|
Log-Analyse und Auswertung: Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd abWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.09.2012, 15:51 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd abCode:
ATTFilter Admin :: BÜRO-PC [Administrator]
__________________ Logfiles bitte immer in CODE-Tags posten |
11.09.2012, 19:24 | #17 |
| Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd ab Nein, das ist mein Privat-Rechner, der aber im Arbeitszimmer steht, deswegen Büro-PC.
__________________ |
11.09.2012, 23:16 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd ab Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL FF - user.js - File not found SRV - File not found [On_Demand | Stopped] -- c:\programdata\partner\partner.exe -- (Partner Service) IE - HKU\S-1-5-21-4294008180-2172255532-983037165-1003\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=dQrNw2Q8yL6A6tpkZRjrcFhg3nE?q={searchTerms} IE - HKU\S-1-5-21-4294008180-2172255532-983037165-1005\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=LO_MdShu8UqBTYz5km95XlvNP70?q={searchTerms} O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKU\S-1-5-21-4294008180-2172255532-983037165-1003..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-4294008180-2172255532-983037165-1005..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7e85633f-7643-11dd-bac9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7e85633f-7643-11dd-bac9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Msetup4.exe :Files c:\programdata\partner ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
12.09.2012, 15:15 | #19 |
| Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd abCode:
ATTFilter All processes killed ========== OTL ========== Service Partner Service stopped successfully! Service Partner Service deleted successfully! File c:\programdata\partner\partner.exe not found. Registry key HKEY_USERS\S-1-5-21-4294008180-2172255532-983037165-1003\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found. Registry key HKEY_USERS\S-1-5-21-4294008180-2172255532-983037165-1005\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-4294008180-2172255532-983037165-1003\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully. C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-4294008180-2172255532-983037165-1005\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully. File C:\Programme\Spybot - Search & Destroy\TeaTimer.exe not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e85633f-7643-11dd-bac9-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e85633f-7643-11dd-bac9-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e85633f-7643-11dd-bac9-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e85633f-7643-11dd-bac9-806e6f6e6963}\ not found. File E:\Msetup4.exe not found. ========== FILES ========== File\Folder c:\programdata\partner not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Tobias\Documents\Desktop\cmd.bat deleted successfully. C:\Users\Tobias\Documents\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Admin ->Temp folder emptied: 858402 bytes ->Temporary Internet Files folder emptied: 52936777 bytes ->Java cache emptied: 27844531 bytes ->FireFox cache emptied: 102732139 bytes ->Flash cache emptied: 535 bytes User: Alexandra ->Temp folder emptied: 11305206 bytes ->Temporary Internet Files folder emptied: 3441128 bytes ->Java cache emptied: 41461958 bytes ->FireFox cache emptied: 40960945 bytes ->Flash cache emptied: 1571 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 134 bytes ->Flash cache emptied: 75 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: ms4 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 134 bytes ->Flash cache emptied: 75 bytes User: Public User: TEMP User: Tobias ->Temp folder emptied: 27060409 bytes ->Temporary Internet Files folder emptied: 70596243 bytes ->Java cache emptied: 721268 bytes ->FireFox cache emptied: 221682066 bytes ->Flash cache emptied: 2475 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1143514 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 64972 bytes RecycleBin emptied: 373873329 bytes Total Files Cleaned = 931,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.61.3 log created on 09122012_155135 |
12.09.2012, 15:32 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd ab Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
12.09.2012, 16:03 | #21 |
| Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd abCode:
ATTFilter 16:59:51.0392 6032 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 16:59:51.0860 6032 ============================================================ 16:59:51.0860 6032 Current date / time: 2012/09/12 16:59:51.0860 16:59:51.0860 6032 SystemInfo: 16:59:51.0860 6032 16:59:51.0860 6032 OS Version: 6.0.6002 ServicePack: 2.0 16:59:51.0860 6032 Product type: Workstation 16:59:51.0860 6032 ComputerName: BÜRO-PC 16:59:51.0860 6032 UserName: Admin 16:59:51.0860 6032 Windows directory: C:\Windows 16:59:51.0860 6032 System windows directory: C:\Windows 16:59:51.0860 6032 Processor architecture: Intel x86 16:59:51.0860 6032 Number of processors: 2 16:59:51.0860 6032 Page size: 0x1000 16:59:51.0860 6032 Boot type: Normal boot 16:59:51.0860 6032 ============================================================ 16:59:53.0311 6032 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:59:53.0311 6032 ============================================================ 16:59:53.0311 6032 \Device\Harddisk0\DR0: 16:59:53.0311 6032 MBR partitions: 16:59:53.0311 6032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x12057000 16:59:53.0311 6032 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x133DF800, BlocksNum 0x1204E800 16:59:53.0311 6032 ============================================================ 16:59:53.0358 6032 C: <-> \Device\Harddisk0\DR0\Partition1 16:59:53.0451 6032 D: <-> \Device\Harddisk0\DR0\Partition2 16:59:53.0451 6032 ============================================================ 16:59:53.0451 6032 Initialize success 16:59:53.0451 6032 ============================================================ 17:01:06.0705 0484 ============================================================ 17:01:06.0705 0484 Scan started 17:01:06.0705 0484 Mode: Manual; SigCheck; TDLFS; 17:01:06.0705 0484 ============================================================ 17:01:07.0376 0484 ================ Scan system memory ======================== 17:01:07.0376 0484 System memory - ok 17:01:07.0376 0484 ================ Scan services ============================= 17:01:07.0625 0484 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 17:01:08.0015 0484 ACPI - ok 17:01:08.0156 0484 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 17:01:08.0187 0484 AdobeARMservice - ok 17:01:08.0234 0484 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 17:01:08.0296 0484 adp94xx - ok 17:01:08.0327 0484 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 17:01:08.0374 0484 adpahci - ok 17:01:08.0405 0484 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 17:01:08.0452 0484 adpu160m - ok 17:01:08.0483 0484 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 17:01:08.0530 0484 adpu320 - ok 17:01:08.0577 0484 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:01:08.0764 0484 AeLookupSvc - ok 17:01:08.0826 0484 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 17:01:08.0889 0484 AFD - ok 17:01:08.0936 0484 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 17:01:08.0982 0484 agp440 - ok 17:01:09.0014 0484 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 17:01:09.0076 0484 aic78xx - ok 17:01:09.0107 0484 [ 8D59617A9C3DBF4650AA44F4E9215744 ] AlfaFF C:\Windows\system32\Drivers\AlfaFF.sys 17:01:09.0170 0484 AlfaFF - ok 17:01:09.0201 0484 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 17:01:09.0357 0484 ALG - ok 17:01:09.0404 0484 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 17:01:09.0450 0484 aliide - ok 17:01:09.0466 0484 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 17:01:09.0513 0484 amdagp - ok 17:01:09.0528 0484 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 17:01:09.0575 0484 amdide - ok 17:01:09.0591 0484 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 17:01:09.0700 0484 AmdK7 - ok 17:01:09.0731 0484 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 17:01:09.0825 0484 AmdK8 - ok 17:01:09.0887 0484 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 17:01:09.0918 0484 AntiVirSchedulerService - ok 17:01:09.0950 0484 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 17:01:09.0981 0484 AntiVirService - ok 17:01:10.0028 0484 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 17:01:10.0090 0484 AntiVirWebService - ok 17:01:10.0137 0484 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 17:01:10.0230 0484 Appinfo - ok 17:01:10.0262 0484 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 17:01:10.0308 0484 arc - ok 17:01:10.0355 0484 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 17:01:10.0386 0484 arcsas - ok 17:01:10.0433 0484 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:01:10.0542 0484 AsyncMac - ok 17:01:10.0589 0484 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 17:01:10.0620 0484 atapi - ok 17:01:10.0667 0484 [ F4B36684811CA991AA2385CB963CA56B ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe 17:01:10.0792 0484 Ati External Event Utility - ok 17:01:10.0964 0484 [ D4129EDF159A9B352BB0D3E5CE0DAC04 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 17:01:11.0276 0484 atikmdag - ok 17:01:11.0338 0484 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:01:11.0400 0484 AudioEndpointBuilder - ok 17:01:11.0432 0484 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 17:01:11.0494 0484 Audiosrv - ok 17:01:11.0541 0484 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 17:01:11.0572 0484 avgntflt - ok 17:01:11.0603 0484 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 17:01:11.0650 0484 avipbb - ok 17:01:11.0681 0484 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 17:01:11.0712 0484 avkmgr - ok 17:01:11.0790 0484 [ 7D0F2BFA273831124FA08526AF48AF18 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 17:01:11.0868 0484 b57nd60x - ok 17:01:11.0962 0484 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 17:01:11.0993 0484 BcmSqlStartupSvc - ok 17:01:12.0040 0484 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 17:01:12.0149 0484 Beep - ok 17:01:12.0212 0484 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 17:01:12.0290 0484 BFE - ok 17:01:12.0352 0484 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 17:01:12.0477 0484 BITS - ok 17:01:12.0508 0484 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 17:01:12.0586 0484 blbdrive - ok 17:01:12.0617 0484 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:01:12.0680 0484 bowser - ok 17:01:12.0711 0484 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 17:01:12.0773 0484 BrFiltLo - ok 17:01:12.0804 0484 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 17:01:12.0898 0484 BrFiltUp - ok 17:01:12.0929 0484 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 17:01:13.0023 0484 Browser - ok 17:01:13.0054 0484 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 17:01:13.0335 0484 Brserid - ok 17:01:13.0366 0484 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 17:01:13.0491 0484 BrSerWdm - ok 17:01:13.0506 0484 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 17:01:13.0631 0484 BrUsbMdm - ok 17:01:13.0662 0484 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 17:01:13.0787 0484 BrUsbSer - ok 17:01:13.0850 0484 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 17:01:13.0928 0484 BthEnum - ok 17:01:13.0959 0484 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 17:01:14.0146 0484 BTHMODEM - ok 17:01:14.0208 0484 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 17:01:14.0302 0484 BthPan - ok 17:01:14.0364 0484 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 17:01:14.0474 0484 BTHPORT - ok 17:01:14.0520 0484 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll 17:01:14.0598 0484 BthServ - ok 17:01:14.0645 0484 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 17:01:14.0692 0484 BTHUSB - ok 17:01:14.0770 0484 [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 17:01:14.0801 0484 btwaudio - ok 17:01:14.0817 0484 [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 17:01:14.0864 0484 btwavdt - ok 17:01:14.0895 0484 [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 17:01:14.0926 0484 btwrchid - ok 17:01:14.0973 0484 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe 17:01:14.0988 0484 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning 17:01:14.0988 0484 BUNAgentSvc - detected UnsignedFile.Multi.Generic (1) 17:01:15.0035 0484 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:01:15.0113 0484 cdfs - ok 17:01:15.0160 0484 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:01:15.0222 0484 cdrom - ok 17:01:15.0269 0484 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 17:01:15.0347 0484 CertPropSvc - ok 17:01:15.0363 0484 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 17:01:15.0456 0484 circlass - ok 17:01:15.0503 0484 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 17:01:15.0550 0484 CLFS - ok 17:01:15.0597 0484 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:01:15.0628 0484 clr_optimization_v2.0.50727_32 - ok 17:01:15.0737 0484 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:01:15.0768 0484 clr_optimization_v4.0.30319_32 - ok 17:01:15.0815 0484 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:01:15.0893 0484 CmBatt - ok 17:01:15.0909 0484 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:01:15.0956 0484 cmdide - ok 17:01:15.0987 0484 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:01:16.0018 0484 Compbatt - ok 17:01:16.0034 0484 COMSysApp - ok 17:01:16.0080 0484 [ 097A0A4899B759A4F032BD464963B4BE ] cpuz132 C:\Windows\system32\drivers\cpuz132_x32.sys 17:01:16.0112 0484 cpuz132 ( UnsignedFile.Multi.Generic ) - warning 17:01:16.0112 0484 cpuz132 - detected UnsignedFile.Multi.Generic (1) 17:01:16.0127 0484 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 17:01:16.0174 0484 crcdisk - ok 17:01:16.0190 0484 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 17:01:16.0299 0484 Crusoe - ok 17:01:16.0361 0484 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:01:16.0424 0484 CryptSvc - ok 17:01:16.0486 0484 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:01:16.0595 0484 DcomLaunch - ok 17:01:16.0626 0484 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:01:16.0704 0484 DfsC - ok 17:01:16.0798 0484 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 17:01:17.0188 0484 DFSR - ok 17:01:17.0250 0484 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 17:01:17.0328 0484 Dhcp - ok 17:01:17.0391 0484 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 17:01:17.0422 0484 disk - ok 17:01:17.0469 0484 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys 17:01:17.0500 0484 DKbFltr - ok 17:01:17.0562 0484 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:01:17.0625 0484 Dnscache - ok 17:01:17.0672 0484 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 17:01:17.0734 0484 dot3svc - ok 17:01:17.0781 0484 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 17:01:17.0874 0484 DPS - ok 17:01:17.0906 0484 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:01:17.0984 0484 drmkaud - ok 17:01:18.0030 0484 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:01:18.0108 0484 DXGKrnl - ok 17:01:18.0140 0484 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 17:01:18.0249 0484 E1G60 - ok 17:01:18.0296 0484 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 17:01:18.0374 0484 EapHost - ok 17:01:18.0420 0484 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 17:01:18.0467 0484 Ecache - ok 17:01:18.0498 0484 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:01:18.0561 0484 ehRecvr - ok 17:01:18.0576 0484 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 17:01:18.0654 0484 ehSched - ok 17:01:18.0686 0484 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 17:01:18.0732 0484 ehstart - ok 17:01:18.0779 0484 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 17:01:18.0826 0484 elxstor - ok 17:01:18.0904 0484 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 17:01:19.0013 0484 EMDMgmt - ok 17:01:19.0044 0484 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 17:01:19.0107 0484 ErrDev - ok 17:01:19.0169 0484 [ A51FD9DF23720485991F56741BBEFCFB ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe 17:01:19.0185 0484 ETService ( UnsignedFile.Multi.Generic ) - warning 17:01:19.0185 0484 ETService - detected UnsignedFile.Multi.Generic (1) 17:01:19.0232 0484 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 17:01:19.0310 0484 EventSystem - ok 17:01:19.0419 0484 [ 54B6E150BFF4A47EB0D204119D262E46 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 17:01:19.0512 0484 EvtEng ( UnsignedFile.Multi.Generic ) - warning 17:01:19.0512 0484 EvtEng - detected UnsignedFile.Multi.Generic (1) 17:01:19.0575 0484 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 17:01:19.0668 0484 exfat - ok 17:01:19.0715 0484 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:01:19.0793 0484 fastfat - ok 17:01:19.0824 0484 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 17:01:19.0902 0484 fdc - ok 17:01:19.0934 0484 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 17:01:20.0012 0484 fdPHost - ok 17:01:20.0027 0484 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 17:01:20.0168 0484 FDResPub - ok 17:01:20.0199 0484 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:01:20.0246 0484 FileInfo - ok 17:01:20.0277 0484 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:01:20.0370 0484 Filetrace - ok 17:01:20.0402 0484 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 17:01:20.0495 0484 flpydisk - ok 17:01:20.0542 0484 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:01:20.0589 0484 FltMgr - ok 17:01:20.0698 0484 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 17:01:20.0870 0484 FontCache - ok 17:01:20.0963 0484 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 17:01:20.0994 0484 FontCache3.0.0.0 - ok 17:01:21.0057 0484 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:01:21.0135 0484 Fs_Rec - ok 17:01:21.0166 0484 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 17:01:21.0213 0484 gagp30kx - ok 17:01:21.0322 0484 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 17:01:21.0353 0484 GoogleDesktopManager-051210-111108 - ok 17:01:21.0400 0484 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 17:01:21.0525 0484 gpsvc - ok 17:01:21.0572 0484 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 17:01:21.0618 0484 gupdate - ok 17:01:21.0634 0484 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 17:01:21.0665 0484 gupdatem - ok 17:01:21.0728 0484 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 17:01:21.0774 0484 gusvc - ok 17:01:21.0837 0484 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:01:21.0899 0484 HdAudAddService - ok 17:01:21.0962 0484 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 17:01:22.0086 0484 HDAudBus - ok 17:01:22.0149 0484 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 17:01:22.0289 0484 HidBth - ok 17:01:22.0383 0484 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 17:01:22.0539 0484 HidIr - ok 17:01:22.0586 0484 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 17:01:22.0648 0484 hidserv - ok 17:01:22.0710 0484 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:01:22.0773 0484 HidUsb - ok 17:01:22.0804 0484 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:01:22.0882 0484 hkmsvc - ok 17:01:22.0913 0484 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 17:01:22.0944 0484 HpCISSs - ok 17:01:23.0054 0484 [ F9A4BED3B4117752E0A7EEF69977FE1E ] HRService C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe 17:01:23.0085 0484 HRService - ok 17:01:23.0116 0484 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 17:01:23.0194 0484 HSFHWAZL - ok 17:01:23.0256 0484 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 17:01:23.0412 0484 HSF_DPV - ok 17:01:23.0444 0484 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 17:01:23.0506 0484 HSXHWAZL - ok 17:01:23.0568 0484 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:01:23.0662 0484 HTTP - ok 17:01:23.0709 0484 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 17:01:23.0740 0484 i2omp - ok 17:01:23.0771 0484 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 17:01:23.0849 0484 i8042prt - ok 17:01:23.0880 0484 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 17:01:23.0927 0484 iaStorV - ok 17:01:24.0021 0484 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 17:01:24.0052 0484 IDriverT ( UnsignedFile.Multi.Generic ) - warning 17:01:24.0052 0484 IDriverT - detected UnsignedFile.Multi.Generic (1) 17:01:24.0161 0484 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 17:01:24.0270 0484 idsvc - ok 17:01:24.0442 0484 [ 68FA70AD97555C4F81478D9FFE6374A8 ] IGBASVC C:\Program Files\Acer\Acer Bio Protection\BASVC.exe 17:01:24.0926 0484 IGBASVC ( UnsignedFile.Multi.Generic ) - warning 17:01:24.0926 0484 IGBASVC - detected UnsignedFile.Multi.Generic (1) 17:01:24.0957 0484 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 17:01:24.0988 0484 iirsp - ok 17:01:25.0035 0484 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 17:01:25.0128 0484 IKEEXT - ok 17:01:25.0175 0484 [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15 C:\Windows\system32\drivers\int15.sys 17:01:25.0206 0484 int15 ( UnsignedFile.Multi.Generic ) - warning 17:01:25.0206 0484 int15 - detected UnsignedFile.Multi.Generic (1) 17:01:25.0331 0484 [ 58628F232A00A3149D7CC7708C521499 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 17:01:25.0518 0484 IntcAzAudAddService - ok 17:01:25.0565 0484 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 17:01:25.0596 0484 intelide - ok 17:01:25.0628 0484 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:01:25.0721 0484 intelppm - ok 17:01:25.0752 0484 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:01:25.0830 0484 IPBusEnum - ok 17:01:25.0862 0484 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:01:25.0940 0484 IpFilterDriver - ok 17:01:25.0986 0484 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:01:26.0064 0484 iphlpsvc - ok 17:01:26.0080 0484 IpInIp - ok 17:01:26.0111 0484 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 17:01:26.0189 0484 IPMIDRV - ok 17:01:26.0220 0484 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 17:01:26.0298 0484 IPNAT - ok 17:01:26.0330 0484 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys 17:01:26.0423 0484 irda - ok 17:01:26.0454 0484 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:01:26.0517 0484 IRENUM - ok 17:01:26.0548 0484 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll 17:01:26.0673 0484 Irmon - ok 17:01:26.0704 0484 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:01:26.0751 0484 isapnp - ok 17:01:26.0813 0484 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 17:01:26.0860 0484 iScsiPrt - ok 17:01:26.0891 0484 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 17:01:26.0922 0484 iteatapi - ok 17:01:26.0938 0484 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 17:01:26.0985 0484 iteraid - ok 17:01:27.0016 0484 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 17:01:27.0047 0484 IviRegMgr - ok 17:01:27.0063 0484 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:01:27.0110 0484 kbdclass - ok 17:01:27.0156 0484 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 17:01:27.0234 0484 kbdhid - ok 17:01:27.0281 0484 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 17:01:27.0344 0484 KeyIso - ok 17:01:27.0390 0484 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:01:27.0468 0484 KSecDD - ok 17:01:27.0515 0484 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 17:01:27.0624 0484 KtmRm - ok 17:01:27.0656 0484 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 17:01:27.0765 0484 LanmanServer - ok 17:01:27.0812 0484 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:01:27.0890 0484 LanmanWorkstation - ok 17:01:27.0936 0484 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 17:01:27.0952 0484 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 17:01:27.0952 0484 LightScribeService - detected UnsignedFile.Multi.Generic (1) 17:01:27.0968 0484 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:01:28.0061 0484 lltdio - ok 17:01:28.0092 0484 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:01:28.0186 0484 lltdsvc - ok 17:01:28.0217 0484 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:01:28.0342 0484 lmhosts - ok 17:01:28.0420 0484 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 17:01:28.0467 0484 LSI_FC - ok 17:01:28.0482 0484 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 17:01:28.0514 0484 LSI_SAS - ok 17:01:28.0545 0484 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 17:01:28.0576 0484 LSI_SCSI - ok 17:01:28.0623 0484 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 17:01:28.0701 0484 luafv - ok 17:01:28.0732 0484 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:01:28.0779 0484 Mcx2Svc - ok 17:01:28.0794 0484 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 17:01:28.0841 0484 mdmxsdk - ok 17:01:28.0872 0484 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 17:01:28.0904 0484 megasas - ok 17:01:28.0966 0484 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 17:01:29.0013 0484 MegaSR - ok 17:01:29.0044 0484 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 17:01:29.0138 0484 MMCSS - ok 17:01:29.0184 0484 MobilityService - ok 17:01:29.0216 0484 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 17:01:29.0309 0484 Modem - ok 17:01:29.0356 0484 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:01:29.0450 0484 monitor - ok 17:01:29.0465 0484 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:01:29.0512 0484 mouclass - ok 17:01:29.0528 0484 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:01:29.0621 0484 mouhid - ok 17:01:29.0652 0484 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 17:01:29.0684 0484 MountMgr - ok 17:01:29.0746 0484 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 17:01:29.0793 0484 MozillaMaintenance - ok 17:01:29.0824 0484 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 17:01:29.0871 0484 mpio - ok 17:01:29.0886 0484 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:01:29.0949 0484 mpsdrv - ok 17:01:30.0011 0484 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 17:01:30.0105 0484 MpsSvc - ok 17:01:30.0136 0484 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 17:01:30.0167 0484 Mraid35x - ok 17:01:30.0183 0484 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:01:30.0261 0484 MRxDAV - ok 17:01:30.0292 0484 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:01:30.0354 0484 mrxsmb - ok 17:01:30.0386 0484 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:01:30.0448 0484 mrxsmb10 - ok 17:01:30.0464 0484 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:01:30.0495 0484 mrxsmb20 - ok 17:01:30.0557 0484 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys 17:01:30.0588 0484 msahci - ok 17:01:30.0635 0484 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:01:30.0682 0484 msdsm - ok 17:01:30.0698 0484 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 17:01:30.0791 0484 MSDTC - ok 17:01:30.0822 0484 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:01:30.0900 0484 Msfs - ok 17:01:30.0916 0484 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:01:30.0947 0484 msisadrv - ok 17:01:30.0994 0484 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:01:31.0072 0484 MSiSCSI - ok 17:01:31.0088 0484 msiserver - ok 17:01:31.0103 0484 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:01:31.0197 0484 MSKSSRV - ok 17:01:31.0212 0484 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:01:31.0290 0484 MSPCLOCK - ok 17:01:31.0306 0484 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:01:31.0384 0484 MSPQM - ok 17:01:31.0431 0484 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:01:31.0462 0484 MsRPC - ok 17:01:31.0493 0484 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 17:01:31.0524 0484 mssmbios - ok 17:01:31.0587 0484 MSSQL$MSSMLBIZ - ok 17:01:31.0634 0484 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 17:01:31.0665 0484 MSSQLServerADHelper - ok 17:01:31.0712 0484 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:01:31.0774 0484 MSTEE - ok 17:01:31.0790 0484 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 17:01:31.0821 0484 Mup - ok 17:01:31.0868 0484 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 17:01:31.0961 0484 napagent - ok 17:01:32.0008 0484 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:01:32.0055 0484 NativeWifiP - ok 17:01:32.0133 0484 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 17:01:32.0195 0484 NDIS - ok 17:01:32.0226 0484 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:01:32.0320 0484 NdisTapi - ok 17:01:32.0336 0484 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:01:32.0398 0484 Ndisuio - ok 17:01:32.0445 0484 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:01:32.0507 0484 NdisWan - ok 17:01:32.0523 0484 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:01:32.0585 0484 NDProxy - ok 17:01:32.0601 0484 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:01:32.0679 0484 NetBIOS - ok 17:01:32.0741 0484 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 17:01:32.0804 0484 netbt - ok 17:01:32.0819 0484 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 17:01:32.0866 0484 Netlogon - ok 17:01:32.0897 0484 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 17:01:33.0006 0484 Netman - ok 17:01:33.0022 0484 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 17:01:33.0131 0484 netprofm - ok 17:01:33.0178 0484 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:01:33.0209 0484 NetTcpPortSharing - ok 17:01:33.0381 0484 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys 17:01:33.0677 0484 NETw5v32 - ok 17:01:33.0724 0484 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 17:01:33.0755 0484 nfrd960 - ok 17:01:33.0786 0484 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 17:01:33.0864 0484 NlaSvc - ok 17:01:33.0911 0484 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:01:33.0974 0484 Npfs - ok 17:01:33.0989 0484 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys 17:01:34.0083 0484 NSCIRDA - ok 17:01:34.0098 0484 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 17:01:34.0192 0484 nsi - ok 17:01:34.0208 0484 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:01:34.0301 0484 nsiproxy - ok 17:01:34.0364 0484 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:01:34.0488 0484 Ntfs - ok 17:01:34.0520 0484 [ CB76F68BA0D57C5D25B538981B1C611C ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 17:01:34.0551 0484 NTIBackupSvc - ok 17:01:34.0582 0484 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys 17:01:34.0613 0484 NTIDrvr - ok 17:01:34.0629 0484 [ DF1C10A75DF7E50195FC417F88A33227 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 17:01:34.0660 0484 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning 17:01:34.0660 0484 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1) 17:01:34.0691 0484 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 17:01:34.0816 0484 ntrigdigi - ok 17:01:34.0832 0484 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 17:01:34.0925 0484 Null - ok 17:01:34.0956 0484 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:01:35.0003 0484 nvraid - ok 17:01:35.0034 0484 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:01:35.0081 0484 nvstor - ok 17:01:35.0112 0484 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:01:35.0159 0484 nv_agp - ok 17:01:35.0175 0484 NwlnkFlt - ok 17:01:35.0190 0484 NwlnkFwd - ok 17:01:35.0253 0484 [ D955D5DE998DB2476BF0892BE3A96C26 ] o2flash C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe 17:01:35.0315 0484 o2flash ( UnsignedFile.Multi.Generic ) - warning 17:01:35.0315 0484 o2flash - detected UnsignedFile.Multi.Generic (1) 17:01:35.0346 0484 [ 78575368974962042472F18B24D3CF28 ] O2MDRDR C:\Windows\system32\DRIVERS\o2media.sys 17:01:35.0378 0484 O2MDRDR - ok 17:01:35.0409 0484 [ B6DBDA8C79DC4333AD9B0C15067B8247 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sd.sys 17:01:35.0440 0484 O2SDRDR - ok 17:01:35.0565 0484 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 17:01:35.0612 0484 odserv - ok 17:01:35.0690 0484 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 17:01:35.0783 0484 ohci1394 - ok 17:01:35.0846 0484 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:01:35.0892 0484 ose - ok 17:01:35.0970 0484 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 17:01:36.0064 0484 p2pimsvc - ok 17:01:36.0095 0484 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 17:01:36.0173 0484 p2psvc - ok 17:01:36.0189 0484 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 17:01:36.0314 0484 Parport - ok 17:01:36.0345 0484 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:01:36.0376 0484 partmgr - ok 17:01:36.0407 0484 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 17:01:36.0532 0484 Parvdm - ok 17:01:36.0563 0484 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 17:01:36.0641 0484 PcaSvc - ok 17:01:36.0688 0484 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 17:01:36.0735 0484 pci - ok 17:01:36.0766 0484 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 17:01:36.0797 0484 pciide - ok 17:01:36.0844 0484 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 17:01:36.0891 0484 pcmcia - ok 17:01:36.0953 0484 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:01:37.0156 0484 PEAUTH - ok 17:01:37.0312 0484 pgsqlms4 - ok 17:01:37.0374 0484 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 17:01:37.0577 0484 pla - ok 17:01:37.0624 0484 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:01:37.0718 0484 PlugPlay - ok 17:01:37.0764 0484 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 17:01:37.0842 0484 PNRPAutoReg - ok 17:01:37.0874 0484 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 17:01:37.0952 0484 PNRPsvc - ok 17:01:37.0998 0484 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:01:38.0108 0484 PolicyAgent - ok 17:01:38.0139 0484 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:01:38.0232 0484 PptpMiniport - ok 17:01:38.0248 0484 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 17:01:38.0326 0484 Processor - ok 17:01:38.0373 0484 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 17:01:38.0451 0484 ProfSvc - ok 17:01:38.0466 0484 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 17:01:38.0513 0484 ProtectedStorage - ok 17:01:38.0560 0484 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 17:01:38.0638 0484 PSched - ok 17:01:38.0669 0484 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 17:01:38.0700 0484 PSI_SVC_2 - ok 17:01:38.0747 0484 [ 72289D214B581981A860B0F9FB61E9C8 ] PVUSB C:\Windows\system32\DRIVERS\CESG502.sys 17:01:38.0778 0484 PVUSB - ok 17:01:38.0841 0484 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 17:01:38.0981 0484 ql2300 - ok 17:01:39.0012 0484 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 17:01:39.0044 0484 ql40xx - ok 17:01:39.0090 0484 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 17:01:39.0153 0484 QWAVE - ok 17:01:39.0168 0484 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:01:39.0215 0484 QWAVEdrv - ok 17:01:39.0231 0484 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:01:39.0309 0484 RasAcd - ok 17:01:39.0340 0484 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 17:01:39.0434 0484 RasAuto - ok 17:01:39.0449 0484 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:01:39.0527 0484 Rasl2tp - ok 17:01:39.0574 0484 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 17:01:39.0668 0484 RasMan - ok 17:01:39.0761 0484 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:01:39.0886 0484 RasPppoe - ok 17:01:39.0917 0484 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:01:39.0964 0484 RasSstp - ok 17:01:39.0995 0484 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:01:40.0058 0484 rdbss - ok 17:01:40.0089 0484 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:01:40.0167 0484 RDPCDD - ok 17:01:40.0198 0484 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 17:01:40.0276 0484 rdpdr - ok 17:01:40.0292 0484 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:01:40.0370 0484 RDPENCDD - ok 17:01:40.0448 0484 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:01:40.0510 0484 RDPWD - ok 17:01:40.0541 0484 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys 17:01:40.0572 0484 regi - ok 17:01:40.0666 0484 [ 3FF45B7F17D5837216ABAE652CC61540 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 17:01:40.0713 0484 RegSrvc ( UnsignedFile.Multi.Generic ) - warning 17:01:40.0713 0484 RegSrvc - detected UnsignedFile.Multi.Generic (1) 17:01:40.0744 0484 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:01:40.0822 0484 RemoteAccess - ok 17:01:40.0869 0484 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:01:40.0931 0484 RemoteRegistry - ok 17:01:40.0978 0484 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 17:01:41.0056 0484 RFCOMM - ok 17:01:41.0087 0484 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 17:01:41.0165 0484 RpcLocator - ok 17:01:41.0196 0484 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 17:01:41.0306 0484 RpcSs - ok 17:01:41.0337 0484 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:01:41.0477 0484 rspndr - ok 17:01:41.0493 0484 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 17:01:41.0540 0484 SamSs - ok 17:01:41.0555 0484 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:01:41.0602 0484 sbp2port - ok 17:01:41.0696 0484 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 17:01:41.0805 0484 SBSDWSCService - ok 17:01:41.0836 0484 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:01:41.0914 0484 SCardSvr - ok 17:01:41.0961 0484 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 17:01:42.0101 0484 Schedule - ok 17:01:42.0148 0484 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 17:01:42.0210 0484 SCPolicySvc - ok 17:01:42.0257 0484 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 17:01:42.0351 0484 sdbus - ok 17:01:42.0382 0484 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:01:42.0460 0484 SDRSVC - ok 17:01:42.0491 0484 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:01:42.0616 0484 secdrv - ok 17:01:42.0632 0484 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 17:01:42.0710 0484 seclogon - ok 17:01:42.0725 0484 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 17:01:42.0819 0484 SENS - ok 17:01:42.0850 0484 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 17:01:42.0975 0484 Serenum - ok 17:01:43.0006 0484 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 17:01:43.0146 0484 Serial - ok 17:01:43.0178 0484 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 17:01:43.0240 0484 sermouse - ok 17:01:43.0287 0484 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 17:01:43.0365 0484 SessionEnv - ok 17:01:43.0380 0484 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:01:43.0443 0484 sffdisk - ok 17:01:43.0458 0484 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:01:43.0536 0484 sffp_mmc - ok 17:01:43.0552 0484 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:01:43.0630 0484 sffp_sd - ok 17:01:43.0646 0484 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 17:01:43.0770 0484 sfloppy - ok 17:01:43.0817 0484 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:01:43.0895 0484 SharedAccess - ok 17:01:43.0942 0484 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:01:44.0020 0484 ShellHWDetection - ok 17:01:44.0051 0484 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 17:01:44.0098 0484 sisagp - ok 17:01:44.0114 0484 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 17:01:44.0160 0484 SiSRaid2 - ok 17:01:44.0176 0484 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 17:01:44.0223 0484 SiSRaid4 - ok 17:01:44.0363 0484 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 17:01:44.0628 0484 slsvc - ok 17:01:44.0660 0484 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 17:01:44.0738 0484 SLUINotify - ok 17:01:44.0769 0484 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:01:44.0847 0484 Smb - ok 17:01:44.0894 0484 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:01:44.0940 0484 SNMPTRAP - ok 17:01:44.0972 0484 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 17:01:45.0003 0484 spldr - ok 17:01:45.0050 0484 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 17:01:45.0128 0484 Spooler - ok 17:01:45.0143 0484 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 17:01:45.0190 0484 SQLBrowser - ok 17:01:45.0221 0484 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 17:01:45.0252 0484 SQLWriter - ok 17:01:45.0299 0484 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 17:01:45.0377 0484 srv - ok 17:01:45.0424 0484 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:01:45.0502 0484 srv2 - ok 17:01:45.0533 0484 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:01:45.0580 0484 srvnet - ok 17:01:45.0627 0484 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:01:45.0720 0484 SSDPSRV - ok 17:01:45.0752 0484 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 17:01:45.0783 0484 ssmdrv - ok 17:01:45.0830 0484 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:01:45.0892 0484 SstpSvc - ok 17:01:45.0954 0484 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 17:01:46.0032 0484 stisvc - ok 17:01:46.0079 0484 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 17:01:46.0110 0484 swenum - ok 17:01:46.0173 0484 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 17:01:46.0251 0484 swprv - ok 17:01:46.0282 0484 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 17:01:46.0313 0484 Symc8xx - ok 17:01:46.0329 0484 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 17:01:46.0376 0484 Sym_hi - ok 17:01:46.0391 0484 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 17:01:46.0438 0484 Sym_u3 - ok 17:01:46.0500 0484 [ 32E8B307F0E9F72B66B518FD62EAB91E ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 17:01:46.0532 0484 SynTP - ok 17:01:46.0594 0484 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 17:01:46.0703 0484 SysMain - ok 17:01:46.0750 0484 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:01:46.0812 0484 TabletInputService - ok 17:01:46.0859 0484 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 17:01:46.0953 0484 TapiSrv - ok 17:01:46.0968 0484 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 17:01:47.0046 0484 TBS - ok 17:01:47.0109 0484 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:01:47.0234 0484 Tcpip - ok 17:01:47.0265 0484 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 17:01:47.0358 0484 Tcpip6 - ok 17:01:47.0405 0484 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:01:47.0483 0484 tcpipreg - ok 17:01:47.0514 0484 [ 58E3EB5A5C78740C5870EEE6648CCC46 ] TcUsb C:\Windows\system32\Drivers\tcusb.sys 17:01:47.0546 0484 TcUsb - ok 17:01:47.0577 0484 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:01:47.0670 0484 TDPIPE - ok 17:01:47.0686 0484 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:01:47.0764 0484 TDTCP - ok 17:01:47.0811 0484 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:01:47.0858 0484 tdx - ok 17:01:47.0904 0484 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 17:01:47.0951 0484 TermDD - ok 17:01:47.0998 0484 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 17:01:48.0107 0484 TermService - ok 17:01:48.0170 0484 [ 95746E5B1473432F3D9458940DBA6E3A ] TfFsMon C:\Windows\system32\drivers\TfFsMon.sys 17:01:48.0201 0484 TfFsMon - ok 17:01:48.0216 0484 [ 02FFDD873E31C5C2D57CA87D11EC36AF ] TfNetMon C:\Windows\system32\drivers\TfNetMon.sys 17:01:48.0248 0484 TfNetMon - ok 17:01:48.0310 0484 [ F8BD92251AB439383C051CE907D78CCE ] TfSysMon C:\Windows\system32\drivers\TfSysMon.sys 17:01:48.0341 0484 TfSysMon - ok 17:01:48.0357 0484 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 17:01:48.0419 0484 Themes - ok 17:01:48.0435 0484 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 17:01:48.0513 0484 THREADORDER - ok 17:01:48.0544 0484 ThreatFire - ok 17:01:48.0591 0484 [ E319535A8124F25C1C9C5288CACF3101 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 17:01:48.0638 0484 TomTomHOMEService - ok 17:01:48.0669 0484 [ 3AFFF25EAE28188FA4ECD292658BE31B ] TpChoice C:\Windows\system32\DRIVERS\TpChoice.sys 17:01:48.0700 0484 TpChoice - ok 17:01:48.0731 0484 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 17:01:48.0809 0484 TrkWks - ok 17:01:48.0872 0484 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:01:48.0934 0484 TrustedInstaller - ok 17:01:48.0965 0484 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:01:49.0059 0484 tssecsrv - ok 17:01:49.0090 0484 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 17:01:49.0152 0484 tunmp - ok 17:01:49.0199 0484 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:01:49.0262 0484 tunnel - ok 17:01:49.0277 0484 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 17:01:49.0324 0484 uagp35 - ok 17:01:49.0355 0484 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 17:01:49.0386 0484 UBHelper - ok 17:01:49.0449 0484 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:01:49.0511 0484 udfs - ok 17:01:49.0558 0484 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:01:49.0636 0484 UI0Detect - ok 17:01:49.0667 0484 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:01:49.0698 0484 uliagpkx - ok 17:01:49.0730 0484 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 17:01:49.0776 0484 uliahci - ok 17:01:49.0808 0484 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 17:01:49.0839 0484 UlSata - ok 17:01:49.0870 0484 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 17:01:49.0917 0484 ulsata2 - ok 17:01:49.0948 0484 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:01:50.0026 0484 umbus - ok 17:01:50.0057 0484 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 17:01:50.0166 0484 upnphost - ok 17:01:50.0182 0484 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:01:50.0244 0484 usbccgp - ok 17:01:50.0276 0484 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 17:01:50.0400 0484 usbcir - ok 17:01:50.0463 0484 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 17:01:50.0541 0484 usbehci - ok 17:01:50.0572 0484 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:01:50.0634 0484 usbhub - ok 17:01:50.0666 0484 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 17:01:50.0775 0484 usbohci - ok 17:01:50.0806 0484 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 17:01:50.0868 0484 usbprint - ok 17:01:50.0931 0484 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 17:01:51.0009 0484 usbscan - ok 17:01:51.0024 0484 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:01:51.0087 0484 USBSTOR - ok 17:01:51.0118 0484 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 17:01:51.0212 0484 usbuhci - ok 17:01:51.0243 0484 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 17:01:51.0336 0484 usbvideo - ok 17:01:51.0383 0484 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 17:01:51.0461 0484 UxSms - ok 17:01:51.0524 0484 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 17:01:51.0602 0484 vds - ok 17:01:51.0648 0484 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:01:51.0758 0484 vga - ok 17:01:51.0773 0484 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 17:01:51.0867 0484 VgaSave - ok 17:01:51.0882 0484 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 17:01:51.0929 0484 viaagp - ok 17:01:51.0945 0484 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 17:01:52.0023 0484 ViaC7 - ok 17:01:52.0038 0484 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 17:01:52.0085 0484 viaide - ok 17:01:52.0101 0484 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:01:52.0148 0484 volmgr - ok 17:01:52.0194 0484 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:01:52.0241 0484 volmgrx - ok 17:01:52.0288 0484 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:01:52.0350 0484 volsnap - ok 17:01:52.0366 0484 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 17:01:52.0413 0484 vsmraid - ok 17:01:52.0460 0484 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 17:01:52.0694 0484 VSS - ok 17:01:52.0740 0484 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 17:01:52.0850 0484 W32Time - ok 17:01:52.0881 0484 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 17:01:53.0006 0484 WacomPen - ok 17:01:53.0021 0484 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 17:01:53.0099 0484 Wanarp - ok 17:01:53.0099 0484 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:01:53.0162 0484 Wanarpv6 - ok 17:01:53.0193 0484 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:01:53.0271 0484 wcncsvc - ok 17:01:53.0318 0484 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:01:53.0380 0484 WcsPlugInService - ok 17:01:53.0396 0484 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 17:01:53.0442 0484 Wd - ok 17:01:53.0474 0484 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:01:53.0536 0484 Wdf01000 - ok 17:01:53.0567 0484 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:01:53.0661 0484 WdiServiceHost - ok 17:01:53.0661 0484 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:01:53.0739 0484 WdiSystemHost - ok 17:01:53.0786 0484 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 17:01:53.0848 0484 WebClient - ok 17:01:53.0895 0484 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:01:53.0957 0484 Wecsvc - ok 17:01:53.0973 0484 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:01:54.0051 0484 wercplsupport - ok 17:01:54.0098 0484 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 17:01:54.0176 0484 WerSvc - ok 17:01:54.0222 0484 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 17:01:54.0316 0484 winachsf - ok 17:01:54.0363 0484 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 17:01:54.0410 0484 WinDefend - ok 17:01:54.0410 0484 WinHttpAutoProxySvc - ok 17:01:54.0488 0484 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:01:54.0550 0484 Winmgmt - ok 17:01:54.0628 0484 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 17:01:54.0768 0484 WinRM - ok 17:01:54.0831 0484 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 17:01:54.0971 0484 Wlansvc - ok 17:01:55.0002 0484 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 17:01:55.0065 0484 WmiAcpi - ok 17:01:55.0127 0484 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:01:55.0205 0484 wmiApSrv - ok 17:01:55.0283 0484 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 17:01:55.0408 0484 WMPNetworkSvc - ok 17:01:55.0439 0484 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:01:55.0517 0484 WPCSvc - ok 17:01:55.0564 0484 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:01:55.0626 0484 WPDBusEnum - ok 17:01:55.0673 0484 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 17:01:55.0720 0484 WpdUsb - ok 17:01:55.0860 0484 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 17:01:55.0938 0484 WPFFontCache_v0400 - ok 17:01:55.0970 0484 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:01:56.0063 0484 ws2ifsl - ok 17:01:56.0110 0484 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 17:01:56.0172 0484 wscsvc - ok 17:01:56.0172 0484 WSearch - ok 17:01:56.0282 0484 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 17:01:56.0469 0484 wuauserv - ok 17:01:56.0500 0484 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:01:56.0562 0484 WUDFRd - ok 17:01:56.0609 0484 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:01:56.0703 0484 wudfsvc - ok 17:01:56.0750 0484 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 17:01:56.0781 0484 XAudio - ok 17:01:56.0812 0484 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 17:01:56.0890 0484 XAudioService - ok 17:01:56.0937 0484 ================ Scan global =============================== 17:01:56.0968 0484 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 17:01:57.0030 0484 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 17:01:57.0062 0484 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 17:01:57.0124 0484 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 17:01:57.0140 0484 [Global] - ok 17:01:57.0140 0484 ================ Scan MBR ================================== 17:01:57.0171 0484 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0 17:02:03.0629 0484 \Device\Harddisk0\DR0 - ok 17:02:03.0629 0484 ================ Scan VBR ================================== 17:02:03.0629 0484 [ C43CD0F97B3AEDDD31FE970FB3CF3FD8 ] \Device\Harddisk0\DR0\Partition1 17:02:03.0645 0484 \Device\Harddisk0\DR0\Partition1 - ok 17:02:03.0660 0484 [ C24E2B11634EBD6652F97C8A405D7D43 ] \Device\Harddisk0\DR0\Partition2 17:02:03.0676 0484 \Device\Harddisk0\DR0\Partition2 - ok 17:02:03.0676 0484 ============================================================ 17:02:03.0676 0484 Scan finished 17:02:03.0676 0484 ============================================================ 17:02:03.0692 3832 Detected object count: 11 17:02:03.0692 3832 Actual detected object count: 11 17:02:30.0461 3832 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:30.0461 3832 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:02:30.0461 3832 cpuz132 ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:30.0461 3832 cpuz132 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:02:30.0461 3832 ETService ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:30.0461 3832 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:02:30.0461 3832 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:30.0461 3832 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:02:30.0461 3832 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:30.0461 3832 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:02:30.0477 3832 IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:30.0477 3832 IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:02:30.0477 3832 int15 ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:30.0477 3832 int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:02:30.0477 3832 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:30.0477 3832 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:02:30.0477 3832 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:30.0477 3832 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:02:30.0477 3832 o2flash ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:30.0477 3832 o2flash ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:02:30.0477 3832 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:30.0477 3832 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip |
12.09.2012, 19:25 | #22 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd ab Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
13.09.2012, 15:35 | #23 |
| Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd abCode:
ATTFilter ComboFix 12-09-12.03 - Admin 12.09.2012 20:58:08.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1792 [GMT 2:00] ausgeführt von:: c:\users\Tobias\Documents\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Acer\Acer Bio Protection\PwdFilter.dll c:\programdata\Roaming c:\windows\iun6002.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-08-13 bis 2012-09-13 )))))))))))))))))))))))))))))) . . 2012-09-12 19:41 . 2012-09-13 04:12 -------- d-----w- c:\users\Admin\AppData\Local\temp 2012-09-12 19:41 . 2012-09-12 20:28 -------- d-----w- c:\users\Tobias\AppData\Local\temp 2012-09-12 19:41 . 2012-09-12 19:41 -------- d-----w- c:\users\ms4\AppData\Local\temp 2012-09-12 19:41 . 2012-09-12 19:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-12 19:41 . 2012-09-12 19:41 -------- d-----w- c:\users\Alexandra\AppData\Local\temp 2012-09-12 13:51 . 2012-09-12 13:51 -------- d-----w- C:\_OTL 2012-09-12 13:43 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97742A56-4E0D-4565-8544-58ECB3605D81}\mpengine.dll 2012-09-09 12:50 . 2012-09-09 12:50 -------- d-----w- c:\users\Admin\AppData\Local\Downloaded Installations 2012-09-07 16:16 . 2012-09-07 16:16 -------- d-----w- c:\users\Admin\AppData\Local\CASIO 2012-09-05 05:58 . 2012-09-05 05:58 -------- d-----w- c:\program files\ESET 2012-09-03 10:16 . 2012-09-03 10:16 -------- d-----w- c:\users\Tobias\AppData\Local\Mozilla 2012-09-03 09:55 . 2012-09-03 09:55 -------- d-----w- c:\users\Alexandra\AppData\Local\Mozilla 2012-09-02 18:19 . 2012-09-02 18:19 -------- d-----w- c:\users\Admin\AppData\Local\Mozilla 2012-09-02 18:18 . 2012-09-09 08:08 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-09-02 17:43 . 2012-09-02 17:43 -------- d-----w- c:\users\Alexandra\AppData\Roaming\GrabPro 2012-08-31 12:10 . 2012-08-31 12:09 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-08-31 12:09 . 2012-08-31 12:09 -------- d-----w- c:\program files\Java 2012-08-30 08:24 . 2012-08-30 08:24 -------- d-----w- c:\users\Tobias\AppData\Local\Downloaded Installations 2012-08-27 17:47 . 2012-08-27 17:47 -------- d-----w- c:\program files\Common Files\Java 2012-08-27 17:18 . 2012-08-27 17:18 -------- d-----w- c:\programdata\instedit.com 2012-08-27 17:18 . 2012-08-27 17:18 -------- d-----w- c:\program files\instedit.com 2012-08-15 13:31 . 2012-06-29 00:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-15 13:31 . 2012-06-29 01:00 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-08-15 13:31 . 2012-06-29 00:06 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2012-08-15 13:31 . 2012-06-29 00:06 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-08-15 13:31 . 2012-06-29 00:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-15 13:31 . 2012-06-29 00:16 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-15 13:31 . 2012-06-29 00:09 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-15 13:30 . 2012-06-29 01:00 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2012-08-15 13:30 . 2012-06-29 00:10 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2012-08-15 13:30 . 2012-06-29 00:10 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-08-15 13:30 . 2012-06-29 00:08 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-15 13:29 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 11:16 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-31 12:09 . 2010-10-15 14:28 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-30 12:31 . 2010-01-21 21:06 339968 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{D06737BC-9887-46E0-A203-29D7FE756019}\NewShortcut2_D06737BC988746E0A20329D7FE756019.exe 2012-08-30 12:31 . 2010-01-21 21:06 339968 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{D06737BC-9887-46E0-A203-29D7FE756019}\NewShortcut1_D06737BC988746E0A20329D7FE756019.exe 2012-08-30 12:31 . 2009-02-12 13:43 339968 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{D06737BC-9887-46E0-A203-29D7FE756019}\ARPPRODUCTICON.exe 2012-08-27 17:45 . 2012-03-10 16:11 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-07-03 11:46 . 2010-05-21 16:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-08 08:51 . 2012-09-08 08:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-04 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000] "Skytel"="Skytel.exe" [2007-11-21 1826816] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-08-30 3687936] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-09 870920] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312] "ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-07-13 384232] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2008-08-30 03:42 3085824 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba] 2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray] 2008-04-06 20:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-07-31 10:08 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-02-04 14:28 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 08:39] . 2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 08:39] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0808&m=travelmate_5730 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0808&m=travelmate_5730 IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 78.42.43.62 192.168.0.1 FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7zjaxh68.default-1346610326622\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-eRecoveryService - (no file) AddRemove-West_Point_Bridge_Designer_2007 - c:\windows\iun6002.exe AddRemove-{007811BF-E310-4285-BFC6-55DB29B3EDDE} - c:\progra~2\INSTAL~1\{00781~1\Setup.exe AddRemove-{302A1E2E-DD58-4673-BC99-9CC10EC2637A} - c:\progra~2\INSTAL~1\{302A1~1\Setup.exe AddRemove-{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539} - c:\progra~2\INSTAL~1\{A62F9~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-09-13 06:11 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pgsqlms4] "ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"pgsqlms4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pgsqlms4] "ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"pgsqlms4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThreatFire] "AlternateImagePath"="" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(852) c:\program files\ThreatFire\TFWAH.dll . - - - - - - - > 'lsass.exe'(680) c:\program files\ThreatFire\TFWAH.dll . - - - - - - - > 'Explorer.exe'(2376) c:\program files\ThreatFire\TfWah.dll c:\windows\system32\msi.dll c:\windows\System32\npmproxy.dll c:\windows\system32\btncopy.dll c:\windows\system32\wbemcomn.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\sched.exe c:\windows\system32\WLANExt.exe c:\program files\Common Files\SPBA\upeksvr.exe c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe c:\program files\Acer\Empowering Technology\Service\ETService.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Acer\Acer Bio Protection\BASVC.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\acer\Mobility Center\MobilityService.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe c:\program files\PostgreSQL\8.4\bin\pg_ctl.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\PostgreSQL\8.4\bin\postgres.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\ThreatFire\TFService.exe c:\program files\PostgreSQL\8.4\bin\postgres.exe c:\program files\TomTom HOME 2\TomTomHOMEService.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Spybot - Search & Destroy\SDWinSec.exe c:\program files\PostgreSQL\8.4\bin\postgres.exe c:\program files\PostgreSQL\8.4\bin\postgres.exe c:\program files\PostgreSQL\8.4\bin\postgres.exe c:\program files\PostgreSQL\8.4\bin\postgres.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\conime.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\UI0Detect.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-09-13 06:31:29 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-09-13 04:31 . Vor Suchlauf: 12 Verzeichnis(se), 36.152.094.720 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 35.334.262.784 Bytes frei . - - End Of File - - E8A71343A571C99C1770692D90575352 Zusätzlich ist ein neuer Dienst installiert worden: C:\WINDOWS\SYSTEM32\APPMGMTS.DLL, der allerdings momentan gestoppt ist. Geändert von tigershark20 (13.09.2012 um 15:55 Uhr) |
13.09.2012, 21:54 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd ab Alles ok! ! Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.09.2012, 09:05 | #26 |
| Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd ab und nun das aswMBR log Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-09-14 22:50:42 ----------------------------- 22:50:42.710 OS Version: Windows 6.0.6002 Service Pack 2 22:50:42.710 Number of processors: 2 586 0x1706 22:50:42.710 ComputerName: BÜRO-PC UserName: Admin 22:50:45.284 Initialize success 22:52:48.795 AVAST engine defs: 12091400 22:54:02.599 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 22:54:02.615 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3 22:54:03.535 Disk 0 MBR read successfully 22:54:03.535 Disk 0 MBR scan 22:54:03.644 Disk 0 unknown MBR code 22:54:03.847 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048 22:54:03.972 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147630 MB offset 20482048 22:54:04.097 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147613 MB offset 322828288 22:54:05.001 Disk 0 scanning sectors +625139712 22:54:05.953 Disk 0 scanning C:\Windows\system32\drivers 22:56:44.385 Service scanning 22:57:24.383 Modules scanning 22:59:34.175 Disk 0 trace - called modules: 22:59:34.846 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 22:59:34.862 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86963ac8] 22:59:34.877 3 CLASSPNP.SYS[8aba78b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x85d6eb98] 22:59:36.406 AVAST engine scan C:\Windows 23:03:03.527 AVAST engine scan C:\Windows\system32 23:29:30.546 AVAST engine scan C:\Windows\system32\drivers 23:30:33.430 AVAST engine scan C:\Users\Admin 23:32:17.248 AVAST engine scan C:\ProgramData 23:37:09.093 Scan finished successfully 10:01:28.784 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat" 10:01:28.800 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt" |
15.09.2012, 14:12 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd ab Warum zipst du die anderen Logs? Die passen normalerweise hier normal gepostet immer rein
__________________ Logfiles bitte immer in CODE-Tags posten |
15.09.2012, 19:08 | #28 |
| Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd ab das osam log war kein Problem, aber das GMER log war über 2mb groß und hatte zu viele Zeichen als ich es normal einstellen wollte. Osam Log Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:45:19 on 14.09.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 15.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "bdeadmin.cpl" - ? - C:\Windows\system32\bdeadmin.cpl "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AlfaFF File System mini-filter" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\Drivers\AlfaFF.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "cpuz132" (cpuz132) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\cpuz132_x32.sys "int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kgldqpog" (kgldqpog) - ? - C:\Users\Admin\AppData\Local\Temp\kgldqpog.sys (Hidden registry entry, rootkit activity | File not found) "regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "TfFsMon" (TfFsMon) - "PC Tools" - C:\Windows\System32\drivers\TfFsMon.sys "TfNetMon" (TfNetMon) - "PC Tools" - C:\Windows\system32\drivers\TfNetMon.sys "TfSysMon" (TfSysMon) - "PC Tools" - C:\Windows\System32\drivers\TfSysMon.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll (File not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}" - ? - (File not found | COM-object registry key not found) / hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir8d204.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll "Exec" - ? - C:\Windows\bdoscandel.exe (File not found) "Quick-Launching Area" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll {000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe "LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart "LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe "PLFSetI" - ? - C:\Windows\PLFSetI.exe "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "ThreatFire" - "PC Tools" - C:\Program Files\ThreatFire\TFTray.exe "WinPatrol" - "BillP Studios" - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot "ZPdtWzdVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Haufe iDesk-Service in C:\Program Files\Haufe\iDesk\iDeskService\Zope" (HRService) - ? - C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe (File found, but it contains no detailed information) "iGroupTec Service" (IGBASVC) - ? - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe (File found, but it contains no detailed information) "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "NTI Backup Now 5 Agent Service" (BUNAgentSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - ? - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (File found, but it contains no detailed information) "O2Micro Flash Memory Card Service" (o2flash) - "O2Micro International" - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "pgsqlms4 - PostgreSQL Server 8.4" (pgsqlms4) - "PostgreSQL Global Development Group" - C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "ThreatFire" (ThreatFire) - "PC Tools" - C:\Program Files\ThreatFire\TFService.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "AWinNotifyVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll "spba" - "UPEK Inc." - C:\Program Files\Common Files\SPBA\homefus2.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
16.09.2012, 16:09 | #29 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd ab Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
16.09.2012, 20:57 | #30 |
| Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd ab fix lief ohne probleme, allerdings hatte ich vorher bei der Datensicherung mit DirSync wieder eine Meldung von Threatfire, dass sich DirSync an verschiedene Stellen kopieren wollte. In der ThreatFire Anzeige konnte ich allerdings nur erkennen, dass DirSync log-Dateien und Einstellungsdateien weil Erstausführung speicherte. Das Programm hatte ich davor von der offiziellen Seite geladen. Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-09-16 21:25:11 ----------------------------- 21:25:11.776 OS Version: Windows 6.0.6002 Service Pack 2 21:25:11.776 Number of processors: 2 586 0x1706 21:25:11.776 ComputerName: BÜRO-PC UserName: Admin 21:25:13.975 Initialize success 21:30:42.407 AVAST engine defs: 12091400 21:30:48.788 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 21:30:48.788 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3 21:30:48.835 Disk 0 MBR read successfully 21:30:48.835 Disk 0 MBR scan 21:30:48.866 Disk 0 Windows VISTA default MBR code 21:30:48.897 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048 21:30:48.913 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147630 MB offset 20482048 21:30:48.944 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147613 MB offset 322828288 21:30:48.959 Disk 0 scanning sectors +625139712 21:30:49.022 Disk 0 scanning C:\Windows\system32\drivers 21:31:06.946 Service scanning 21:31:44.729 Modules scanning 21:31:51.235 Disk 0 trace - called modules: 21:31:51.266 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 21:31:51.266 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a8aac8] 21:31:51.281 3 CLASSPNP.SYS[8aba98b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x85d6e030] 21:31:53.653 AVAST engine scan C:\Windows 21:32:00.080 AVAST engine scan C:\Windows\system32 21:37:18.803 AVAST engine scan C:\Windows\system32\drivers 21:37:41.860 AVAST engine scan C:\Users\Admin 21:39:10.733 AVAST engine scan C:\ProgramData 21:43:35.746 Scan finished successfully 21:55:56.996 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat" 21:55:57.011 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR2.txt" |
Themen zu Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd ab |
78.42.43.62, administrator, adobe, application/pdf:, autorun, avg, avira, avira searchfree toolbar, bho, browser, defender, error, explorer, firefox, format, ftp, google, home, intranet, launch, logfile, mozilla, plug-in, realtek, registry, safer networking, scan, seiten, server, software, temp, tracker, trojaner-board, vista |