3840  NVHDA - ok
07:34:25.0493 3840  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:34:25.0664 3840  nvlddmkm - ok
07:34:25.0680 3840  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:34:25.0696 3840  nvraid - ok
07:34:25.0727 3840  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:34:25.0727 3840  nvstor - ok
07:34:25.0774 3840  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc          C:\Windows\system32\nvvsvc.exe
07:34:25.0789 3840  nvsvc - ok
07:34:25.0852 3840  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
07:34:25.0883 3840  nvUpdatusService - ok
07:34:25.0898 3840  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:34:25.0914 3840  nv_agp - ok
07:34:25.0930 3840  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:34:25.0961 3840  ohci1394 - ok
07:34:25.0992 3840  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:34:26.0008 3840  ose - ok
07:34:26.0101 3840  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:34:26.0195 3840  osppsvc - ok
07:34:26.0210 3840  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:34:26.0242 3840  p2pimsvc - ok
07:34:26.0257 3840  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
07:34:26.0288 3840  p2psvc - ok
07:34:26.0304 3840  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
07:34:26.0320 3840  Parport - ok
07:34:26.0335 3840  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
07:34:26.0351 3840  partmgr - ok
07:34:26.0366 3840  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:34:26.0398 3840  PcaSvc - ok
07:34:26.0413 3840  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
07:34:26.0444 3840  pci - ok
07:34:26.0444 3840  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
07:34:26.0460 3840  pciide - ok
07:34:26.0476 3840  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
07:34:26.0491 3840  pcmcia - ok
07:34:26.0507 3840  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
07:34:26.0507 3840  pcw - ok
07:34:26.0538 3840  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:34:26.0585 3840  PEAUTH - ok
07:34:26.0647 3840  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
07:34:26.0678 3840  PerfHost - ok
07:34:26.0725 3840  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
07:34:26.0788 3840  pla - ok
07:34:26.0834 3840  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:34:26.0881 3840  PlugPlay - ok
07:34:26.0897 3840  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
07:34:26.0912 3840  PNRPAutoReg - ok
07:34:26.0944 3840  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
07:34:26.0959 3840  PNRPsvc - ok
07:34:26.0990 3840  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
07:34:27.0037 3840  PolicyAgent - ok
07:34:27.0068 3840  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
07:34:27.0115 3840  Power - ok
07:34:27.0131 3840  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:34:27.0162 3840  PptpMiniport - ok
07:34:27.0193 3840  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
07:34:27.0209 3840  Processor - ok
07:34:27.0240 3840  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
07:34:27.0256 3840  ProfSvc - ok
07:34:27.0271 3840  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:34:27.0271 3840  ProtectedStorage - ok
07:34:27.0302 3840  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:34:27.0334 3840  Psched - ok
07:34:27.0365 3840  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
07:34:27.0412 3840  ql2300 - ok
07:34:27.0412 3840  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
07:34:27.0427 3840  ql40xx - ok
07:34:27.0458 3840  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
07:34:27.0474 3840  QWAVE - ok
07:34:27.0490 3840  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:34:27.0521 3840  QWAVEdrv - ok
07:34:27.0521 3840  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:34:27.0568 3840  RasAcd - ok
07:34:27.0599 3840  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
07:34:27.0630 3840  RasAgileVpn - ok
07:34:27.0646 3840  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
07:34:27.0692 3840  RasAuto - ok
07:34:27.0708 3840  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
07:34:27.0755 3840  Rasl2tp - ok
07:34:27.0786 3840  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
07:34:27.0833 3840  RasMan - ok
07:34:27.0880 3840  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:34:27.0926 3840  RasPppoe - ok
07:34:27.0958 3840  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
07:34:28.0004 3840  RasSstp - ok
07:34:28.0036 3840  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
07:34:28.0067 3840  rdbss - ok
07:34:28.0082 3840  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
07:34:28.0114 3840  rdpbus - ok
07:34:28.0129 3840  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:34:28.0176 3840  RDPCDD - ok
07:34:28.0192 3840  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:34:28.0238 3840  RDPENCDD - ok
07:34:28.0238 3840  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:34:28.0270 3840  RDPREFMP - ok
07:34:28.0301 3840  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
07:34:28.0332 3840  RDPWD - ok
07:34:28.0363 3840  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:34:28.0379 3840  rdyboost - ok
07:34:28.0394 3840  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:34:28.0426 3840  RemoteAccess - ok
07:34:28.0457 3840  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:34:28.0519 3840  RemoteRegistry - ok
07:34:28.0519 3840  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:34:28.0566 3840  RpcEptMapper - ok
07:34:28.0582 3840  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
07:34:28.0582 3840  RpcLocator - ok
07:34:28.0613 3840  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
07:34:28.0660 3840  RpcSs - ok
07:34:28.0675 3840  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:34:28.0722 3840  rspndr - ok
07:34:28.0753 3840  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
07:34:28.0769 3840  RTL8167 - ok
07:34:28.0784 3840  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
07:34:28.0784 3840  SamSs - ok
07:34:28.0816 3840  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:34:28.0831 3840  sbp2port - ok
07:34:28.0847 3840  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:34:28.0894 3840  SCardSvr - ok
07:34:28.0909 3840  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:34:28.0956 3840  scfilter - ok
07:34:28.0987 3840  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
07:34:29.0034 3840  Schedule - ok
07:34:29.0050 3840  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
07:34:29.0081 3840  SCPolicySvc - ok
07:34:29.0112 3840  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:34:29.0143 3840  SDRSVC - ok
07:34:29.0159 3840  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:34:29.0190 3840  secdrv - ok
07:34:29.0206 3840  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
07:34:29.0252 3840  seclogon - ok
07:34:29.0268 3840  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
07:34:29.0299 3840  SENS - ok
07:34:29.0315 3840  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:34:29.0346 3840  SensrSvc - ok
07:34:29.0362 3840  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
07:34:29.0362 3840  Serenum - ok
07:34:29.0377 3840  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
07:34:29.0408 3840  Serial - ok
07:34:29.0455 3840  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
07:34:29.0471 3840  sermouse - ok
07:34:29.0502 3840  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
07:34:29.0549 3840  SessionEnv - ok
07:34:29.0580 3840  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
07:34:29.0596 3840  sffdisk - ok
07:34:29.0611 3840  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:34:29.0627 3840  sffp_mmc - ok
07:34:29.0642 3840  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
07:34:29.0674 3840  sffp_sd - ok
07:34:29.0689 3840  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
07:34:29.0720 3840  sfloppy - ok
07:34:29.0752 3840  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs          C:\Windows\system32\DRIVERS\Sftfslh.sys
07:34:29.0767 3840  Sftfs - ok
07:34:29.0814 3840  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
07:34:29.0830 3840  sftlist - ok
07:34:29.0845 3840  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay        C:\Windows\system32\DRIVERS\Sftplaylh.sys
07:34:29.0861 3840  Sftplay - ok
07:34:29.0876 3840  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
07:34:29.0892 3840  Sftredir - ok
07:34:29.0892 3840  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
07:34:29.0908 3840  Sftvol - ok
07:34:29.0923 3840  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
07:34:29.0939 3840  sftvsa - ok
07:34:29.0970 3840  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:34:30.0032 3840  ShellHWDetection - ok
07:34:30.0079 3840  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:34:30.0095 3840  SiSRaid2 - ok
07:34:30.0095 3840  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
07:34:30.0110 3840  SiSRaid4 - ok
07:34:30.0126 3840  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
07:34:30.0173 3840  Smb - ok
07:34:30.0188 3840  [ D33F37DD403741982DBE99C7B6B6FF63 ] snapman        C:\Windows\system32\DRIVERS\snapman.sys
07:34:30.0204 3840  snapman - ok
07:34:30.0220 3840  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:34:30.0251 3840  SNMPTRAP - ok
07:34:30.0266 3840  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
07:34:30.0266 3840  spldr - ok
07:34:30.0313 3840  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
07:34:30.0344 3840  Spooler - ok
07:34:30.0407 3840  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
07:34:30.0485 3840  sppsvc - ok
07:34:30.0516 3840  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
07:34:30.0547 3840  sppuinotify - ok
07:34:30.0594 3840  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
07:34:30.0625 3840  srv - ok
07:34:30.0641 3840  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:34:30.0672 3840  srv2 - ok
07:34:30.0703 3840  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:34:30.0719 3840  srvnet - ok
07:34:30.0750 3840  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
07:34:30.0797 3840  SSDPSRV - ok
07:34:30.0797 3840  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
07:34:30.0844 3840  SstpSvc - ok
07:34:30.0922 3840  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
07:34:30.0953 3840  Stereo Service - ok
07:34:30.0968 3840  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
07:34:30.0984 3840  stexstor - ok
07:34:31.0015 3840  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
07:34:31.0046 3840  stisvc - ok
07:34:31.0062 3840  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
07:34:31.0078 3840  swenum - ok
07:34:31.0109 3840  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
07:34:31.0156 3840  swprv - ok
07:34:31.0202 3840  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
07:34:31.0249 3840  SysMain - ok
07:34:31.0265 3840  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:34:31.0296 3840  TabletInputService - ok
07:34:31.0312 3840  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
07:34:31.0343 3840  TapiSrv - ok
07:34:31.0374 3840  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
07:34:31.0405 3840  TBS - ok
07:34:31.0452 3840  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
07:34:31.0514 3840  Tcpip - ok
07:34:31.0530 3840  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:34:31.0561 3840  TCPIP6 - ok
07:34:31.0577 3840  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:34:31.0608 3840  tcpipreg - ok
07:34:31.0624 3840  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:34:31.0639 3840  TDPIPE - ok
07:34:31.0670 3840  [ 0735948466EC4FD24AA4AD36448C6888 ] tdrpman        C:\Windows\system32\DRIVERS\tdrpman.sys
07:34:31.0686 3840  tdrpman - ok
07:34:31.0717 3840  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
07:34:31.0733 3840  TDTCP - ok
07:34:31.0764 3840  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
07:34:31.0811 3840  tdx - ok
07:34:31.0842 3840  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
07:34:31.0858 3840  TermDD - ok
07:34:31.0889 3840  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
07:34:31.0920 3840  TermService - ok
07:34:31.0936 3840  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
07:34:31.0951 3840  Themes - ok
07:34:31.0967 3840  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
07:34:31.0998 3840  THREADORDER - ok
07:34:32.0029 3840  [ 8FF7D3276F47938AD11FD15B4EB1ABF6 ] tifsfilter      C:\Windows\system32\DRIVERS\tifsfilt.sys
07:34:32.0045 3840  tifsfilter - ok
07:34:32.0060 3840  [ 5D21EC50C03387B9519E87A303D0850B ] timounter      C:\Windows\system32\DRIVERS\timntr.sys
07:34:32.0076 3840  timounter - ok
07:34:32.0092 3840  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
07:34:32.0123 3840  TrkWks - ok
07:34:32.0170 3840  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:34:32.0201 3840  TrustedInstaller - ok
07:34:32.0263 3840  [ 7C9159A4647AC97CFA106BFB38789FB8 ] TryAndDecideService C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
07:34:32.0279 3840  TryAndDecideService - ok
07:34:32.0310 3840  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:34:32.0357 3840  tssecsrv - ok
07:34:32.0419 3840  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:34:32.0435 3840  TsUsbFlt - ok
07:34:32.0482 3840  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:34:32.0528 3840  tunnel - ok
07:34:32.0544 3840  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
07:34:32.0560 3840  uagp35 - ok
07:34:32.0591 3840  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:34:32.0638 3840  udfs - ok
07:34:32.0669 3840  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
07:34:32.0684 3840  UI0Detect - ok
07:34:32.0700 3840  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:34:32.0716 3840  uliagpkx - ok
07:34:32.0747 3840  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
07:34:32.0762 3840  umbus - ok
07:34:32.0778 3840  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
07:34:32.0809 3840  UmPass - ok
07:34:32.0840 3840  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
07:34:32.0856 3840  Updater Service - ok
07:34:32.0887 3840  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
07:34:32.0918 3840  upnphost - ok
07:34:32.0950 3840  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
07:34:32.0981 3840  usbccgp - ok
07:34:32.0981 3840  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:34:33.0012 3840  usbcir - ok
07:34:33.0028 3840  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
07:34:33.0028 3840  usbehci - ok
07:34:33.0043 3840  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:34:33.0074 3840  usbhub - ok
07:34:33.0090 3840  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
07:34:33.0121 3840  usbohci - ok
07:34:33.0121 3840  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:34:33.0152 3840  usbprint - ok
07:34:33.0215 3840  [ B5E6C4F280EBF0B16F74A5B415F2E0DF ] USBS3S4Detection C:\OEM\USBDECTION\USBS3S4Detection.exe
07:34:33.0230 3840  USBS3S4Detection - ok
07:34:33.0246 3840  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
07:34:33.0277 3840  usbscan - ok
07:34:33.0293 3840  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:34:33.0324 3840  USBSTOR - ok
07:34:33.0340 3840  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
07:34:33.0371 3840  usbuhci - ok
07:34:33.0386 3840  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
07:34:33.0449 3840  UxSms - ok
07:34:33.0449 3840  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
07:34:33.0464 3840  VaultSvc - ok
07:34:33.0496 3840  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:34:33.0496 3840  vdrvroot - ok
07:34:33.0527 3840  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
07:34:33.0589 3840  vds - ok
07:34:33.0605 3840  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
07:34:33.0620 3840  vga - ok
07:34:33.0636 3840  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
07:34:33.0683 3840  VgaSave - ok
07:34:33.0698 3840  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
07:34:33.0730 3840  vhdmp - ok
07:34:33.0745 3840  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
07:34:33.0761 3840  viaide - ok
07:34:33.0761 3840  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:34:33.0776 3840  volmgr - ok
07:34:33.0808 3840  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
07:34:33.0823 3840  volmgrx - ok
07:34:33.0839 3840  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
07:34:33.0854 3840  volsnap - ok
07:34:33.0886 3840  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
07:34:33.0901 3840  vsmraid - ok
07:34:33.0964 3840  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
07:34:34.0042 3840  VSS - ok
07:34:34.0073 3840  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
07:34:34.0135 3840  vwifibus - ok
07:34:34.0182 3840  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
07:34:34.0213 3840  W32Time - ok
07:34:34.0229 3840  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
07:34:34.0244 3840  WacomPen - ok
07:34:34.0276 3840  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:34:34.0322 3840  WANARP - ok
07:34:34.0322 3840  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:34:34.0354 3840  Wanarpv6 - ok
07:34:34.0385 3840  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
07:34:34.0447 3840  wbengine - ok
07:34:34.0463 3840  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:34:34.0494 3840  WbioSrvc - ok
07:34:34.0525 3840  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
07:34:34.0541 3840  wcncsvc - ok
07:34:34.0556 3840  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:34:34.0572 3840  WcsPlugInService - ok
07:34:34.0603 3840  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
07:34:34.0619 3840  Wd - ok
07:34:34.0650 3840  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:34:34.0681 3840  Wdf01000 - ok
07:34:34.0697 3840  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:34:34.0775 3840  WdiServiceHost - ok
07:34:34.0790 3840  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
07:34:34.0806 3840  WdiSystemHost - ok
07:34:34.0837 3840  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
07:34:34.0868 3840  WebClient - ok
07:34:34.0884 3840  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:34:34.0931 3840  Wecsvc - ok
07:34:34.0962 3840  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
07:34:34.0993 3840  wercplsupport - ok
07:34:35.0009 3840  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:34:35.0056 3840  WerSvc - ok
07:34:35.0071 3840  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:34:35.0102 3840  WfpLwf - ok
07:34:35.0118 3840  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:34:35.0134 3840  WIMMount - ok
07:34:35.0134 3840  WinHttpAutoProxySvc - ok
07:34:35.0196 3840  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
07:34:35.0212 3840  Winmgmt - ok
07:34:35.0258 3840  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
07:34:35.0336 3840  WinRM - ok
07:34:35.0430 3840  WISOVD - ok
07:34:35.0461 3840  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
07:34:35.0492 3840  Wlansvc - ok
07:34:35.0524 3840  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
07:34:35.0555 3840  WmiAcpi - ok
07:34:35.0570 3840  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:34:35.0602 3840  wmiApSrv - ok
07:34:35.0633 3840  WMPNetworkSvc - ok
07:34:35.0648 3840  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:34:35.0680 3840  WPCSvc - ok
07:34:35.0711 3840  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:34:35.0711 3840  WPDBusEnum - ok
07:34:35.0726 3840  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
07:34:35.0773 3840  ws2ifsl - ok
07:34:35.0773 3840  WSearch - ok
07:34:35.0836 3840  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
07:34:35.0882 3840  wuauserv - ok
07:34:35.0898 3840  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:34:35.0945 3840  WudfPf - ok
07:34:35.0960 3840  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:34:35.0976 3840  WUDFRd - ok
07:34:35.0992 3840  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
07:34:36.0023 3840  wudfsvc - ok
07:34:36.0038 3840  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
07:34:36.0070 3840  WwanSvc - ok
07:34:36.0085 3840  ================ Scan global ===============================
07:34:36.0101 3840  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
07:34:36.0132 3840  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
07:34:36.0132 3840  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
07:34:36.0148 3840  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
07:34:36.0163 3840  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
07:34:36.0179 3840  [Global] - ok
07:34:36.0179 3840  ================ Scan MBR ==================================
07:34:36.0179 3840  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:34:36.0491 3840  \Device\Harddisk0\DR0 - ok
07:34:36.0491 3840  ================ Scan VBR ==================================
07:34:36.0491 3840  [ A12AB8C8AA39379D5AAFF02ABFF4EC25 ] \Device\Harddisk0\DR0\Partition1
07:34:36.0491 3840  \Device\Harddisk0\DR0\Partition1 - ok
07:34:36.0522 3840  [ 22ACB45421DBB628882B357C838D14A5 ] \Device\Harddisk0\DR0\Partition2
07:34:36.0522 3840  \Device\Harddisk0\DR0\Partition2 - ok
07:34:36.0538 3840  [ CB15E34C432EDBD52F20B531B9D02059 ] \Device\Harddisk0\DR0\Partition3
07:34:36.0538 3840  \Device\Harddisk0\DR0\Partition3 - ok
07:34:36.0538 3840  ============================================================
07:34:36.0538 3840  Scan finished
07:34:36.0538 3840  ============================================================
07:34:36.0553 4032  Detected object count: 1
07:34:36.0553 4032  Actual detected object count: 1
07:34:45.0242 4032  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
07:34:45.0242 4032  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 23.01.2013 11:58
hi
das Problem was wir jetzt haben:
diese Malware ist recht gefährlich, der Fund den du mir gepostet hast, ist im Java cache, mir fehlt aber der zweite Fund.
diese Malware kann passwörter und wichtige Daten wie Onlinebanking ausspähen und da das ein arbeits PC ist, würd ich euch raten, kurzen prozess zu machen und ihn neu aufzusetzen.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

BumBum 24.01.2013 07:39
Vielen Dank mal für die Einschätzung,
werde ich sobald ich etwas Luft habe dann Schritt für Schritt befolgen.

Hätte aber noch die ein oder andere Frage:
- Wie kann ich die Daten auf der Partition nach möglichen Schädlingen checken? Auf der C Partition sind keine wichtigen Daten, alle Arbeitsdaten liegen auf D
- Reicht Avira als Virenschutz aus oder gibt es da andere Empfehlungen. Für die Zukunft möchte ich dann ja den bestmöglichen Schutz haben

Danke dafür


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:21 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131