| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Bundespolizei VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.09.2012, 17:50
| #16 |
 |  GVU Bundespolizei Virus Danke! Hier das Log: Code:
ATTFilter 18:46:46.0197 2736 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:46:48.0100 2736 ============================================================
18:46:48.0100 2736 Current date / time: 2012/09/22 18:46:48.0100
18:46:48.0100 2736 SystemInfo:
18:46:48.0100 2736
18:46:48.0100 2736 OS Version: 6.1.7601 ServicePack: 1.0
18:46:48.0100 2736 Product type: Workstation
18:46:48.0100 2736 ComputerName: CHRISTIAN-PC
18:46:48.0100 2736 UserName: Christian
18:46:48.0100 2736 Windows directory: C:\Windows
18:46:48.0100 2736 System windows directory: C:\Windows
18:46:48.0100 2736 Running under WOW64
18:46:48.0100 2736 Processor architecture: Intel x64
18:46:48.0100 2736 Number of processors: 4
18:46:48.0100 2736 Page size: 0x1000
18:46:48.0100 2736 Boot type: Normal boot
18:46:48.0100 2736 ============================================================
18:46:50.0643 2736 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:46:50.0643 2736 ============================================================
18:46:50.0643 2736 \Device\Harddisk0\DR0:
18:46:50.0643 2736 MBR partitions:
18:46:50.0643 2736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
18:46:50.0643 2736 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
18:46:50.0643 2736 ============================================================
18:46:50.0706 2736 C: <-> \Device\Harddisk0\DR0\Partition2
18:46:50.0706 2736 ============================================================
18:46:50.0706 2736 Initialize success
18:46:50.0706 2736 ============================================================
18:47:28.0005 4728 ============================================================
18:47:28.0005 4728 Scan started
18:47:28.0005 4728 Mode: Manual; SigCheck; TDLFS;
18:47:28.0005 4728 ============================================================
18:47:29.0940 4728 ================ Scan system memory ========================
18:47:29.0940 4728 System memory - ok
18:47:29.0940 4728 ================ Scan services =============================
18:47:30.0158 4728 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:47:30.0345 4728 1394ohci - ok
18:47:30.0517 4728 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
18:47:30.0532 4728 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
18:47:30.0657 4728 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:47:30.0673 4728 ACPI - ok
18:47:30.0766 4728 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:47:31.0032 4728 AcpiPmi - ok
18:47:31.0110 4728 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:47:31.0125 4728 AdobeARMservice - ok
18:47:31.0312 4728 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:47:31.0328 4728 AdobeFlashPlayerUpdateSvc - ok
18:47:31.0406 4728 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:47:31.0437 4728 adp94xx - ok
18:47:31.0468 4728 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:47:31.0484 4728 adpahci - ok
18:47:31.0531 4728 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:47:31.0546 4728 adpu320 - ok
18:47:31.0593 4728 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:47:31.0765 4728 AeLookupSvc - ok
18:47:31.0827 4728 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:47:31.0905 4728 AFD - ok
18:47:31.0952 4728 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:47:31.0968 4728 agp440 - ok
18:47:31.0999 4728 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:47:32.0077 4728 ALG - ok
18:47:32.0139 4728 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:47:32.0155 4728 aliide - ok
18:47:32.0202 4728 [ 520A16454C60DBDCBFD0645AE509B89C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:47:32.0311 4728 AMD External Events Utility - ok
18:47:32.0358 4728 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:47:32.0373 4728 amdide - ok
18:47:32.0420 4728 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:47:32.0467 4728 AmdK8 - ok
18:47:32.0670 4728 [ 046E2912A515A16DD6832371E573FF0C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:47:32.0951 4728 amdkmdag - ok
18:47:33.0029 4728 [ B618489ABAE5F112BAFFAF6B077ADC54 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:47:33.0060 4728 amdkmdap - ok
18:47:33.0091 4728 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:47:33.0138 4728 AmdPPM - ok
18:47:33.0200 4728 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:47:33.0216 4728 amdsata - ok
18:47:33.0231 4728 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:47:33.0263 4728 amdsbs - ok
18:47:33.0294 4728 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:47:33.0294 4728 amdxata - ok
18:47:33.0356 4728 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
18:47:33.0419 4728 AmUStor - ok
18:47:33.0528 4728 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:47:33.0528 4728 AntiVirSchedulerService - ok
18:47:33.0606 4728 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:47:33.0621 4728 AntiVirService - ok
18:47:33.0684 4728 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
18:47:33.0746 4728 AppHostSvc - ok
18:47:33.0793 4728 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:47:34.0027 4728 AppID - ok
18:47:34.0089 4728 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:47:34.0167 4728 AppIDSvc - ok
18:47:34.0245 4728 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:47:34.0292 4728 Appinfo - ok
18:47:34.0448 4728 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:47:34.0464 4728 Apple Mobile Device - ok
18:47:34.0479 4728 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:47:34.0495 4728 arc - ok
18:47:34.0495 4728 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:47:34.0511 4728 arcsas - ok
18:47:34.0635 4728 [ 1838F16E9CE03B993FC500703B711DAB ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
18:47:34.0635 4728 aspnet_state - ok
18:47:34.0667 4728 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:47:34.0729 4728 AsyncMac - ok
18:47:34.0776 4728 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:47:34.0776 4728 atapi - ok
18:47:34.0869 4728 [ 70260C7C98CC0101316F5B2650C3BB44 ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:47:35.0010 4728 athr - ok
18:47:35.0072 4728 [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:47:35.0088 4728 AtiHDAudioService - ok
18:47:35.0135 4728 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
18:47:35.0181 4728 AtiHdmiService - ok
18:47:35.0213 4728 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:47:35.0306 4728 AudioEndpointBuilder - ok
18:47:35.0306 4728 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:47:35.0353 4728 AudioSrv - ok
18:47:35.0447 4728 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:47:35.0447 4728 avgntflt - ok
18:47:35.0509 4728 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:47:35.0525 4728 avipbb - ok
18:47:35.0540 4728 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:47:35.0556 4728 avkmgr - ok
18:47:35.0603 4728 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:47:35.0681 4728 AxInstSV - ok
18:47:35.0759 4728 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:47:35.0805 4728 b06bdrv - ok
18:47:35.0837 4728 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:47:35.0899 4728 b57nd60a - ok
18:47:35.0993 4728 [ FDE8C8DC07E75347E4C6B455A0964217 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
18:47:36.0039 4728 BCM43XX - ok
18:47:36.0071 4728 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:47:36.0117 4728 BDESVC - ok
18:47:36.0133 4728 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:47:36.0211 4728 Beep - ok
18:47:36.0273 4728 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:47:36.0336 4728 BFE - ok
18:47:36.0367 4728 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:47:36.0429 4728 BITS - ok
18:47:36.0461 4728 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:47:36.0492 4728 blbdrive - ok
18:47:36.0601 4728 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:47:36.0617 4728 Bonjour Service - ok
18:47:36.0648 4728 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:47:36.0710 4728 bowser - ok
18:47:36.0741 4728 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:47:36.0819 4728 BrFiltLo - ok
18:47:36.0819 4728 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:47:36.0835 4728 BrFiltUp - ok
18:47:36.0897 4728 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:47:36.0929 4728 Browser - ok
18:47:36.0960 4728 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:47:37.0022 4728 Brserid - ok
18:47:37.0022 4728 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:47:37.0053 4728 BrSerWdm - ok
18:47:37.0053 4728 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:47:37.0069 4728 BrUsbMdm - ok
18:47:37.0085 4728 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:47:37.0100 4728 BrUsbSer - ok
18:47:37.0100 4728 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:47:37.0131 4728 BTHMODEM - ok
18:47:37.0178 4728 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:47:37.0225 4728 bthserv - ok
18:47:37.0256 4728 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:47:37.0319 4728 cdfs - ok
18:47:37.0381 4728 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:47:37.0412 4728 cdrom - ok
18:47:37.0459 4728 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:47:37.0553 4728 CertPropSvc - ok
18:47:37.0584 4728 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:47:37.0631 4728 circlass - ok
18:47:37.0693 4728 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:47:37.0709 4728 CLFS - ok
18:47:37.0787 4728 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:47:37.0787 4728 clr_optimization_v2.0.50727_32 - ok
18:47:37.0818 4728 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:47:37.0833 4728 clr_optimization_v2.0.50727_64 - ok
18:47:37.0927 4728 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:47:37.0989 4728 clr_optimization_v4.0.30319_32 - ok
18:47:38.0067 4728 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:47:38.0114 4728 clr_optimization_v4.0.30319_64 - ok
18:47:38.0161 4728 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:47:38.0192 4728 CmBatt - ok
18:47:38.0239 4728 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:47:38.0239 4728 cmdide - ok
18:47:38.0317 4728 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:47:38.0333 4728 CNG - ok
18:47:38.0348 4728 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:47:38.0364 4728 Compbatt - ok
18:47:38.0411 4728 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:47:38.0442 4728 CompositeBus - ok
18:47:38.0457 4728 COMSysApp - ok
18:47:38.0473 4728 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:47:38.0489 4728 crcdisk - ok
18:47:38.0520 4728 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:47:38.0582 4728 CryptSvc - ok
18:47:38.0629 4728 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:47:38.0676 4728 DcomLaunch - ok
18:47:38.0707 4728 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:47:38.0769 4728 defragsvc - ok
18:47:38.0816 4728 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:47:38.0879 4728 DfsC - ok
18:47:38.0925 4728 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:47:38.0972 4728 Dhcp - ok
18:47:39.0003 4728 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:47:39.0050 4728 discache - ok
18:47:39.0066 4728 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:47:39.0081 4728 Disk - ok
18:47:39.0113 4728 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:47:39.0144 4728 Dnscache - ok
18:47:39.0175 4728 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:47:39.0237 4728 dot3svc - ok
18:47:39.0253 4728 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:47:39.0300 4728 DPS - ok
18:47:39.0347 4728 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:47:39.0362 4728 drmkaud - ok
18:47:39.0425 4728 [ 61E894FE1E9CC720C909E6E343351794 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
18:47:39.0440 4728 DsiWMIService - ok
18:47:39.0471 4728 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:47:39.0503 4728 DXGKrnl - ok
18:47:39.0549 4728 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:47:39.0596 4728 EapHost - ok
18:47:39.0690 4728 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:47:39.0815 4728 ebdrv - ok
18:47:39.0861 4728 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:47:39.0971 4728 EFS - ok
18:47:40.0033 4728 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:47:40.0095 4728 ehRecvr - ok
18:47:40.0127 4728 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:47:40.0142 4728 ehSched - ok
18:47:40.0189 4728 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:47:40.0205 4728 elxstor - ok
18:47:40.0314 4728 [ 679EFB7FB5FAB13A68ADB9AE9C6ED4EF ] ePowerSvc C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
18:47:40.0329 4728 ePowerSvc - ok
18:47:40.0407 4728 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
18:47:40.0439 4728 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
18:47:40.0439 4728 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
18:47:40.0454 4728 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:47:40.0470 4728 ErrDev - ok
18:47:40.0501 4728 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:47:40.0579 4728 EventSystem - ok
18:47:40.0626 4728 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:47:40.0673 4728 exfat - ok
18:47:40.0673 4728 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:47:40.0735 4728 fastfat - ok
18:47:40.0797 4728 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:47:40.0860 4728 Fax - ok
18:47:40.0875 4728 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:47:40.0891 4728 fdc - ok
18:47:40.0922 4728 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:47:40.0969 4728 fdPHost - ok
18:47:40.0985 4728 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:47:41.0031 4728 FDResPub - ok
18:47:41.0078 4728 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:47:41.0078 4728 FileInfo - ok
18:47:41.0094 4728 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:47:41.0156 4728 Filetrace - ok
18:47:41.0187 4728 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:47:41.0219 4728 flpydisk - ok
18:47:41.0250 4728 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:47:41.0265 4728 FltMgr - ok
18:47:41.0328 4728 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:47:41.0406 4728 FontCache - ok
18:47:41.0499 4728 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:47:41.0499 4728 FontCache3.0.0.0 - ok
18:47:41.0531 4728 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:47:41.0546 4728 FsDepends - ok
18:47:41.0577 4728 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:47:41.0593 4728 Fs_Rec - ok
18:47:41.0640 4728 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:47:41.0655 4728 fvevol - ok
18:47:41.0671 4728 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:47:41.0687 4728 gagp30kx - ok
18:47:41.0702 4728 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:47:41.0718 4728 GEARAspiWDM - ok
18:47:41.0780 4728 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:47:41.0827 4728 gpsvc - ok
18:47:41.0905 4728 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
18:47:41.0905 4728 GREGService - ok
18:47:41.0983 4728 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:47:41.0983 4728 gupdate - ok
18:47:42.0014 4728 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:47:42.0014 4728 gupdatem - ok
18:47:42.0092 4728 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:47:42.0092 4728 gusvc - ok
18:47:42.0123 4728 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:47:42.0186 4728 hcw85cir - ok
18:47:42.0233 4728 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:47:42.0264 4728 HdAudAddService - ok
18:47:42.0295 4728 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:47:42.0326 4728 HDAudBus - ok
18:47:42.0357 4728 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:47:42.0357 4728 HECIx64 - ok
18:47:42.0389 4728 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:47:42.0420 4728 HidBatt - ok
18:47:42.0435 4728 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:47:42.0451 4728 HidBth - ok
18:47:42.0498 4728 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:47:42.0529 4728 HidIr - ok
18:47:42.0576 4728 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:47:42.0638 4728 hidserv - ok
18:47:42.0716 4728 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:47:42.0732 4728 HidUsb - ok
18:47:42.0779 4728 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:47:42.0888 4728 hkmsvc - ok
18:47:42.0935 4728 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:47:42.0997 4728 HomeGroupListener - ok
18:47:43.0028 4728 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:47:43.0059 4728 HomeGroupProvider - ok
18:47:43.0106 4728 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:47:43.0122 4728 HpSAMD - ok
18:47:43.0184 4728 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:47:43.0231 4728 HTTP - ok
18:47:43.0278 4728 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:47:43.0293 4728 hwpolicy - ok
18:47:43.0325 4728 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:47:43.0340 4728 i8042prt - ok
18:47:43.0371 4728 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:47:43.0387 4728 iaStor - ok
18:47:43.0481 4728 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:47:43.0496 4728 IAStorDataMgrSvc - ok
18:47:43.0543 4728 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:47:43.0559 4728 iaStorV - ok
18:47:43.0699 4728 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:47:43.0730 4728 idsvc - ok
18:47:43.0761 4728 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:47:43.0761 4728 iirsp - ok
18:47:43.0808 4728 [ AB55B8A9B13130F638546881CE4425F8 ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
18:47:43.0839 4728 IISADMIN - ok
18:47:43.0886 4728 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:47:43.0949 4728 IKEEXT - ok
18:47:44.0011 4728 [ C48567D80AD357613CD0EEADE18780AE ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
18:47:44.0073 4728 Impcd - ok
18:47:44.0167 4728 [ A0EAB13A78CC5FB960EC76E3D6408DA3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:47:44.0214 4728 IntcAzAudAddService - ok
18:47:44.0245 4728 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:47:44.0245 4728 intelide - ok
18:47:44.0479 4728 [ 677AA5991026A65ADA128C4B59CF2BAD ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
18:47:44.0760 4728 intelkmd - ok
18:47:44.0791 4728 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:47:44.0807 4728 intelppm - ok
18:47:44.0853 4728 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:47:44.0900 4728 IPBusEnum - ok
18:47:44.0947 4728 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:47:45.0025 4728 IpFilterDriver - ok
18:47:45.0165 4728 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:47:45.0259 4728 iphlpsvc - ok
18:47:45.0321 4728 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:47:45.0477 4728 IPMIDRV - ok
18:47:45.0711 4728 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:47:45.0774 4728 IPNAT - ok
18:47:46.0117 4728 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:47:46.0133 4728 iPod Service - ok
18:47:46.0195 4728 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:47:46.0242 4728 IRENUM - ok
18:47:46.0335 4728 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:47:46.0335 4728 isapnp - ok
18:47:46.0523 4728 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:47:46.0538 4728 iScsiPrt - ok
18:47:46.0663 4728 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:47:46.0663 4728 kbdclass - ok
18:47:46.0710 4728 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:47:46.0725 4728 kbdhid - ok
18:47:46.0741 4728 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:47:46.0741 4728 KeyIso - ok
18:47:46.0788 4728 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:47:46.0803 4728 KSecDD - ok
18:47:46.0850 4728 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:47:46.0866 4728 KSecPkg - ok
18:47:46.0897 4728 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:47:46.0959 4728 ksthunk - ok
18:47:46.0991 4728 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:47:47.0053 4728 KtmRm - ok
18:47:47.0100 4728 [ 6E0698CEA0901FD1A2B9CE0859E2D8FE ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
18:47:47.0115 4728 L1C - ok
18:47:47.0178 4728 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:47:47.0240 4728 LanmanServer - ok
18:47:47.0271 4728 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:47:47.0318 4728 LanmanWorkstation - ok
18:47:47.0349 4728 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:47:47.0412 4728 lltdio - ok
18:47:47.0443 4728 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:47:47.0505 4728 lltdsvc - ok
18:47:47.0521 4728 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:47:47.0552 4728 lmhosts - ok
18:47:47.0677 4728 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:47:47.0693 4728 LMS ( UnsignedFile.Multi.Generic ) - warning
18:47:47.0693 4728 LMS - detected UnsignedFile.Multi.Generic (1)
18:47:47.0739 4728 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:47:47.0755 4728 LSI_FC - ok
18:47:47.0771 4728 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:47:47.0786 4728 LSI_SAS - ok
18:47:47.0849 4728 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:47:47.0849 4728 LSI_SAS2 - ok
18:47:47.0927 4728 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:47:47.0942 4728 LSI_SCSI - ok
18:47:47.0973 4728 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:47:48.0036 4728 luafv - ok
18:47:48.0083 4728 lxce_device - ok
18:47:48.0145 4728 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:47:48.0145 4728 MBAMProtector - ok
18:47:48.0395 4728 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:47:48.0410 4728 MBAMScheduler - ok
18:47:48.0582 4728 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:47:48.0597 4728 MBAMService - ok
18:47:48.0769 4728 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:47:48.0941 4728 Mcx2Svc - ok
18:47:48.0987 4728 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:47:48.0987 4728 megasas - ok
18:47:49.0019 4728 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:47:49.0034 4728 MegaSR - ok
18:47:49.0081 4728 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:47:49.0128 4728 MMCSS - ok
18:47:49.0206 4728 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:47:49.0253 4728 Modem - ok
18:47:49.0284 4728 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:47:49.0315 4728 monitor - ok
18:47:49.0362 4728 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:47:49.0362 4728 mouclass - ok
18:47:49.0409 4728 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:47:49.0440 4728 mouhid - ok
18:47:49.0502 4728 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:47:49.0518 4728 mountmgr - ok
18:47:49.0596 4728 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:47:49.0596 4728 MozillaMaintenance - ok
18:47:49.0643 4728 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:47:49.0658 4728 mpio - ok
18:47:49.0689 4728 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:47:49.0736 4728 mpsdrv - ok
18:47:49.0799 4728 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:47:49.0861 4728 MpsSvc - ok
18:47:49.0908 4728 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:47:49.0955 4728 MRxDAV - ok
18:47:49.0986 4728 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:47:50.0033 4728 mrxsmb - ok
18:47:50.0064 4728 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:47:50.0079 4728 mrxsmb10 - ok
18:47:50.0126 4728 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:47:50.0142 4728 mrxsmb20 - ok
18:47:50.0173 4728 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:47:50.0189 4728 msahci - ok
18:47:50.0204 4728 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:47:50.0220 4728 msdsm - ok
18:47:50.0251 4728 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:47:50.0298 4728 MSDTC - ok
18:47:50.0329 4728 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:47:50.0376 4728 Msfs - ok
18:47:50.0407 4728 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:47:50.0438 4728 mshidkmdf - ok
18:47:50.0469 4728 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:47:50.0485 4728 msisadrv - ok
18:47:50.0501 4728 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:47:50.0563 4728 MSiSCSI - ok
18:47:50.0563 4728 msiserver - ok
18:47:50.0625 4728 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:47:50.0657 4728 MSKSSRV - ok
18:47:50.0657 4728 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:47:50.0719 4728 MSPCLOCK - ok
18:47:50.0719 4728 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:47:50.0813 4728 MSPQM - ok
18:47:50.0844 4728 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:47:50.0859 4728 MsRPC - ok
18:47:50.0906 4728 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:47:50.0922 4728 mssmbios - ok
18:47:51.0000 4728 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:47:51.0062 4728 MSTEE - ok
18:47:51.0062 4728 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:47:51.0078 4728 MTConfig - ok
18:47:51.0093 4728 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:47:51.0109 4728 Mup - ok
18:47:51.0171 4728 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
18:47:51.0187 4728 mwlPSDFilter - ok
18:47:51.0203 4728 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
18:47:51.0203 4728 mwlPSDNServ - ok
18:47:51.0218 4728 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
18:47:51.0234 4728 mwlPSDVDisk - ok
18:47:51.0405 4728 [ 0036634E5C92BE109056F7E2380103A9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
18:47:51.0421 4728 MWLService - ok
18:47:51.0530 4728 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:47:51.0593 4728 napagent - ok
18:47:51.0655 4728 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:47:51.0686 4728 NativeWifiP - ok
18:47:51.0749 4728 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:47:51.0780 4728 NDIS - ok
18:47:51.0811 4728 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:47:51.0858 4728 NdisCap - ok
18:47:51.0905 4728 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:47:51.0967 4728 NdisTapi - ok
18:47:52.0029 4728 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:47:52.0076 4728 Ndisuio - ok
18:47:52.0107 4728 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:47:52.0170 4728 NdisWan - ok
18:47:52.0201 4728 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:47:52.0248 4728 NDProxy - ok
18:47:52.0295 4728 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:47:52.0341 4728 NetBIOS - ok
18:47:52.0373 4728 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:47:52.0435 4728 NetBT - ok
18:47:52.0451 4728 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:47:52.0466 4728 Netlogon - ok
18:47:52.0513 4728 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:47:52.0560 4728 Netman - ok
18:47:52.0622 4728 [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:47:52.0622 4728 NetMsmqActivator - ok
18:47:52.0638 4728 [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:47:52.0653 4728 NetPipeActivator - ok
18:47:52.0685 4728 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:47:52.0731 4728 netprofm - ok
18:47:52.0763 4728 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:47:52.0778 4728 NetTcpActivator - ok
18:47:52.0794 4728 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:47:52.0794 4728 NetTcpPortSharing - ok
18:47:52.0841 4728 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:47:52.0856 4728 nfrd960 - ok
18:47:52.0903 4728 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:47:52.0950 4728 NlaSvc - ok
18:47:52.0997 4728 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\drivers\npf.sys
18:47:52.0997 4728 NPF - ok
18:47:53.0028 4728 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:47:53.0059 4728 Npfs - ok
18:47:53.0090 4728 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:47:53.0137 4728 nsi - ok
18:47:53.0137 4728 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:47:53.0199 4728 nsiproxy - ok
18:47:53.0262 4728 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:47:53.0324 4728 Ntfs - ok
18:47:53.0402 4728 [ 5B3CE960C62DBE864BE9A0BD043A3E30 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
18:47:53.0402 4728 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
18:47:53.0402 4728 NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1)
18:47:53.0449 4728 [ 15221DD637D9D0FFC60848EBBF1DF538 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
18:47:53.0449 4728 NTIBackupSvc - ok
18:47:53.0496 4728 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
18:47:53.0496 4728 NTIDrvr - ok
18:47:53.0574 4728 [ B5071E15D4C3F5EF5018AFF7E85A85E5 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
18:47:53.0652 4728 NTISchedulerSvc - ok
18:47:53.0667 4728 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:47:53.0714 4728 Null - ok
18:47:53.0808 4728 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:47:53.0823 4728 nvraid - ok
18:47:53.0917 4728 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:47:53.0933 4728 nvstor - ok
18:47:54.0011 4728 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:47:54.0026 4728 nv_agp - ok
18:47:54.0073 4728 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:47:54.0089 4728 ohci1394 - ok
18:47:54.0151 4728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:47:54.0213 4728 p2pimsvc - ok
18:47:54.0229 4728 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:47:54.0245 4728 p2psvc - ok
18:47:54.0291 4728 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:47:54.0307 4728 Parport - ok
18:47:54.0354 4728 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:47:54.0369 4728 partmgr - ok
18:47:54.0401 4728 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:47:54.0432 4728 PcaSvc - ok
18:47:54.0447 4728 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:47:54.0463 4728 pci - ok
18:47:54.0510 4728 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:47:54.0525 4728 pciide - ok
18:47:54.0557 4728 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:47:54.0572 4728 pcmcia - ok
18:47:54.0588 4728 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:47:54.0603 4728 pcw - ok
18:47:54.0619 4728 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:47:54.0666 4728 PEAUTH - ok
18:47:54.0759 4728 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:47:54.0791 4728 PerfHost - ok
18:47:54.0853 4728 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:47:54.0947 4728 pla - ok
18:47:55.0009 4728 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:47:55.0056 4728 PlugPlay - ok
18:47:55.0071 4728 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:47:55.0118 4728 PNRPAutoReg - ok
18:47:55.0149 4728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:47:55.0165 4728 PNRPsvc - ok
18:47:55.0196 4728 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:47:55.0259 4728 PolicyAgent - ok
18:47:55.0274 4728 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:47:55.0337 4728 Power - ok
18:47:55.0383 4728 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:47:55.0430 4728 PptpMiniport - ok
18:47:55.0461 4728 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:47:55.0477 4728 Processor - ok
18:47:55.0539 4728 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:47:55.0602 4728 ProfSvc - ok
18:47:55.0617 4728 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:47:55.0633 4728 ProtectedStorage - ok
18:47:55.0680 4728 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:47:55.0727 4728 Psched - ok
18:47:55.0805 4728 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:47:55.0867 4728 ql2300 - ok
18:47:55.0929 4728 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:47:55.0945 4728 ql40xx - ok
18:47:55.0961 4728 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:47:56.0007 4728 QWAVE - ok
18:47:56.0023 4728 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:47:56.0054 4728 QWAVEdrv - ok
18:47:56.0085 4728 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:47:56.0148 4728 RasAcd - ok
18:47:56.0210 4728 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:47:56.0241 4728 RasAgileVpn - ok
18:47:56.0257 4728 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:47:56.0304 4728 RasAuto - ok
18:47:56.0351 4728 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:47:56.0413 4728 Rasl2tp - ok
18:47:56.0460 4728 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:47:56.0538 4728 RasMan - ok
18:47:56.0600 4728 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:47:56.0663 4728 RasPppoe - ok
18:47:56.0678 4728 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:47:56.0741 4728 RasSstp - ok
18:47:56.0803 4728 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:47:56.0850 4728 rdbss - ok
18:47:56.0865 4728 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:47:56.0897 4728 rdpbus - ok
18:47:56.0912 4728 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:47:56.0975 4728 RDPCDD - ok
18:47:56.0975 4728 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:47:57.0021 4728 RDPENCDD - ok
18:47:57.0037 4728 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:47:57.0068 4728 RDPREFMP - ok
18:47:57.0099 4728 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:47:57.0146 4728 RDPWD - ok
18:47:57.0177 4728 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:47:57.0193 4728 rdyboost - ok
18:47:57.0224 4728 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:47:57.0271 4728 RemoteAccess - ok
18:47:57.0302 4728 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:47:57.0349 4728 RemoteRegistry - ok
18:47:57.0396 4728 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
18:47:57.0411 4728 RichVideo ( UnsignedFile.Multi.Generic ) - warning
18:47:57.0411 4728 RichVideo - detected UnsignedFile.Multi.Generic (1)
18:47:57.0521 4728 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
18:47:57.0521 4728 rpcapd - ok
18:47:57.0567 4728 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:47:57.0599 4728 RpcEptMapper - ok
18:47:57.0630 4728 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:47:57.0661 4728 RpcLocator - ok
18:47:57.0708 4728 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:47:57.0755 4728 RpcSs - ok
18:47:57.0786 4728 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:47:57.0848 4728 rspndr - ok
18:47:57.0864 4728 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:47:57.0879 4728 SamSs - ok
18:47:57.0911 4728 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:47:57.0926 4728 sbp2port - ok
18:47:57.0957 4728 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:47:58.0035 4728 SCardSvr - ok
18:47:58.0067 4728 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:47:58.0113 4728 scfilter - ok
18:47:58.0160 4728 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:47:58.0254 4728 Schedule - ok
18:47:58.0285 4728 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:47:58.0332 4728 SCPolicySvc - ok
18:47:58.0363 4728 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:47:58.0410 4728 SDRSVC - ok
18:47:58.0441 4728 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:47:58.0503 4728 secdrv - ok
18:47:58.0535 4728 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:47:58.0597 4728 seclogon - ok
18:47:58.0628 4728 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:47:58.0659 4728 SENS - ok
18:47:58.0675 4728 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:47:58.0737 4728 SensrSvc - ok
18:47:58.0769 4728 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:47:58.0784 4728 Serenum - ok
18:47:58.0815 4728 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:47:58.0862 4728 Serial - ok
18:47:58.0940 4728 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:47:58.0971 4728 sermouse - ok
18:47:59.0034 4728 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:47:59.0096 4728 SessionEnv - ok
18:47:59.0143 4728 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:47:59.0190 4728 sffdisk - ok
18:47:59.0237 4728 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:47:59.0268 4728 sffp_mmc - ok
18:47:59.0299 4728 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:47:59.0330 4728 sffp_sd - ok
18:47:59.0346 4728 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:47:59.0408 4728 sfloppy - ok
18:47:59.0455 4728 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:47:59.0517 4728 SharedAccess - ok
18:47:59.0549 4728 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:47:59.0611 4728 ShellHWDetection - ok
18:47:59.0627 4728 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:47:59.0642 4728 SiSRaid2 - ok
18:47:59.0658 4728 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:47:59.0673 4728 SiSRaid4 - ok
18:47:59.0736 4728 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:47:59.0751 4728 SkypeUpdate - ok
18:47:59.0767 4728 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:47:59.0814 4728 Smb - ok
18:47:59.0861 4728 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:47:59.0892 4728 SNMPTRAP - ok
18:47:59.0923 4728 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:47:59.0923 4728 spldr - ok
18:47:59.0970 4728 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:47:59.0985 4728 Spooler - ok
18:48:00.0079 4728 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:48:00.0204 4728 sppsvc - ok
18:48:00.0235 4728 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:48:00.0282 4728 sppuinotify - ok
18:48:00.0329 4728 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:48:00.0375 4728 srv - ok
18:48:00.0391 4728 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:48:00.0469 4728 srv2 - ok
18:48:00.0485 4728 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:48:00.0500 4728 srvnet - ok
18:48:00.0563 4728 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:48:00.0609 4728 SSDPSRV - ok
18:48:00.0625 4728 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:48:00.0656 4728 SstpSvc - ok
18:48:00.0687 4728 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:48:00.0703 4728 stexstor - ok
18:48:00.0750 4728 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:48:00.0797 4728 stisvc - ok
18:48:00.0828 4728 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:48:00.0843 4728 swenum - ok
18:48:00.0875 4728 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:48:00.0937 4728 swprv - ok
18:48:00.0984 4728 [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:48:00.0999 4728 SynTP - ok
18:48:01.0062 4728 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:48:01.0124 4728 SysMain - ok
18:48:01.0155 4728 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:48:01.0171 4728 TabletInputService - ok
18:48:01.0249 4728 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:48:01.0311 4728 TapiSrv - ok
18:48:01.0358 4728 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:48:01.0389 4728 TBS - ok
18:48:01.0499 4728 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:48:01.0577 4728 Tcpip - ok
18:48:01.0623 4728 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:48:01.0670 4728 TCPIP6 - ok
18:48:01.0717 4728 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:48:01.0764 4728 tcpipreg - ok
18:48:01.0811 4728 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:48:01.0842 4728 TDPIPE - ok
18:48:01.0873 4728 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:48:01.0904 4728 TDTCP - ok
18:48:01.0951 4728 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:48:01.0998 4728 tdx - ok
18:48:02.0076 4728 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:48:02.0091 4728 TermDD - ok
18:48:02.0123 4728 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:48:02.0169 4728 TermService - ok
18:48:02.0216 4728 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
18:48:02.0232 4728 TFsExDisk - ok
18:48:02.0263 4728 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:48:02.0294 4728 Themes - ok
18:48:02.0310 4728 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:48:02.0357 4728 THREADORDER - ok
18:48:02.0372 4728 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:48:02.0403 4728 TrkWks - ok
18:48:02.0466 4728 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:48:02.0513 4728 TrustedInstaller - ok
18:48:02.0559 4728 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:48:02.0591 4728 tssecsrv - ok
18:48:02.0622 4728 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:48:02.0669 4728 TsUsbFlt - ok
18:48:02.0715 4728 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:48:02.0762 4728 tunnel - ok
18:48:02.0793 4728 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
18:48:02.0809 4728 TurboB - ok
18:48:02.0887 4728 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:48:02.0887 4728 TurboBoost - ok
18:48:02.0918 4728 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:48:02.0934 4728 uagp35 - ok
18:48:02.0949 4728 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
18:48:02.0965 4728 UBHelper - ok
18:48:02.0965 4728 UCORESYS - ok
18:48:02.0981 4728 UCOREW64 - ok
18:48:03.0027 4728 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:48:03.0074 4728 udfs - ok
18:48:03.0121 4728 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:48:03.0137 4728 UI0Detect - ok
18:48:03.0168 4728 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:48:03.0183 4728 uliagpkx - ok
18:48:03.0246 4728 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:48:03.0277 4728 umbus - ok
18:48:03.0308 4728 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:48:03.0308 4728 UmPass - ok
18:48:03.0433 4728 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:48:03.0464 4728 UNS ( UnsignedFile.Multi.Generic ) - warning
18:48:03.0464 4728 UNS - detected UnsignedFile.Multi.Generic (1)
18:48:03.0527 4728 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:48:03.0542 4728 Updater Service - ok
18:48:03.0573 4728 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:48:03.0636 4728 upnphost - ok
18:48:03.0698 4728 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:48:03.0729 4728 USBAAPL64 - ok
18:48:03.0792 4728 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:48:03.0870 4728 usbccgp - ok
18:48:03.0917 4728 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:48:03.0932 4728 usbcir - ok
18:48:03.0995 4728 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:48:03.0995 4728 usbehci - ok
18:48:04.0026 4728 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:48:04.0073 4728 usbhub - ok
18:48:04.0088 4728 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:48:04.0119 4728 usbohci - ok
18:48:04.0135 4728 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:48:04.0166 4728 usbprint - ok
18:48:04.0197 4728 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:48:04.0213 4728 usbscan - ok
18:48:04.0244 4728 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:48:04.0260 4728 USBSTOR - ok
18:48:04.0291 4728 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:48:04.0322 4728 usbuhci - ok
18:48:04.0369 4728 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:48:04.0400 4728 usbvideo - ok
18:48:04.0431 4728 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:48:04.0494 4728 UxSms - ok
18:48:04.0509 4728 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:48:04.0525 4728 VaultSvc - ok
18:48:04.0556 4728 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:48:04.0556 4728 vdrvroot - ok
18:48:04.0603 4728 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:48:04.0665 4728 vds - ok
18:48:04.0697 4728 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:48:04.0712 4728 vga - ok
18:48:04.0728 4728 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:48:04.0775 4728 VgaSave - ok
18:48:04.0821 4728 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:48:04.0837 4728 vhdmp - ok
18:48:04.0853 4728 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:48:04.0868 4728 viaide - ok
18:48:04.0884 4728 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:48:04.0899 4728 volmgr - ok
18:48:04.0931 4728 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:48:04.0946 4728 volmgrx - ok
18:48:04.0962 4728 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:48:04.0977 4728 volsnap - ok
18:48:05.0024 4728 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:48:05.0024 4728 vsmraid - ok
18:48:05.0087 4728 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:48:05.0180 4728 VSS - ok
18:48:05.0196 4728 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:48:05.0227 4728 vwifibus - ok
18:48:05.0227 4728 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:48:05.0243 4728 vwififlt - ok
18:48:05.0258 4728 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:48:05.0274 4728 vwifimp - ok
18:48:05.0321 4728 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:48:05.0352 4728 W32Time - ok
18:48:05.0430 4728 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
18:48:05.0477 4728 W3SVC - ok
18:48:05.0492 4728 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:48:05.0523 4728 WacomPen - ok
18:48:05.0586 4728 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:48:05.0633 4728 WANARP - ok
18:48:05.0648 4728 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:48:05.0679 4728 Wanarpv6 - ok
18:48:05.0742 4728 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
18:48:05.0757 4728 WAS - ok
18:48:05.0835 4728 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:48:05.0913 4728 wbengine - ok
18:48:05.0945 4728 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:48:05.0960 4728 WbioSrvc - ok
18:48:06.0038 4728 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:48:06.0069 4728 wcncsvc - ok
18:48:06.0085 4728 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:48:06.0132 4728 WcsPlugInService - ok
18:48:06.0163 4728 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:48:06.0179 4728 Wd - ok
18:48:06.0210 4728 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:48:06.0241 4728 Wdf01000 - ok
18:48:06.0241 4728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:48:06.0428 4728 WdiServiceHost - ok
18:48:06.0444 4728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:48:06.0475 4728 WdiSystemHost - ok
18:48:06.0522 4728 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:48:06.0569 4728 WebClient - ok
18:48:06.0631 4728 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:48:06.0693 4728 Wecsvc - ok
18:48:06.0725 4728 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:48:06.0787 4728 wercplsupport - ok
18:48:06.0834 4728 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:48:06.0881 4728 WerSvc - ok
18:48:06.0912 4728 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:48:06.0943 4728 WfpLwf - ok
18:48:06.0974 4728 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:48:06.0990 4728 WIMMount - ok
18:48:07.0005 4728 WinDefend - ok
18:48:07.0005 4728 WinHttpAutoProxySvc - ok
18:48:07.0068 4728 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:48:07.0115 4728 Winmgmt - ok
18:48:07.0177 4728 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:48:07.0286 4728 WinRM - ok
18:48:07.0349 4728 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:48:07.0380 4728 WinUsb - ok
18:48:07.0411 4728 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:48:07.0473 4728 Wlansvc - ok
18:48:07.0520 4728 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
18:48:07.0536 4728 WmBEnum - ok
18:48:07.0614 4728 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
18:48:07.0614 4728 WmFilter - ok
18:48:07.0661 4728 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:48:07.0692 4728 WmiAcpi - ok
18:48:07.0723 4728 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:48:07.0739 4728 wmiApSrv - ok
18:48:07.0770 4728 WMPNetworkSvc - ok
18:48:07.0817 4728 [ B5BD872122A2CE82D196ABF2D5D8D80A ] WMSVC C:\Windows\system32\inetsrv\wmsvc.exe
18:48:07.0863 4728 WMSVC - ok
18:48:07.0941 4728 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
18:48:07.0941 4728 WmVirHid - ok
18:48:07.0957 4728 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
18:48:07.0973 4728 WmXlCore - ok
18:48:08.0004 4728 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:48:08.0035 4728 WPCSvc - ok
18:48:08.0066 4728 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:48:08.0082 4728 WPDBusEnum - ok
18:48:08.0129 4728 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:48:08.0160 4728 ws2ifsl - ok
18:48:08.0191 4728 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:48:08.0222 4728 wscsvc - ok
18:48:08.0222 4728 WSearch - ok
18:48:08.0300 4728 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:48:08.0394 4728 wuauserv - ok
18:48:08.0425 4728 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:48:08.0487 4728 WudfPf - ok
18:48:08.0550 4728 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:48:08.0597 4728 WUDFRd - ok
18:48:08.0628 4728 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:48:08.0659 4728 wudfsvc - ok
18:48:08.0706 4728 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:48:08.0768 4728 WwanSvc - ok
18:48:08.0877 4728 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
18:48:08.0924 4728 xnacc - ok
18:48:08.0971 4728 ================ Scan global ===============================
18:48:09.0018 4728 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:48:09.0065 4728 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:48:09.0080 4728 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:48:09.0111 4728 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:48:09.0174 4728 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:48:09.0174 4728 [Global] - ok
18:48:09.0174 4728 ================ Scan MBR ==================================
18:48:09.0174 4728 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:48:09.0720 4728 \Device\Harddisk0\DR0 - ok
18:48:09.0720 4728 ================ Scan VBR ==================================
18:48:09.0751 4728 [ 3DACB8D0082D0A15F9C63A4440B1A868 ] \Device\Harddisk0\DR0\Partition1
18:48:09.0751 4728 \Device\Harddisk0\DR0\Partition1 - ok
18:48:09.0767 4728 [ 576E6726D1BD024B96F208A2D11DA157 ] \Device\Harddisk0\DR0\Partition2
18:48:09.0767 4728 \Device\Harddisk0\DR0\Partition2 - ok
18:48:09.0767 4728 ============================================================
18:48:09.0767 4728 Scan finished
18:48:09.0767 4728 ============================================================
18:48:09.0782 4808 Detected object count: 5
18:48:09.0782 4808 Actual detected object count: 5
18:48:28.0346 4808 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
18:48:28.0346 4808 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:48:28.0346 4808 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
18:48:28.0346 4808 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:48:28.0346 4808 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:48:28.0346 4808 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:48:28.0346 4808 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
18:48:28.0346 4808 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:48:28.0346 4808 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
18:48:28.0346 4808 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.09.2012, 20:27
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU Bundespolizei Virus Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
22.09.2012, 21:08
| #18 |
| | GVU Bundespolizei Virus Hier der Log
__________________Code:
ATTFilter ComboFix 12-09-22.02 - Christian 22.09.2012 21:42:40.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3764.2363 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\FullRemove.exe
c:\users\Christian\AppData\Local\._Revolution_
c:\users\Christian\AppData\Local\assembly\tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-22 bis 2012-09-22 ))))))))))))))))))))))))))))))
.
.
2012-09-21 20:11 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEB50DC7-84C9-4C29-8BB1-6D41DDAB2E45}\mpengine.dll
2012-09-21 20:05 . 2012-09-21 20:05 -------- d-----w- C:\_OTL
2012-09-21 20:05 . 2012-09-22 16:51 -------- d-----w- c:\programdata\boost_interprocess
2012-09-18 19:24 . 2012-09-18 19:24 -------- d-----w- c:\program files (x86)\ESET
2012-09-17 21:48 . 2012-09-17 21:48 -------- d-----w- c:\users\Christian\AppData\Roaming\Malwarebytes
2012-09-17 21:47 . 2012-09-17 21:47 -------- d-----w- c:\programdata\Malwarebytes
2012-09-17 21:47 . 2012-09-17 21:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-17 21:47 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 20:07 . 2012-09-17 20:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-13 20:07 . 2012-09-17 20:18 -------- d-----r- c:\program files (x86)\Skype
2012-09-12 16:40 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 16:40 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 16:40 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 16:40 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 16:40 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 16:40 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 16:40 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-29 18:39 . 2012-08-29 18:39 -------- d-----w- c:\programdata\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 16:44 . 2010-09-04 13:20 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-14 20:57 . 2012-04-04 20:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 20:57 . 2011-05-15 16:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-07 20:40 . 2012-08-07 20:40 1179595 ----a-w- c:\windows\unins000.exe
2012-08-07 20:37 . 2012-08-07 20:37 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-07 20:37 . 2012-08-07 20:37 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-07 20:37 . 2012-08-07 20:37 268744 ----a-w- c:\windows\system32\javaws.exe
2012-08-07 20:37 . 2012-08-07 20:37 189384 ----a-w- c:\windows\system32\javaw.exe
2012-08-07 20:37 . 2012-08-07 20:37 188872 ----a-w- c:\windows\system32\java.exe
2012-08-07 20:36 . 2012-06-24 08:56 772552 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-07 20:36 . 2011-05-01 10:05 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-18 18:15 . 2012-08-15 04:56 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 04:56 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 04:56 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 04:56 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 04:56 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-04-23 124136]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-13 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 250288]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-27 40448]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-13 114144]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 UCORESYS;UCORESYS;d:\dmiedit_utility\UCORESYS.sys [x]
R3 UCOREW64;UCOREW64;d:\dmiedit_utility\UCOREW64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WMSVC;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-13 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-03-10 820768]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-14 9319424]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-13 303616]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-31 114704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 158848]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-08-25 10611552]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-01-18 75304]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:58]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 07:32]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 07:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-06 324608]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-22 10081312]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-22 877600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-03-10 496160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360910v706l0433z1l5t5631l544
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360910v706l0433z1l5t5631l544
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files (x86)\Shareaza\RazaWebHook32.dll/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\langpquj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-22 22:01:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-22 20:01
.
Vor Suchlauf: 23 Verzeichnis(se), 312.737.701.888 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 312.798.728.192 Bytes frei
.
- - End Of File - - BA4CEE9A8F0CC008AD02864132337EFB
|
|
23.09.2012, 16:09
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Bundespolizei Virus Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.09.2012, 21:09
| #20 |
| | GVU Bundespolizei Virus GMER ist bei mir durchgelaufen und endete mit einem Pop-Up, dass es nichts gefunden hat. Aber irgendwie konnte ich kein Logfile finden. Kann es daran liegen, dass ich eine Windowsversion mit 64-Bit habe? Log von OSAM Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:10:06 on 23.09.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 15.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Pando" - "Pando Networks" - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys "NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\system32\drivers\NTIDrvr.sys "TFsExDisk" (TFsExDisk) - "Teruten Inc" - C:\Windows\System32\Drivers\TFsExDisk.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "UCORESYS" (UCORESYS) - ? - D:\DMIEDIT_utility\UCORESYS.sys (File not found) "UCOREW64" (UCOREW64) - ? - D:\DMIEDIT_utility\UCOREW64.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office10\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office10\OLKFSTUB.DLL {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) ITBar7Height64 "ITBar7Height64" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout64" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.4.0" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.4.0" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll {0EEDB912-C5FA-486F-8334-57288578C627} "Shareaza Web Download Hook" - "Shareaza Development Team" - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "MobileDocuments" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe "swg" - "Google Inc." - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "ArcadeMovieService" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k "EEventManager" - "SEIKO EPSON CORPORATION" - "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" "EgisTecPMMUpdate" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" "EgisUpdate" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d "IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe "MDS_Menu" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SuiteTray" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "4300 Series Port" - " " - C:\Windows\system32\lxcelmpm.dll "EpsonNet Print Port" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\enppmon.dll "PDF995 Monitor" - ? - C:\Windows\system32\pdf995mon64.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "ABBYY FineReader 9.0 Sprint Licensing Service" (ABBYY.Licensing.FineReader.Sprint.9.0) - "ABBYY" - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\dsiwmis.exe "EpsonBidirectionalService" (EpsonBidirectionalService) - "SEIKO EPSON CORPORATION" - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GREGService" (GREGService) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "lxce_device" (lxce_device) - " " - C:\Windows\system32\lxcecoms.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe "NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe "Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Program Files (x86)\WinPcap\rpcapd.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "TurboBoost" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe "Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-23 21:21:01
-----------------------------
21:21:01.405 OS Version: Windows x64 6.1.7601 Service Pack 1
21:21:01.405 Number of processors: 4 586 0x2502
21:21:01.405 ComputerName: CHRISTIAN-PC UserName: Christian
21:21:02.715 Initialize success
21:23:07.381 AVAST engine defs: 12092300
21:23:34.322 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:23:34.322 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
21:23:34.338 Disk 0 MBR read successfully
21:23:34.338 Disk 0 MBR scan
21:23:34.338 Disk 0 Windows 7 default MBR code
21:23:34.353 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
21:23:34.369 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
21:23:34.385 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463526 MB offset 27469824
21:23:34.431 Disk 0 scanning C:\Windows\system32\drivers
21:23:44.837 Service scanning
21:24:06.271 Service UCORESYS D:\DMIEDIT_utility\UCORESYS.sys **LOCKED** 21
21:24:06.287 Service UCOREW64 D:\DMIEDIT_utility\UCOREW64.sys **LOCKED** 21
21:24:10.811 Modules scanning
21:24:10.811 Disk 0 trace - called modules:
21:24:10.857 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:24:10.857 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fd7060]
21:24:10.857 3 CLASSPNP.SYS[fffff88001b1143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f26050]
21:24:12.698 AVAST engine scan C:\Windows
21:24:16.364 AVAST engine scan C:\Windows\system32
21:27:03.051 AVAST engine scan C:\Windows\system32\drivers
21:27:16.311 AVAST engine scan C:\Users\Christian
21:57:53.823 AVAST engine scan C:\ProgramData
21:59:03.430 Scan finished successfully
22:00:04.458 Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"
22:00:04.458 The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt"
|
|
24.09.2012, 13:44
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Bundespolizei Virus Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> GVU Bundespolizei Virus |
|
24.09.2012, 22:15
| #22 |
| | GVU Bundespolizei Virus MWB: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.24.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Christian :: CHRISTIAN-PC [Administrator] Schutz: Aktiviert 24.09.2012 19:09:50 mbam-log-2012-09-24 (19-09-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 524341 Laufzeit: 1 Stunde(n), 19 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/24/2012 at 11:06 PM
Application Version : 5.5.1016
Core Rules Database Version : 9281
Trace Rules Database Version: 7093
Scan type : Complete Scan
Total Scan Time : 02:33:17
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 856
Memory threats detected : 0
Registry items scanned : 67775
Registry threats detected : 0
File items scanned : 106567
File threats detected : 93
Adware.Tracking Cookie
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\LPILLL2L.txt [ /fastclick.net ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\5B3ACZI8.txt [ /mediaplex.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\SI6H5EE7.txt [ /apmebf.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\YTCSD9QP.txt [ /adfarm1.adition.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\99KP8RT1.txt [ /atdmt.com ]
C:\USERS\CHRISTIAN\Cookies\LPILLL2L.txt [ Cookie:christian@fastclick.net/ ]
C:\USERS\CHRISTIAN\Cookies\YTCSD9QP.txt [ Cookie:christian@adfarm1.adition.com/ ]
C:\USERS\CHRISTIAN\Cookies\99KP8RT1.txt [ Cookie:christian@atdmt.com/ ]
.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
tracking.mlsat02.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
tomtailor.dyntracker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.tracker.vinsight.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
adx2.chip.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LANGPQUJ.DEFAULT\COOKIES.SQLITE ]
|
|
25.09.2012, 11:29
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Bundespolizei Virus Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.09.2012, 12:25
| #24 |
| | GVU Bundespolizei Virus Danke! Mit den Cookies muss ich was machen. War richtig erschrocken, dass es so viele sind! Nein, mein System läuft ohne Einschränkungen und aufgefallen ist mir auch nix mehr. Die virusdatei in der Quarantäne von MWB kann ich nun löschen? |
|
25.09.2012, 14:41
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Bundespolizei Virus Was habt ihr alle immer nur mit der Quarantäne?  Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran. Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU Bundespolizei Virus |
| .exe, 7-zip, administrator, anti-malware, auftrag, autostart, bösartige, dateien, erfolgreich, explorer, gefunde, gelöscht, gemeinde, gen, igdpmd64.sys, install.exe, ip-hilfsdienst, launch, liebe, locker, minute, mywinlocker, objekte, plug-in, quarantäne, registrierung, scan, service, speicher, test, users, version, verzeichnisse, virus |
Linear-Darstellung
