|
Plagegeister aller Art und deren Bekämpfung: GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.07.2012, 19:31 | #16 |
| GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? hier das Ergebnis, ganz sauber scheints noch nicht zu sein? Code:
ATTFilter 14:43:52.0056 7316 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35 14:43:52.0196 7316 ============================================================ 14:43:52.0196 7316 Current date / time: 2012/07/16 14:43:52.0196 14:43:52.0196 7316 SystemInfo: 14:43:52.0196 7316 14:43:52.0196 7316 OS Version: 6.1.7600 ServicePack: 0.0 14:43:52.0196 7316 Product type: Workstation 14:43:52.0196 7316 ComputerName: xxxxxxxxx-PC 14:43:52.0196 7316 UserName: xxxx xxxxx 14:43:52.0196 7316 Windows directory: C:\Windows 14:43:52.0196 7316 System windows directory: C:\Windows 14:43:52.0196 7316 Running under WOW64 14:43:52.0196 7316 Processor architecture: Intel x64 14:43:52.0196 7316 Number of processors: 4 14:43:52.0196 7316 Page size: 0x1000 14:43:52.0196 7316 Boot type: Normal boot 14:43:52.0196 7316 ============================================================ 14:43:52.0566 7316 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:43:52.0576 7316 ============================================================ 14:43:52.0576 7316 \Device\Harddisk0\DR0: 14:43:52.0576 7316 MBR partitions: 14:43:52.0576 7316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F40800, BlocksNum 0x32000 14:43:52.0576 7316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F72800, BlocksNum 0x2AA86800 14:43:52.0576 7316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2C9F9000, BlocksNum 0x2AB4C800 14:43:52.0576 7316 ============================================================ 14:43:52.0606 7316 C: <-> \Device\Harddisk0\DR0\Partition1 14:43:52.0736 7316 D: <-> \Device\Harddisk0\DR0\Partition2 14:43:52.0736 7316 ============================================================ 14:43:52.0736 7316 Initialize success 14:43:52.0736 7316 ============================================================ 14:44:28.0141 9656 ============================================================ 14:44:28.0141 9656 Scan started 14:44:28.0141 9656 Mode: Manual; SigCheck; TDLFS; 14:44:28.0141 9656 ============================================================ 14:44:29.0389 9656 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 14:44:29.0452 9656 1394ohci - ok 14:44:29.0483 9656 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 14:44:29.0499 9656 ACPI - ok 14:44:29.0530 9656 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 14:44:29.0577 9656 AcpiPmi - ok 14:44:29.0670 9656 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 14:44:29.0670 9656 AdobeARMservice - ok 14:44:29.0795 9656 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:44:29.0795 9656 AdobeFlashPlayerUpdateSvc - ok 14:44:29.0873 9656 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 14:44:29.0904 9656 adp94xx - ok 14:44:29.0951 9656 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 14:44:29.0967 9656 adpahci - ok 14:44:30.0013 9656 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 14:44:30.0029 9656 adpu320 - ok 14:44:30.0060 9656 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 14:44:30.0201 9656 AeLookupSvc - ok 14:44:30.0263 9656 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 14:44:30.0310 9656 AFD - ok 14:44:30.0372 9656 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 14:44:30.0388 9656 agp440 - ok 14:44:30.0435 9656 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 14:44:30.0466 9656 ALG - ok 14:44:30.0513 9656 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 14:44:30.0528 9656 aliide - ok 14:44:30.0575 9656 AMD External Events Utility (893d2125996bb8b92054d743d75fdc09) C:\Windows\system32\atiesrxx.exe 14:44:30.0637 9656 AMD External Events Utility - ok 14:44:30.0684 9656 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 14:44:30.0684 9656 amdide - ok 14:44:30.0731 9656 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 14:44:30.0762 9656 AmdK8 - ok 14:44:31.0246 9656 amdkmdag (6aa57c2c6b586cac8910a142928a79c7) C:\Windows\system32\DRIVERS\atikmdag.sys 14:44:31.0417 9656 amdkmdag - ok 14:44:31.0558 9656 amdkmdap (2705b5af991eff9396109fbe63635fc9) C:\Windows\system32\DRIVERS\atikmpag.sys 14:44:31.0589 9656 amdkmdap - ok 14:44:31.0620 9656 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 14:44:31.0651 9656 AmdPPM - ok 14:44:31.0698 9656 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 14:44:31.0698 9656 amdsata - ok 14:44:31.0729 9656 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 14:44:31.0745 9656 amdsbs - ok 14:44:31.0776 9656 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 14:44:31.0776 9656 amdxata - ok 14:44:31.0901 9656 AntiVirFirewallService (6acc11e9d2f01c88251123d26c1c5489) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe 14:44:31.0932 9656 AntiVirFirewallService - ok 14:44:31.0995 9656 AntiVirMailService (b7fa28aefa586fb5a04876c7b31d03e6) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe 14:44:32.0010 9656 AntiVirMailService - ok 14:44:32.0073 9656 AntiVirSchedulerService (2e35310d600f4cc64624786a813a041e) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 14:44:32.0073 9656 AntiVirSchedulerService - ok 14:44:32.0119 9656 AntiVirService (984102b9e2f6513008ed4e0c5ac4151d) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 14:44:32.0135 9656 AntiVirService - ok 14:44:32.0213 9656 AntiVirWebService (9bc7247fd7379307bcff92cf8eb64b87) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 14:44:32.0229 9656 AntiVirWebService - ok 14:44:32.0353 9656 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 14:44:32.0385 9656 AppID - ok 14:44:32.0416 9656 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 14:44:32.0478 9656 AppIDSvc - ok 14:44:32.0525 9656 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 14:44:32.0556 9656 Appinfo - ok 14:44:32.0603 9656 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 14:44:32.0619 9656 arc - ok 14:44:32.0634 9656 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 14:44:32.0650 9656 arcsas - ok 14:44:32.0681 9656 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 14:44:32.0728 9656 AsyncMac - ok 14:44:32.0775 9656 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 14:44:32.0790 9656 atapi - ok 14:44:32.0837 9656 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys 14:44:32.0837 9656 AthBTPort - ok 14:44:32.0899 9656 AtherosSvc (147d5c092d116e3e4768d7be532add79) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 14:44:32.0899 9656 AtherosSvc - ok 14:44:33.0040 9656 athr (931884f5f2d7e6973366782690bf1754) C:\Windows\system32\DRIVERS\athrx.sys 14:44:33.0087 9656 athr - ok 14:44:33.0258 9656 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys 14:44:33.0336 9656 AtiHdmiService - ok 14:44:33.0399 9656 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 14:44:33.0461 9656 AudioEndpointBuilder - ok 14:44:33.0461 9656 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 14:44:33.0508 9656 AudioSrv - ok 14:44:33.0539 9656 avfwim (f3a3859d006783a0e0d40e227e52c35c) C:\Windows\system32\DRIVERS\avfwim.sys 14:44:33.0555 9656 avfwim - ok 14:44:33.0617 9656 avfwot (bc06315a7bdbcad0c7719d1c1306a4db) C:\Windows\system32\DRIVERS\avfwot.sys 14:44:33.0633 9656 avfwot - ok 14:44:33.0679 9656 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys 14:44:33.0695 9656 avgntflt - ok 14:44:33.0742 9656 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys 14:44:33.0742 9656 avipbb - ok 14:44:33.0773 9656 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 14:44:33.0789 9656 avkmgr - ok 14:44:33.0835 9656 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 14:44:33.0882 9656 AxInstSV - ok 14:44:33.0945 9656 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 14:44:33.0976 9656 b06bdrv - ok 14:44:33.0991 9656 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 14:44:34.0023 9656 b57nd60a - ok 14:44:34.0101 9656 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 14:44:34.0116 9656 BDESVC - ok 14:44:34.0147 9656 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 14:44:34.0194 9656 Beep - ok 14:44:34.0272 9656 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 14:44:34.0319 9656 BFE - ok 14:44:34.0381 9656 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll 14:44:34.0444 9656 BITS - ok 14:44:34.0522 9656 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 14:44:34.0569 9656 blbdrive - ok 14:44:34.0615 9656 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 14:44:34.0662 9656 bowser - ok 14:44:34.0693 9656 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:44:34.0725 9656 BrFiltLo - ok 14:44:34.0740 9656 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:44:34.0756 9656 BrFiltUp - ok 14:44:34.0787 9656 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 14:44:34.0834 9656 Browser - ok 14:44:34.0881 9656 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 14:44:34.0896 9656 Brserid - ok 14:44:34.0912 9656 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 14:44:34.0927 9656 BrSerWdm - ok 14:44:34.0974 9656 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:44:35.0005 9656 BrUsbMdm - ok 14:44:35.0021 9656 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 14:44:35.0052 9656 BrUsbSer - ok 14:44:35.0099 9656 BTATH_A2DP (2ecf188c1d4246efc6419f118f7b8ec6) C:\Windows\system32\drivers\btath_a2dp.sys 14:44:35.0115 9656 BTATH_A2DP - ok 14:44:35.0130 9656 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys 14:44:35.0146 9656 BTATH_BUS - ok 14:44:35.0161 9656 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys 14:44:35.0177 9656 BTATH_HCRP - ok 14:44:35.0208 9656 BTATH_LWFLT (701c4fd9e8f2315bb1732e24093e7e8b) C:\Windows\system32\DRIVERS\btath_lwflt.sys 14:44:35.0208 9656 BTATH_LWFLT - ok 14:44:35.0224 9656 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys 14:44:35.0239 9656 BTATH_RCP - ok 14:44:35.0271 9656 BtFilter (6e7427156de0f0601dc0df42caff971d) C:\Windows\system32\DRIVERS\btfilter.sys 14:44:35.0286 9656 BtFilter - ok 14:44:35.0317 9656 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 14:44:35.0333 9656 BthEnum - ok 14:44:35.0380 9656 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 14:44:35.0411 9656 BTHMODEM - ok 14:44:35.0442 9656 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 14:44:35.0473 9656 BthPan - ok 14:44:35.0520 9656 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys 14:44:35.0551 9656 BTHPORT - ok 14:44:35.0598 9656 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 14:44:35.0645 9656 bthserv - ok 14:44:35.0676 9656 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys 14:44:35.0707 9656 BTHUSB - ok 14:44:35.0739 9656 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 14:44:35.0785 9656 cdfs - ok 14:44:35.0832 9656 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 14:44:35.0895 9656 cdrom - ok 14:44:35.0941 9656 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 14:44:35.0988 9656 CertPropSvc - ok 14:44:36.0035 9656 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 14:44:36.0066 9656 circlass - ok 14:44:36.0097 9656 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 14:44:36.0113 9656 CLFS - ok 14:44:36.0191 9656 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:44:36.0191 9656 clr_optimization_v2.0.50727_32 - ok 14:44:36.0253 9656 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:44:36.0253 9656 clr_optimization_v2.0.50727_64 - ok 14:44:36.0347 9656 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:44:36.0363 9656 clr_optimization_v4.0.30319_32 - ok 14:44:36.0409 9656 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:44:36.0425 9656 clr_optimization_v4.0.30319_64 - ok 14:44:36.0456 9656 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 14:44:36.0472 9656 CmBatt - ok 14:44:36.0503 9656 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 14:44:36.0503 9656 cmdide - ok 14:44:36.0581 9656 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys 14:44:36.0628 9656 CNG - ok 14:44:36.0643 9656 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 14:44:36.0659 9656 Compbatt - ok 14:44:36.0690 9656 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 14:44:36.0721 9656 CompositeBus - ok 14:44:36.0737 9656 COMSysApp - ok 14:44:36.0753 9656 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 14:44:36.0753 9656 crcdisk - ok 14:44:36.0799 9656 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll 14:44:36.0862 9656 CryptSvc - ok 14:44:36.0909 9656 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 14:44:36.0955 9656 DcomLaunch - ok 14:44:36.0987 9656 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 14:44:37.0049 9656 defragsvc - ok 14:44:37.0096 9656 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 14:44:37.0127 9656 DfsC - ok 14:44:37.0158 9656 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 14:44:37.0236 9656 Dhcp - ok 14:44:37.0283 9656 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 14:44:37.0330 9656 discache - ok 14:44:37.0361 9656 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 14:44:37.0377 9656 Disk - ok 14:44:37.0408 9656 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 14:44:37.0423 9656 Dnscache - ok 14:44:37.0470 9656 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 14:44:37.0533 9656 dot3svc - ok 14:44:37.0548 9656 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 14:44:37.0595 9656 DPS - ok 14:44:37.0626 9656 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 14:44:37.0642 9656 drmkaud - ok 14:44:37.0735 9656 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe 14:44:37.0751 9656 DsiWMIService - ok 14:44:37.0813 9656 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys 14:44:37.0845 9656 DXGKrnl - ok 14:44:37.0891 9656 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys 14:44:37.0923 9656 E1G60 - ok 14:44:37.0969 9656 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 14:44:38.0016 9656 EapHost - ok 14:44:38.0141 9656 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 14:44:38.0266 9656 ebdrv - ok 14:44:38.0359 9656 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 14:44:38.0391 9656 EFS - ok 14:44:38.0453 9656 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 14:44:38.0484 9656 ehRecvr - ok 14:44:38.0515 9656 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 14:44:38.0531 9656 ehSched - ok 14:44:38.0625 9656 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 14:44:38.0640 9656 elxstor - ok 14:44:38.0734 9656 ePowerSvc (eb78fbd1c3db8223eeb364d485627ef1) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe 14:44:38.0765 9656 ePowerSvc - ok 14:44:38.0859 9656 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 14:44:38.0890 9656 ErrDev - ok 14:44:38.0937 9656 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 14:44:38.0983 9656 EventSystem - ok 14:44:39.0030 9656 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 14:44:39.0077 9656 exfat - ok 14:44:39.0108 9656 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 14:44:39.0155 9656 fastfat - ok 14:44:39.0217 9656 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 14:44:39.0264 9656 Fax - ok 14:44:39.0264 9656 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 14:44:39.0295 9656 fdc - ok 14:44:39.0342 9656 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 14:44:39.0373 9656 fdPHost - ok 14:44:39.0389 9656 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 14:44:39.0420 9656 FDResPub - ok 14:44:39.0451 9656 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 14:44:39.0451 9656 FileInfo - ok 14:44:39.0467 9656 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 14:44:39.0514 9656 Filetrace - ok 14:44:39.0529 9656 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 14:44:39.0545 9656 flpydisk - ok 14:44:39.0561 9656 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 14:44:39.0576 9656 FltMgr - ok 14:44:39.0623 9656 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll 14:44:39.0670 9656 FontCache - ok 14:44:39.0779 9656 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:44:39.0795 9656 FontCache3.0.0.0 - ok 14:44:39.0841 9656 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 14:44:39.0857 9656 FsDepends - ok 14:44:39.0904 9656 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 14:44:39.0904 9656 Fs_Rec - ok 14:44:39.0951 9656 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 14:44:39.0966 9656 fvevol - ok 14:44:40.0013 9656 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 14:44:40.0029 9656 gagp30kx - ok 14:44:40.0091 9656 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 14:44:40.0138 9656 gpsvc - ok 14:44:40.0231 9656 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 14:44:40.0231 9656 GREGService - ok 14:44:40.0278 9656 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 14:44:40.0294 9656 hcw85cir - ok 14:44:40.0356 9656 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 14:44:40.0403 9656 HdAudAddService - ok 14:44:40.0419 9656 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 14:44:40.0450 9656 HDAudBus - ok 14:44:40.0481 9656 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 14:44:40.0481 9656 HECIx64 - ok 14:44:40.0512 9656 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 14:44:40.0528 9656 HidBatt - ok 14:44:40.0543 9656 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 14:44:40.0575 9656 HidBth - ok 14:44:40.0590 9656 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 14:44:40.0606 9656 HidIr - ok 14:44:40.0637 9656 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 14:44:40.0684 9656 hidserv - ok 14:44:40.0715 9656 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 14:44:40.0746 9656 HidUsb - ok 14:44:40.0777 9656 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 14:44:40.0824 9656 hkmsvc - ok 14:44:40.0855 9656 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 14:44:40.0887 9656 HomeGroupListener - ok 14:44:40.0918 9656 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 14:44:40.0933 9656 HomeGroupProvider - ok 14:44:40.0965 9656 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 14:44:40.0980 9656 HpSAMD - ok 14:44:41.0027 9656 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 14:44:41.0074 9656 HTTP - ok 14:44:41.0136 9656 hwdatacard (cdaa8e257bb625b2387219e605dde37d) C:\Windows\system32\DRIVERS\ewusbmdm.sys 14:44:41.0152 9656 hwdatacard - ok 14:44:41.0183 9656 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 14:44:41.0183 9656 hwpolicy - ok 14:44:41.0214 9656 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 14:44:41.0230 9656 i8042prt - ok 14:44:41.0277 9656 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys 14:44:41.0292 9656 iaStor - ok 14:44:41.0386 9656 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 14:44:41.0386 9656 IAStorDataMgrSvc - ok 14:44:41.0464 9656 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 14:44:41.0479 9656 iaStorV - ok 14:44:41.0511 9656 IDMWFP (a31673b073652f56571acae61c3c25e2) C:\Windows\system32\DRIVERS\idmwfp.sys 14:44:41.0526 9656 IDMWFP - ok 14:44:41.0651 9656 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:44:41.0682 9656 idsvc - ok 14:44:41.0713 9656 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 14:44:41.0729 9656 iirsp - ok 14:44:41.0791 9656 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 14:44:41.0838 9656 IKEEXT - ok 14:44:41.0901 9656 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys 14:44:41.0932 9656 Impcd - ok 14:44:42.0072 9656 IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\Windows\system32\drivers\RTKVHD64.sys 14:44:42.0119 9656 IntcAzAudAddService - ok 14:44:42.0244 9656 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 14:44:42.0244 9656 intelide - ok 14:44:42.0681 9656 intelkmd (b744e1375cd1db3eb7b89781b8c93d9f) C:\Windows\system32\DRIVERS\igdpmd64.sys 14:44:42.0899 9656 intelkmd - ok 14:44:43.0008 9656 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 14:44:43.0024 9656 intelppm - ok 14:44:43.0071 9656 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 14:44:43.0133 9656 IPBusEnum - ok 14:44:43.0149 9656 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:44:43.0195 9656 IpFilterDriver - ok 14:44:43.0242 9656 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 14:44:43.0289 9656 iphlpsvc - ok 14:44:43.0320 9656 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 14:44:43.0336 9656 IPMIDRV - ok 14:44:43.0351 9656 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 14:44:43.0398 9656 IPNAT - ok 14:44:43.0429 9656 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 14:44:43.0445 9656 IRENUM - ok 14:44:43.0476 9656 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 14:44:43.0476 9656 isapnp - ok 14:44:43.0507 9656 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 14:44:43.0523 9656 iScsiPrt - ok 14:44:43.0539 9656 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 14:44:43.0554 9656 kbdclass - ok 14:44:43.0585 9656 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 14:44:43.0601 9656 kbdhid - ok 14:44:43.0632 9656 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:44:43.0648 9656 KeyIso - ok 14:44:43.0679 9656 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys 14:44:43.0695 9656 KSecDD - ok 14:44:43.0710 9656 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys 14:44:43.0710 9656 KSecPkg - ok 14:44:43.0741 9656 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 14:44:43.0804 9656 ksthunk - ok 14:44:43.0835 9656 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 14:44:43.0882 9656 KtmRm - ok 14:44:43.0913 9656 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys 14:44:43.0913 9656 L1C - ok 14:44:43.0975 9656 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll 14:44:43.0991 9656 LanmanServer - ok 14:44:44.0022 9656 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 14:44:44.0069 9656 LanmanWorkstation - ok 14:44:44.0100 9656 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 14:44:44.0147 9656 lltdio - ok 14:44:44.0178 9656 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 14:44:44.0225 9656 lltdsvc - ok 14:44:44.0256 9656 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 14:44:44.0287 9656 lmhosts - ok 14:44:44.0397 9656 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 14:44:44.0428 9656 LMS ( UnsignedFile.Multi.Generic ) - warning 14:44:44.0428 9656 LMS - detected UnsignedFile.Multi.Generic (1) 14:44:44.0459 9656 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 14:44:44.0475 9656 LSI_FC - ok 14:44:44.0506 9656 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 14:44:44.0506 9656 LSI_SAS - ok 14:44:44.0537 9656 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:44:44.0537 9656 LSI_SAS2 - ok 14:44:44.0553 9656 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:44:44.0553 9656 LSI_SCSI - ok 14:44:44.0584 9656 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 14:44:44.0631 9656 luafv - ok 14:44:44.0693 9656 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 14:44:44.0709 9656 MBAMProtector - ok 14:44:44.0787 9656 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 14:44:44.0802 9656 MBAMService - ok 14:44:44.0833 9656 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 14:44:44.0865 9656 Mcx2Svc - ok 14:44:44.0896 9656 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 14:44:44.0911 9656 megasas - ok 14:44:44.0927 9656 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 14:44:44.0943 9656 MegaSR - ok 14:44:44.0974 9656 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:44:45.0021 9656 MMCSS - ok 14:44:45.0052 9656 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 14:44:45.0114 9656 Modem - ok 14:44:45.0145 9656 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 14:44:45.0161 9656 monitor - ok 14:44:45.0192 9656 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 14:44:45.0208 9656 mouclass - ok 14:44:45.0223 9656 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 14:44:45.0239 9656 mouhid - ok 14:44:45.0270 9656 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 14:44:45.0270 9656 mountmgr - ok 14:44:45.0379 9656 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 14:44:45.0395 9656 MozillaMaintenance - ok 14:44:45.0411 9656 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 14:44:45.0426 9656 mpio - ok 14:44:45.0457 9656 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 14:44:45.0489 9656 mpsdrv - ok 14:44:45.0551 9656 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 14:44:45.0629 9656 MpsSvc - ok 14:44:45.0645 9656 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 14:44:45.0691 9656 MRxDAV - ok 14:44:45.0707 9656 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:44:45.0754 9656 mrxsmb - ok 14:44:45.0785 9656 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:44:45.0801 9656 mrxsmb10 - ok 14:44:45.0816 9656 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:44:45.0832 9656 mrxsmb20 - ok 14:44:45.0832 9656 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 14:44:45.0847 9656 msahci - ok 14:44:45.0863 9656 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 14:44:45.0879 9656 msdsm - ok 14:44:45.0910 9656 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 14:44:45.0941 9656 MSDTC - ok 14:44:45.0941 9656 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 14:44:45.0988 9656 Msfs - ok 14:44:46.0003 9656 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 14:44:46.0035 9656 mshidkmdf - ok 14:44:46.0035 9656 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 14:44:46.0050 9656 msisadrv - ok 14:44:46.0081 9656 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 14:44:46.0113 9656 MSiSCSI - ok 14:44:46.0113 9656 msiserver - ok 14:44:46.0144 9656 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 14:44:46.0175 9656 MSKSSRV - ok 14:44:46.0191 9656 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 14:44:46.0222 9656 MSPCLOCK - ok 14:44:46.0237 9656 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 14:44:46.0284 9656 MSPQM - ok 14:44:46.0300 9656 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 14:44:46.0315 9656 MsRPC - ok 14:44:46.0331 9656 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 14:44:46.0347 9656 mssmbios - ok 14:44:46.0378 9656 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 14:44:46.0425 9656 MSTEE - ok 14:44:46.0440 9656 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 14:44:46.0471 9656 MTConfig - ok 14:44:46.0487 9656 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 14:44:46.0487 9656 Mup - ok 14:44:46.0534 9656 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 14:44:46.0581 9656 napagent - ok 14:44:46.0643 9656 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 14:44:46.0659 9656 NativeWifiP - ok 14:44:46.0705 9656 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 14:44:46.0737 9656 NDIS - ok 14:44:46.0783 9656 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 14:44:46.0830 9656 NdisCap - ok 14:44:46.0861 9656 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 14:44:46.0908 9656 NdisTapi - ok 14:44:46.0924 9656 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 14:44:46.0955 9656 Ndisuio - ok 14:44:46.0971 9656 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 14:44:47.0002 9656 NdisWan - ok 14:44:47.0033 9656 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 14:44:47.0064 9656 NDProxy - ok 14:44:47.0080 9656 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 14:44:47.0127 9656 NetBIOS - ok 14:44:47.0158 9656 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 14:44:47.0205 9656 NetBT - ok 14:44:47.0236 9656 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:44:47.0251 9656 Netlogon - ok 14:44:47.0298 9656 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 14:44:47.0345 9656 Netman - ok 14:44:47.0376 9656 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 14:44:47.0423 9656 netprofm - ok 14:44:47.0517 9656 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:44:47.0532 9656 NetTcpPortSharing - ok 14:44:47.0563 9656 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 14:44:47.0579 9656 nfrd960 - ok 14:44:47.0626 9656 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 14:44:47.0673 9656 NlaSvc - ok 14:44:47.0688 9656 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 14:44:47.0735 9656 Npfs - ok 14:44:47.0766 9656 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 14:44:47.0813 9656 nsi - ok 14:44:47.0829 9656 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 14:44:47.0860 9656 nsiproxy - ok 14:44:47.0938 9656 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 14:44:47.0985 9656 Ntfs - ok 14:44:48.0078 9656 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 14:44:48.0125 9656 Null - ok 14:44:48.0156 9656 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 14:44:48.0172 9656 nvraid - ok 14:44:48.0187 9656 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 14:44:48.0203 9656 nvstor - ok 14:44:48.0219 9656 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 14:44:48.0234 9656 nv_agp - ok 14:44:48.0312 9656 ODDPwrSvc (ba7dac1b8a86d9402c3e04e1fcaa600d) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe 14:44:48.0328 9656 ODDPwrSvc - ok 14:44:48.0359 9656 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 14:44:48.0359 9656 ohci1394 - ok 14:44:48.0437 9656 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:44:48.0453 9656 ose - ok 14:44:48.0733 9656 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 14:44:48.0843 9656 osppsvc - ok 14:44:48.0967 9656 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:44:48.0983 9656 p2pimsvc - ok 14:44:49.0014 9656 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 14:44:49.0030 9656 p2psvc - ok 14:44:49.0108 9656 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 14:44:49.0123 9656 Parport - ok 14:44:49.0170 9656 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 14:44:49.0170 9656 partmgr - ok 14:44:49.0201 9656 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 14:44:49.0233 9656 PcaSvc - ok 14:44:49.0233 9656 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 14:44:49.0248 9656 pci - ok 14:44:49.0264 9656 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 14:44:49.0279 9656 pciide - ok 14:44:49.0295 9656 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 14:44:49.0311 9656 pcmcia - ok 14:44:49.0326 9656 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 14:44:49.0326 9656 pcw - ok 14:44:49.0357 9656 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 14:44:49.0420 9656 PEAUTH - ok 14:44:49.0482 9656 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 14:44:49.0513 9656 PerfHost - ok 14:44:49.0591 9656 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 14:44:49.0669 9656 pla - ok 14:44:49.0732 9656 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 14:44:49.0763 9656 PlugPlay - ok 14:44:49.0779 9656 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 14:44:49.0810 9656 PNRPAutoReg - ok 14:44:49.0841 9656 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:44:49.0857 9656 PNRPsvc - ok 14:44:49.0903 9656 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 14:44:49.0966 9656 PolicyAgent - ok 14:44:49.0997 9656 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 14:44:50.0028 9656 Power - ok 14:44:50.0091 9656 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 14:44:50.0137 9656 PptpMiniport - ok 14:44:50.0153 9656 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 14:44:50.0184 9656 Processor - ok 14:44:50.0215 9656 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll 14:44:50.0231 9656 ProfSvc - ok 14:44:50.0247 9656 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:44:50.0262 9656 ProtectedStorage - ok 14:44:50.0309 9656 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 14:44:50.0340 9656 Psched - ok 14:44:50.0387 9656 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys 14:44:50.0387 9656 PSI - ok 14:44:50.0465 9656 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 14:44:50.0512 9656 ql2300 - ok 14:44:50.0605 9656 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 14:44:50.0621 9656 ql40xx - ok 14:44:50.0652 9656 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 14:44:50.0683 9656 QWAVE - ok 14:44:50.0683 9656 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 14:44:50.0730 9656 QWAVEdrv - ok 14:44:50.0746 9656 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 14:44:50.0777 9656 RasAcd - ok 14:44:50.0824 9656 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:44:50.0855 9656 RasAgileVpn - ok 14:44:50.0886 9656 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 14:44:50.0933 9656 RasAuto - ok 14:44:50.0949 9656 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:44:51.0011 9656 Rasl2tp - ok 14:44:51.0058 9656 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 14:44:51.0120 9656 RasMan - ok 14:44:51.0136 9656 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 14:44:51.0183 9656 RasPppoe - ok 14:44:51.0214 9656 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 14:44:51.0261 9656 RasSstp - ok 14:44:51.0292 9656 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 14:44:51.0339 9656 rdbss - ok 14:44:51.0370 9656 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 14:44:51.0386 9656 rdpbus - ok 14:44:51.0386 9656 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:44:51.0417 9656 RDPCDD - ok 14:44:51.0432 9656 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 14:44:51.0479 9656 RDPENCDD - ok 14:44:51.0479 9656 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 14:44:51.0510 9656 RDPREFMP - ok 14:44:51.0557 9656 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys 14:44:51.0573 9656 RDPWD - ok 14:44:51.0620 9656 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys 14:44:51.0635 9656 rdyboost - ok 14:44:51.0666 9656 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 14:44:51.0713 9656 RemoteAccess - ok 14:44:51.0744 9656 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 14:44:51.0791 9656 RemoteRegistry - ok 14:44:51.0838 9656 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 14:44:51.0869 9656 RFCOMM - ok 14:44:51.0963 9656 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe 14:44:51.0994 9656 RichVideo ( UnsignedFile.Multi.Generic ) - warning 14:44:51.0994 9656 RichVideo - detected UnsignedFile.Multi.Generic (1) 14:44:52.0025 9656 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 14:44:52.0072 9656 RpcEptMapper - ok 14:44:52.0088 9656 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 14:44:52.0103 9656 RpcLocator - ok 14:44:52.0134 9656 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 14:44:52.0166 9656 RpcSs - ok 14:44:52.0212 9656 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 14:44:52.0259 9656 rspndr - ok 14:44:52.0290 9656 RS_Service (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe 14:44:52.0306 9656 RS_Service - ok 14:44:52.0337 9656 SaiK0CD5 (858c15a70af2900c03daa4419b973903) C:\Windows\system32\DRIVERS\SaiK0CD5.sys 14:44:52.0353 9656 SaiK0CD5 - ok 14:44:52.0400 9656 SaiMini (e124bcfb55adcd4aa273e73c3d666f9f) C:\Windows\system32\DRIVERS\SaiMini.sys 14:44:52.0415 9656 SaiMini - ok 14:44:52.0431 9656 SaiNtBus (94ab59e2d3f301dc2b6ea97a027cebfa) C:\Windows\system32\drivers\SaiBus.sys 14:44:52.0431 9656 SaiNtBus - ok 14:44:52.0462 9656 SaiU0CD5 (866efd804302483de27e3947b25d0fab) C:\Windows\system32\DRIVERS\SaiU0CD5.sys 14:44:52.0462 9656 SaiU0CD5 - ok 14:44:52.0493 9656 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:44:52.0509 9656 SamSs - ok 14:44:52.0524 9656 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 14:44:52.0540 9656 sbp2port - ok 14:44:52.0571 9656 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 14:44:52.0618 9656 SCardSvr - ok 14:44:52.0649 9656 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 14:44:52.0696 9656 scfilter - ok 14:44:52.0758 9656 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 14:44:52.0790 9656 Schedule - ok 14:44:52.0821 9656 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 14:44:52.0852 9656 SCPolicySvc - ok 14:44:52.0883 9656 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 14:44:52.0914 9656 SDRSVC - ok 14:44:52.0992 9656 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 14:44:53.0024 9656 secdrv - ok 14:44:53.0039 9656 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 14:44:53.0086 9656 seclogon - ok 14:44:53.0195 9656 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe 14:44:53.0226 9656 Secunia PSI Agent - ok 14:44:53.0320 9656 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe 14:44:53.0336 9656 Secunia Update Agent - ok 14:44:53.0429 9656 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 14:44:53.0476 9656 SENS - ok 14:44:53.0507 9656 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 14:44:53.0538 9656 SensrSvc - ok 14:44:53.0585 9656 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 14:44:53.0601 9656 Serenum - ok 14:44:53.0632 9656 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 14:44:53.0663 9656 Serial - ok 14:44:53.0694 9656 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 14:44:53.0710 9656 sermouse - ok 14:44:53.0757 9656 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 14:44:53.0788 9656 SessionEnv - ok 14:44:53.0819 9656 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 14:44:53.0850 9656 sffdisk - ok 14:44:53.0866 9656 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 14:44:53.0897 9656 sffp_mmc - ok 14:44:53.0913 9656 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 14:44:53.0913 9656 sffp_sd - ok 14:44:53.0928 9656 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 14:44:53.0944 9656 sfloppy - ok 14:44:53.0991 9656 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 14:44:54.0038 9656 SharedAccess - ok 14:44:54.0069 9656 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 14:44:54.0100 9656 ShellHWDetection - ok 14:44:54.0162 9656 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:44:54.0162 9656 SiSRaid2 - ok 14:44:54.0178 9656 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 14:44:54.0194 9656 SiSRaid4 - ok 14:44:54.0287 9656 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe 14:44:54.0303 9656 SkypeUpdate - ok 14:44:54.0365 9656 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 14:44:54.0412 9656 Smb - ok 14:44:54.0443 9656 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 14:44:54.0474 9656 SNMPTRAP - ok 14:44:54.0490 9656 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 14:44:54.0506 9656 spldr - ok 14:44:54.0537 9656 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 14:44:54.0568 9656 Spooler - ok 14:44:54.0724 9656 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 14:44:54.0818 9656 sppsvc - ok 14:44:54.0911 9656 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 14:44:54.0942 9656 sppuinotify - ok 14:44:54.0989 9656 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 14:44:55.0052 9656 srv - ok 14:44:55.0067 9656 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 14:44:55.0083 9656 srv2 - ok 14:44:55.0098 9656 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 14:44:55.0114 9656 srvnet - ok 14:44:55.0176 9656 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 14:44:55.0223 9656 SSDPSRV - ok 14:44:55.0254 9656 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 14:44:55.0286 9656 SstpSvc - ok 14:44:55.0348 9656 Steam Client Service - ok 14:44:55.0379 9656 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 14:44:55.0395 9656 stexstor - ok 14:44:55.0457 9656 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 14:44:55.0473 9656 stisvc - ok 14:44:55.0488 9656 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 14:44:55.0504 9656 swenum - ok 14:44:55.0535 9656 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 14:44:55.0598 9656 swprv - ok 14:44:55.0660 9656 SynTP (ce9b5a79aee330bc7e88c0441e5727bb) C:\Windows\system32\DRIVERS\SynTP.sys 14:44:55.0676 9656 SynTP - ok 14:44:55.0769 9656 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 14:44:55.0816 9656 SysMain - ok 14:44:55.0910 9656 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 14:44:55.0956 9656 TabletInputService - ok 14:44:55.0972 9656 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 14:44:56.0019 9656 TapiSrv - ok 14:44:56.0034 9656 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 14:44:56.0066 9656 TBS - ok 14:44:56.0222 9656 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 14:44:56.0253 9656 Tcpip - ok 14:44:56.0440 9656 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 14:44:56.0471 9656 TCPIP6 - ok 14:44:56.0534 9656 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 14:44:56.0580 9656 tcpipreg - ok 14:44:56.0612 9656 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 14:44:56.0643 9656 TDPIPE - ok 14:44:56.0658 9656 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 14:44:56.0690 9656 TDTCP - ok 14:44:56.0705 9656 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 14:44:56.0752 9656 tdx - ok 14:44:56.0768 9656 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 14:44:56.0783 9656 TermDD - ok 14:44:56.0846 9656 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 14:44:56.0908 9656 TermService - ok 14:44:56.0924 9656 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 14:44:56.0955 9656 Themes - ok 14:44:56.0970 9656 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:44:57.0002 9656 THREADORDER - ok 14:44:57.0017 9656 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 14:44:57.0064 9656 TrkWks - ok 14:44:57.0111 9656 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 14:44:57.0142 9656 TrustedInstaller - ok 14:44:57.0173 9656 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:44:57.0204 9656 tssecsrv - ok 14:44:57.0407 9656 TuneUp.UtilitiesSvc (6dc7b7342148636c6751d9f7b8aaea91) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe 14:44:57.0454 9656 TuneUp.UtilitiesSvc - ok 14:44:57.0548 9656 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys 14:44:57.0563 9656 TuneUpUtilitiesDrv - ok 14:44:57.0672 9656 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 14:44:57.0735 9656 tunnel - ok 14:44:57.0766 9656 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys 14:44:57.0766 9656 TurboB - ok 14:44:57.0813 9656 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe 14:44:57.0828 9656 TurboBoost - ok 14:44:57.0844 9656 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 14:44:57.0844 9656 uagp35 - ok 14:44:57.0875 9656 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 14:44:57.0922 9656 udfs - ok 14:44:57.0953 9656 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 14:44:57.0969 9656 UI0Detect - ok 14:44:58.0000 9656 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 14:44:58.0000 9656 uliagpkx - ok 14:44:58.0031 9656 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 14:44:58.0062 9656 umbus - ok 14:44:58.0094 9656 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 14:44:58.0109 9656 UmPass - ok 14:44:58.0265 9656 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 14:44:58.0296 9656 UNS ( UnsignedFile.Multi.Generic ) - warning 14:44:58.0296 9656 UNS - detected UnsignedFile.Multi.Generic (1) 14:44:58.0390 9656 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe 14:44:58.0406 9656 Updater Service - ok 14:44:58.0515 9656 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 14:44:58.0546 9656 upnphost - ok 14:44:58.0624 9656 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 14:44:58.0655 9656 usbaudio - ok 14:44:58.0702 9656 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys 14:44:58.0718 9656 usbccgp - ok 14:44:58.0749 9656 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 14:44:58.0780 9656 usbcir - ok 14:44:58.0811 9656 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys 14:44:58.0811 9656 usbehci - ok 14:44:58.0874 9656 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys 14:44:58.0889 9656 usbhub - ok 14:44:58.0936 9656 usbkey (a13334591800e55184857e4090e4bbe9) C:\Windows\system32\DRIVERS\USBKey64.sys 14:44:58.0936 9656 usbkey - ok 14:44:58.0967 9656 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys 14:44:58.0998 9656 usbohci - ok 14:44:59.0030 9656 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 14:44:59.0045 9656 usbprint - ok 14:44:59.0076 9656 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 14:44:59.0092 9656 usbscan - ok 14:44:59.0123 9656 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:44:59.0139 9656 USBSTOR - ok 14:44:59.0154 9656 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys 14:44:59.0186 9656 usbuhci - ok 14:44:59.0248 9656 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys 14:44:59.0279 9656 usbvideo - ok 14:44:59.0310 9656 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 14:44:59.0342 9656 UxSms - ok 14:44:59.0373 9656 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:44:59.0388 9656 VaultSvc - ok 14:44:59.0420 9656 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 14:44:59.0435 9656 vdrvroot - ok 14:44:59.0482 9656 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 14:44:59.0513 9656 vds - ok 14:44:59.0544 9656 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 14:44:59.0544 9656 vga - ok 14:44:59.0560 9656 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 14:44:59.0607 9656 VgaSave - ok 14:44:59.0638 9656 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 14:44:59.0638 9656 vhdmp - ok 14:44:59.0654 9656 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 14:44:59.0654 9656 viaide - ok 14:44:59.0685 9656 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 14:44:59.0685 9656 volmgr - ok 14:44:59.0700 9656 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 14:44:59.0716 9656 volmgrx - ok 14:44:59.0732 9656 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 14:44:59.0747 9656 volsnap - ok 14:44:59.0841 9656 vpnagent (3b98ab9849754cb88265111422441df7) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 14:44:59.0856 9656 vpnagent - ok 14:44:59.0903 9656 vpnva (13e6d95e7ac67abb7a1196557ef8849f) C:\Windows\system32\DRIVERS\vpnva64.sys 14:44:59.0903 9656 vpnva - ok 14:44:59.0950 9656 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 14:44:59.0966 9656 vsmraid - ok 14:45:00.0059 9656 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 14:45:00.0106 9656 VSS - ok 14:45:00.0200 9656 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 14:45:00.0215 9656 vwifibus - ok 14:45:00.0231 9656 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 14:45:00.0262 9656 vwififlt - ok 14:45:00.0324 9656 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 14:45:00.0356 9656 W32Time - ok 14:45:00.0387 9656 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 14:45:00.0418 9656 WacomPen - ok 14:45:00.0449 9656 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 14:45:00.0480 9656 WANARP - ok 14:45:00.0480 9656 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 14:45:00.0512 9656 Wanarpv6 - ok 14:45:00.0590 9656 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 14:45:00.0621 9656 wbengine - ok 14:45:00.0714 9656 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 14:45:00.0746 9656 WbioSrvc - ok 14:45:00.0777 9656 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 14:45:00.0808 9656 wcncsvc - ok 14:45:00.0808 9656 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 14:45:00.0824 9656 WcsPlugInService - ok 14:45:00.0870 9656 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 14:45:00.0886 9656 Wd - ok 14:45:00.0902 9656 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 14:45:00.0933 9656 Wdf01000 - ok 14:45:00.0948 9656 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:45:00.0980 9656 WdiServiceHost - ok 14:45:00.0980 9656 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:45:00.0995 9656 WdiSystemHost - ok 14:45:01.0042 9656 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 14:45:01.0058 9656 WebClient - ok 14:45:01.0104 9656 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 14:45:01.0151 9656 Wecsvc - ok 14:45:01.0167 9656 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 14:45:01.0229 9656 wercplsupport - ok 14:45:01.0245 9656 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 14:45:01.0276 9656 WerSvc - ok 14:45:01.0354 9656 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 14:45:01.0385 9656 WfpLwf - ok 14:45:01.0401 9656 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 14:45:01.0416 9656 WIMMount - ok 14:45:01.0463 9656 WinDefend - ok 14:45:01.0463 9656 WinHttpAutoProxySvc - ok 14:45:01.0541 9656 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 14:45:01.0572 9656 Winmgmt - ok 14:45:01.0666 9656 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 14:45:01.0728 9656 WinRM - ok 14:45:01.0884 9656 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 14:45:01.0900 9656 Wlansvc - ok 14:45:01.0962 9656 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 14:45:01.0962 9656 WmiAcpi - ok 14:45:02.0040 9656 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 14:45:02.0056 9656 wmiApSrv - ok 14:45:02.0134 9656 WMPNetworkSvc - ok 14:45:02.0165 9656 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 14:45:02.0181 9656 WPCSvc - ok 14:45:02.0196 9656 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 14:45:02.0228 9656 WPDBusEnum - ok 14:45:02.0243 9656 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 14:45:02.0306 9656 ws2ifsl - ok 14:45:02.0321 9656 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll 14:45:02.0352 9656 wscsvc - ok 14:45:02.0352 9656 WSearch - ok 14:45:02.0430 9656 WTGService (d7e88349be0f01e4d8d776adb1f325bf) C:\Program Files (x86)\Verbindungsassistent\WTGService.exe 14:45:02.0446 9656 WTGService - ok 14:45:02.0571 9656 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 14:45:02.0633 9656 wuauserv - ok 14:45:02.0742 9656 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 14:45:02.0774 9656 WudfPf - ok 14:45:02.0820 9656 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:45:02.0867 9656 WUDFRd - ok 14:45:02.0898 9656 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 14:45:02.0945 9656 wudfsvc - ok 14:45:02.0976 9656 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 14:45:03.0008 9656 WwanSvc - ok 14:45:03.0039 9656 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 14:45:03.0257 9656 \Device\Harddisk0\DR0 - ok 14:45:03.0257 9656 Boot (0x1200) (a0f7c052509503fe32add634215fade1) \Device\Harddisk0\DR0\Partition0 14:45:03.0273 9656 \Device\Harddisk0\DR0\Partition0 - ok 14:45:03.0288 9656 Boot (0x1200) (e6c66b71605680f02a9cbb6fdce8b0b3) \Device\Harddisk0\DR0\Partition1 14:45:03.0288 9656 \Device\Harddisk0\DR0\Partition1 - ok 14:45:03.0304 9656 Boot (0x1200) (dbac78ea438e0cc864cba620e834fd17) \Device\Harddisk0\DR0\Partition2 14:45:03.0304 9656 \Device\Harddisk0\DR0\Partition2 - ok 14:45:03.0304 9656 ============================================================ 14:45:03.0304 9656 Scan finished 14:45:03.0304 9656 ============================================================ 14:45:03.0320 6880 Detected object count: 3 14:45:03.0320 6880 Actual detected object count: 3 14:45:53.0630 6880 LMS ( UnsignedFile.Multi.Generic ) - skipped by user 14:45:53.0630 6880 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:45:53.0630 6880 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 14:45:53.0630 6880 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:45:53.0630 6880 UNS ( UnsignedFile.Multi.Generic ) - skipped by user 14:45:53.0630 6880 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip |
17.07.2012, 10:52 | #17 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
17.07.2012, 18:35 | #18 |
| GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Beim ersten Durchlauf von Combofix hatte ich leider vergessen den Windows Defender auszumachen:
__________________Combofix Logfile: Code:
ATTFilter ComboFix 12-07-16.01 - xxxx xxxxx 17.07.2012 12:00:47.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3767.2406 [GMT 2:00] ausgeführt von:: c:\users\xxxx xxxxx\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\xxxx xxxxx\Documents\~WRL0412.tmp . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-17 bis 2012-07-17 )))))))))))))))))))))))))))))) . . 2012-07-17 10:06 . 2012-07-17 10:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-17 10:05 . 2012-07-17 10:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18C86E3E-2C1A-4677-A04D-3591DDB2C790}\offreg.dll 2012-07-15 19:46 . 2012-07-15 19:46 -------- d-----w- C:\_OTL 2012-07-13 20:13 . 2012-07-13 20:13 -------- d-----w- c:\program files (x86)\ESET 2012-07-13 15:33 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18C86E3E-2C1A-4677-A04D-3591DDB2C790}\mpengine.dll 2012-07-12 09:55 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-07-12 07:22 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-12 07:22 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-04 20:59 . 2012-07-04 20:59 -------- d-----w- c:\users\xxxx xxxxx\AppData\Local\Skyrim 2012-07-04 18:07 . 2012-07-17 07:27 -------- d-----w- c:\program files (x86)\Steam 2012-07-04 18:07 . 2012-07-04 18:32 -------- d-----w- c:\program files (x86)\Common Files\Steam 2012-07-04 12:07 . 2012-07-04 12:07 -------- d--h--w- c:\programdata\Common Files 2012-07-04 12:07 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2012-07-04 12:07 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2012-07-04 12:06 . 2012-07-04 12:07 -------- d-----w- c:\program files (x86)\PDFCreator 2012-07-04 12:06 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL 2012-07-04 12:06 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL 2012-07-04 12:06 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL 2012-07-04 12:06 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2012-07-04 12:03 . 2012-06-15 04:51 95232 ----a-w- c:\windows\system32\pdfcmon.dll 2012-07-02 22:58 . 2012-07-02 22:58 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-02 21:39 . 2012-07-02 21:39 -------- d-----w- c:\users\xxxx xxxxx\AppData\Roaming\Malwarebytes 2012-07-02 21:39 . 2012-07-02 21:39 -------- d-----w- c:\programdata\Malwarebytes 2012-07-02 21:39 . 2012-07-02 21:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-02 21:39 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-24 08:03 . 2012-06-24 08:03 -------- d-----w- c:\users\xxxx xxxxx\AppData\Local\Macromedia 2012-06-21 05:26 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 05:26 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 05:26 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 05:26 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 05:26 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 05:26 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 05:26 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 05:26 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 05:26 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-19 21:40 . 2012-06-19 21:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-19 21:40 . 2012-06-19 21:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 09:48 . 2012-04-15 14:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 09:48 . 2012-01-12 22:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-02 22:58 . 2012-02-28 15:05 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-15 03:56 . 2012-06-13 05:31 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:08 . 2012-06-13 05:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-14 13:52 . 2012-01-17 20:18 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-14 13:52 . 2012-01-17 20:18 139360 ----a-w- c:\windows\system32\drivers\avfwot.sys 2012-05-14 13:52 . 2012-01-17 20:18 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-14 13:52 . 2012-01-17 20:18 114128 ----a-w- c:\windows\system32\drivers\avfwim.sys 2012-05-04 10:52 . 2012-06-13 05:31 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:08 . 2012-06-13 05:31 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08 . 2012-06-13 05:31 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-02 05:32 . 2012-06-13 05:31 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:50 . 2012-06-13 05:31 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:34 . 2012-06-13 05:31 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:34 . 2012-06-13 05:31 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:28 . 2012-06-13 05:31 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:59 . 2012-06-13 05:31 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:59 . 2012-06-13 05:31 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 05:59 . 2012-06-13 05:31 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 04:47 . 2012-06-13 05:31 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:47 . 2012-06-13 05:31 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-24 04:47 . 2012-06-13 05:31 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-20 06:22 . 2012-06-13 05:31 57856 ----a-w- c:\windows\system32\licmgr10.dll 2012-04-20 05:05 . 2012-06-13 05:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-04-20 05:00 . 2012-06-13 05:31 482816 ----a-w- c:\windows\system32\html.iec 2012-04-20 04:15 . 2012-06-13 05:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-20 03:58 . 2012-06-13 05:31 386048 ----a-w- c:\windows\SysWow64\html.iec 2012-04-20 03:24 . 2012-06-13 05:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-01-16 3462552] "SimpleSYN.NET"="c:\program files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe" [2011-06-21 2275696] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-07-04 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2011-02-17 124136] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-07-29 36000] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-07-29 295072] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-07-29 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-07-29 51872] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-07-29 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-07-29 270496] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120] R3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys [2011-09-20 183104] R3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys [2011-09-20 47168] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 usbkey;USB Dongle;c:\windows\system32\DRIVERS\USBKey64.sys [2012-01-16 38496] R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-07-29 52896] R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-05-14 139360] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-20 203264] S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-14 619472] S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224] S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-12-20 148104] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048] S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2009-03-03 296400] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-20 6856704] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-20 264704] S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-05-14 114128] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-07-29 28832] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-10-20 10331840] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856] . . Inhalt des "geplante Tasks" Ordners . 2012-01-18 c:\windows\Tasks\Acer Registration - Data Sending task.job - c:\program files (x86)\Acer\Registration\GREG.exe [2010-04-28 02:47] . 2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:48] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-12-19 18:46 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-20 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-20 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-20 414744] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-13 2103912] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-07-29 594080] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-07-29 377504] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2782096] "ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640] "SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: Download aller Links mit IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Download mit IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: Interfaces\{7F66CAB7-3D90-4CF2-A86C-94A6431474BB}: NameServer = 130.75.1.32,130.75.1.40 FF - ProfilePath - c:\users\xxxx xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bild4i5m.default\ FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu FF - prefs.js: browser.startup.homepage - www.google.de FF - prefs.js: network.proxy.type - 0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):8f,ff,7b,bf,d7,5f,b4,0b,d9,1a,03,12,1d,71,8b,a0,53,ca,0f,f4,33, 8b,2f,75,5c,60,87,6c,1c,5b,30,b6,4d,79,52,2b,34,63,25,78,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{95fef388-361b-4e2e-92ff-1fc552c6a1a3}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000085 "Therad"=dword:0000001b "MData"=hex(0):20,35,e9,2b,74,59,03,68,be,b2,5b,74,b4,62,9e,77,fc,22,df,59,02, 94,28,03,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-07-17 12:09:09 ComboFix-quarantined-files.txt 2012-07-17 10:09 . Vor Suchlauf: 10 Verzeichnis(se), 307.955.322.880 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 307.837.960.192 Bytes frei . - - End Of File - - 0D280481D3FA0D4CC83DA164D6E1D95D Dann habe ich gemerkt, dass der Windows Defender an war während Comnofix lief, hab den Defender Aus gemacht und Combofix nochmal laufen lassen: Combofix Logfile: Code:
ATTFilter ComboFix 12-07-16.01 - xxxx xxxxx 17.07.2012 12:20:14.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3767.2315 [GMT 2:00] ausgeführt von:: c:\users\xxxx xxxxx\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-17 bis 2012-07-17 )))))))))))))))))))))))))))))) . . 2012-07-17 10:23 . 2012-07-17 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-15 19:46 . 2012-07-15 19:46 -------- d-----w- C:\_OTL 2012-07-13 20:13 . 2012-07-13 20:13 -------- d-----w- c:\program files (x86)\ESET 2012-07-13 15:33 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18C86E3E-2C1A-4677-A04D-3591DDB2C790}\mpengine.dll 2012-07-12 09:55 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-07-12 07:22 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-12 07:22 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-04 20:59 . 2012-07-04 20:59 -------- d-----w- c:\users\xxxx xxxxx\AppData\Local\Skyrim 2012-07-04 18:07 . 2012-07-17 07:27 -------- d-----w- c:\program files (x86)\Steam 2012-07-04 18:07 . 2012-07-04 18:32 -------- d-----w- c:\program files (x86)\Common Files\Steam 2012-07-04 12:07 . 2012-07-04 12:07 -------- d--h--w- c:\programdata\Common Files 2012-07-04 12:07 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2012-07-04 12:07 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2012-07-04 12:06 . 2012-07-04 12:07 -------- d-----w- c:\program files (x86)\PDFCreator 2012-07-04 12:06 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL 2012-07-04 12:06 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL 2012-07-04 12:06 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL 2012-07-04 12:06 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2012-07-04 12:03 . 2012-06-15 04:51 95232 ----a-w- c:\windows\system32\pdfcmon.dll 2012-07-02 22:58 . 2012-07-02 22:58 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-02 21:39 . 2012-07-02 21:39 -------- d-----w- c:\users\xxxx xxxxx\AppData\Roaming\Malwarebytes 2012-07-02 21:39 . 2012-07-02 21:39 -------- d-----w- c:\programdata\Malwarebytes 2012-07-02 21:39 . 2012-07-02 21:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-02 21:39 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-24 08:03 . 2012-06-24 08:03 -------- d-----w- c:\users\xxxx xxxxx\AppData\Local\Macromedia 2012-06-21 05:26 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 05:26 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 05:26 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 05:26 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 05:26 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 05:26 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 05:26 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 05:26 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 05:26 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-19 21:40 . 2012-06-19 21:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-19 21:40 . 2012-06-19 21:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 09:48 . 2012-04-15 14:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 09:48 . 2012-01-12 22:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-02 22:58 . 2012-02-28 15:05 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-15 03:56 . 2012-06-13 05:31 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:08 . 2012-06-13 05:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-14 13:52 . 2012-01-17 20:18 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-14 13:52 . 2012-01-17 20:18 139360 ----a-w- c:\windows\system32\drivers\avfwot.sys 2012-05-14 13:52 . 2012-01-17 20:18 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-14 13:52 . 2012-01-17 20:18 114128 ----a-w- c:\windows\system32\drivers\avfwim.sys 2012-05-04 10:52 . 2012-06-13 05:31 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:08 . 2012-06-13 05:31 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08 . 2012-06-13 05:31 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-02 05:32 . 2012-06-13 05:31 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:50 . 2012-06-13 05:31 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:34 . 2012-06-13 05:31 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:34 . 2012-06-13 05:31 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:28 . 2012-06-13 05:31 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:59 . 2012-06-13 05:31 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:59 . 2012-06-13 05:31 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 05:59 . 2012-06-13 05:31 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 04:47 . 2012-06-13 05:31 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:47 . 2012-06-13 05:31 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-24 04:47 . 2012-06-13 05:31 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-20 06:22 . 2012-06-13 05:31 57856 ----a-w- c:\windows\system32\licmgr10.dll 2012-04-20 05:05 . 2012-06-13 05:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-04-20 05:00 . 2012-06-13 05:31 482816 ----a-w- c:\windows\system32\html.iec 2012-04-20 04:15 . 2012-06-13 05:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-20 03:58 . 2012-06-13 05:31 386048 ----a-w- c:\windows\SysWow64\html.iec 2012-04-20 03:24 . 2012-06-13 05:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((( SnapShot@2012-07-17_10.07.02 ))))))))))))))))))))))))))))))))))))))))) . - 2012-01-12 19:45 . 2012-07-17 09:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-01-12 19:45 . 2012-07-17 10:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-01-12 19:45 . 2012-07-17 10:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-01-12 19:45 . 2012-07-17 09:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-01-16 3462552] "SimpleSYN.NET"="c:\program files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe" [2011-06-21 2275696] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-07-04 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2011-02-17 124136] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-07-29 36000] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-07-29 295072] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-07-29 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-07-29 51872] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-07-29 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-07-29 270496] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120] R3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys [2011-09-20 183104] R3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys [2011-09-20 47168] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 usbkey;USB Dongle;c:\windows\system32\DRIVERS\USBKey64.sys [2012-01-16 38496] R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-07-29 52896] R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-05-14 139360] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-20 203264] S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-14 619472] S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224] S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-12-20 148104] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048] S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2009-03-03 296400] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-20 6856704] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-20 264704] S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-05-14 114128] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-07-29 28832] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-10-20 10331840] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856] . . Inhalt des "geplante Tasks" Ordners . 2012-01-18 c:\windows\Tasks\Acer Registration - Data Sending task.job - c:\program files (x86)\Acer\Registration\GREG.exe [2010-04-28 02:47] . 2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:48] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-12-19 18:46 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-20 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-20 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-20 414744] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-13 2103912] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-07-29 594080] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-07-29 377504] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2782096] "ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640] "SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: Download aller Links mit IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Download mit IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: Interfaces\{7F66CAB7-3D90-4CF2-A86C-94A6431474BB}: NameServer = 130.75.1.32,130.75.1.40 FF - ProfilePath - c:\users\xxxx xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bild4i5m.default\ FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu FF - prefs.js: browser.startup.homepage - www.google.de FF - prefs.js: network.proxy.type - 0 . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):8f,ff,7b,bf,d7,5f,b4,0b,d9,1a,03,12,1d,71,8b,a0,53,ca,0f,f4,33, 8b,2f,75,5c,60,87,6c,1c,5b,30,b6,4d,79,52,2b,34,63,25,78,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{95fef388-361b-4e2e-92ff-1fc552c6a1a3}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000085 "Therad"=dword:0000001b "MData"=hex(0):20,35,e9,2b,74,59,03,68,be,b2,5b,74,b4,62,9e,77,fc,22,df,59,02, 94,28,03,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-07-17 12:24:59 ComboFix-quarantined-files.txt 2012-07-17 10:24 . Vor Suchlauf: 15 Verzeichnis(se), 307.901.198.336 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 307.711.479.808 Bytes frei . - - End Of File - - BEFB51BDD65641397A468E56BAF895A5 Wie geht´s weiter? Viele Grüße, Dirk |
18.07.2012, 15:42 | #19 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
18.07.2012, 19:47 | #20 |
| GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Das GMER.log: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-07-18 18:46:45 Windows 6.1.7600 Running: yyq9y06i.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46a95ca8a Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46a95ca8a (not active ControlSet) ---- EOF - GMER 1.0.15 ---- Das OSAM.log: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:57:52 on 18.07.2012 OS: Windows 7 Home Premium Edition (Build 7600), 64-bit Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Acer Registration - Data Sending task.job" - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREG.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office14\MLCFG32.CPL "Nero BackItUp and BurnRights" - "Nero AG" - C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BurnRights\NeroBurnRights_bb.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AvFw Packet Filter Miniport" (avfwim) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avfwim.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "IDMWFP" (IDMWFP) - "Tonec Inc." - C:\Windows\System32\DRIVERS\idmwfp.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office14\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-win32.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll {0055C089-8582-441B-A0BF-17B458C2A3A8} "IDM integration (IDMIEHlprObj Class)" - "Internet Download Manager, Tonec Inc." - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "IDMan" - "Tonec Inc." - C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot "SimpleSYN.NET" - "creativbox.net, Torsten Leithold & Georg von Kries GbR" - "C:\Program Files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe" "Steam" - "Valve Corporation" - "C:\Program Files (x86)\Steam\Steam.exe" -silent -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ArcadeMovieService" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "CanonSolutionMenuEx" - "CANON INC." - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon "IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe "MDS_Menu" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMN6PPM.DLL "HP Discovery Port Monitor (HP Deskjet 3050 J610 series)" - "Hewlett-Packard Co." - C:\Windows\system32\HPDiscoPM9311.dll "pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll "RICOH Language Monitor2" - "RICOH CO.,Ltd." - C:\Windows\system32\rc4mon64.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe "Acer ODD Power Service" (ODDPwrSvc) - "Acer Incorporated" - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe "Avira FireWall" (AntiVirFirewallService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe "Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\PSIA.exe "Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\sua.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe "TurboBoost" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe "Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe "WTGService" (WTGService) - ? - C:\Program Files (x86)\Verbindungsassistent\WTGService.exe (File found, but it contains no detailed information) [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\System32\Acer.scr [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== --- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-07-18 19:13:15 ----------------------------- 19:13:15.998 OS Version: Windows x64 6.1.7600 19:13:15.998 Number of processors: 4 586 0x2505 19:13:15.998 ComputerName: xxxxxxxxx-PC UserName: xxxx xxxxx 19:13:17.044 Initialize success 19:13:21.006 AVAST engine defs: 12071800 19:13:27.698 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 19:13:27.714 Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 715404MB BusType: 3 19:13:27.730 Disk 0 MBR read successfully 19:13:27.730 Disk 0 MBR scan 19:13:27.745 Disk 0 Windows 7 default MBR code 19:13:27.745 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16000 MB offset 2048 19:13:27.776 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 32770048 19:13:27.792 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 349453 MB offset 32974848 19:13:27.823 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 349849 MB offset 748654592 19:13:27.839 Disk 0 scanning C:\Windows\system32\drivers 19:13:38.072 Service scanning 19:13:58.056 Modules scanning 19:13:58.056 Disk 0 trace - called modules: 19:13:58.087 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 19:13:58.087 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069c3060] 19:13:58.087 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049a3050] 19:13:58.103 Scan finished successfully 19:14:12.720 Disk 0 MBR has been saved successfully to "C:\Users\xxxx xxxxx\Desktop\MBR.dat" 19:14:12.720 The log file has been saved successfully to "C:\Users\xxxx xxxxx\Desktop\aswMBR.txt" Dirk |
19.07.2012, 11:11 | #21 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? |
19.07.2012, 21:52 | #22 |
| GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Das Malwarebyte Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.19.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 xxxx xxxxx :: xxxxxxxxx-PC [Administrator] 19.07.2012 12:43:22 mbam-log-2012-07-19 (12-43-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 333594 Laufzeit: 31 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 07/19/2012 at 04:53 PM Application Version : 5.5.1006 Core Rules Database Version : 8924 Trace Rules Database Version: 6736 Scan type : Complete Scan Total Scan Time : 01:17:09 Operating System Information Windows 7 Home Premium 64-bit (Build 6.01.7600) UAC On - Limited User Memory items scanned : 705 Memory threats detected : 0 Registry items scanned : 65625 Registry threats detected : 0 File items scanned : 150239 File threats detected : 34 Adware.Tracking Cookie C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\TAMP3IAE.txt [ /fastclick.net ] C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\MI5TGJAB.txt [ /ad.yieldmanager.com ] C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\5WES2EBW.txt [ /atdmt.com ] C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\35KCSXLE.txt [ /doubleclick.net ] C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\ABG74ZZF.txt [ /c.atdmt.com ] C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\T3YBU0K2.txt [ /msnportal.112.2o7.net ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@invitemedia[2].txt [ Cookie:xxxx xxxxx@invitemedia.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@perfectadserver[1].txt [ Cookie:xxxx xxxxx@perfectadserver.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adx.chip[1].txt [ Cookie:xxxx xxxxx@adx.chip.de/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@www.adserver[1].txt [ Cookie:xxxx xxxxx@www.adserver.bz/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad.yieldmanager[2].txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@revsci[1].txt [ Cookie:xxxx xxxxx@revsci.net/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2D8K0VV.txt [ Cookie:xxxx xxxxx@apmebf.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@doubleclick[1].txt [ Cookie:xxxx xxxxx@doubleclick.net/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP2VJAUQ.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adxpansion[2].txt [ Cookie:xxxx xxxxx@adxpansion.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@zedo[1].txt [ Cookie:xxxx xxxxx@zedo.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\A617VEFO.txt [ Cookie:xxxx xxxxx@overture.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@adfarm1.adition.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@exoclick[2].txt [ Cookie:xxxx xxxxx@exoclick.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@specificclick[1].txt [ Cookie:xxxx xxxxx@specificclick.net/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ru4[2].txt [ Cookie:xxxx xxxxx@ru4.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad2.adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@ad2.adfarm1.adition.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZQRDA07.txt [ Cookie:xxxx xxxxx@mediaplex.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@imrworldwide[2].txt [ Cookie:xxxx xxxxx@imrworldwide.com/cgi-bin ] C:\USERS\xxxx xxxxx\Cookies\TAMP3IAE.txt [ Cookie:xxxx xxxxx@fastclick.net/ ] C:\USERS\xxxx xxxxx\Cookies\MI5TGJAB.txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ] C:\USERS\xxxx xxxxx\Cookies\35KCSXLE.txt [ Cookie:xxxx xxxxx@doubleclick.net/ ] C:\USERS\xxxx xxxxx\Cookies\ABG74ZZF.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ] C:\USERS\xxxx xxxxx\Cookies\T3YBU0K2.txt [ Cookie:xxxx xxxxx@msnportal.112.2o7.net/ ] C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.FLING[2].TXT [ /ADS.FLING ] C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS2.ZEUSCLICKS[1].TXT [ /ADS2.ZEUSCLICKS ] C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.CREATIVE-SERVING[1].TXT [ /ADS.CREATIVE-SERVING ] C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ] |
19.07.2012, 22:23 | #23 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist?Zitat:
Kannst du SUPERAntiSpyware per Rechtsklick als Adminstrator ausführen?
__________________ Logfiles bitte immer in CODE-Tags posten |
20.07.2012, 07:55 | #24 |
| GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Sorry, hier das ganze als Admin: Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 07/20/2012 at 02:18 AM Application Version : 5.5.1006 Core Rules Database Version : 8924 Trace Rules Database Version: 6736 Scan type : Complete Scan Total Scan Time : 01:18:04 Operating System Information Windows 7 Home Premium 64-bit (Build 6.01.7600) UAC On - Administrator Memory items scanned : 704 Memory threats detected : 0 Registry items scanned : 65734 Registry threats detected : 0 File items scanned : 150290 File threats detected : 34 Adware.Tracking Cookie C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\TAMP3IAE.txt [ /fastclick.net ] C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\MI5TGJAB.txt [ /ad.yieldmanager.com ] C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\5WES2EBW.txt [ /atdmt.com ] C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\35KCSXLE.txt [ /doubleclick.net ] C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\ABG74ZZF.txt [ /c.atdmt.com ] C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\T3YBU0K2.txt [ /msnportal.112.2o7.net ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@invitemedia[2].txt [ Cookie:xxxx xxxxx@invitemedia.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@perfectadserver[1].txt [ Cookie:xxxx xxxxx@perfectadserver.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adx.chip[1].txt [ Cookie:xxxx xxxxx@adx.chip.de/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@www.adserver[1].txt [ Cookie:xxxx xxxxx@www.adserver.bz/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad.yieldmanager[2].txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@revsci[1].txt [ Cookie:xxxx xxxxx@revsci.net/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2D8K0VV.txt [ Cookie:xxxx xxxxx@apmebf.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@doubleclick[1].txt [ Cookie:xxxx xxxxx@doubleclick.net/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP2VJAUQ.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adxpansion[2].txt [ Cookie:xxxx xxxxx@adxpansion.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@zedo[1].txt [ Cookie:xxxx xxxxx@zedo.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\A617VEFO.txt [ Cookie:xxxx xxxxx@overture.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@adfarm1.adition.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@exoclick[2].txt [ Cookie:xxxx xxxxx@exoclick.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@specificclick[1].txt [ Cookie:xxxx xxxxx@specificclick.net/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ru4[2].txt [ Cookie:xxxx xxxxx@ru4.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad2.adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@ad2.adfarm1.adition.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZQRDA07.txt [ Cookie:xxxx xxxxx@mediaplex.com/ ] C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@imrworldwide[2].txt [ Cookie:xxxx xxxxx@imrworldwide.com/cgi-bin ] C:\USERS\xxxx xxxxx\Cookies\TAMP3IAE.txt [ Cookie:xxxx xxxxx@fastclick.net/ ] C:\USERS\xxxx xxxxx\Cookies\MI5TGJAB.txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ] C:\USERS\xxxx xxxxx\Cookies\35KCSXLE.txt [ Cookie:xxxx xxxxx@doubleclick.net/ ] C:\USERS\xxxx xxxxx\Cookies\ABG74ZZF.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ] C:\USERS\xxxx xxxxx\Cookies\T3YBU0K2.txt [ Cookie:xxxx xxxxx@msnportal.112.2o7.net/ ] C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.FLING[2].TXT [ /ADS.FLING ] C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS2.ZEUSCLICKS[1].TXT [ /ADS2.ZEUSCLICKS ] C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.CREATIVE-SERVING[1].TXT [ /ADS.CREATIVE-SERVING ] C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ] |
20.07.2012, 15:55 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
22.07.2012, 12:02 | #26 |
| GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Servus, das System läuft zurzeit einwandfrei. Danke für die Hinweise mit den Cookies. Hätte nochmal ne Frage zum Infektionsweg: Hatte festgestellt, dass zum Zeitpunkt der Infektion Java und Flashplayer nicht auf dem neuesten Stand waren, das sind doch wahrscheinlich die wahrscheinlichsten Kandidaten, oder? Flashplayer ist jetzt aktuell, Java habe ich deinstalliert (wie kann ich sicher gehen, das das wirklich komplett weg ist?) Hast du ev. sonst noch Tips für die Zukunft? Gruß Dirk |
23.07.2012, 14:28 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? Dann wären wir durch! Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? |
0_0u_l.exe, administrator, affiliate.downloader, anti-malware, avira, betriebssystem, bild, booten, datei, datei gelöscht, dateien, dateisystem, explorer, folge, gelöscht, gvu/bka, heuristiks/extra, heuristiks/shuriken, internet, löschen, neuinstallation, nicht mehr, prüfen, quarantäne, registry, sicherstellen, speicher, starten, system, test, trojaner, version, webcam |