| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.10.2012, 10:27
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  BKA Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.10.2012, 16:03
| #17 |
 | BKA Trojaner Hallo,
__________________hier das Logfile von TDSS-Killer Code:
ATTFilter 16:59:10.0490 5948 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:59:10.0756 5948 ============================================================
16:59:10.0757 5948 Current date / time: 2012/10/01 16:59:10.0756
16:59:10.0757 5948 SystemInfo:
16:59:10.0757 5948
16:59:10.0757 5948 OS Version: 6.0.6001 ServicePack: 1.0
16:59:10.0757 5948 Product type: Workstation
16:59:10.0757 5948 ComputerName: KATRIN-PC
16:59:10.0757 5948 UserName: Katrin
16:59:10.0757 5948 Windows directory: C:\Windows
16:59:10.0757 5948 System windows directory: C:\Windows
16:59:10.0757 5948 Processor architecture: Intel x86
16:59:10.0757 5948 Number of processors: 2
16:59:10.0757 5948 Page size: 0x1000
16:59:10.0757 5948 Boot type: Normal boot
16:59:10.0757 5948 ============================================================
16:59:12.0464 5948 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:59:12.0566 5948 ============================================================
16:59:12.0566 5948 \Device\Harddisk0\DR0:
16:59:12.0641 5948 MBR partitions:
16:59:12.0641 5948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23EFBFC1
16:59:12.0641 5948 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23EFC000, BlocksNum 0x1531000
16:59:12.0641 5948 ============================================================
16:59:12.0993 5948 C: <-> \Device\Harddisk0\DR0\Partition1
16:59:13.0130 5948 D: <-> \Device\Harddisk0\DR0\Partition2
16:59:13.0130 5948 ============================================================
16:59:13.0131 5948 Initialize success
16:59:13.0131 5948 ============================================================
16:59:26.0730 3760 ============================================================
16:59:26.0730 3760 Scan started
16:59:26.0730 3760 Mode: Manual; SigCheck; TDLFS;
16:59:26.0730 3760 ============================================================
16:59:27.0202 3760 ================ Scan system memory ========================
16:59:27.0202 3760 System memory - ok
16:59:27.0202 3760 ================ Scan services =============================
16:59:27.0367 3760 [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
16:59:27.0448 3760 Accelerometer - ok
16:59:27.0478 3760 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
16:59:27.0494 3760 ACPI - ok
16:59:27.0543 3760 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:59:27.0563 3760 adp94xx - ok
16:59:27.0581 3760 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:59:27.0594 3760 adpahci - ok
16:59:27.0601 3760 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:59:27.0611 3760 adpu160m - ok
16:59:27.0619 3760 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:59:27.0631 3760 adpu320 - ok
16:59:27.0696 3760 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:59:27.0784 3760 AeLookupSvc - ok
16:59:27.0937 3760 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe
16:59:27.0961 3760 AESTFilters - ok
16:59:28.0042 3760 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
16:59:28.0091 3760 AFD - ok
16:59:28.0154 3760 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:59:28.0164 3760 agp440 - ok
16:59:28.0211 3760 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:59:28.0222 3760 aic78xx - ok
16:59:28.0245 3760 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:59:28.0270 3760 ALG - ok
16:59:28.0287 3760 [ 3D76FDA1A10ACC3DC84728F55C29B6D4 ] aliide C:\Windows\system32\drivers\aliide.sys
16:59:28.0295 3760 aliide - ok
16:59:28.0616 3760 ALSysIO - ok
16:59:28.0669 3760 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:59:28.0678 3760 amdagp - ok
16:59:28.0697 3760 [ 5B92E7839F5A1FBC1B39DE67758AD6F8 ] amdide C:\Windows\system32\drivers\amdide.sys
16:59:28.0706 3760 amdide - ok
16:59:28.0724 3760 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:59:28.0749 3760 AmdK7 - ok
16:59:28.0760 3760 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:59:28.0785 3760 AmdK8 - ok
16:59:28.0843 3760 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:59:28.0904 3760 Appinfo - ok
16:59:28.0995 3760 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:59:29.0004 3760 Apple Mobile Device - ok
16:59:29.0036 3760 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
16:59:29.0046 3760 arc - ok
16:59:29.0077 3760 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:59:29.0086 3760 arcsas - ok
16:59:29.0112 3760 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:59:29.0152 3760 AsyncMac - ok
16:59:29.0158 3760 [ 9C0E70031905ADBF94EDB9EA14AF943B ] atapi C:\Windows\system32\drivers\atapi.sys
16:59:29.0166 3760 atapi - ok
16:59:29.0213 3760 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:59:29.0241 3760 AudioEndpointBuilder - ok
16:59:29.0249 3760 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:59:29.0275 3760 Audiosrv - ok
16:59:29.0368 3760 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:59:29.0382 3760 BBSvc - ok
16:59:29.0444 3760 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:59:29.0457 3760 BBUpdate - ok
16:59:29.0542 3760 [ F92DCC68A89F0B97A286E38C0BA8F860 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
16:59:29.0920 3760 BCM43XX - ok
16:59:29.0975 3760 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:59:30.0018 3760 Beep - ok
16:59:30.0084 3760 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
16:59:30.0138 3760 BFE - ok
16:59:30.0220 3760 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
16:59:30.0303 3760 BITS - ok
16:59:30.0348 3760 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:59:30.0411 3760 blbdrive - ok
16:59:30.0497 3760 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:59:30.0511 3760 Bonjour Service - ok
16:59:30.0559 3760 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:59:30.0586 3760 bowser - ok
16:59:30.0631 3760 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:59:30.0649 3760 BrFiltLo - ok
16:59:30.0662 3760 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:59:30.0705 3760 BrFiltUp - ok
16:59:30.0750 3760 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:59:30.0775 3760 Browser - ok
16:59:30.0794 3760 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:59:30.0987 3760 Brserid - ok
16:59:31.0043 3760 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:59:31.0086 3760 BrSerWdm - ok
16:59:31.0096 3760 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:59:31.0166 3760 BrUsbMdm - ok
16:59:31.0172 3760 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:59:31.0214 3760 BrUsbSer - ok
16:59:31.0257 3760 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:59:31.0299 3760 BTHMODEM - ok
16:59:31.0325 3760 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:59:31.0376 3760 cdfs - ok
16:59:31.0423 3760 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:59:31.0446 3760 cdrom - ok
16:59:31.0475 3760 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
16:59:31.0499 3760 CertPropSvc - ok
16:59:31.0523 3760 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:59:31.0565 3760 circlass - ok
16:59:31.0625 3760 [ 0703B9DEE7EEC6D6370EDEBD43D0F5C2 ] CLFS C:\Windows\system32\CLFS.sys
16:59:31.0637 3760 CLFS - ok
16:59:31.0712 3760 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:59:31.0721 3760 clr_optimization_v2.0.50727_32 - ok
16:59:31.0775 3760 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:59:31.0785 3760 clr_optimization_v4.0.30319_32 - ok
16:59:31.0836 3760 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:59:31.0877 3760 CmBatt - ok
16:59:31.0905 3760 [ D36372A6EA6805EFBE8884D10772313F ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:59:31.0913 3760 cmdide - ok
16:59:32.0008 3760 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:59:32.0016 3760 Com4QLBEx - ok
16:59:32.0022 3760 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:59:32.0031 3760 Compbatt - ok
16:59:32.0038 3760 COMSysApp - ok
16:59:32.0050 3760 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:59:32.0058 3760 crcdisk - ok
16:59:32.0071 3760 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:59:32.0095 3760 Crusoe - ok
16:59:32.0138 3760 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:59:32.0163 3760 CryptSvc - ok
16:59:32.0234 3760 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:59:32.0315 3760 DcomLaunch - ok
16:59:32.0380 3760 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:59:32.0406 3760 DfsC - ok
16:59:32.0495 3760 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
16:59:32.0622 3760 DFSR - ok
16:59:32.0688 3760 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:59:32.0713 3760 Dhcp - ok
16:59:32.0739 3760 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
16:59:32.0749 3760 disk - ok
16:59:32.0795 3760 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:59:32.0849 3760 Dnscache - ok
16:59:32.0874 3760 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
16:59:32.0901 3760 dot3svc - ok
16:59:32.0956 3760 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:59:33.0003 3760 DPS - ok
16:59:33.0046 3760 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:59:33.0063 3760 drmkaud - ok
16:59:33.0101 3760 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:59:33.0182 3760 DXGKrnl - ok
16:59:33.0211 3760 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:59:33.0258 3760 E1G60 - ok
16:59:33.0296 3760 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:59:33.0336 3760 EapHost - ok
16:59:33.0371 3760 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:59:33.0381 3760 Ecache - ok
16:59:33.0463 3760 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:59:33.0487 3760 ehRecvr - ok
16:59:33.0502 3760 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
16:59:33.0556 3760 ehSched - ok
16:59:33.0570 3760 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
16:59:33.0601 3760 ehstart - ok
16:59:33.0662 3760 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:59:33.0680 3760 elxstor - ok
16:59:33.0724 3760 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:59:33.0772 3760 EMDMgmt - ok
16:59:33.0809 3760 [ 004B2EA6CC2598EC5F0552E43CE29CEF ] enecir C:\Windows\system32\DRIVERS\enecir.sys
16:59:33.0847 3760 enecir - ok
16:59:33.0891 3760 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:59:33.0914 3760 ErrDev - ok
16:59:33.0948 3760 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
16:59:34.0009 3760 EventSystem - ok
16:59:34.0040 3760 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
16:59:34.0068 3760 exfat - ok
16:59:34.0132 3760 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll
16:59:34.0165 3760 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
16:59:34.0166 3760 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
16:59:34.0196 3760 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:59:34.0223 3760 fastfat - ok
16:59:34.0289 3760 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:59:34.0331 3760 fdc - ok
16:59:34.0373 3760 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:59:34.0422 3760 fdPHost - ok
16:59:34.0451 3760 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:59:34.0521 3760 FDResPub - ok
16:59:34.0551 3760 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:59:34.0560 3760 FileInfo - ok
16:59:34.0595 3760 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:59:34.0618 3760 Filetrace - ok
16:59:34.0631 3760 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:59:34.0666 3760 flpydisk - ok
16:59:34.0674 3760 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:59:34.0686 3760 FltMgr - ok
16:59:34.0736 3760 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:59:34.0743 3760 FontCache3.0.0.0 - ok
16:59:34.0774 3760 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:59:34.0792 3760 Fs_Rec - ok
16:59:34.0810 3760 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:59:34.0819 3760 gagp30kx - ok
16:59:34.0876 3760 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
16:59:34.0886 3760 GameConsoleService - ok
16:59:34.0909 3760 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:59:34.0915 3760 GEARAspiWDM - ok
16:59:34.0968 3760 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
16:59:35.0040 3760 gpsvc - ok
16:59:35.0114 3760 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:59:35.0122 3760 gusvc - ok
16:59:35.0164 3760 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:59:35.0231 3760 HdAudAddService - ok
16:59:35.0253 3760 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:59:35.0304 3760 HDAudBus - ok
16:59:35.0337 3760 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:59:35.0378 3760 HidBth - ok
16:59:35.0414 3760 [ 5A87127718873BD7F3BD7AC42B951D8E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:59:35.0470 3760 HidIr - ok
16:59:35.0497 3760 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
16:59:35.0540 3760 hidserv - ok
16:59:35.0579 3760 [ E2B5BD48AFCC0F0974FB44641B223250 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:59:35.0615 3760 HidUsb - ok
16:59:35.0652 3760 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:59:35.0697 3760 hkmsvc - ok
16:59:35.0778 3760 [ 89F9E1984C1CD9E5F4FE39642D886E11 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
16:59:35.0783 3760 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
16:59:35.0783 3760 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
16:59:35.0807 3760 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:59:35.0816 3760 HpCISSs - ok
16:59:35.0857 3760 [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
16:59:35.0863 3760 hpdskflt - ok
16:59:35.0883 3760 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:59:35.0934 3760 HpqKbFiltr - ok
16:59:35.0988 3760 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
16:59:35.0996 3760 hpqwmiex - ok
16:59:36.0047 3760 [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv C:\Windows\system32\Hpservice.exe
16:59:36.0053 3760 hpsrv - ok
16:59:36.0124 3760 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:59:36.0162 3760 HTTP - ok
16:59:36.0221 3760 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:59:36.0230 3760 i2omp - ok
16:59:36.0268 3760 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:59:36.0289 3760 i8042prt - ok
16:59:36.0300 3760 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:59:36.0315 3760 iaStorV - ok
16:59:36.0398 3760 [ A4E43A7AB1202356BEBEB6B798F15488 ] ICQ Service C:\Program Files\ICQ6Toolbar\ICQ Service.exe
16:59:36.0408 3760 ICQ Service - ok
16:59:36.0489 3760 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:59:36.0521 3760 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:59:36.0521 3760 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:59:36.0603 3760 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:59:36.0636 3760 idsvc - ok
16:59:36.0660 3760 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:59:36.0669 3760 iirsp - ok
16:59:36.0703 3760 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
16:59:36.0738 3760 IKEEXT - ok
16:59:36.0806 3760 [ DD512A049BD7B4BCE8A83554C5EFF2C1 ] intelide C:\Windows\system32\drivers\intelide.sys
16:59:36.0815 3760 intelide - ok
16:59:36.0832 3760 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:59:36.0878 3760 intelppm - ok
16:59:36.0930 3760 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:59:36.0984 3760 IPBusEnum - ok
16:59:37.0014 3760 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:59:37.0063 3760 IpFilterDriver - ok
16:59:37.0118 3760 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:59:37.0170 3760 iphlpsvc - ok
16:59:37.0176 3760 IpInIp - ok
16:59:37.0228 3760 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:59:37.0275 3760 IPMIDRV - ok
16:59:37.0309 3760 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:59:37.0335 3760 IPNAT - ok
16:59:37.0426 3760 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:59:37.0449 3760 iPod Service - ok
16:59:37.0490 3760 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:59:37.0533 3760 IRENUM - ok
16:59:37.0572 3760 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:59:37.0581 3760 isapnp - ok
16:59:37.0638 3760 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:59:37.0651 3760 iScsiPrt - ok
16:59:37.0657 3760 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:59:37.0666 3760 iteatapi - ok
16:59:37.0678 3760 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:59:37.0687 3760 iteraid - ok
16:59:37.0738 3760 [ A69A1B991824B98F744913555F665893 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
16:59:37.0797 3760 JMCR - ok
16:59:37.0920 3760 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:59:37.0933 3760 kbdclass - ok
16:59:37.0960 3760 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:59:38.0015 3760 kbdhid - ok
16:59:38.0067 3760 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
16:59:38.0114 3760 KeyIso - ok
16:59:38.0145 3760 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:59:38.0170 3760 KSecDD - ok
16:59:38.0237 3760 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:59:38.0271 3760 KtmRm - ok
16:59:38.0304 3760 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:59:38.0368 3760 LanmanServer - ok
16:59:38.0415 3760 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:59:38.0477 3760 LanmanWorkstation - ok
16:59:38.0536 3760 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:59:38.0541 3760 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:59:38.0542 3760 LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:59:38.0581 3760 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:59:38.0606 3760 lltdio - ok
16:59:38.0650 3760 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:59:38.0689 3760 lltdsvc - ok
16:59:38.0726 3760 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:59:38.0772 3760 lmhosts - ok
16:59:38.0787 3760 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:59:38.0799 3760 LSI_FC - ok
16:59:38.0806 3760 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:59:38.0818 3760 LSI_SAS - ok
16:59:38.0845 3760 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:59:38.0856 3760 LSI_SCSI - ok
16:59:38.0864 3760 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:59:38.0890 3760 luafv - ok
16:59:38.0909 3760 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:59:38.0943 3760 Mcx2Svc - ok
16:59:38.0986 3760 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
16:59:38.0995 3760 megasas - ok
16:59:39.0022 3760 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:59:39.0041 3760 MegaSR - ok
16:59:39.0075 3760 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:59:39.0105 3760 MMCSS - ok
16:59:39.0143 3760 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:59:39.0196 3760 Modem - ok
16:59:39.0219 3760 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:59:39.0246 3760 monitor - ok
16:59:39.0296 3760 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:59:39.0306 3760 mouclass - ok
16:59:39.0330 3760 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:59:39.0355 3760 mouhid - ok
16:59:39.0375 3760 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:59:39.0386 3760 MountMgr - ok
16:59:39.0479 3760 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:59:39.0491 3760 MozillaMaintenance - ok
16:59:39.0524 3760 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
16:59:39.0535 3760 mpio - ok
16:59:39.0561 3760 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:59:39.0582 3760 mpsdrv - ok
16:59:39.0615 3760 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
16:59:39.0680 3760 MpsSvc - ok
16:59:39.0708 3760 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:59:39.0719 3760 Mraid35x - ok
16:59:39.0726 3760 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:59:39.0807 3760 MRxDAV - ok
16:59:39.0870 3760 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:59:39.0932 3760 mrxsmb - ok
16:59:39.0954 3760 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:59:39.0970 3760 mrxsmb10 - ok
16:59:39.0978 3760 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:59:39.0991 3760 mrxsmb20 - ok
16:59:40.0013 3760 [ AA305CFF241DA187BD5077DE4A2A043D ] msahci C:\Windows\system32\drivers\msahci.sys
16:59:40.0023 3760 msahci - ok
16:59:40.0034 3760 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:59:40.0045 3760 msdsm - ok
16:59:40.0063 3760 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:59:40.0092 3760 MSDTC - ok
16:59:40.0124 3760 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:59:40.0153 3760 Msfs - ok
16:59:40.0507 3760 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:59:40.0516 3760 msisadrv - ok
16:59:40.0716 3760 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:59:40.0768 3760 MSiSCSI - ok
16:59:40.0773 3760 msiserver - ok
16:59:40.0820 3760 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:59:40.0848 3760 MSKSSRV - ok
16:59:40.0887 3760 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:59:40.0911 3760 MSPCLOCK - ok
16:59:40.0932 3760 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:59:40.0975 3760 MSPQM - ok
16:59:41.0009 3760 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:59:41.0020 3760 MsRPC - ok
16:59:41.0048 3760 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:59:41.0056 3760 mssmbios - ok
16:59:41.0081 3760 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:59:41.0106 3760 MSTEE - ok
16:59:42.0172 3760 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
16:59:42.0183 3760 Mup - ok
16:59:42.0344 3760 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
16:59:42.0378 3760 napagent - ok
16:59:42.0430 3760 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:59:42.0441 3760 NativeWifiP - ok
16:59:42.0529 3760 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:59:42.0552 3760 NDIS - ok
16:59:42.0596 3760 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:59:42.0633 3760 NdisTapi - ok
16:59:42.0660 3760 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:59:42.0686 3760 Ndisuio - ok
16:59:42.0729 3760 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:59:42.0793 3760 NdisWan - ok
16:59:42.0947 3760 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:59:42.0973 3760 NDProxy - ok
16:59:43.0024 3760 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:59:43.0133 3760 NetBIOS - ok
16:59:43.0185 3760 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:59:43.0211 3760 netbt - ok
16:59:43.0234 3760 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
16:59:43.0246 3760 Netlogon - ok
16:59:43.0284 3760 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:59:43.0311 3760 Netman - ok
16:59:43.0331 3760 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:59:43.0385 3760 netprofm - ok
16:59:43.0425 3760 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:59:43.0435 3760 NetTcpPortSharing - ok
16:59:43.0533 3760 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
16:59:43.0612 3760 NETw3v32 - ok
16:59:43.0660 3760 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:59:43.0669 3760 nfrd960 - ok
16:59:43.0709 3760 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:59:43.0755 3760 NlaSvc - ok
16:59:43.0761 3760 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:59:43.0792 3760 Npfs - ok
16:59:43.0818 3760 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:59:43.0843 3760 nsi - ok
16:59:43.0848 3760 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:59:43.0873 3760 nsiproxy - ok
16:59:43.0936 3760 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:59:43.0967 3760 Ntfs - ok
16:59:44.0005 3760 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:59:44.0065 3760 ntrigdigi - ok
16:59:44.0087 3760 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:59:44.0111 3760 Null - ok
16:59:44.0134 3760 [ A103162C62C336C2CB3C5E1E2773D17B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
16:59:44.0142 3760 NVHDA - ok
16:59:44.0427 3760 [ 24000B817CC84AC1555F41929879AF5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:59:44.0854 3760 nvlddmkm - ok
16:59:44.0887 3760 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:59:44.0897 3760 nvraid - ok
16:59:44.0913 3760 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:59:44.0922 3760 nvstor - ok
16:59:44.0978 3760 [ C4D17F11526F87BC762F31DA5BD2580B ] nvsvc C:\Windows\system32\nvvsvc.exe
16:59:44.0989 3760 nvsvc - ok
16:59:45.0016 3760 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:59:45.0030 3760 nv_agp - ok
16:59:45.0042 3760 NwlnkFlt - ok
16:59:45.0053 3760 NwlnkFwd - ok
16:59:45.0156 3760 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:59:45.0176 3760 odserv - ok
16:59:45.0214 3760 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:59:45.0238 3760 ohci1394 - ok
16:59:45.0269 3760 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:59:45.0280 3760 ose - ok
16:59:45.0332 3760 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:59:45.0440 3760 p2pimsvc - ok
16:59:45.0453 3760 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
16:59:45.0494 3760 p2psvc - ok
16:59:45.0529 3760 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:59:45.0603 3760 Parport - ok
16:59:45.0630 3760 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:59:45.0641 3760 partmgr - ok
16:59:45.0667 3760 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:59:45.0708 3760 Parvdm - ok
16:59:45.0733 3760 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:59:45.0746 3760 PcaSvc - ok
16:59:45.0769 3760 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
16:59:45.0780 3760 pci - ok
16:59:45.0790 3760 [ 1D8B3D8DF8EB7FCF2F0AC02F9F947802 ] pciide C:\Windows\system32\drivers\pciide.sys
16:59:45.0798 3760 pciide - ok
16:59:45.0829 3760 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:59:45.0840 3760 pcmcia - ok
16:59:45.0887 3760 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:59:45.0991 3760 PEAUTH - ok
16:59:46.0077 3760 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:59:46.0156 3760 pla - ok
16:59:46.0208 3760 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:59:46.0264 3760 PlugPlay - ok
16:59:46.0298 3760 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:59:46.0320 3760 PNRPAutoReg - ok
16:59:46.0333 3760 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:59:46.0376 3760 PNRPsvc - ok
16:59:46.0444 3760 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:59:46.0491 3760 PolicyAgent - ok
16:59:46.0546 3760 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:59:46.0570 3760 PptpMiniport - ok
16:59:46.0602 3760 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
16:59:46.0626 3760 Processor - ok
16:59:46.0671 3760 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
16:59:46.0697 3760 ProfSvc - ok
16:59:46.0712 3760 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:59:46.0724 3760 ProtectedStorage - ok
16:59:46.0743 3760 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:59:46.0762 3760 PSched - ok
16:59:46.0839 3760 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:59:46.0872 3760 ql2300 - ok
16:59:46.0915 3760 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:59:46.0924 3760 ql40xx - ok
16:59:46.0969 3760 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:59:46.0987 3760 QWAVE - ok
16:59:46.0997 3760 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:59:47.0039 3760 QWAVEdrv - ok
16:59:47.0070 3760 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:59:47.0093 3760 RasAcd - ok
16:59:47.0105 3760 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:59:47.0131 3760 RasAuto - ok
16:59:47.0148 3760 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:59:47.0190 3760 Rasl2tp - ok
16:59:47.0228 3760 [ AFB474438762F0418060653F7294D92C ] RasMan C:\Windows\System32\rasmans.dll
16:59:47.0245 3760 RasMan - ok
16:59:47.0260 3760 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:59:47.0306 3760 RasPppoe - ok
16:59:47.0346 3760 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:59:47.0370 3760 RasSstp - ok
16:59:47.0388 3760 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:59:47.0435 3760 rdbss - ok
16:59:47.0468 3760 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:59:47.0517 3760 RDPCDD - ok
16:59:47.0551 3760 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:59:47.0579 3760 rdpdr - ok
16:59:47.0585 3760 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:59:47.0608 3760 RDPENCDD - ok
16:59:47.0626 3760 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:59:47.0660 3760 RDPWD - ok
16:59:47.0716 3760 [ D5F08CC3D19B1C7F49619B9DAD43C0CE ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
16:59:47.0747 3760 Recovery Service for Windows - ok
16:59:47.0803 3760 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:59:47.0828 3760 RemoteAccess - ok
16:59:47.0874 3760 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:59:47.0926 3760 RemoteRegistry - ok
16:59:48.0004 3760 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
16:59:48.0027 3760 RichVideo ( UnsignedFile.Multi.Generic ) - warning
16:59:48.0027 3760 RichVideo - detected UnsignedFile.Multi.Generic (1)
16:59:48.0055 3760 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:59:48.0108 3760 RpcLocator - ok
16:59:48.0225 3760 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
16:59:48.0329 3760 RpcSs - ok
16:59:48.0480 3760 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:59:48.0504 3760 rspndr - ok
16:59:48.0583 3760 [ 174B9514CD1A0C33CE4BBC02A3C81A62 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
16:59:48.0635 3760 RTL8169 - ok
16:59:48.0657 3760 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
16:59:48.0669 3760 SamSs - ok
16:59:48.0693 3760 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:59:48.0701 3760 sbp2port - ok
16:59:48.0728 3760 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:59:48.0771 3760 SCardSvr - ok
16:59:48.0819 3760 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
16:59:48.0888 3760 Schedule - ok
16:59:48.0921 3760 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
16:59:48.0944 3760 SCPolicySvc - ok
16:59:48.0984 3760 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:59:49.0009 3760 sdbus - ok
16:59:49.0043 3760 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:59:49.0075 3760 SDRSVC - ok
16:59:49.0095 3760 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:59:49.0158 3760 secdrv - ok
16:59:49.0189 3760 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:59:49.0249 3760 seclogon - ok
16:59:49.0300 3760 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:59:49.0325 3760 SENS - ok
16:59:49.0350 3760 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:59:49.0417 3760 Serenum - ok
16:59:49.0445 3760 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:59:49.0514 3760 Serial - ok
16:59:49.0520 3760 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:59:49.0544 3760 sermouse - ok
16:59:49.0580 3760 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:59:49.0607 3760 SessionEnv - ok
16:59:49.0620 3760 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:59:49.0665 3760 sffdisk - ok
16:59:49.0692 3760 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:59:49.0739 3760 sffp_mmc - ok
16:59:49.0766 3760 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:59:49.0790 3760 sffp_sd - ok
16:59:49.0808 3760 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:59:49.0851 3760 sfloppy - ok
16:59:49.0881 3760 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:59:49.0937 3760 SharedAccess - ok
16:59:49.0977 3760 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:59:50.0050 3760 ShellHWDetection - ok
16:59:50.0081 3760 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:59:50.0090 3760 sisagp - ok
16:59:50.0115 3760 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:59:50.0124 3760 SiSRaid2 - ok
16:59:50.0150 3760 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:59:50.0160 3760 SiSRaid4 - ok
16:59:50.0252 3760 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:59:50.0261 3760 SkypeUpdate - ok
16:59:50.0398 3760 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
16:59:50.0537 3760 slsvc - ok
16:59:50.0595 3760 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:59:50.0621 3760 SLUINotify - ok
16:59:50.0653 3760 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:59:50.0679 3760 Smb - ok
16:59:50.0721 3760 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:59:50.0733 3760 SNMPTRAP - ok
16:59:50.0746 3760 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:59:50.0755 3760 spldr - ok
16:59:50.0802 3760 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
16:59:50.0830 3760 Spooler - ok
16:59:50.0884 3760 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:59:50.0945 3760 srv - ok
16:59:50.0975 3760 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:59:51.0007 3760 srv2 - ok
16:59:51.0031 3760 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:59:51.0067 3760 srvnet - ok
16:59:51.0103 3760 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:59:51.0157 3760 SSDPSRV - ok
16:59:51.0257 3760 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:59:51.0298 3760 SstpSvc - ok
16:59:51.0499 3760 [ 05AE358CD777BF8857F512A18E1DE7AA ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
16:59:51.0511 3760 STacSV - ok
16:59:51.0604 3760 [ E69A606872650B46DE54EC15DCC93529 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
16:59:51.0620 3760 STHDA - ok
16:59:51.0688 3760 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
16:59:51.0734 3760 stisvc - ok
16:59:51.0782 3760 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:59:51.0791 3760 swenum - ok
16:59:51.0839 3760 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
16:59:51.0892 3760 swprv - ok
16:59:51.0897 3760 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:59:51.0908 3760 Symc8xx - ok
16:59:51.0932 3760 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:59:51.0940 3760 Sym_hi - ok
16:59:51.0956 3760 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:59:51.0964 3760 Sym_u3 - ok
16:59:52.0032 3760 [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:59:52.0046 3760 SynTP - ok
16:59:52.0072 3760 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
16:59:52.0126 3760 SysMain - ok
16:59:52.0186 3760 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:59:52.0236 3760 TabletInputService - ok
16:59:52.0271 3760 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
16:59:52.0334 3760 TapiSrv - ok
16:59:52.0418 3760 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:59:52.0461 3760 TBS - ok
16:59:52.0517 3760 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:59:52.0552 3760 Tcpip - ok
16:59:52.0570 3760 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:59:52.0598 3760 Tcpip6 - ok
16:59:52.0635 3760 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:59:52.0697 3760 tcpipreg - ok
16:59:52.0717 3760 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:59:52.0765 3760 TDPIPE - ok
16:59:52.0781 3760 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:59:52.0824 3760 TDTCP - ok
16:59:52.0848 3760 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:59:52.0872 3760 tdx - ok
16:59:52.0881 3760 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:59:52.0890 3760 TermDD - ok
16:59:52.0931 3760 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
16:59:52.0962 3760 TermService - ok
16:59:52.0988 3760 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
16:59:53.0004 3760 Themes - ok
16:59:53.0021 3760 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:59:53.0046 3760 THREADORDER - ok
16:59:53.0057 3760 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:59:53.0084 3760 TrkWks - ok
16:59:53.0144 3760 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:59:53.0193 3760 TrustedInstaller - ok
16:59:53.0257 3760 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:59:53.0281 3760 tssecsrv - ok
16:59:53.0337 3760 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:59:53.0359 3760 tunmp - ok
16:59:53.0365 3760 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:59:53.0377 3760 tunnel - ok
16:59:53.0480 3760 [ BB313AE85EC95B7CB87FC5ED53F3A22B ] TVCapSvc C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
16:59:53.0491 3760 TVCapSvc - ok
16:59:53.0527 3760 [ 0C66E48654AFD8A6BCFBCE22E7FAB251 ] TVSched C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
16:59:53.0534 3760 TVSched - ok
16:59:53.0559 3760 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:59:53.0568 3760 uagp35 - ok
16:59:53.0592 3760 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:59:53.0635 3760 udfs - ok
16:59:53.0684 3760 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:59:53.0709 3760 UI0Detect - ok
16:59:53.0724 3760 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:59:53.0734 3760 uliagpkx - ok
16:59:53.0760 3760 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:59:53.0772 3760 uliahci - ok
16:59:53.0799 3760 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:59:53.0809 3760 UlSata - ok
16:59:53.0829 3760 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:59:53.0839 3760 ulsata2 - ok
16:59:53.0852 3760 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:59:53.0876 3760 umbus - ok
16:59:53.0891 3760 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:59:53.0921 3760 upnphost - ok
16:59:53.0978 3760 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:59:53.0996 3760 USBAAPL - ok
16:59:54.0029 3760 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:59:54.0048 3760 usbccgp - ok
16:59:54.0095 3760 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:59:54.0138 3760 usbcir - ok
16:59:54.0158 3760 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:59:54.0183 3760 usbehci - ok
16:59:54.0199 3760 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:59:54.0247 3760 usbhub - ok
16:59:54.0279 3760 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:59:54.0339 3760 usbohci - ok
16:59:54.0361 3760 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:59:54.0403 3760 usbprint - ok
16:59:54.0436 3760 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:59:54.0460 3760 USBSTOR - ok
16:59:54.0486 3760 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:59:54.0504 3760 usbuhci - ok
16:59:54.0574 3760 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:59:54.0598 3760 usbvideo - ok
16:59:54.0628 3760 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
16:59:54.0670 3760 UxSms - ok
16:59:54.0716 3760 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
16:59:54.0772 3760 vds - ok
16:59:54.0849 3760 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:59:54.0906 3760 vga - ok
16:59:54.0929 3760 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:59:54.0973 3760 VgaSave - ok
16:59:55.0005 3760 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:59:55.0014 3760 viaagp - ok
16:59:55.0021 3760 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:59:55.0046 3760 ViaC7 - ok
16:59:55.0061 3760 [ EA1AA6E3ABB3C194FEBA12A46DE8CF2C ] viaide C:\Windows\system32\drivers\viaide.sys
16:59:55.0070 3760 viaide - ok
16:59:55.0087 3760 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:59:55.0096 3760 volmgr - ok
16:59:55.0111 3760 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:59:55.0124 3760 volmgrx - ok
16:59:55.0155 3760 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:59:55.0168 3760 volsnap - ok
16:59:55.0175 3760 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:59:55.0186 3760 vsmraid - ok
16:59:55.0228 3760 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
16:59:55.0279 3760 VSS - ok
16:59:55.0308 3760 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
16:59:55.0359 3760 W32Time - ok
16:59:55.0406 3760 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:59:55.0449 3760 WacomPen - ok
16:59:55.0471 3760 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:59:55.0489 3760 Wanarp - ok
16:59:55.0493 3760 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:59:55.0513 3760 Wanarpv6 - ok
16:59:55.0560 3760 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:59:55.0600 3760 wcncsvc - ok
16:59:55.0650 3760 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:59:55.0694 3760 WcsPlugInService - ok
16:59:55.0725 3760 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
16:59:55.0733 3760 Wd - ok
16:59:55.0777 3760 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:59:55.0799 3760 Wdf01000 - ok
16:59:55.0830 3760 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:59:55.0856 3760 WdiServiceHost - ok
16:59:55.0860 3760 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:59:55.0886 3760 WdiSystemHost - ok
16:59:55.0926 3760 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
16:59:55.0941 3760 WebClient - ok
16:59:55.0984 3760 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:59:56.0045 3760 Wecsvc - ok
16:59:56.0061 3760 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:59:56.0083 3760 wercplsupport - ok
16:59:56.0117 3760 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
16:59:56.0156 3760 WerSvc - ok
16:59:56.0215 3760 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:59:56.0228 3760 WinDefend - ok
16:59:56.0235 3760 WinHttpAutoProxySvc - ok
16:59:56.0295 3760 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:59:56.0321 3760 Winmgmt - ok
16:59:56.0372 3760 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:59:56.0440 3760 WinRM - ok
16:59:56.0579 3760 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:59:56.0665 3760 Wlansvc - ok
16:59:56.0711 3760 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:59:56.0762 3760 WmiAcpi - ok
16:59:56.0800 3760 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:59:56.0825 3760 wmiApSrv - ok
16:59:56.0905 3760 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:59:56.0989 3760 WMPNetworkSvc - ok
16:59:57.0052 3760 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:59:57.0105 3760 WPCSvc - ok
16:59:57.0131 3760 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:59:57.0193 3760 WPDBusEnum - ok
16:59:57.0250 3760 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:59:57.0268 3760 WpdUsb - ok
16:59:57.0369 3760 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:59:57.0396 3760 WPFFontCache_v0400 - ok
16:59:57.0432 3760 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:59:57.0473 3760 ws2ifsl - ok
16:59:57.0518 3760 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
16:59:57.0557 3760 wscsvc - ok
16:59:57.0562 3760 WSearch - ok
16:59:57.0642 3760 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
16:59:57.0726 3760 wuauserv - ok
16:59:57.0797 3760 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:59:57.0822 3760 WUDFRd - ok
16:59:57.0867 3760 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:59:57.0894 3760 wudfsvc - ok
16:59:57.0949 3760 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
16:59:58.0021 3760 yukonwlh - ok
16:59:58.0122 3760 [ BDFDE977F5E88A539187AEF24DED7C40 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
16:59:58.0129 3760 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
16:59:58.0135 3760 ================ Scan global ===============================
16:59:58.0160 3760 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:59:58.0218 3760 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
16:59:58.0230 3760 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
16:59:58.0272 3760 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
16:59:58.0279 3760 [Global] - ok
16:59:58.0279 3760 ================ Scan MBR ==================================
16:59:58.0302 3760 [ 5C86ADEC17B739C437E145E3B3FC2E6D ] \Device\Harddisk0\DR0
16:59:59.0402 3760 \Device\Harddisk0\DR0 - ok
16:59:59.0402 3760 ================ Scan VBR ==================================
16:59:59.0405 3760 [ A86C8F28B8C84BF7D600823C3363B40C ] \Device\Harddisk0\DR0\Partition1
16:59:59.0407 3760 \Device\Harddisk0\DR0\Partition1 - ok
16:59:59.0426 3760 [ 701942C8BF86C5B69699ACC7552D3306 ] \Device\Harddisk0\DR0\Partition2
16:59:59.0427 3760 \Device\Harddisk0\DR0\Partition2 - ok
16:59:59.0428 3760 ============================================================
16:59:59.0428 3760 Scan finished
16:59:59.0428 3760 ============================================================
16:59:59.0441 5968 Detected object count: 5
16:59:59.0442 5968 Actual detected object count: 5
17:00:12.0871 5968 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:12.0871 5968 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:00:12.0871 5968 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:12.0871 5968 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:00:12.0874 5968 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:12.0874 5968 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:00:12.0876 5968 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:12.0876 5968 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:00:12.0876 5968 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:12.0876 5968 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:24.0791 1548 Deinitialize success
|
|
02.10.2012, 11:18
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
02.10.2012, 16:55
| #19 |
| | BKA Trojaner Hallo, combofix hab ich ausgeführt. Soweit sieht alles gut aus - keine Windows-Fehler erkennbar. Hier die Logdatei: Combofix Logfile: Code:
ATTFilter ComboFix 12-10-02.02 - Katrin 02.10.2012 16:55:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3038.1784 [GMT 2:00]
ausgeführt von:: c:\users\Katrin\Desktop\1_Trojaner\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-02 bis 2012-10-02 ))))))))))))))))))))))))))))))
.
.
2012-10-02 15:05 . 2012-10-02 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-02 15:01 . 2012-10-02 15:01 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F669B0BC-A802-44E0-B2AF-36666B15084C}\offreg.dll
2012-09-30 07:59 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F669B0BC-A802-44E0-B2AF-36666B15084C}\mpengine.dll
2012-09-23 18:35 . 2012-09-23 18:35 -------- d-----w- c:\program files\ESET
2012-09-23 13:52 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-09-23 13:52 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-09-23 13:09 . 2012-09-23 13:09 -------- d-----w- c:\program files\Common Files\Skype
2012-09-20 19:35 . 2012-09-20 19:35 -------- d-----w- c:\users\Katrin\AppData\Roaming\Malwarebytes
2012-09-20 19:35 . 2012-09-20 19:35 -------- d-----w- c:\programdata\Malwarebytes
2012-09-20 19:35 . 2012-09-20 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-20 19:35 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 17:09 . 2012-06-27 19:14 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-02 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Facebook Update"="c:\users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-29 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-25 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-25 189736]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-09-24 206120]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-23 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650498633-834099574-219073364-1000Core.job
- c:\users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 13:14]
.
2012-09-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650498633-834099574-219073364-1000UA.job
- c:\users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 13:14]
.
2012-09-27 c:\windows\Tasks\ReclaimerUpdateFiles_Katrin.job
- c:\users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 19:05]
.
2012-09-26 c:\windows\Tasks\ReclaimerUpdateXML_Katrin.job
- c:\users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 19:05]
.
2012-10-02 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Katrin.job
- c:\users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 19:05]
.
2010-12-18 c:\windows\Tasks\User_Feed_Synchronization-{03C56D98-5866-419D-8803-52877CBEBD6D}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Katrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Katrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{B4378362-FE6D-408B-82E4-64270E7EE215}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\s5o9taw5.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-UCam_Menu - c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdatePDIRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-02 17:06
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
Zeit der Fertigstellung: 2012-10-02 17:14:22
ComboFix-quarantined-files.txt 2012-10-02 15:14
.
Vor Suchlauf: 8 Verzeichnis(se), 136.774.529.024 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 136.445.218.816 Bytes frei
.
- - End Of File - - 9414588F4EE3BD2D73E5F33C306921E2
|
|
02.10.2012, 20:06
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.10.2012, 15:16
| #21 |
| | BKA Trojaner Hallo, GMER ist mit Fehlermeldung...reagiert nicht mehr mehrfach abgebrochen. Hier die Logdateien von OSAM und aswMBR: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:55:42 on 03.10.2012 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Apple Inc. Safari 5.0.5 (7533.21.1) Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "FacebookUpdateTaskUserS-1-5-21-1650498633-834099574-219073364-1000Core.job" - "Facebook Inc." - C:\Users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe "FacebookUpdateTaskUserS-1-5-21-1650498633-834099574-219073364-1000UA.job" - "Facebook Inc." - C:\Users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe "ReclaimerUpdateFiles_Katrin.job" - "RealNetworks, Inc." - C:\Users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe "ReclaimerUpdateXML_Katrin.job" - "RealNetworks, Inc." - C:\Users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe "RNUpgradeHelperLogonPrompt_Katrin.job" - "RealNetworks, Inc." - C:\Users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ALSysIO" (ALSysIO) - ? - C:\Users\Katrin\AppData\Local\Temp\ALSysIO.sys (File not found) "catchme" (catchme) - ? - C:\Users\Katrin\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "pxdiipob" (pxdiipob) - ? - C:\Users\Katrin\AppData\Local\Temp\pxdiipob.sys (Hidden registry entry, rootkit activity | File not found) "{55662437-DA8C-40c0-AADA-2C816A897A49}" ({55662437-DA8C-40c0-AADA-2C816A897A49}) - ? - C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {B1759355-3EEC-4C1E-B0F1-B719FE26E377} "Google Dictionary Compression filter" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Program Files\Sminst\ShellvRTF.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {0CCA191D-13A6-4E29-B746-314DEE697D83} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader5.ocx / hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab {8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab {EDFCB7CB-942C-4822-AF14-F0B687409848} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\ImageUploader4.ocx / hxxp://www.lokalisten.de/iup/ImageUploader4.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll {77BF5300-1474-4EC7-9980-D32B190E9B07} "ClsidExtension" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll {22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Facebook Update" - "Facebook Inc." - "C:\Users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver "HPAdvisor" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN "LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "CLMLServer for HP TouchSmart" - "CyberLink" - "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" "DVDAgent" - "CyberLink Corp." - "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" "HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe "HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup "QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SmartMenu" - "Hewlett-Packard" - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "TSMAgent" - "CyberLink Corp." - "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" "TVAgent" - "CyberLink Corp." - "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE "Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE "Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll "GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Program Files\SMINST\BLService.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "TV Background Capture Service (TVBCS)" (TVCapSvc) - ? - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe "TV Task Scheduler (TVTS)" (TVSched) - ? - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-03 14:56:48
-----------------------------
14:56:48.884 OS Version: Windows 6.0.6001 Service Pack 1
14:56:48.885 Number of processors: 2 586 0x170A
14:56:48.887 ComputerName: KATRIN-PC UserName: Katrin
14:56:51.111 Initialize success
14:59:24.079 AVAST engine defs: 12100301
15:00:13.707 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:00:13.712 Disk 0 Vendor: TOSHIBA_MK3252GSX LV011C Size: 305245MB BusType: 3
15:00:13.729 Disk 0 MBR read successfully
15:00:13.732 Disk 0 MBR scan
15:00:13.737 Disk 0 unknown MBR code
15:00:13.740 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294391 MB offset 63
15:00:13.774 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10850 MB offset 602914816
15:00:13.782 Disk 0 scanning sectors +625135616
15:00:13.851 Disk 0 scanning C:\Windows\system32\drivers
15:00:29.530 Service scanning
15:00:55.084 Modules scanning
15:01:06.289 Disk 0 trace - called modules:
15:01:06.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys ataport.SYS PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS dxgkrnl.sys nvlddmkm.sys
15:01:06.318 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8685f580]
15:01:06.323 3 CLASSPNP.SYS[805cf745] -> nt!IofCallDriver -> [0x8685fc48]
15:01:06.329 5 hpdskflt.sys[8b5a4f92] -> nt!IofCallDriver -> [0x85531850]
15:01:06.334 7 acpi.sys[806906a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85f28398]
15:01:08.101 AVAST engine scan C:\Windows
15:01:13.980 AVAST engine scan C:\Windows\system32
15:04:49.290 AVAST engine scan C:\Windows\system32\drivers
15:05:12.005 AVAST engine scan C:\Users\Katrin
16:02:50.487 AVAST engine scan C:\ProgramData
16:07:31.167 Scan finished successfully
16:11:06.754 Disk 0 MBR has been saved successfully to "C:\Users\Katrin\Desktop\1_Trojaner\MBR.dat"
16:11:06.760 The log file has been saved successfully to "C:\Users\Katrin\Desktop\1_Trojaner\aswMBR.txt"
|
|
03.10.2012, 19:34
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.10.2012, 20:45
| #23 |
| | BKA Trojaner Hallo, fixMBR hab ich ausgeführt und das System nochmal gescannt. Hier das Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-05 20:13:39
-----------------------------
20:13:39.261 OS Version: Windows 6.0.6001 Service Pack 1
20:13:39.261 Number of processors: 2 586 0x170A
20:13:39.262 ComputerName: KATRIN-PC UserName: Katrin
20:13:41.150 Initialize success
20:13:49.181 AVAST engine defs: 12100501
20:14:11.902 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:14:11.905 Disk 0 Vendor: TOSHIBA_MK3252GSX LV011C Size: 305245MB BusType: 3
20:14:11.952 Disk 0 MBR read successfully
20:14:11.956 Disk 0 MBR scan
20:14:11.964 Disk 0 Windows VISTA default MBR code
20:14:11.970 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294391 MB offset 63
20:14:12.009 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10850 MB offset 602914816
20:14:12.018 Disk 0 scanning sectors +625135616
20:14:12.085 Disk 0 scanning C:\Windows\system32\drivers
20:14:23.272 Service scanning
20:14:52.400 Modules scanning
20:15:00.987 Disk 0 trace - called modules:
20:15:01.023 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys ataport.SYS PCIIDEX.SYS msahci.sys
20:15:01.028 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8674e480]
20:15:01.033 3 CLASSPNP.SYS[805cd745] -> nt!IofCallDriver -> [0x8674ec48]
20:15:01.038 5 hpdskflt.sys[8b5b3f92] -> nt!IofCallDriver -> [0x85f90870]
20:15:01.043 7 acpi.sys[8068d6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8552f8e0]
20:15:02.802 AVAST engine scan C:\Windows
20:15:07.614 AVAST engine scan C:\Windows\system32
20:19:24.107 AVAST engine scan C:\Windows\system32\drivers
20:20:02.511 AVAST engine scan C:\Users\Katrin
21:21:09.542 AVAST engine scan C:\ProgramData
21:26:26.469 Scan finished successfully
21:40:03.621 Disk 0 MBR has been saved successfully to "C:\Users\Katrin\Desktop\1_Trojaner\MBR.dat"
21:40:03.628 The log file has been saved successfully to "C:\Users\Katrin\Desktop\1_Trojaner\aswMBR.txt"
NB |
|
07.10.2012, 03:52
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2012, 20:34
| #25 |
| | BKA Trojaner Hallo, habe zwischenzeitlich auch den CCleaner laufen lassen, hier die Logfiles von Antimalware und SuperantiSpyware: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.09.09 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Katrin :: KATRIN-PC [Administrator] 09.10.2012 19:11:56 mbam-log-2012-10-09 (19-11-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 468204 Laufzeit: 2 Stunde(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 10/09/2012 bei 06:53 PM
Version der Applikation : 5.6.1008
Version der Kern-Datenbank : 9366
Version der Spur-Datenbank : 7178
Scan Art : kompletter Scann
Totale Scann-Zeit : 02:38:38
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Administrator
Gescannte Speicherelemente : 688
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 37576
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 241795
Erfasste Datei-Elemente : 0
NB |
|
09.10.2012, 20:37
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Keine Funde!  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.10.2012, 15:11
| #27 |
| | BKA Trojaner Hallo, keine weiteren Unregelmäßigkeiten feststellbar. Ist mit dieser defogger noch was zu beachten, virtuelle Laufwerke hab ich keine eingebunden ? Auf jeden Fall nochmal vielen Dank für die kompetente Hilfe Gruß NB |
|
11.10.2012, 15:41
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner wenn du eh keine virtuellen Laufwerke hast kannst das mit dem defogger ignorieren Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu BKA Trojaner |
| antimalware, arbeiten, bereits, bka trojaner, bka-trojaner, folge, folgende, forum, geladen, home, home premium, logdateien, premium, troja, trojane, trojaner, vista, vista home premium |
Linear-Darstellung
