|
Plagegeister aller Art und deren Bekämpfung: GVU/ BKA Trojaner (vermutl. Version 2.07) - Benutzerkonto lässt sich nicht mehr aufrufen!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.09.2013, 03:22 | #1 |
| GVU/ BKA Trojaner (vermutl. Version 2.07) - Benutzerkonto lässt sich nicht mehr aufrufen! Sehr geehrte Trojaner-Board Community, leider habe ich kürzlich den GVU/ BKA Trojaner (vermutl. in der Version 2.07) auf meinem Laptop, eine entsprechende Seite mit aktuellem Webcamfoto und Zahlungsaufforderung hat sich beim "surfen" auf tumblr.com geöffnet und lässt sich nun leider nicht mehr entfernen. Die Systemwiederherstellung funktioniert nicht, diese wird systemseitig mit entsprechender Fehlermeldung abgebrochen. Installiert habe ich auf meinem Laptop folgendes System: Windows Vista Home Premium inkl. Service Pack 2 Aktuell sind - 2 - Benutzerkonten installiert/ eingerichtet: - Administrator (weiterhin nutzbar), - Nutzer (nicht mehr nutzbar, da entsprechende Seite geöffnet wird). Ich habe bereits mehrere Suchläufe mit verschiedenen Anti-Malware Programmen durchgeführt. - Farbar Recovery Scan Tool (ohne Befund, Log-Datei liegt vor) Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03 Ran by Acer (administrator) on ***** on 18-09-2013 00:24:24 Running from C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M1U1SZPL Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Egis Technology Inc.) c:\Program Files\Acer Bio Protection\CompPtcVUI.exe () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Agere Systems) C:\Windows\system32\agrsmsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Egis Technology Inc.) c:\Program Files\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe (CANON INC.) C:\Windows\system32\CNAB4RPK.EXE (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe () C:\Windows\PLFSetI.exe (Egis Technology Inc.) C:\Program Files\Acer Bio Protection\PdtWzd.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.exe (Realtek Semiconductor Corp.) C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DFWOH4E\Malwarebytes Anti Malware - CHIP-Downloader.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6957600 2009-03-11] (Realtek Semiconductor) HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2011-06-23] () HKLM\...\Run: [VitaKeyPdtWzd] - c:\Program Files\Acer Bio Protection\PdtWzd.exe [3549696 2009-02-13] (Egis Technology Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.) HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [870920 2009-02-24] (Dritek System Inc.) HKLM\...\Run: [BackupManagerTray] - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-11] (NewTech Infosystems, Inc.) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated) HKLM\...\Run: [mwlDaemon] - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.) HKLM\...\Run: [PlayMovie] - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2008-12-26] (Acer Corp.) HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-11] (Realtek Semiconductor Corp.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] () HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [AVSetupPending] - C:\Windows\TEMP\AVSETUP_520fd561\SetupPending.exe <===== ATTENTION HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.) HKLM\...\Run: [Malwarebytes' Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [462408 2012-04-04] (Malwarebytes Corporation) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462408 2012-04-04] (Malwarebytes Corporation) HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKCU\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer) HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-10] (Google Inc.) HKU\*****\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.) HKU\*****\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2013-05-10] (Google Inc.) HKU\*****\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [ 2013-05-10] () HKU\*****\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [ 2013-07-03] (Disc Soft Ltd) HKU\*****\...\Winlogon: [Shell] cmd.exe [ 2008-01-21] (Microsoft Corporation) <==== ATTENTION HKU\*****\...\Command Processor: "C:\Users\*****-~1\AppData\Local\Temp\svchost.exe" <===== ATTENTION! HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer) HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\logon\run_logon.exe HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer) HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\logon\run_logon.exe Lsa: [Notification Packages] c:\Program Files\Acer Bio Protection\PwdFilter ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7AF5DFEDEAB3CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.8010003&st=10 SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.8010003&st=10&q={searchTerms} BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ========================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] () R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated) R2 IGBASVC; c:\Program Files\Acer Bio Protection\BASVC.exe [3440640 2009-02-13] (Egis Technology Inc.) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation) R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.) R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.) R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.) R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2008-11-27] (Acer Incorporated) S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S2 AviraUpgradeService; "C:\Windows\TEMP\AVSETUP_520fd561\avupgsvc.exe" /TEMPSTART:""C:\Windows\TEMP\AVSETUP_520fd561\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" ==================== Drivers (Whitelisted) ==================== R0 AlfaFF; C:\Windows\System32\drivers\AlfaFF.sys [42608 2009-02-13] (Alfa Corporation) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.) R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-07-30] (Disc Soft Ltd) R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [26928 2008-12-24] (Egis) R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider) R2 int15; c:\Windows\system32\drivers\int15.sys [69632 2009-02-13] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-09-18] (Malwarebytes Corporation) R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.) R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.) R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.) R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7 C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303 C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7 C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5 C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA C:\Windows\System32\DRIVERS\AGRSM.sys 38325C6AA8EAE011897D61CE48EC6435 C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360 C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit C:\Windows\System32\drivers\AlfaFF.sys 4490B8BDF38750458EB9B24835FDA8FE C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91 C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578 C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48 C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522 C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945 C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1 C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4 C:\Windows\System32\DRIVERS\avgidsdriverx.sys 4D7E34E36E586EA26F171A258341BD80 C:\Windows\System32\DRIVERS\avgidshx.sys 7C8E88549BCDAAC965B1B724C175F7A9 C:\Windows\System32\DRIVERS\avgidsshimx.sys 2717EBC35166B8793DBFFB4390B8F2E7 C:\Windows\System32\DRIVERS\avgldx86.sys 2018C4E9A40B122408763A5635CF14D9 C:\Windows\System32\DRIVERS\avglogx.sys E2B9CF2CF787C6978E7CC898E9684E48 C:\Windows\System32\DRIVERS\avgmfx86.sys 3F59750A3AA55C46663801E7C2FD1E2B C:\Windows\System32\DRIVERS\avgrkx86.sys CBCE8ED318DB8EA431F9D25AC9B7FF41 C:\Windows\System32\DRIVERS\avgtdix.sys 14370FB29526F593C04FA48B5D69F7F0 C:\Windows\System32\DRIVERS\b57nd60x.sys 502F1C30BD50B32D00CE4DCAECC3D3C7 C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6 C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397 C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314 C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132 C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56 C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629 C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871 C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410 C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A C:\Windows\System32\DRIVERS\DKbFltr.sys 73BAF270D24FE726B9CD7F80BB17A23D C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80 C:\Windows\System32\DRIVERS\dtsoftbus01.sys E6B7D1B24E16FB24CE1FEA964E144EBC C:\Windows\System32\drivers\dxgkrnl.sys 5DE0FAEC9E5D1AAE74F8568897891A01 C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371 C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6 C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61 C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE C:\Windows\System32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8 C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05 C:\Windows\System32\Drivers\FPSensor.sys 140C20D2EF25993E66E9D60E66977F3E C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5 C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5 C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidshim.sys 7F7E5E98CEFED8A10F7E56810EA7B6DF C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6 C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4 C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD C:\Windows\System32\DRIVERS\iaStor.sys 71ECC07BC7C5E24C3DD01D8A29A24054 C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14 C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit c:\Windows\system32\drivers\int15.sys 4D8D5B1C895EA0F2A721B98A7CE198F1 C:\Windows\System32\drivers\RTKVHDA.sys FFB0B713A54DD05193DBCD0B790B37EE C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718 C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3 C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1 C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68 C:\Windows\System32\DRIVERS\irda.sys E50A95179211B12946F7E035D60AF560 C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9 C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614 C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034 C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\k57nd60x.sys EAC21E8014C7E6EE341AFFFB7E2BBD54 C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7 C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20 C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6 C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365 C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC C:\Windows\system32\drivers\mbam.sys FB097BBC1A18F044BD17BD2FCCF97865 C:\Windows\system32\drivers\mbamswissarmy.sys 0DB7527DB188C7D967A37BB51BBF3963 C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879 C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99 C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8 C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263 C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600 C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6 C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2 C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03 C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C C:\Windows\System32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7 C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515 C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62 C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07 C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C C:\Windows\System32\DRIVERS\mwlPSDFilter.sys 2DE94E435C3EFDE58C7B1856D4F20724 C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 61920A7146EED3D903DBBB8EC295AF76 C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys E0F49721E68EBD2983E84C44FADA6665 C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416 C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42 C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61 C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389 C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3 C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3 C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78 C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6 C:\Windows\System32\DRIVERS\NETw5v32.sys 7269039E216BDD863ABF1850A0FFDBAF C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26 C:\Windows\System32\DRIVERS\nscirda.sys 6D8D2E5652FC2442C810C5D8BE784148 C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7 C:\Windows\System32\Drivers\NTIDrvr.sys 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys 85D8845B7B6A434B7CE35723BF0E5C57 C:\Windows\System32\drivers\nvhda32v.sys 77F9F9A199B87FE3F852E12F5419240B C:\Windows\System32\DRIVERS\nvlddmkm.sys 9A77B1C13BCCEDDF78DFD7AFC25B4F5E C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101 C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177 C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B C:\Windows\System32\DRIVERS\ohci1394.sys 790E27C3DB53410B40FF9EF2FD10A1D9 C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9 C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB C:\Windows\system32\drivers\pciide.sys FC175F5DDAB666D7F4D17449A547626F C:\Windows\system32\DRIVERS\pcmcia.sys B7C5A8769541900F6DFA6FE0C5E4D513 C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1 C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6 C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7 C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3 C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0 C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935 C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899 C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A C:\Windows\System32\Drivers\RimUsb.sys BBCE96557881586683611C561FB06269 C:\Windows\System32\DRIVERS\RimSerial.sys C4F4FCD5AE48BDD31648981DDF8EF993 C:\Windows\System32\Drivers\RootMdm.sys 75E8A6BFA7374ABA833AE92BF41AE4E6 C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sdbus.sys 126EA89BCC413EE45E3004FB0764888F C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624 C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86 C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5 C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979 C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3 C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2 C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94 C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04 C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91 C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44 C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56 C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SynTP.sys AEE6E411A915F50101895BA8DC5C15D4 C:\Windows\System32\drivers\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D C:\Windows\System32\DRIVERS\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7 C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56 C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021 C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54 C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7 C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38 C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F C:\Windows\System32\Drivers\UBHelper.sys F763E070843EE2803DE1395002B42938 C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6 C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27 C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2 C:\Windows\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9 C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142 C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys 79E96C23A97CE7B8F14D310DA2DB0C9B C:\Windows\System32\DRIVERS\usbhub.sys 4673BBCB006AF60E7ABDDBE7A130BA42 C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5 C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F C:\Windows\System32\Drivers\usbvideo.sys E67998E8F14CB0627A769F6530BCB352 C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4 C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43 C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28 C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9 C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-18 00:24 - 2013-09-18 00:24 - 00000000 ____D C:\FRST 2013-09-18 00:10 - 2013-09-18 00:10 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Malwarebytes 2013-09-18 00:07 - 2013-09-18 00:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-18 00:07 - 2013-09-18 00:07 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-18 00:07 - 2012-04-04 15:56 - 00022344 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-17 23:15 - 2013-09-18 00:04 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Google 2013-09-17 23:15 - 2013-09-17 23:15 - 00000000 ____D C:\Users\Acer\AppData\Roaming\AVG2013 2013-09-17 23:15 - 2013-09-17 23:15 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Apple Computer 2013-09-17 23:15 - 2013-09-17 23:15 - 00000000 ____D C:\Users\Acer\AppData\Local\Avg2013 2013-09-17 23:15 - 2013-09-17 23:15 - 00000000 ____D C:\Users\Acer\AppData\Local\Acer ePower Management V4 2013-09-17 23:14 - 2013-09-17 23:15 - 00000000 ____D C:\Users\Acer\AppData\Local\Google 2013-09-17 23:14 - 2013-09-17 23:14 - 00108560 _____ C:\Users\Acer\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-17 23:14 - 2013-09-17 23:14 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Adobe 2013-09-17 23:13 - 2013-09-17 23:14 - 00001975 _____ C:\Users\Acer\Desktop\Google Chrome.lnk 2013-09-17 23:13 - 2013-09-17 23:13 - 00000953 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-17 23:13 - 2013-09-17 23:13 - 00000948 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2013-09-17 23:13 - 2013-09-17 23:13 - 00000919 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2013-09-17 23:13 - 2013-09-17 23:13 - 00000020 ___SH C:\Users\Acer\ntuser.ini 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 _SHDL C:\Users\Acer\Startmenü 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 _SHDL C:\Users\Acer\Netzwerkumgebung 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 _SHDL C:\Users\Acer\Druckumgebung 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 _SHDL C:\Users\Acer\Documents\Eigene Musik 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 _SHDL C:\Users\Acer\Documents\Eigene Bilder 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 _SHDL C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 _SHDL C:\Users\Acer\AppData\Local\Verlauf 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 ____D C:\Users\Acer\AppData\Local\VirtualStore 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 ____D C:\Users\Acer 2013-09-17 23:13 - 2012-12-10 16:20 - 00000000 ____D C:\Users\Acer\AppData\Roaming\TuneUp Software 2013-09-17 23:13 - 2011-06-25 19:35 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Macromedia 2013-09-17 23:13 - 2009-03-12 17:12 - 00000000 ___RD C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-09-17 23:13 - 2009-03-12 17:12 - 00000000 ___RD C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-09-17 23:09 - 2013-09-17 23:09 - 00614816 _____ C:\Users\*****\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe 2013-09-17 22:57 - 2013-09-17 22:57 - 00931113 _____ C:\Users\*****\AppData\Roaming\2433f433 2013-09-17 22:57 - 2013-09-17 22:57 - 00931106 _____ C:\ProgramData\2433f433 2013-09-17 22:57 - 2013-09-17 22:57 - 00931089 _____ C:\Users\*****\AppData\Local\2433f433 2013-09-13 12:38 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-13 12:38 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-13 12:38 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-13 12:38 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-13 12:38 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-09-13 12:38 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-13 12:38 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-09-13 12:38 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-13 12:38 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-13 12:38 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-09-13 12:38 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-09-13 12:38 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-13 12:38 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-13 12:38 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-13 12:38 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-09-13 12:38 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-13 00:29 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-13 00:29 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2013-09-10 01:34 - 2013-09-10 01:34 - 00022328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys 2013-09-05 01:43 - 2013-09-05 01:43 - 00039224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys 2013-09-04 14:14 - 2013-09-04 14:14 - 00000000 ____D C:\Users\*****\AppData\Roaming\TuneUp Software 2013-08-27 22:42 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL ==================== One Month Modified Files and Folders ======= 2013-09-18 00:24 - 2013-09-18 00:24 - 00000000 ____D C:\FRST 2013-09-18 00:11 - 2012-04-27 09:07 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-09-18 00:10 - 2013-09-18 00:10 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Malwarebytes 2013-09-18 00:08 - 2013-09-18 00:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-18 00:07 - 2013-09-18 00:07 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-18 00:04 - 2013-09-17 23:15 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Google 2013-09-18 00:02 - 2012-03-29 20:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-18 00:01 - 2012-04-10 17:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-09-18 00:01 - 2006-11-02 12:33 - 01445310 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-18 00:00 - 2011-06-23 09:20 - 01133494 _____ C:\Windows\WindowsUpdate.log 2013-09-17 23:57 - 2013-05-10 21:03 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-17 23:57 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-17 23:57 - 2006-11-02 14:47 - 00004016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-17 23:57 - 2006-11-02 14:47 - 00004016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-17 23:42 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-17 23:15 - 2013-09-17 23:15 - 00000000 ____D C:\Users\Acer\AppData\Roaming\AVG2013 2013-09-17 23:15 - 2013-09-17 23:15 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Apple Computer 2013-09-17 23:15 - 2013-09-17 23:15 - 00000000 ____D C:\Users\Acer\AppData\Local\Avg2013 2013-09-17 23:15 - 2013-09-17 23:15 - 00000000 ____D C:\Users\Acer\AppData\Local\Acer ePower Management V4 2013-09-17 23:15 - 2013-09-17 23:14 - 00000000 ____D C:\Users\Acer\AppData\Local\Google 2013-09-17 23:14 - 2013-09-17 23:14 - 00108560 _____ C:\Users\Acer\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-17 23:14 - 2013-09-17 23:14 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Adobe 2013-09-17 23:14 - 2013-09-17 23:13 - 00001975 _____ C:\Users\Acer\Desktop\Google Chrome.lnk 2013-09-17 23:13 - 2013-09-17 23:13 - 00000953 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-17 23:13 - 2013-09-17 23:13 - 00000948 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2013-09-17 23:13 - 2013-09-17 23:13 - 00000919 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2013-09-17 23:13 - 2013-09-17 23:13 - 00000020 ___SH C:\Users\Acer\ntuser.ini 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 _SHDL C:\Users\Acer\Startmenü 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 _SHDL C:\Users\Acer\Netzwerkumgebung 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 _SHDL C:\Users\Acer\Druckumgebung 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 _SHDL C:\Users\Acer\Documents\Eigene Musik 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 _SHDL C:\Users\Acer\Documents\Eigene Bilder 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 _SHDL C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 _SHDL C:\Users\Acer\AppData\Local\Verlauf 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 ____D C:\Users\Acer\AppData\Local\VirtualStore 2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 ____D C:\Users\Acer 2013-09-17 23:09 - 2013-09-17 23:09 - 00614816 _____ C:\Users\*****\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe 2013-09-17 22:58 - 2012-04-10 18:02 - 00000000 ____D C:\Users\*****\AppData\Local\PMB Files 2013-09-17 22:57 - 2013-09-17 22:57 - 00931113 _____ C:\Users\*****\AppData\Roaming\2433f433 2013-09-17 22:57 - 2013-09-17 22:57 - 00931106 _____ C:\ProgramData\2433f433 2013-09-17 22:57 - 2013-09-17 22:57 - 00931089 _____ C:\Users\*****\AppData\Local\2433f433 2013-09-17 22:27 - 2012-11-13 22:49 - 00000000 ____D C:\ProgramData\MFAData 2013-09-17 22:26 - 2013-05-10 21:03 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-15 12:36 - 2006-11-02 14:47 - 00406648 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-13 13:02 - 2012-03-29 20:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-09-13 13:02 - 2012-03-29 20:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-13 12:37 - 2013-08-15 18:27 - 00000000 ____D C:\Windows\system32\MRT 2013-09-13 12:33 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-09-12 17:47 - 2012-01-13 00:02 - 00000000 ____D C:\Program Files\CCleaner 2013-09-10 01:34 - 2013-09-10 01:34 - 00022328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys 2013-09-07 23:56 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-09-06 12:25 - 2012-08-02 20:54 - 00008592 _____ C:\Users\*****\AppData\Local\d3d9caps.dat 2013-09-05 01:43 - 2013-09-05 01:43 - 00039224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys 2013-09-04 14:14 - 2013-09-04 14:14 - 00000000 ____D C:\Users\*****\AppData\Roaming\TuneUp Software Some content of TEMP: ==================== C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe C:\Users\*****\AppData\Local\Temp\RtkBtMnt.exe C:\Users\*****\AppData\Local\Temp\svchost.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=C: description Windows Boot Manager locale de-DE inherit {globalsettings} default {current} resumeobject {a9d4d023-d441-11dc-8a35-e9a1536067d6} displayorder {current} toolsdisplayorder {memdiag} timeout 30 resume No Windows-Startladeprogramm ------------------------- Bezeichner {572bcd56-ffa7-11d9-aae0-0007e994107d} device ramdisk=[\Device\HarddiskVolume1]\x86\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8} path \windows\system32\boot\winload.exe description Windows Recovery Environment osdevice ramdisk=[\Device\HarddiskVolume1]\x86\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8} systemroot \windows nx OptIn detecthal Yes winpe Yes Windows-Startladeprogramm ------------------------- Bezeichner {current} device partition=C: path \Windows\system32\winload.exe description Microsoft Windows Vista locale de-DE inherit {bootloadersettings} recoverysequence {572bcd56-ffa7-11d9-aae0-0007e994107d} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {a9d4d023-d441-11dc-8a35-e9a1536067d6} nx OptIn Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {a9d4d023-d441-11dc-8a35-e9a1536067d6} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=C: path \boot\memtest.exe description Windows-Speicherdiagnose locale de-DE inherit {globalsettings} badmemoryaccess Yes Windows-Legacybetriebssystem-Ladeprogramm ----------------------------------------- Bezeichner {ntldr} device unknown path \ntldr description Frhere Windows-Version EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {ad6c7bc8-fa0f-11da-8ddf-0013200354d8} description Ramdisk Device Options ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \X86\boot.sdi LastRegBack: 2013-09-18 00:03 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013 03 Ran by Acer at 2013-09-18 00:25:22 Running from C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M1U1SZPL Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 2007 Microsoft Office Suite Service Pack 2 (SP2) AAVUpdateManager (Version: 18.00.0000) Acer Arcade Deluxe (Version: 2.5.6121) Acer Backup Manager (Version: 1.0.0.58) Acer Bio Protection (Version: 6.1.20) Acer Crystal Eye webcam Ver:1.1.79.326 (Version: 1.1.79.326) Acer eRecovery Management (Version: 4.00.3008) Acer GridVista (Version: 2.72.317) Acer PowerSmart Manager (Version: 4.01.3016) Acer Product Registration (Version: 3.0.0.10) Acer ScreenSaver Acer VCM (Version: 4.00.3004) Adobe Flash Player 11 ActiveX (Version: 11.8.800.174) Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7) Adobe Shockwave Player 11.6 (Version: 11.6.4.634) Agere Systems HDA Modem Apple Application Support (Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) AVG 2013 (Version: 13.0.3222) AVG 2013 (Version: 13.0.3408) AVG 2013 (Version: 2013.0.3408) Backup Manager Basic (Version: 1.0.0.58) BlackBerry Desktop Software 7.1 (Version: 7.1.0.41) Bonjour (Version: 3.0.0.10) Broadcom Gigabit NetLink Controller (Version: 11.34.02) Call of Duty(R) 4 - Modern Warfare(TM) (Version: 1.00.0000) Call of Duty(R) 4 - Modern Warfare(TM) (Version: 1.7) Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (Version: 1.6) Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version: 1.7) Canon LBP2900 CCleaner (Version: 4.05) Choice Guard (Version: 1.2.87.0) Compatibility Pack für 2007 Office System (Version: 12.0.4518.1014) DAEMON Tools Lite (Version: 4.47.1.0335) DivX-Setup (Version: 2.6.1.9) ElsterFormular (Version: 14.3.11574) Fingerprint Solution (Version: 6.1.20.0) Google Chrome (Version: 29.0.1547.66) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4413.1752) Google Update Helper (Version: 1.3.21.153) iTunes (Version: 11.0.5.5) Java(TM) 6 Update 37 (Version: 6.0.370) Junk Mail filter update (Version: 14.0.8050.1202) Launch Manager (Version: 2.0.01) Malwarebytes Anti-Malware Version 1.61.0.1400 (Version: 1.61.0.1400) Media Player Codec Pack 4.1.9 (Version: 4.1.9) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Office Access MUI (German) 2007 (Version: 12.0.6425.1000) Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6425.1000) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6425.1000) Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6425.1000) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6425.1000) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6425.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6425.1000) Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6425.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6425.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6425.1000) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6425.1000) Microsoft Office Suite Activation Assistant (Version: 2.9) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6425.1000) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Works (Version: 9.7.0621) Mozilla Maintenance Service (Version: 17.0.8) Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MyWinLocker (Version: 3.1.59.0) NTI Backup Now 5 (Version: 5.1.2.616) NTI Backup Now Standard (Version: 5.1.2.616) NTI Media Maker 8 (Version: 8.0.2.6509) Nuvoton EC Generic HID Driver (Version: 7.80.5000) NVIDIA Grafiktreiber 307.83 (Version: 307.83) NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0) NVIDIA Install Application (Version: 2.1002.109.706) NVIDIA PhysX (Version: 9.12.0604) NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604) NVIDIA Systemsteuerung 307.83 (Version: 307.83) NVIDIA Update 1.10.8 (Version: 1.10.8) NVIDIA Update Components (Version: 1.10.8) OpenOffice.org 3.3 (Version: 3.3.9567) Pando Media Booster (Version: 2.6.0.9) QuickTime (Version: 7.74.80.86) Realtek High Definition Audio Driver (Version: 6.0.1.5807) Skype™ 6.3 (Version: 6.3.107) Spybot - Search & Destroy (Version: 1.6.2) Star Trek Online Steuer-Spar-Erklärung 2012 (Version: 17.11) swMSM (Version: 12.0.0.1) Synaptics Pointing Device Driver (Version: 12.1.0.0) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office Outlook 2007 (KB969907) Update for Outlook 2007 Junk Email Filter (kb970012) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) Windows Live Anmelde-Assistent (Version: 5.000.817.1) Windows Live Call (Version: 14.0.8050.1202) Windows Live Communications Platform (Version: 14.0.8050.1202) Windows Live Essentials (Version: 14.0.8050.1202) Windows Live Fotogalerie (Version: 14.0.8051.1204) Windows Live Mail (Version: 14.0.8050.1202) Windows Live Messenger (Version: 14.0.8050.1202) Windows Live Sync (Version: 14.0.8050.1202) Windows Live Writer (Version: 14.0.8050.1202) Windows Live-Uploadtool (Version: 14.0.8014.1029) World of Tanks Yahoo! Detect ==================== Restore Points ========================= 01-07-2013 20:17:52 Geplanter Prüfpunkt 11-07-2013 09:54:55 Windows Update 30-07-2013 10:20:39 Gerätetreiber-Paketinstallation: DT Soft Ltd Systemgeräte 06-08-2013 12:27:56 Installed AVG 2013 15-08-2013 16:18:39 Windows Update 18-08-2013 16:10:10 Geplanter Prüfpunkt 20-08-2013 18:21:34 Geplanter Prüfpunkt 21-08-2013 14:06:08 Geplanter Prüfpunkt 23-08-2013 16:47:39 Geplanter Prüfpunkt 25-08-2013 09:09:04 Geplanter Prüfpunkt 28-08-2013 10:19:09 Windows Update 30-08-2013 21:00:07 Geplanter Prüfpunkt 01-09-2013 13:23:26 Geplanter Prüfpunkt 04-09-2013 13:08:46 Geplanter Prüfpunkt 06-09-2013 10:28:26 Windows Update 13-09-2013 10:33:15 Windows Update ==================== Hosts content: ========================== 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0D11E925-7A2C-4CD8-B036-992417644961} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated) Task: {19A8D0B5-8A11-4DA2-AE5D-3A050171C51A} - System32\Tasks\ROC_ROC_JAN2013_AV => C:\Users\*****\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {1CF4F1C7-C8A7-4AF3-849B-AF4B4CB5E4ED} - System32\Tasks\{CA932D92-EBD7-4A0A-B097-17F4920AF973} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.6.59.110/de/exitsurvey?uhash1=a9ffbf3cd0503993534fcef7df1aebc2&uhash2=c36ad720e2cfb9b2444c1a4b35f42b1d&uhash3=ed9193c3689edb480ee776d249faeeba&uhash4=2de0efb91021c3330608029f09e92ba3 Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {357EB28C-CF68-481E-9BDE-5F641C1CCD72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {3BE36995-738C-4B2C-8AE0-2F387AF5C2AB} - System32\Tasks\DriverScanner => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe Task: {3C4C7D04-0A1C-4BD1-B887-85F9121EF369} - System32\Tasks\{519BA5D8-6D98-48E5-BE01-8802EC2A9F6F} => C:\Program Files\Skype\Phone\Skype.exe [2013-04-19] (Skype Technologies S.A.) Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {45591C92-7249-46D2-AE94-D8FAF815DF66} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation) Task: {48689C88-555F-486B-9CBF-B64325B974EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd) Task: {52C63271-5573-4699-B461-99E5E07CF7D1} - System32\Tasks\{42A645D9-1A4C-4560-BBF1-C137816F8119} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.6.59.110/de/exitsurvey?uhash1=a9ffbf3cd0503993534fcef7df1aebc2&uhash2=c36ad720e2cfb9b2444c1a4b35f42b1d&uhash3=ed9193c3689edb480ee776d249faeeba&uhash4=2de0efb91021c3330608029f09e92ba3 Task: {6382F7B9-69A5-498E-A758-D465E82015E6} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-04-20] (Acer) Task: {7B857DB3-E90C-4713-96C2-DC2868F43BA3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.) Task: {7D9A74CF-1A63-40E2-9829-171FE572F433} - System32\Tasks\{918965EF-42C6-41B2-96FA-2E75274807EE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.6.59.110/de/exitsurvey?uhash1=a9ffbf3cd0503993534fcef7df1aebc2&uhash2=c36ad720e2cfb9b2444c1a4b35f42b1d&uhash3=ed9193c3689edb480ee776d249faeeba&uhash4=2de0efb91021c3330608029f09e92ba3 Task: {89BEDF6B-5C9C-4E3D-AD0B-3088FD4EE475} - System32\Tasks\task6334982 => C:\Users\*****-~1\AppData\Local\Temp\cgs8h1.exe Task: {8C9ED539-1855-4680-B726-B094BF2A7B2D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-21] (Microsoft Corporation) Task: {C7919474-B210-429A-992F-97ECC00097BB} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe Task: {C9E5D027-23B3-422F-A7E5-64019532AF6D} - System32\Tasks\{8348C676-2A1D-447B-A05A-B00C244BA62F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.6.59.110/de/exitsurvey?uhash1=a9ffbf3cd0503993534fcef7df1aebc2&uhash2=c36ad720e2cfb9b2444c1a4b35f42b1d&uhash3=ed9193c3689edb480ee776d249faeeba&uhash4=2de0efb91021c3330608029f09e92ba3 Task: {CF1DD8B8-82C5-4F95-8105-36051AB9D86E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2529689845-194906081-301376323-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe Task: {E1F22157-05B3-4212-801A-782AE3D51BC9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2529689845-194906081-301376323-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {EB555DF6-5CE2-4D1F-8A3E-538A730971E4} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation) Task: {F3753E66-FA0F-4CBF-AB5C-9278F4151CE0} - System32\Tasks\ROC_REG_JAN => C:\ProgramData\AVG January 2013 Campaign\ROC.exe Task: {F84A570C-D350-4837-89E3-E15C2FF372B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-05-11 19:16 - 2013-01-31 13:21 - 02446416 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll 2011-06-23 09:37 - 2011-06-23 09:37 - 00446464 _____ (EgisTec Inc.) C:\Windows\system32\NBMatS1SDK.DLL 2009-02-13 02:50 - 2009-02-13 02:50 - 00192512 _____ (Arachnoid Biometric Identification Group.) C:\Windows\system32\BioOne.dll 2011-06-23 17:58 - 2008-12-05 08:54 - 00169256 _____ (Synaptics, Inc.) C:\Windows\system32\SynCOM.dll 2011-06-23 17:58 - 2008-12-05 08:54 - 00161064 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll 2011-06-23 17:58 - 2003-06-07 23:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll 2009-02-02 17:33 - 2009-02-02 17:33 - 00460199 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2009-04-11 15:14 - 2009-04-11 15:14 - 00008192 _____ (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\lang.dll 2011-07-29 01:09 - 2011-07-29 01:09 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll 2013-01-18 17:10 - 2013-01-18 17:10 - 00270336 _____ (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll 2011-06-24 22:56 - 2011-06-24 22:56 - 00053024 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll 2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2011-08-31 00:05 - 2011-08-31 00:05 - 00073064 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll 2013-02-26 15:38 - 2013-02-26 15:38 - 01996392 ____R (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll 2013-05-11 19:16 - 2013-01-31 13:21 - 12566808 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll 2011-12-12 15:13 - 2011-12-12 15:13 - 00194432 _____ (DivX, LLC) C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll 2013-09-13 13:02 - 2013-09-13 13:02 - 16244616 ____R (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\Flash32_11_8_800_174.ocx 2013-05-11 19:16 - 2013-01-31 13:21 - 15413704 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll 2013-09-13 13:02 - 2013-09-13 13:02 - 00479112 _____ (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.dll 2012-04-10 17:56 - 2008-06-19 17:35 - 00333288 _____ () C:\Program Files\Spybot - Search & Destroy\sqlite3.dll 2012-04-10 17:56 - 2008-03-04 14:52 - 00790392 _____ () C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll 2012-04-10 17:56 - 2008-03-05 09:34 - 00795520 _____ () C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll 2012-04-10 17:56 - 2008-02-26 11:04 - 00717176 _____ () C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll 2012-04-10 17:56 - 2007-12-24 01:05 - 00121344 _____ () C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll 2011-08-13 14:21 - 2012-11-15 17:45 - 00473072 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll 2012-02-02 15:56 - 2012-02-02 15:56 - 00281016 _____ (Adobe Systems, Inc.) C:\Windows\system32\Adobe\Director\SwDir.dll 2013-09-18 00:07 - 2011-06-01 10:16 - 00496976 _____ (vbAccelerator) C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx 2013-09-18 00:07 - 2011-06-01 10:16 - 00046416 _____ (vbAccelerator) C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Users\*****:zylomtest AlternateDataStreams: C:\Users\*****:zylomtr{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVUV} AlternateDataStreams: C:\ProgramData\Temp:35759C73 AlternateDataStreams: C:\ProgramData\Temp:4F636E25 AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE AlternateDataStreams: C:\Users\*****\Downloads\ElsterFormular-13.2.0.8623p.exe:BDU ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/18/2013 00:13:55 AM) (Source: Windows Search Service) (User: ) Description: Fehler beim Erstellen des SystemIndex-Suchindex durch den Windows-Suchdienst. Interner Fehler <7, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: file:///C:\Windows\*>. Error: (09/18/2013 00:09:46 AM) (Source: Windows Search Service) (User: ) Description: Fehler beim Erstellen des SystemIndex-Suchindex durch den Windows-Suchdienst. Interner Fehler <7, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: file:///C:\Windows\*>. Error: (09/17/2013 11:59:52 PM) (Source: Windows Search Service) (User: ) Description: Fehler beim Erstellen des SystemIndex-Suchindex durch den Windows-Suchdienst. Interner Fehler <7, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: file:///C:\Windows\*>. Error: (09/17/2013 11:59:15 PM) (Source: Windows Search Service) (User: ) Description: Fehler beim Erstellen des SystemIndex-Suchindex durch den Windows-Suchdienst. Interner Fehler <7, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: file:///C:\Windows\*>. Error: (09/17/2013 11:58:30 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/17/2013 11:57:48 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/17/2013 11:57:48 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/17/2013 11:57:48 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/17/2013 11:57:48 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/17/2013 11:57:31 PM) (Source: Windows Search Service) (User: ) Description: Fehler beim Erstellen des SystemIndex-Suchindex durch den Windows-Suchdienst. Interner Fehler <7, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: file:///C:\Windows\*>. System errors: ============= Error: (09/18/2013 00:14:02 AM) (Source: Service Control Manager) (User: ) Description: Windows Search5 Error: (09/18/2013 00:14:02 AM) (Source: Service Control Manager) (User: ) Description: Windows Search2147749155 (0x80040D23) Error: (09/18/2013 00:09:47 AM) (Source: Service Control Manager) (User: ) Description: Windows Search4 Error: (09/18/2013 00:09:47 AM) (Source: Service Control Manager) (User: ) Description: Windows Search2147749155 (0x80040D23) Error: (09/17/2013 11:59:52 PM) (Source: Service Control Manager) (User: ) Description: Windows Search3 Error: (09/17/2013 11:59:52 PM) (Source: Service Control Manager) (User: ) Description: Windows Search2147749155 (0x80040D23) Error: (09/17/2013 11:59:15 PM) (Source: Service Control Manager) (User: ) Description: Windows Search2300001Neustart des Diensts Error: (09/17/2013 11:59:15 PM) (Source: Service Control Manager) (User: ) Description: Windows Search2147749155 (0x80040D23) Error: (09/17/2013 11:58:30 PM) (Source: Service Control Manager) (User: ) Description: 1Neustart des DienstsWindows Search%%1056 Error: (09/17/2013 11:58:30 PM) (Source: Service Control Manager) (User: ) Description: Windows Search1300001Neustart des Diensts Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-09-18 00:24:36.120 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-18 00:24:35.762 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-18 00:24:35.377 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-18 00:24:34.909 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-18 00:24:34.505 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-18 00:24:34.109 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-18 00:24:33.662 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-18 00:24:33.286 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-18 00:22:17.374 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-18 00:22:17.144 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2013.09.17.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Acer :: ***** [Administrator] Schutz: Aktiviert 18.09.2013 00:12:19 mbam-log-2013-09-18 (00-12-19).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 378287 Laufzeit: 1 Stunde(n), 23 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\*****\AppData\Local\Temp\svchost.dll (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\2433f433 (Trojan.Agent.TPL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\*****\AppData\Roaming\2433f433 (Trojan.Agent.TPL) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Anschließend habe ich, so wie es Malwarebytes Anti-Malware empfahl, das System neu gestartet, habe anschließend versucht das o.g., infizierte Benutzerkonto "Nutzer" zu starten, was leider nicht funktioniert hat, aufgrund folgender Fehlermeldung in einer DOS-Box. Desktop und Startleiste erscheinen nicht, das Benutzerkonto funktioniert nicht mehr. Code:
ATTFilter Der Befehl C:\Users\*****\AppData\Local\Temp\svchost.dll ist entweder falsch oder konnte nicht gefunden werden." Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 04:13 on 18/09/2013 by Acer Administrator - Elevation successful ========== regfind ========== Searching for "60d7b1a8" No data found. ========== filefind ========== Searching for "*60d7b1a8*.*" No files found. -= EOF =- Kann mir jmd helfen, bitte rettet meine Daten! Viele, vielen Dank! Gruß, sryiamfresh |
18.09.2013, 08:41 | #2 |
/// the machine /// TB-Ausbilder | GVU/ BKA Trojaner (vermutl. Version 2.07) - Benutzerkonto lässt sich nicht mehr aufrufen! hi,
__________________Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\*****\...\Winlogon: [Shell] cmd.exe [ 2008-01-21] (Microsoft Corporation) <==== ATTENTION HKU\*****\...\Command Processor: "C:\Users\*****-~1\AppData\Local\Temp\svchost.exe" <===== ATTENTION! C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe C:\Users\*****\AppData\Local\Temp\RtkBtMnt.exe C:\Users\*****\AppData\Local\Temp\svchost.dll C:\Users\*****-~1\AppData\Local\Temp\svchost.exe Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Das verseuchte Konto normal starten
__________________ |
18.09.2013, 12:12 | #3 |
| GVU/ BKA Trojaner (vermutl. Version 2.07) - Benutzerkonto lässt sich nicht mehr aufrufen! Danke für die Hilfe, da ich allerdings bereits in einem anderem Forum betreut werde, benötige ich hier keine Hilfe mehr und mache Platz für andere Hilfesuchende.
__________________Trotzdem danke! |
18.09.2013, 15:51 | #4 |
/// the machine /// TB-Ausbilder | GVU/ BKA Trojaner (vermutl. Version 2.07) - Benutzerkonto lässt sich nicht mehr aufrufen! ok.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu GVU/ BKA Trojaner (vermutl. Version 2.07) - Benutzerkonto lässt sich nicht mehr aufrufen! |
bonjour, bootmgr, browser, canon, desktop, device driver, driverscanner, email, error, excel, farbar, farbar recovery scan tool, fehlermeldung, flash player, google, hdaudio.sys, home, homepage, installation, internet, launch, log-datei, ohne befund, plug-in, popup, realtek, registry, rundll, safer networking, scan, services.exe, software, starten, svchost.exe, system neu, trojaner, usb, usbvideo.sys, vista |