|
Plagegeister aller Art und deren Bekämpfung: - Rookit und Sirefef -MalwarebytesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.06.2012, 09:09 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -Malwarebytes Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
26.06.2012, 15:01 | #17 |
| - Rookit und Sirefef -Malwarebytes Alles klar Chef,
__________________Code:
ATTFilter 15:53:26.0859 5288 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44 15:53:27.0082 5288 ============================================================ 15:53:27.0082 5288 Current date / time: 2012/06/26 15:53:27.0082 15:53:27.0082 5288 SystemInfo: 15:53:27.0082 5288 15:53:27.0082 5288 OS Version: 6.0.6001 ServicePack: 1.0 15:53:27.0082 5288 Product type: Workstation 15:53:27.0082 5288 ComputerName: MEINPC 15:53:27.0083 5288 UserName: Marcel Klahn 15:53:27.0083 5288 Windows directory: C:\Windows 15:53:27.0083 5288 System windows directory: C:\Windows 15:53:27.0083 5288 Processor architecture: Intel x86 15:53:27.0083 5288 Number of processors: 2 15:53:27.0083 5288 Page size: 0x1000 15:53:27.0083 5288 Boot type: Normal boot 15:53:27.0083 5288 ============================================================ 15:53:27.0650 5288 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:53:27.0652 5288 ============================================================ 15:53:27.0652 5288 \Device\Harddisk0\DR0: 15:53:27.0652 5288 MBR partitions: 15:53:27.0652 5288 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000 15:53:27.0652 5288 ============================================================ 15:53:27.0696 5288 C: <-> \Device\Harddisk0\DR0\Partition0 15:53:27.0697 5288 ============================================================ 15:53:27.0697 5288 Initialize success 15:53:27.0697 5288 ============================================================ 15:54:33.0903 5240 ============================================================ 15:54:33.0903 5240 Scan started 15:54:33.0903 5240 Mode: Manual; SigCheck; TDLFS; 15:54:33.0903 5240 ============================================================ 15:54:34.0228 5240 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys 15:54:34.0394 5240 ACPI - ok 15:54:34.0451 5240 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 15:54:34.0491 5240 adp94xx - ok 15:54:34.0554 5240 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 15:54:34.0576 5240 adpahci - ok 15:54:34.0600 5240 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 15:54:34.0619 5240 adpu160m - ok 15:54:34.0650 5240 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 15:54:34.0669 5240 adpu320 - ok 15:54:34.0745 5240 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 15:54:34.0869 5240 AeLookupSvc - ok 15:54:34.0912 5240 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys 15:54:34.0965 5240 AFD - ok 15:54:35.0075 5240 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys 15:54:35.0357 5240 AgereSoftModem - ok 15:54:35.0409 5240 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 15:54:35.0425 5240 agp440 - ok 15:54:35.0446 5240 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 15:54:35.0460 5240 aic78xx - ok 15:54:35.0491 5240 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 15:54:35.0536 5240 ALG - ok 15:54:35.0560 5240 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 15:54:35.0574 5240 aliide - ok 15:54:35.0643 5240 AMD External Events Utility (cde41d99db840ff9454fc981ebd0ec50) C:\Windows\system32\atiesrxx.exe 15:54:35.0736 5240 AMD External Events Utility - ok 15:54:35.0801 5240 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 15:54:35.0816 5240 amdagp - ok 15:54:35.0845 5240 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 15:54:35.0858 5240 amdide - ok 15:54:35.0886 5240 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 15:54:35.0942 5240 AmdK7 - ok 15:54:35.0971 5240 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 15:54:36.0009 5240 AmdK8 - ok 15:54:36.0686 5240 amdkmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys 15:54:37.0835 5240 amdkmdag - ok 15:54:38.0060 5240 amdkmdap (c541da5b72fa638469e8dc1e66079330) C:\Windows\system32\DRIVERS\atikmpag.sys 15:54:38.0141 5240 amdkmdap - ok 15:54:38.0245 5240 AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Program Files\Avira\AntiVir Desktop\sched.exe 15:54:38.0268 5240 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning 15:54:38.0268 5240 AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1) 15:54:38.0304 5240 AntiVirService (b8720a787c1223492e6f319465e996ce) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 15:54:38.0315 5240 AntiVirService ( UnsignedFile.Multi.Generic ) - warning 15:54:38.0315 5240 AntiVirService - detected UnsignedFile.Multi.Generic (1) 15:54:38.0352 5240 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 15:54:38.0420 5240 Appinfo - ok 15:54:38.0498 5240 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:54:38.0515 5240 Apple Mobile Device - ok 15:54:38.0539 5240 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 15:54:38.0554 5240 arc - ok 15:54:38.0593 5240 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 15:54:38.0608 5240 arcsas - ok 15:54:38.0647 5240 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 15:54:38.0715 5240 AsyncMac - ok 15:54:38.0731 5240 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys 15:54:38.0745 5240 atapi - ok 15:54:38.0890 5240 athr (acdb46b1a467752a2f280c68c8461556) C:\Windows\system32\DRIVERS\athr.sys 15:54:39.0053 5240 athr - ok 15:54:39.0113 5240 AtiHDAudioService (9f7ccf1d6faf646f71f029a30ded2dc7) C:\Windows\system32\drivers\AtihdLH3.sys 15:54:39.0166 5240 AtiHDAudioService - ok 15:54:39.0827 5240 atikmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys 15:54:40.0192 5240 atikmdag - ok 15:54:40.0344 5240 AudioEndpointBuilder (20c195b959ea0fcccb986c7619bd347e) C:\Windows\System32\Audiosrv.dll 15:54:40.0412 5240 AudioEndpointBuilder - ok 15:54:40.0422 5240 Audiosrv (20c195b959ea0fcccb986c7619bd347e) C:\Windows\System32\Audiosrv.dll 15:54:40.0447 5240 Audiosrv - ok 15:54:40.0535 5240 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 15:54:40.0546 5240 avgio - ok 15:54:40.0607 5240 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys 15:54:40.0618 5240 avgntflt - ok 15:54:40.0665 5240 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys 15:54:40.0676 5240 avipbb - ok 15:54:40.0747 5240 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys 15:54:40.0811 5240 b57nd60x - ok 15:54:40.0852 5240 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 15:54:40.0910 5240 Beep - ok 15:54:40.0965 5240 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll 15:54:41.0026 5240 BFE - ok 15:54:41.0117 5240 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll 15:54:41.0258 5240 BITS - ok 15:54:41.0290 5240 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 15:54:41.0339 5240 blbdrive - ok 15:54:41.0437 5240 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 15:54:41.0460 5240 Bonjour Service - ok 15:54:41.0478 5240 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 15:54:41.0523 5240 bowser - ok 15:54:41.0557 5240 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 15:54:41.0611 5240 BrFiltLo - ok 15:54:41.0639 5240 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 15:54:41.0689 5240 BrFiltUp - ok 15:54:41.0723 5240 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 15:54:41.0821 5240 Browser - ok 15:54:41.0842 5240 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 15:54:41.0925 5240 Brserid - ok 15:54:41.0949 5240 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 15:54:42.0026 5240 BrSerWdm - ok 15:54:42.0043 5240 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 15:54:42.0113 5240 BrUsbMdm - ok 15:54:42.0128 5240 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 15:54:42.0198 5240 BrUsbSer - ok 15:54:42.0221 5240 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 15:54:42.0295 5240 BTHMODEM - ok 15:54:42.0327 5240 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 15:54:42.0381 5240 cdfs - ok 15:54:42.0412 5240 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys 15:54:42.0467 5240 cdrom - ok 15:54:42.0514 5240 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll 15:54:42.0558 5240 CertPropSvc - ok 15:54:42.0592 5240 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 15:54:42.0641 5240 circlass - ok 15:54:42.0684 5240 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys 15:54:42.0704 5240 CLFS - ok 15:54:42.0821 5240 CLHNService (2b272d0a6e5071829b516ffdc7f841ca) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe 15:54:42.0832 5240 CLHNService - ok 15:54:42.0924 5240 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:54:42.0938 5240 clr_optimization_v2.0.50727_32 - ok 15:54:42.0986 5240 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 15:54:43.0039 5240 CmBatt - ok 15:54:43.0065 5240 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 15:54:43.0079 5240 cmdide - ok 15:54:43.0103 5240 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 15:54:43.0116 5240 Compbatt - ok 15:54:43.0121 5240 COMSysApp - ok 15:54:43.0130 5240 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 15:54:43.0144 5240 crcdisk - ok 15:54:43.0162 5240 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 15:54:43.0217 5240 Crusoe - ok 15:54:43.0261 5240 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll 15:54:43.0311 5240 CryptSvc - ok 15:54:43.0381 5240 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll 15:54:43.0462 5240 DcomLaunch - ok 15:54:43.0494 5240 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys 15:54:43.0545 5240 DfsC - ok 15:54:43.0731 5240 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe 15:54:43.0881 5240 DFSR - ok 15:54:44.0053 5240 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll 15:54:44.0105 5240 Dhcp - ok 15:54:44.0148 5240 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys 15:54:44.0163 5240 disk - ok 15:54:44.0197 5240 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys 15:54:44.0208 5240 DKbFltr - ok 15:54:44.0231 5240 Dnscache (f5a0f1da1ed8b429597e71d27d976e31) C:\Windows\System32\dnsrslvr.dll 15:54:44.0347 5240 Dnscache - ok 15:54:44.0378 5240 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll 15:54:44.0419 5240 dot3svc - ok 15:54:44.0487 5240 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 15:54:44.0550 5240 Dot4 - ok 15:54:44.0578 5240 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 15:54:44.0728 5240 Dot4Print - ok 15:54:44.0781 5240 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 15:54:44.0832 5240 dot4usb - ok 15:54:44.0864 5240 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 15:54:44.0905 5240 DPS - ok 15:54:44.0932 5240 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 15:54:44.0977 5240 drmkaud - ok 15:54:45.0066 5240 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 15:54:45.0083 5240 dtsoftbus01 - ok 15:54:45.0145 5240 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys 15:54:45.0262 5240 DXGKrnl - ok 15:54:45.0340 5240 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 15:54:45.0398 5240 E1G60 - ok 15:54:45.0415 5240 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 15:54:45.0462 5240 EapHost - ok 15:54:45.0513 5240 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys 15:54:45.0531 5240 Ecache - ok 15:54:45.0610 5240 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 15:54:45.0645 5240 ehRecvr - ok 15:54:45.0677 5240 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 15:54:45.0718 5240 ehSched - ok 15:54:45.0739 5240 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 15:54:45.0767 5240 ehstart - ok 15:54:45.0842 5240 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 15:54:45.0912 5240 elxstor - ok 15:54:46.0036 5240 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll 15:54:46.0136 5240 EMDMgmt - ok 15:54:46.0306 5240 ePowerSvc (2072cbe938dd355c4a52e9a4dcf5439f) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe 15:54:46.0337 5240 ePowerSvc - ok 15:54:46.0420 5240 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 15:54:46.0466 5240 ErrDev - ok 15:54:46.0510 5240 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll 15:54:46.0554 5240 EventSystem - ok 15:54:46.0601 5240 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys 15:54:46.0641 5240 exfat - ok 15:54:46.0686 5240 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys 15:54:46.0740 5240 fastfat - ok 15:54:46.0773 5240 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 15:54:46.0827 5240 fdc - ok 15:54:46.0900 5240 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 15:54:46.0939 5240 fdPHost - ok 15:54:46.0948 5240 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 15:54:47.0019 5240 FDResPub - ok 15:54:47.0050 5240 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 15:54:47.0061 5240 FileInfo - ok 15:54:47.0083 5240 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 15:54:47.0136 5240 Filetrace - ok 15:54:47.0159 5240 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 15:54:47.0213 5240 flpydisk - ok 15:54:47.0238 5240 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys 15:54:47.0256 5240 FltMgr - ok 15:54:47.0330 5240 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:54:47.0342 5240 FontCache3.0.0.0 - ok 15:54:47.0372 5240 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 15:54:47.0421 5240 Fs_Rec - ok 15:54:47.0447 5240 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 15:54:47.0461 5240 gagp30kx - ok 15:54:47.0525 5240 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 15:54:47.0535 5240 GEARAspiWDM - ok 15:54:47.0653 5240 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 15:54:47.0664 5240 GoogleDesktopManager-051210-111108 - ok 15:54:47.0746 5240 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll 15:54:47.0806 5240 gpsvc - ok 15:54:47.0884 5240 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 15:54:47.0910 5240 gupdate - ok 15:54:47.0916 5240 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 15:54:47.0929 5240 gupdatem - ok 15:54:47.0986 5240 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 15:54:48.0001 5240 gusvc - ok 15:54:48.0048 5240 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 15:54:48.0141 5240 HdAudAddService - ok 15:54:48.0164 5240 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys 15:54:48.0213 5240 HDAudBus - ok 15:54:48.0231 5240 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 15:54:48.0311 5240 HidBth - ok 15:54:48.0336 5240 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 15:54:48.0404 5240 HidIr - ok 15:54:48.0437 5240 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll 15:54:48.0506 5240 hidserv - ok 15:54:48.0550 5240 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys 15:54:48.0573 5240 HidUsb - ok 15:54:48.0607 5240 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 15:54:48.0658 5240 hkmsvc - ok 15:54:48.0679 5240 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 15:54:48.0694 5240 HpCISSs - ok 15:54:48.0860 5240 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 15:54:48.0879 5240 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 15:54:48.0879 5240 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 15:54:48.0933 5240 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 15:54:48.0991 5240 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 15:54:48.0991 5240 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 15:54:49.0044 5240 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 15:54:49.0085 5240 HSFHWAZL - ok 15:54:49.0146 5240 HsfXAudioService (1e7c79cbaf71aa92e0eee924907dcb55) C:\Windows\system32\XAudio32.dll 15:54:49.0226 5240 HsfXAudioService - ok 15:54:49.0361 5240 HSF_DPV (efed6bd9b9d5f407adca918bbe2d410d) C:\Windows\system32\DRIVERS\HSX_DPV.sys 15:54:49.0497 5240 HSF_DPV - ok 15:54:49.0570 5240 HSXHWAZL (c2eb8396c46e13f76037d70eae8820a9) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 15:54:49.0634 5240 HSXHWAZL - ok 15:54:49.0703 5240 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys 15:54:49.0763 5240 HTTP - ok 15:54:49.0778 5240 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 15:54:49.0792 5240 i2omp - ok 15:54:49.0827 5240 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 15:54:49.0882 5240 i8042prt - ok 15:54:49.0934 5240 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys 15:54:49.0953 5240 iaStor - ok 15:54:49.0998 5240 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 15:54:50.0018 5240 iaStorV - ok 15:54:50.0160 5240 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:54:50.0247 5240 idsvc - ok 15:54:50.0276 5240 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 15:54:50.0290 5240 iirsp - ok 15:54:50.0342 5240 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll 15:54:50.0436 5240 IKEEXT - ok 15:54:50.0630 5240 IntcAzAudAddService (80919a856693b1d1d4177f11f5bda545) C:\Windows\system32\drivers\RTKVHDA.sys 15:54:50.0846 5240 IntcAzAudAddService - ok 15:54:51.0022 5240 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 15:54:51.0035 5240 intelide - ok 15:54:51.0076 5240 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 15:54:51.0125 5240 intelppm - ok 15:54:51.0162 5240 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 15:54:51.0219 5240 IPBusEnum - ok 15:54:51.0241 5240 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:54:51.0281 5240 IpFilterDriver - ok 15:54:51.0306 5240 iphlpsvc (cad416b8a4309b5e1ce75425381e7d2f) C:\Windows\System32\iphlpsvc.dll 15:54:51.0347 5240 iphlpsvc - ok 15:54:51.0352 5240 IpInIp - ok 15:54:51.0373 5240 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 15:54:51.0422 5240 IPMIDRV - ok 15:54:51.0455 5240 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 15:54:51.0495 5240 IPNAT - ok 15:54:51.0606 5240 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe 15:54:51.0687 5240 iPod Service - ok 15:54:51.0744 5240 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys 15:54:51.0784 5240 irda - ok 15:54:51.0830 5240 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 15:54:51.0868 5240 IRENUM - ok 15:54:51.0902 5240 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll 15:54:51.0977 5240 Irmon - ok 15:54:52.0004 5240 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 15:54:52.0018 5240 isapnp - ok 15:54:52.0058 5240 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys 15:54:52.0075 5240 iScsiPrt - ok 15:54:52.0099 5240 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 15:54:52.0113 5240 iteatapi - ok 15:54:52.0130 5240 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 15:54:52.0143 5240 iteraid - ok 15:54:52.0190 5240 k57nd60x (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys 15:54:52.0230 5240 k57nd60x - ok 15:54:52.0249 5240 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 15:54:52.0264 5240 kbdclass - ok 15:54:52.0274 5240 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys 15:54:52.0312 5240 kbdhid - ok 15:54:52.0336 5240 KeyIso (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe 15:54:52.0379 5240 KeyIso - ok 15:54:52.0431 5240 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys 15:54:52.0457 5240 KSecDD - ok 15:54:52.0507 5240 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 15:54:52.0560 5240 KtmRm - ok 15:54:52.0589 5240 LanmanServer (05ce901a4472b3fbf9407c94ad1db693) C:\Windows\system32\srvsvc.dll 15:54:52.0644 5240 LanmanServer - ok 15:54:52.0672 5240 LanmanWorkstation (dec1a338b86c5d582c25c40836dd76c3) C:\Windows\System32\wkssvc.dll 15:54:52.0741 5240 LanmanWorkstation - ok 15:54:52.0804 5240 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 15:54:52.0843 5240 lltdio - ok 15:54:52.0868 5240 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 15:54:52.0912 5240 lltdsvc - ok 15:54:52.0926 5240 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 15:54:52.0996 5240 lmhosts - ok 15:54:53.0037 5240 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 15:54:53.0048 5240 LSI_FC - ok 15:54:53.0068 5240 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 15:54:53.0080 5240 LSI_SAS - ok 15:54:53.0109 5240 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 15:54:53.0125 5240 LSI_SCSI - ok 15:54:53.0156 5240 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 15:54:53.0201 5240 luafv - ok 15:54:53.0263 5240 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 15:54:53.0277 5240 MBAMProtector - ok 15:54:53.0430 5240 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 15:54:53.0460 5240 MBAMService - ok 15:54:53.0643 5240 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe 15:54:53.0658 5240 McComponentHostService - ok 15:54:53.0690 5240 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 15:54:53.0733 5240 Mcx2Svc - ok 15:54:53.0759 5240 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 15:54:53.0775 5240 mdmxsdk - ok 15:54:53.0821 5240 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 15:54:53.0835 5240 megasas - ok 15:54:53.0907 5240 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 15:54:53.0963 5240 MegaSR - ok 15:54:54.0071 5240 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 15:54:54.0084 5240 Microsoft Office Groove Audit Service - ok 15:54:54.0161 5240 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 15:54:54.0215 5240 MMCSS - ok 15:54:54.0236 5240 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 15:54:54.0288 5240 Modem - ok 15:54:54.0327 5240 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 15:54:54.0365 5240 monitor - ok 15:54:54.0412 5240 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 15:54:54.0426 5240 mouclass - ok 15:54:54.0455 5240 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 15:54:54.0493 5240 mouhid - ok 15:54:54.0513 5240 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 15:54:54.0527 5240 MountMgr - ok 15:54:54.0631 5240 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 15:54:54.0646 5240 MozillaMaintenance - ok 15:54:54.0682 5240 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 15:54:54.0698 5240 mpio - ok 15:54:54.0720 5240 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 15:54:54.0759 5240 mpsdrv - ok 15:54:54.0805 5240 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll 15:54:54.0871 5240 MpsSvc - ok 15:54:54.0957 5240 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 15:54:54.0971 5240 Mraid35x - ok 15:54:55.0004 5240 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys 15:54:55.0048 5240 MRxDAV - ok 15:54:55.0076 5240 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:54:55.0116 5240 mrxsmb - ok 15:54:55.0146 5240 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:54:55.0183 5240 mrxsmb10 - ok 15:54:55.0193 5240 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:54:55.0232 5240 mrxsmb20 - ok 15:54:55.0255 5240 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 15:54:55.0270 5240 msahci - ok 15:54:55.0304 5240 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 15:54:55.0319 5240 msdsm - ok 15:54:55.0362 5240 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 15:54:55.0408 5240 MSDTC - ok 15:54:55.0417 5240 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 15:54:55.0463 5240 Msfs - ok 15:54:55.0487 5240 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 15:54:55.0500 5240 msisadrv - ok 15:54:55.0535 5240 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 15:54:55.0576 5240 MSiSCSI - ok 15:54:55.0580 5240 msiserver - ok 15:54:55.0600 5240 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 15:54:55.0646 5240 MSKSSRV - ok 15:54:55.0664 5240 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 15:54:55.0702 5240 MSPCLOCK - ok 15:54:55.0719 5240 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 15:54:55.0757 5240 MSPQM - ok 15:54:55.0788 5240 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys 15:54:55.0805 5240 MsRPC - ok 15:54:55.0824 5240 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 15:54:55.0838 5240 mssmbios - ok 15:54:55.0858 5240 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 15:54:55.0895 5240 MSTEE - ok 15:54:55.0914 5240 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys 15:54:55.0928 5240 Mup - ok 15:54:55.0957 5240 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 15:54:55.0968 5240 mwlPSDFilter - ok 15:54:55.0978 5240 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 15:54:55.0989 5240 mwlPSDNServ - ok 15:54:56.0003 5240 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 15:54:56.0013 5240 mwlPSDVDisk - ok 15:54:56.0106 5240 MWLService (fd257cd94057d02108b954156d7b2770) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe 15:54:56.0125 5240 MWLService - ok 15:54:56.0179 5240 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll 15:54:56.0244 5240 napagent - ok 15:54:56.0288 5240 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys 15:54:56.0331 5240 NativeWifiP - ok 15:54:56.0389 5240 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys 15:54:56.0444 5240 NDIS - ok 15:54:56.0520 5240 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 15:54:56.0571 5240 NdisTapi - ok 15:54:56.0583 5240 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 15:54:56.0620 5240 Ndisuio - ok 15:54:56.0653 5240 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys 15:54:56.0696 5240 NdisWan - ok 15:54:56.0713 5240 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 15:54:56.0751 5240 NDProxy - ok 15:54:56.0791 5240 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll 15:54:56.0812 5240 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:54:56.0812 5240 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:54:56.0823 5240 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 15:54:56.0860 5240 NetBIOS - ok 15:54:56.0885 5240 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys 15:54:56.0936 5240 netbt - ok 15:54:56.0957 5240 Netlogon (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe 15:54:56.0977 5240 Netlogon - ok 15:54:57.0012 5240 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 15:54:57.0068 5240 Netman - ok 15:54:57.0103 5240 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 15:54:57.0155 5240 netprofm - ok 15:54:57.0227 5240 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:54:57.0241 5240 NetTcpPortSharing - ok 15:54:57.0287 5240 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 15:54:57.0300 5240 nfrd960 - ok 15:54:57.0340 5240 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 15:54:57.0382 5240 NlaSvc - ok 15:54:57.0401 5240 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys 15:54:57.0449 5240 Npfs - ok 15:54:57.0463 5240 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys 15:54:57.0510 5240 NSCIRDA - ok 15:54:57.0538 5240 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 15:54:57.0592 5240 nsi - ok 15:54:57.0605 5240 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 15:54:57.0657 5240 nsiproxy - ok 15:54:57.0744 5240 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys 15:54:57.0818 5240 Ntfs - ok 15:54:57.0911 5240 NTI IScheduleSvc (944e3911888b9fffd843b91c8abbd3f6) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 15:54:57.0923 5240 NTI IScheduleSvc - ok 15:54:57.0948 5240 NTIBackupSvc (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 15:54:57.0959 5240 NTIBackupSvc - ok 15:54:57.0986 5240 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys 15:54:57.0996 5240 NTIDrvr - ok 15:54:58.0022 5240 NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 15:54:58.0034 5240 NTISchedulerSvc - ok 15:54:58.0075 5240 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 15:54:58.0165 5240 ntrigdigi - ok 15:54:58.0183 5240 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 15:54:58.0226 5240 Null - ok 15:54:58.0257 5240 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 15:54:58.0269 5240 nvraid - ok 15:54:58.0294 5240 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 15:54:58.0305 5240 nvstor - ok 15:54:58.0329 5240 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 15:54:58.0345 5240 nv_agp - ok 15:54:58.0350 5240 NwlnkFlt - ok 15:54:58.0358 5240 NwlnkFwd - ok 15:54:58.0476 5240 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:54:58.0500 5240 odserv - ok 15:54:58.0541 5240 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys 15:54:58.0588 5240 ohci1394 - ok 15:54:58.0619 5240 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:54:58.0633 5240 ose - ok 15:54:58.0704 5240 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll 15:54:58.0829 5240 p2pimsvc - ok 15:54:58.0841 5240 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll 15:54:58.0926 5240 p2psvc - ok 15:54:58.0995 5240 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 15:54:59.0099 5240 Parport - ok 15:54:59.0117 5240 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys 15:54:59.0133 5240 partmgr - ok 15:54:59.0158 5240 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 15:54:59.0226 5240 Parvdm - ok 15:54:59.0252 5240 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 15:54:59.0287 5240 PcaSvc - ok 15:54:59.0301 5240 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys 15:54:59.0318 5240 pci - ok 15:54:59.0342 5240 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 15:54:59.0355 5240 pciide - ok 15:54:59.0411 5240 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys 15:54:59.0428 5240 pcmcia - ok 15:54:59.0522 5240 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 15:54:59.0666 5240 PEAUTH - ok 15:54:59.0826 5240 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 15:54:59.0913 5240 pla - ok 15:55:00.0061 5240 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll 15:55:00.0116 5240 PlugPlay - ok 15:55:00.0156 5240 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll 15:55:00.0180 5240 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:55:00.0180 5240 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:55:00.0248 5240 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll 15:55:00.0324 5240 PNRPAutoReg - ok 15:55:00.0343 5240 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll 15:55:00.0420 5240 PNRPsvc - ok 15:55:00.0519 5240 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll 15:55:00.0576 5240 PolicyAgent - ok 15:55:00.0651 5240 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 15:55:00.0694 5240 PptpMiniport - ok 15:55:00.0722 5240 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 15:55:00.0761 5240 Processor - ok 15:55:00.0791 5240 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll 15:55:00.0843 5240 ProfSvc - ok 15:55:00.0868 5240 ProtectedStorage (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe 15:55:00.0888 5240 ProtectedStorage - ok 15:55:00.0914 5240 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys 15:55:00.0957 5240 PSched - ok 15:55:01.0079 5240 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 15:55:01.0198 5240 ql2300 - ok 15:55:01.0220 5240 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 15:55:01.0235 5240 ql40xx - ok 15:55:01.0295 5240 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 15:55:01.0325 5240 QWAVE - ok 15:55:01.0352 5240 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 15:55:01.0371 5240 QWAVEdrv - ok 15:55:01.0388 5240 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 15:55:01.0442 5240 RasAcd - ok 15:55:01.0459 5240 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 15:55:01.0500 5240 RasAuto - ok 15:55:01.0523 5240 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:55:01.0564 5240 Rasl2tp - ok 15:55:01.0610 5240 RasMan (afb474438762f0418060653f7294d92c) C:\Windows\System32\rasmans.dll 15:55:01.0654 5240 RasMan - ok 15:55:01.0678 5240 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys 15:55:01.0725 5240 RasPppoe - ok 15:55:01.0741 5240 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys 15:55:01.0780 5240 RasSstp - ok 15:55:01.0814 5240 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys 15:55:01.0856 5240 rdbss - ok 15:55:01.0872 5240 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:55:01.0910 5240 RDPCDD - ok 15:55:01.0957 5240 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 15:55:01.0999 5240 rdpdr - ok 15:55:02.0005 5240 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 15:55:02.0071 5240 RDPENCDD - ok 15:55:02.0109 5240 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys 15:55:02.0166 5240 RDPWD - ok 15:55:02.0210 5240 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 15:55:02.0250 5240 RemoteAccess - ok 15:55:02.0299 5240 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll 15:55:02.0342 5240 RemoteRegistry - ok 15:55:02.0379 5240 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 15:55:02.0397 5240 RpcLocator - ok 15:55:02.0455 5240 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll 15:55:02.0486 5240 RpcSs - ok 15:55:02.0522 5240 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 15:55:02.0562 5240 rspndr - ok 15:55:02.0590 5240 RTHDMIAzAudService (d85da4371af61359edfca4ea06619dd4) C:\Windows\system32\drivers\RtHDMIV.sys 15:55:02.0603 5240 RTHDMIAzAudService - ok 15:55:02.0650 5240 RTSTOR (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS 15:55:02.0692 5240 RTSTOR - ok 15:55:02.0735 5240 SamSs (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe 15:55:02.0754 5240 SamSs - ok 15:55:02.0781 5240 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 15:55:02.0795 5240 sbp2port - ok 15:55:02.0836 5240 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll 15:55:02.0883 5240 SCardSvr - ok 15:55:03.0010 5240 Schedule (1d5e99db3c10f4fa034010dc49043ca4) C:\Windows\system32\schedsvc.dll 15:55:03.0155 5240 Schedule - ok 15:55:03.0201 5240 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll 15:55:03.0239 5240 SCPolicySvc - ok 15:55:03.0278 5240 SCREAMINGBDRIVER (a643d6df1b7546256b11fb5d6b5d1375) C:\Windows\system32\drivers\ScreamingBAudio.sys 15:55:03.0289 5240 SCREAMINGBDRIVER - ok 15:55:03.0334 5240 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 15:55:03.0391 5240 sdbus - ok 15:55:03.0431 5240 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 15:55:03.0472 5240 SDRSVC - ok 15:55:03.0504 5240 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 15:55:03.0588 5240 secdrv - ok 15:55:03.0595 5240 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 15:55:03.0636 5240 seclogon - ok 15:55:03.0655 5240 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 15:55:03.0695 5240 SENS - ok 15:55:03.0725 5240 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 15:55:03.0814 5240 Serenum - ok 15:55:03.0851 5240 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 15:55:03.0946 5240 Serial - ok 15:55:03.0987 5240 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 15:55:04.0025 5240 sermouse - ok 15:55:04.0056 5240 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 15:55:04.0099 5240 SessionEnv - ok 15:55:04.0132 5240 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 15:55:04.0170 5240 sffdisk - ok 15:55:04.0199 5240 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 15:55:04.0260 5240 sffp_mmc - ok 15:55:04.0293 5240 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 15:55:04.0331 5240 sffp_sd - ok 15:55:04.0347 5240 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 15:55:04.0431 5240 sfloppy - ok 15:55:04.0500 5240 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 15:55:04.0572 5240 SharedAccess - ok 15:55:04.0611 5240 ShellHWDetection (27f10f348e508243f6254846f8370d0d) C:\Windows\System32\shsvcs.dll 15:55:04.0655 5240 ShellHWDetection - ok 15:55:04.0688 5240 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 15:55:04.0703 5240 sisagp - ok 15:55:04.0725 5240 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 15:55:04.0740 5240 SiSRaid2 - ok 15:55:04.0761 5240 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 15:55:04.0776 5240 SiSRaid4 - ok 15:55:04.0974 5240 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe 15:55:05.0221 5240 slsvc - ok 15:55:05.0407 5240 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll 15:55:05.0457 5240 SLUINotify - ok 15:55:05.0495 5240 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys 15:55:05.0542 5240 Smb - ok 15:55:05.0567 5240 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 15:55:05.0586 5240 SNMPTRAP - ok 15:55:05.0604 5240 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 15:55:05.0617 5240 spldr - ok 15:55:05.0637 5240 Spooler (846cdf9a3cf4da9b306adfb7d55ee4c2) C:\Windows\System32\spoolsv.exe 15:55:05.0679 5240 Spooler - ok 15:55:05.0722 5240 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys 15:55:05.0766 5240 srv - ok 15:55:05.0780 5240 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys 15:55:05.0820 5240 srv2 - ok 15:55:05.0831 5240 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys 15:55:05.0871 5240 srvnet - ok 15:55:05.0899 5240 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 15:55:05.0953 5240 SSDPSRV - ok 15:55:05.0994 5240 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys 15:55:06.0004 5240 ssmdrv - ok 15:55:06.0036 5240 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 15:55:06.0089 5240 SstpSvc - ok 15:55:06.0148 5240 Steam Client Service - ok 15:55:06.0214 5240 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll 15:55:06.0244 5240 stisvc - ok 15:55:06.0278 5240 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 15:55:06.0293 5240 swenum - ok 15:55:06.0327 5240 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll 15:55:06.0374 5240 swprv - ok 15:55:06.0400 5240 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 15:55:06.0413 5240 Symc8xx - ok 15:55:06.0440 5240 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 15:55:06.0453 5240 Sym_hi - ok 15:55:06.0480 5240 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 15:55:06.0494 5240 Sym_u3 - ok 15:55:06.0548 5240 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys 15:55:06.0564 5240 SynTP - ok 15:55:06.0621 5240 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll 15:55:06.0704 5240 SysMain - ok 15:55:06.0731 5240 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 15:55:06.0767 5240 TabletInputService - ok 15:55:06.0795 5240 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll 15:55:06.0849 5240 TapiSrv - ok 15:55:06.0871 5240 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 15:55:06.0923 5240 TBS - ok 15:55:07.0012 5240 Tcpip (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys 15:55:07.0132 5240 Tcpip - ok 15:55:07.0147 5240 Tcpip6 (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys 15:55:07.0237 5240 Tcpip6 - ok 15:55:07.0293 5240 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys 15:55:07.0347 5240 tcpipreg - ok 15:55:07.0369 5240 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 15:55:07.0432 5240 TDPIPE - ok 15:55:07.0450 5240 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 15:55:07.0487 5240 TDTCP - ok 15:55:07.0517 5240 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys 15:55:07.0563 5240 tdx - ok 15:55:07.0585 5240 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys 15:55:07.0600 5240 TermDD - ok 15:55:07.0649 5240 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll 15:55:07.0720 5240 TermService - ok 15:55:07.0777 5240 Themes (27f10f348e508243f6254846f8370d0d) C:\Windows\system32\shsvcs.dll 15:55:07.0821 5240 Themes - ok 15:55:07.0859 5240 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 15:55:07.0899 5240 THREADORDER - ok 15:55:07.0914 5240 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 15:55:07.0969 5240 TrkWks - ok 15:55:08.0020 5240 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe 15:55:08.0059 5240 TrustedInstaller - ok 15:55:08.0087 5240 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:55:08.0152 5240 tssecsrv - ok 15:55:08.0162 5240 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 15:55:08.0200 5240 tunmp - ok 15:55:08.0229 5240 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys 15:55:08.0278 5240 tunnel - ok 15:55:08.0303 5240 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 15:55:08.0317 5240 uagp35 - ok 15:55:08.0346 5240 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys 15:55:08.0356 5240 UBHelper - ok 15:55:08.0400 5240 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys 15:55:08.0441 5240 udfs - ok 15:55:08.0470 5240 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 15:55:08.0520 5240 UI0Detect - ok 15:55:08.0538 5240 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 15:55:08.0554 5240 uliagpkx - ok 15:55:08.0599 5240 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 15:55:08.0618 5240 uliahci - ok 15:55:08.0654 5240 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 15:55:08.0669 5240 UlSata - ok 15:55:08.0687 5240 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 15:55:08.0702 5240 ulsata2 - ok 15:55:08.0731 5240 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 15:55:08.0779 5240 umbus - ok 15:55:08.0818 5240 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 15:55:08.0876 5240 upnphost - ok 15:55:08.0922 5240 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 15:55:08.0972 5240 USBAAPL - ok 15:55:09.0027 5240 usbccgp (3955375c83afbe4b110c5fb1231345af) C:\Windows\system32\DRIVERS\usbccgp.sys 15:55:09.0075 5240 usbccgp - ok 15:55:09.0122 5240 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 15:55:09.0192 5240 usbcir - ok 15:55:09.0231 5240 usbehci (7f8d9d95a00072ccdd43ad3f7b4450c2) C:\Windows\system32\DRIVERS\usbehci.sys 15:55:09.0260 5240 usbehci - ok 15:55:09.0285 5240 usbhub (63b44b390451ed3b95405adddcc1984e) C:\Windows\system32\DRIVERS\usbhub.sys 15:55:09.0304 5240 usbhub - ok 15:55:09.0331 5240 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 15:55:09.0399 5240 usbohci - ok 15:55:09.0439 5240 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 15:55:09.0489 5240 usbprint - ok 15:55:09.0545 5240 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 15:55:09.0597 5240 usbscan - ok 15:55:09.0633 5240 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:55:09.0691 5240 USBSTOR - ok 15:55:09.0704 5240 usbuhci (ca62c65383513c365e1ca5796ccac7b5) C:\Windows\system32\DRIVERS\usbuhci.sys 15:55:09.0721 5240 usbuhci - ok 15:55:09.0738 5240 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 15:55:09.0784 5240 usbvideo - ok 15:55:09.0818 5240 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll 15:55:09.0859 5240 UxSms - ok 15:55:09.0892 5240 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\Windows\system32\DRIVERS\vcsvad.sys 15:55:09.0924 5240 VCSVADHWSer - ok 15:55:09.0967 5240 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe 15:55:10.0024 5240 vds - ok 15:55:10.0092 5240 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 15:55:10.0154 5240 vga - ok 15:55:10.0167 5240 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 15:55:10.0216 5240 VgaSave - ok 15:55:10.0245 5240 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 15:55:10.0259 5240 viaagp - ok 15:55:10.0277 5240 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 15:55:10.0315 5240 ViaC7 - ok 15:55:10.0333 5240 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 15:55:10.0346 5240 viaide - ok 15:55:10.0381 5240 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 15:55:10.0396 5240 volmgr - ok 15:55:10.0418 5240 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys 15:55:10.0439 5240 volmgrx - ok 15:55:10.0459 5240 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys 15:55:10.0478 5240 volsnap - ok 15:55:10.0525 5240 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 15:55:10.0541 5240 vsmraid - ok 15:55:10.0658 5240 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe 15:55:10.0783 5240 VSS - ok 15:55:10.0818 5240 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll 15:55:10.0874 5240 W32Time - ok 15:55:10.0941 5240 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 15:55:11.0032 5240 WacomPen - ok 15:55:11.0076 5240 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 15:55:11.0133 5240 Wanarp - ok 15:55:11.0141 5240 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 15:55:11.0183 5240 Wanarpv6 - ok 15:55:11.0237 5240 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll 15:55:11.0327 5240 wcncsvc - ok 15:55:11.0385 5240 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 15:55:11.0423 5240 WcsPlugInService - ok 15:55:11.0448 5240 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 15:55:11.0458 5240 Wd - ok 15:55:11.0528 5240 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 15:55:11.0576 5240 Wdf01000 - ok 15:55:11.0641 5240 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 15:55:11.0682 5240 WdiServiceHost - ok 15:55:11.0687 5240 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 15:55:11.0729 5240 WdiSystemHost - ok 15:55:11.0772 5240 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll 15:55:11.0807 5240 WebClient - ok 15:55:11.0830 5240 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll 15:55:11.0873 5240 Wecsvc - ok 15:55:11.0891 5240 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 15:55:11.0942 5240 wercplsupport - ok 15:55:11.0979 5240 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll 15:55:12.0016 5240 WerSvc - ok 15:55:12.0077 5240 winachsf (d0116c473ef3c381a42bb55036a1adb1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 15:55:12.0182 5240 winachsf - ok 15:55:12.0287 5240 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 15:55:12.0314 5240 WinDefend - ok 15:55:12.0322 5240 WinHttpAutoProxySvc - ok 15:55:12.0403 5240 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll 15:55:12.0463 5240 Winmgmt - ok 15:55:12.0546 5240 WinRM (20fc93fdc916843cfdfcaa7a1b0db16f) C:\Windows\system32\WsmSvc.dll 15:55:12.0646 5240 WinRM - ok 15:55:12.0701 5240 Wlansvc (4b40ff01db5357299dcbdb5a5746ad21) C:\Windows\System32\wlansvc.dll 15:55:12.0725 5240 Wlansvc - ok 15:55:12.0804 5240 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 15:55:12.0855 5240 WmiAcpi - ok 15:55:12.0928 5240 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe 15:55:12.0968 5240 wmiApSrv - ok 15:55:13.0101 5240 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 15:55:13.0267 5240 WMPNetworkSvc - ok 15:55:13.0345 5240 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll 15:55:13.0386 5240 WPCSvc - ok 15:55:13.0415 5240 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll 15:55:13.0464 5240 WPDBusEnum - ok 15:55:13.0559 5240 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 15:55:13.0597 5240 WpdUsb - ok 15:55:13.0628 5240 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 15:55:13.0670 5240 ws2ifsl - ok 15:55:13.0690 5240 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll 15:55:13.0713 5240 wscsvc - ok 15:55:13.0722 5240 WSearch - ok 15:55:13.0858 5240 wuauserv (d79538b67fa641e986855def651e78fe) C:\Windows\system32\wuaueng.dll 15:55:14.0076 5240 wuauserv - ok 15:55:14.0241 5240 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:55:14.0279 5240 WUDFRd - ok 15:55:14.0318 5240 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 15:55:14.0360 5240 wudfsvc - ok 15:55:14.0379 5240 XAudio (22a08b9faecd6a306868f59b7f03f188) C:\Windows\system32\DRIVERS\XAudio32.sys 15:55:14.0396 5240 XAudio - ok 15:55:14.0429 5240 MBR (0x1B8) (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0 15:55:14.0828 5240 \Device\Harddisk0\DR0 - ok 15:55:14.0832 5240 Boot (0x1200) (2b1801ad0246a445ff5091bb2fa14b1b) \Device\Harddisk0\DR0\Partition0 15:55:14.0834 5240 \Device\Harddisk0\DR0\Partition0 - ok 15:55:14.0836 5240 ============================================================ 15:55:14.0836 5240 Scan finished 15:55:14.0836 5240 ============================================================ 15:55:14.0920 6032 Detected object count: 6 15:55:14.0920 6032 Actual detected object count: 6 15:59:19.0686 6032 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:19.0686 6032 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:19.0689 6032 AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:19.0689 6032 AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:19.0692 6032 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:19.0692 6032 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:19.0695 6032 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:19.0695 6032 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:19.0698 6032 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:19.0698 6032 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:19.0700 6032 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:19.0701 6032 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:26.0824 5984 Deinitialize success |
26.06.2012, 15:37 | #18 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -Malwarebytes Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
28.06.2012, 16:33 | #19 |
| - Rookit und Sirefef -MalwarebytesCode:
ATTFilter ComboFix 12-06-28.01 - Marcel Klahn 28.06.2012 17:16:49.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3066.1984 [GMT 2:00] ausgeführt von:: c:\users\Marcel Klahn\Downloads\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\kikin c:\program files\kikin\default_settings.xml c:\program files\kikin\file_list.txt c:\program files\kikin\kikin.ico c:\program files\kikin\KikinBroker.exe c:\program files\kikin\KikinCrashReporter.exe c:\program files\kikin\uninst.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-28 )))))))))))))))))))))))))))))) . . 2012-06-28 15:28 . 2012-06-28 15:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-25 14:17 . 2012-06-25 14:17 -------- d-----w- C:\_OTL 2012-06-22 12:11 . 2012-06-22 12:11 -------- d-----w- c:\users\Marcel Klahn\AppData\Roaming\Malwarebytes 2012-06-21 21:14 . 2012-06-21 21:14 -------- d-----w- c:\program files\ESET 2012-06-06 11:18 . 2012-06-06 11:19 -------- d-----w- c:\program files\PokerStars . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 13:56 . 2011-03-28 20:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2012-06-14 22:19 . 2012-06-22 11:42 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-07-22 22:41 . 2009-12-03 14:55 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2008-07-27 18:03 282112 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 68856] "ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432] "Facebook Update"="c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-14 137536] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-19 1833504] "PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-25 200704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864] "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464] "mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-22 30192] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners . 2012-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000Core.job - c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 20:14] . 2012-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job - c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 20:14] . 2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 07:41] . 2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 07:41] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = mStart Page = mLocal Page = uInternet Settings,ProxyOverride = *.local uSearchAssistant = uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Free YouTube to MP3 Converter - c:\users\Marcel Klahn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\balegvbu.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-FormatFactory - c:\program files\FreeTime\FormatFactory\uninst.exe AddRemove-kikin Plugin (NO23 Edition) - c:\program files\kikin\uninst.exe AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe AddRemove-TeamSpeak 3 Client - c:\users\Marcel Klahn\Desktop\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-06-28 17:28 Windows 6.0.6001 Service Pack 1 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\SecuROM\License information*] "datasecu"=hex:d7,f1,4b,ea,7c,d6,4b,ee,73,e7,80,47,4e,fa,85,c2,d3,f1,bc,cf,79, d3,60,7f,71,d5,f4,4d,fc,6b,97,53,b2,1b,6e,09,ea,3f,be,7f,1c,fe,a2,a7,0a,f5,\ "rkeysecu"=hex:cf,93,cb,c3,6b,74,46,3a,94,96,51,0e,7d,ea,65,e2 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2012-06-28 17:31:40 ComboFix-quarantined-files.txt 2012-06-28 15:31 . Vor Suchlauf: 16 Verzeichnis(se), 121.768.992.768 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 121.712.115.712 Bytes frei . - - End Of File - - 63DBC3A7E816081557E9A743882DF885 |
29.06.2012, 11:12 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -Malwarebytes Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
04.07.2012, 01:35 | #21 |
| - Rookit und Sirefef -Malwarebytes Einmal der GEMA äh GMER scan Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-07-04 00:03:06 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 Running: bfn8crpz.exe; Driver: C:\Users\MARCEL~1\AppData\Local\Temp\kxtdypog.sys ---- System - GMER 1.0.15 ---- SSDT 8B226F3C ZwCreateThread SSDT 8B226F28 ZwOpenProcess SSDT 8B226F2D ZwOpenThread SSDT 8B226F37 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetTimerEx + 454 82508A18 4 Bytes [3C, 6F, 22, 8B] .text ntkrnlpa.exe!KeSetTimerEx + 624 82508BE8 4 Bytes [28, 6F, 22, 8B] .text ntkrnlpa.exe!KeSetTimerEx + 640 82508C04 4 Bytes [2D, 6F, 22, 8B] .text ntkrnlpa.exe!KeSetTimerEx + 854 82508E18 4 Bytes [37, 6F, 22, 8B] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E201000, 0x3C9EA5, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\Explorer.EXE[3352] SHELL32.dll!InitNetworkAddressControl + 2939 76FD0064 4 Bytes [20, 28, 00, 10] {AND [EAX], CH; ADD [EAX], DL} .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] ntdll.dll!LdrLoadDll 77AC7933 5 Bytes JMP 69E0FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] kernel32.dll!MapViewOfFile 766B7F30 5 Bytes JMP 6A0B079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] kernel32.dll!VirtualAlloc 766BB86F 5 Bytes JMP 6A0B07C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] GDI32.dll!CreateDIBSection 76C075C0 5 Bytes JMP 6A0B0728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2144] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [01B41210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74867BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748A98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7486D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7485F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74867599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7485E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7489B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7486D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7486012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74860095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748571F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [748ED802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [748875E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7485DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7485668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748566BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74861E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002D50] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mwlPSDFilter.sys (PSD Filter Driver/Egis Incorporated.) ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:09:42 on 04.07.2012 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 13.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000Core.job" - "Facebook Inc." - C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe "FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job" - "Facebook Inc." - C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\MARCEL~1\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kxtdypog" (kxtdypog) - ? - C:\Users\MARCEL~1\AppData\Local\Temp\kxtdypog.sys (Hidden registry entry, rootkit activity | File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys "mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys "mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Facebook Update" - "Facebook Inc." - "C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 "ProductReg" - "Acer" - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k "CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" "EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe "PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "PLFSetI" - ? - C:\Windows\PLFSetI.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5mu.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe "NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "Acer" - C:\Windows\system32\Acer.scr [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-07-04 00:11:53 ----------------------------- 00:11:53.950 OS Version: Windows 6.0.6001 Service Pack 1 00:11:53.950 Number of processors: 2 586 0x170A 00:11:53.953 ComputerName: MEINPC UserName: 00:11:56.521 Initialize success 00:14:17.142 AVAST engine defs: 12070301 00:14:46.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 00:14:46.300 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3 00:14:46.660 Disk 0 MBR read successfully 00:14:46.662 Disk 0 MBR scan 00:14:46.668 Disk 0 unknown MBR code 00:14:46.772 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048 00:14:46.903 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 466938 MB offset 20482048 00:14:47.317 Disk 0 scanning sectors +976771072 00:14:48.142 Disk 0 scanning C:\Windows\system32\drivers 00:16:20.103 Service scanning 00:16:46.722 Modules scanning 00:17:33.813 Disk 0 trace - called modules: 00:17:33.857 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 00:17:33.864 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8621c518] 00:17:33.869 3 CLASSPNP.SYS[8a7a2745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x856ec028] 00:17:36.447 AVAST engine scan C:\Windows 00:19:45.623 AVAST engine scan C:\Windows\system32 00:24:19.222 AVAST engine scan C:\Windows\system32\drivers 00:24:58.356 AVAST engine scan C:\Users\Marcel Klahn 01:06:44.306 AVAST engine scan C:\ProgramData 01:14:54.557 Scan finished successfully 02:31:21.601 Disk 0 MBR has been saved successfully to "C:\Users\Marcel Klahn\Desktop\MBR.dat" 02:31:21.609 The log file has been saved successfully to "C:\Users\Marcel Klahn\Desktop\aswMBR.txt" |
05.07.2012, 08:35 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -Malwarebytes Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.07.2012, 17:21 | #23 |
| - Rookit und Sirefef -Malwarebytes So, mir hats gereicht, komplett das system neu aufgesetzt, danke für die mühen, kannst du bitte das thema löschen, ich will nicht, dass man hier googeln kann und private Daten erfährt. LG DANKE FÜR DIE BEMÜHUNGEN |
15.07.2012, 18:50 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -Malwarebytes Schade, dass du so kurz vorm Ziel aufgehört hast, naja Themen werden hier nicht gelöscht
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu - Rookit und Sirefef -Malwarebytes |
80000000.@, 800000cb.@, administrator, anti-malware, antivir, appdata, autostart, code, dateien, dateisystem, ebanking, explorer, firefox, folge, frage, gelöscht, google, heuristiks/extra, heuristiks/shuriken, hotmail, mail, problem, rootkit, scan, seite, seiten, software, trojaner, virus, vista, wichtig |