Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Trojaner 1.15 (Windows Vista)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 28.09.2012, 20:26   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Das LOg vom Fix fehlt -.-
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.09.2012, 20:29   #17
boris1
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Von allein hat es sich nicht geöffnet. Jetzt habe ich otl noch einmal gestartet, da kam dieses Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Service SYMNDISV stopped successfully!
Service SYMNDISV deleted successfully!
File  C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS File not found not found.
Service SYMFW stopped successfully!
Service SYMFW deleted successfully!
File  C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS File not found not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File  system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File  system32\DRIVERS\nwlnkflt.sys File not found not found.
Prefs.js: "search for firefox" removed from browser.search.defaultenginename
Prefs.js: "search for firefox" removed from browser.search.order.1
Prefs.js: "moz2-ytff-" removed from browser.search.param.yahoo-fr
Prefs.js: "moz2-ytff-" removed from browser.search.param.yahoo-fr-cjkt
Prefs.js: "search for firefox" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: addon@gutscheine-live.de:1.1 removed from extensions.enabledAddons
Prefs.js: finder@meingutscheincode.de:3.0.3 removed from extensions.enabledAddons
Prefs.js: ciuvo-extension@billiger.de:1.0.462 removed from extensions.enabledAddons
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Users\matthes\AppData\Roaming\mozilla\firefox\profiles\38gpdnax.default\extensions\addon@gutscheine-live.de.xpi moved successfully.
C:\Users\matthes\AppData\Roaming\mozilla\firefox\profiles\38gpdnax.default\searchplugins\safesearch.xml moved successfully.
C:\Users\matthes\AppData\Roaming\mozilla\firefox\profiles\38gpdnax.default\searchplugins\winamp-search.xml moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults\preferences folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\chrome folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\content\lib folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\content\icons\billigerde folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\content\icons folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npwachk.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A6EE5B-5AE3-4159-9134-938BCA95B753}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92A6EE5B-5AE3-4159-9134-938BCA95B753}\ deleted successfully.
C:\Program Files\billigerde\Internet Explorer\billigerde.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
C:\Program Files\Lexmark Toolbar\toolband.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-21-1437981379-4010485698-1217947183-1000\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc6e75ed-8782-11df-84a4-00238b010b31}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc6e75ed-8782-11df-84a4-00238b010b31}\ not found.
File Menu.exe not found.
========== FILES ==========
C:\Users\matthes\AppData\Roaming\inst.exe moved successfully.
C:\ProgramData\WinMaximizer\WinMaximizer\LOGS folder moved successfully.
C:\ProgramData\WinMaximizer\WinMaximizer\InstallCache\{B6796CC9-76A5-46C8-BF10-B057474FECA3} folder moved successfully.
C:\ProgramData\WinMaximizer\WinMaximizer\InstallCache folder moved successfully.
C:\ProgramData\WinMaximizer\WinMaximizer\Backup folder moved successfully.
C:\ProgramData\WinMaximizer\WinMaximizer folder moved successfully.
C:\ProgramData\WinMaximizer folder moved successfully.
File\Folder C:\Users\All Users\WinMaximizer not found.
C:\Users\matthes\AppData\Local\Microsoft\Windows\89 folder moved successfully.
File\Folder D:\xxx\Downloads\registrybooster* not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\matthes\Desktop\cmd.bat deleted successfully.
C:\Users\matthes\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
 
User: matthes
->Temp folder emptied: 1096635 bytes
->Temporary Internet Files folder emptied: 721973 bytes
->Java cache emptied: 16994011 bytes
->FireFox cache emptied: 45263032 bytes
->Flash cache emptied: 580 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 99370653 bytes
 
Total Files Cleaned = 156,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 09282012_205042

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
__________________


Alt 28.09.2012, 20:58   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
__________________

Alt 28.09.2012, 21:19   #19
boris1
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Im normalen Modus bekomme ich nur die Eieruhr zu sehen

Alt 28.09.2012, 21:31   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Dann mach es bitte im abgesicherten Modus mit Netzwerktreibern

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.09.2012, 06:55   #21
boris1
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Code:
ATTFilter
07:51:46.0075 0316  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
07:51:48.0088 0316  ============================================================
07:51:48.0088 0316  Current date / time: 2012/09/29 07:51:48.0088
07:51:48.0088 0316  SystemInfo:
07:51:48.0088 0316  
07:51:48.0088 0316  OS Version: 6.0.6002 ServicePack: 2.0
07:51:48.0088 0316  Product type: Workstation
07:51:48.0088 0316  ComputerName: MATTHES-PC
07:51:48.0088 0316  UserName: matthes
07:51:48.0088 0316  Windows directory: C:\Windows
07:51:48.0088 0316  System windows directory: C:\Windows
07:51:48.0088 0316  Processor architecture: Intel x86
07:51:48.0088 0316  Number of processors: 2
07:51:48.0088 0316  Page size: 0x1000
07:51:48.0088 0316  Boot type: Safe boot with network
07:51:48.0088 0316  ============================================================
07:51:48.0540 0316  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:51:48.0540 0316  ============================================================
07:51:48.0540 0316  \Device\Harddisk0\DR0:
07:51:48.0540 0316  MBR partitions:
07:51:48.0540 0316  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x9C18566
07:51:48.0571 0316  ============================================================
07:51:48.0634 0316  C: <-> \Device\Harddisk0\DR0\Partition1
07:51:48.0634 0316  ============================================================
07:51:48.0634 0316  Initialize success
07:51:48.0634 0316  ============================================================
07:52:26.0214 0944  ============================================================
07:52:26.0214 0944  Scan started
07:52:26.0214 0944  Mode: Manual; SigCheck; TDLFS; 
07:52:26.0214 0944  ============================================================
07:52:26.0323 0944  ================ Scan system memory ========================
07:52:26.0323 0944  System memory - ok
07:52:26.0323 0944  ================ Scan services =============================
07:52:26.0589 0944  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
07:52:26.0698 0944  ACDaemon - ok
07:52:26.0823 0944  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
07:52:26.0854 0944  ACPI - ok
07:52:26.0901 0944  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:52:26.0916 0944  AdobeARMservice - ok
07:52:26.0994 0944  [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:52:27.0010 0944  AdobeFlashPlayerUpdateSvc - ok
07:52:27.0057 0944  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
07:52:27.0088 0944  adp94xx - ok
07:52:27.0150 0944  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
07:52:27.0166 0944  adpahci - ok
07:52:27.0197 0944  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
07:52:27.0213 0944  adpu160m - ok
07:52:27.0228 0944  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
07:52:27.0244 0944  adpu320 - ok
07:52:27.0291 0944  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:52:27.0431 0944  AeLookupSvc - ok
07:52:27.0478 0944  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc             C:\Windows\system32\drivers\Afc.sys
07:52:27.0493 0944  Afc - ok
07:52:27.0540 0944  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
07:52:27.0603 0944  AFD - ok
07:52:27.0649 0944  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
07:52:27.0649 0944  agp440 - ok
07:52:27.0696 0944  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
07:52:27.0712 0944  aic78xx - ok
07:52:27.0743 0944  [ 4490B8BDF38750458EB9B24835FDA8FE ] AlfaFF          C:\Windows\system32\Drivers\AlfaFF.sys
07:52:27.0759 0944  AlfaFF - ok
07:52:27.0790 0944  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
07:52:27.0961 0944  ALG - ok
07:52:27.0977 0944  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:52:27.0977 0944  aliide - ok
07:52:27.0993 0944  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
07:52:28.0008 0944  amdagp - ok
07:52:28.0024 0944  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
07:52:28.0039 0944  amdide - ok
07:52:28.0071 0944  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
07:52:28.0149 0944  AmdK7 - ok
07:52:28.0164 0944  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
07:52:28.0195 0944  AmdK8 - ok
07:52:28.0227 0944  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
07:52:28.0289 0944  Appinfo - ok
07:52:28.0320 0944  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
07:52:28.0320 0944  arc - ok
07:52:28.0351 0944  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:52:28.0367 0944  arcsas - ok
07:52:28.0398 0944  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:52:28.0429 0944  AsyncMac - ok
07:52:28.0461 0944  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
07:52:28.0476 0944  atapi - ok
07:52:28.0523 0944  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:52:28.0570 0944  AudioEndpointBuilder - ok
07:52:28.0570 0944  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
07:52:28.0601 0944  Audiosrv - ok
07:52:28.0632 0944  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:52:28.0695 0944  Beep - ok
07:52:28.0757 0944  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
07:52:28.0804 0944  BFE - ok
07:52:28.0991 0944  [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120919.001\BHDrvx86.sys
07:52:29.0053 0944  BHDrvx86 - ok
07:52:29.0147 0944  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
07:52:29.0209 0944  BITS - ok
07:52:29.0225 0944  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
07:52:29.0256 0944  blbdrive - ok
07:52:29.0287 0944  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:52:29.0334 0944  bowser - ok
07:52:29.0381 0944  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
07:52:29.0412 0944  BrFiltLo - ok
07:52:29.0443 0944  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
07:52:29.0506 0944  BrFiltUp - ok
07:52:29.0521 0944  [ B1564976D98E91FC764D5DC28A0297DA ] Bridge          C:\Windows\system32\DRIVERS\bridge.sys
07:52:29.0568 0944  Bridge - ok
07:52:29.0599 0944  [ B1564976D98E91FC764D5DC28A0297DA ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
07:52:29.0631 0944  BridgeMP - ok
07:52:29.0677 0944  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
07:52:29.0740 0944  Browser - ok
07:52:29.0771 0944  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
07:52:29.0943 0944  Brserid - ok
07:52:29.0989 0944  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
07:52:30.0036 0944  BrSerWdm - ok
07:52:30.0067 0944  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
07:52:30.0145 0944  BrUsbMdm - ok
07:52:30.0161 0944  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
07:52:30.0208 0944  BrUsbSer - ok
07:52:30.0255 0944  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
07:52:30.0301 0944  BthEnum - ok
07:52:30.0333 0944  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
07:52:30.0379 0944  BTHMODEM - ok
07:52:30.0411 0944  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
07:52:30.0457 0944  BthPan - ok
07:52:30.0489 0944  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
07:52:30.0551 0944  BTHPORT - ok
07:52:30.0567 0944  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
07:52:30.0613 0944  BthServ - ok
07:52:30.0660 0944  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
07:52:30.0691 0944  BTHUSB - ok
07:52:30.0723 0944  [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
07:52:30.0738 0944  btwaudio - ok
07:52:30.0769 0944  [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
07:52:30.0769 0944  btwavdt - ok
07:52:30.0785 0944  [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
07:52:30.0801 0944  btwrchid - ok
07:52:30.0894 0944  [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360      C:\Windows\system32\drivers\N360\0603000.00E\ccSetx86.sys
07:52:30.0894 0944  ccSet_N360 - ok
07:52:30.0925 0944  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:52:30.0988 0944  cdfs - ok
07:52:31.0035 0944  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
07:52:31.0081 0944  cdrom - ok
07:52:31.0128 0944  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
07:52:31.0175 0944  CertPropSvc - ok
07:52:31.0206 0944  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
07:52:31.0253 0944  circlass - ok
07:52:31.0300 0944  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
07:52:31.0315 0944  CLFS - ok
07:52:31.0393 0944  [ 5CA9B1062C0C3E3AE19C23AD9D8A5048 ] CLHNService     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
07:52:31.0440 0944  CLHNService ( UnsignedFile.Multi.Generic ) - warning
07:52:31.0440 0944  CLHNService - detected UnsignedFile.Multi.Generic (1)
07:52:31.0503 0944  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:52:31.0518 0944  clr_optimization_v2.0.50727_32 - ok
07:52:31.0581 0944  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:52:31.0627 0944  clr_optimization_v4.0.30319_32 - ok
07:52:31.0659 0944  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
07:52:31.0705 0944  CmBatt - ok
07:52:31.0721 0944  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:52:31.0737 0944  cmdide - ok
07:52:31.0752 0944  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
07:52:31.0752 0944  Compbatt - ok
07:52:31.0768 0944  COMSysApp - ok
07:52:31.0846 0944  cpuz132 - ok
07:52:31.0861 0944  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
07:52:31.0877 0944  crcdisk - ok
07:52:31.0893 0944  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
07:52:31.0924 0944  Crusoe - ok
07:52:31.0971 0944  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:52:32.0017 0944  CryptSvc - ok
07:52:32.0080 0944  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:52:32.0142 0944  DcomLaunch - ok
07:52:32.0173 0944  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:52:32.0205 0944  DfsC - ok
07:52:32.0298 0944  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
07:52:32.0454 0944  DFSR - ok
07:52:32.0548 0944  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
07:52:32.0610 0944  Dhcp - ok
07:52:32.0657 0944  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
07:52:32.0673 0944  disk - ok
07:52:32.0688 0944  DKbFltr - ok
07:52:32.0719 0944  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:52:32.0766 0944  Dnscache - ok
07:52:32.0797 0944  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:52:32.0844 0944  dot3svc - ok
07:52:32.0891 0944  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
07:52:32.0938 0944  DPS - ok
07:52:32.0969 0944  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:52:33.0016 0944  drmkaud - ok
07:52:33.0063 0944  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:52:33.0094 0944  DXGKrnl - ok
07:52:33.0125 0944  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
07:52:33.0172 0944  E1G60 - ok
07:52:33.0219 0944  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
07:52:33.0250 0944  EapHost - ok
07:52:33.0281 0944  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
07:52:33.0297 0944  Ecache - ok
07:52:33.0359 0944  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
07:52:33.0375 0944  eeCtrl - ok
07:52:33.0437 0944  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:52:33.0515 0944  ehRecvr - ok
07:52:33.0531 0944  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
07:52:33.0546 0944  ehSched - ok
07:52:33.0546 0944  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
07:52:33.0593 0944  ehstart - ok
07:52:33.0655 0944  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
07:52:33.0671 0944  elxstor - ok
07:52:33.0718 0944  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
07:52:33.0780 0944  EMDMgmt - ok
07:52:33.0827 0944  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:52:33.0843 0944  EraserUtilRebootDrv - ok
07:52:33.0858 0944  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:52:33.0905 0944  ErrDev - ok
07:52:33.0967 0944  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
07:52:34.0030 0944  EventSystem - ok
07:52:34.0123 0944  [ 54B6E150BFF4A47EB0D204119D262E46 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
07:52:34.0170 0944  EvtEng ( UnsignedFile.Multi.Generic ) - warning
07:52:34.0170 0944  EvtEng - detected UnsignedFile.Multi.Generic (1)
07:52:34.0217 0944  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
07:52:34.0248 0944  exfat - ok
07:52:34.0295 0944  Fabs - ok
07:52:34.0342 0944  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:52:34.0373 0944  fastfat - ok
07:52:34.0420 0944  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
07:52:34.0482 0944  fdc - ok
07:52:34.0513 0944  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
07:52:34.0545 0944  fdPHost - ok
07:52:34.0560 0944  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:52:34.0607 0944  FDResPub - ok
07:52:34.0654 0944  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:52:34.0654 0944  FileInfo - ok
07:52:34.0685 0944  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:52:34.0716 0944  Filetrace - ok
07:52:34.0825 0944  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
07:52:35.0028 0944  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
07:52:35.0028 0944  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
07:52:35.0044 0944  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
07:52:35.0075 0944  flpydisk - ok
07:52:35.0106 0944  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:52:35.0122 0944  FltMgr - ok
07:52:35.0169 0944  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
07:52:35.0262 0944  FontCache - ok
07:52:35.0325 0944  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:52:35.0340 0944  FontCache3.0.0.0 - ok
07:52:35.0371 0944  [ 10398B515653442A5B89FDF6A1D06180 ] FsUsbExDisk     C:\Windows\system32\FsUsbExDisk.SYS
07:52:35.0387 0944  FsUsbExDisk - ok
07:52:35.0434 0944  [ 2A0D3EE7D2D42A3A812D3E6795A2382B ] FsUsbExService  C:\Windows\system32\FsUsbExService.Exe
07:52:35.0449 0944  FsUsbExService - ok
07:52:35.0465 0944  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:52:35.0512 0944  Fs_Rec - ok
07:52:35.0543 0944  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:52:35.0543 0944  gagp30kx - ok
07:52:35.0590 0944  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:52:35.0637 0944  gpsvc - ok
07:52:35.0715 0944  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
07:52:35.0730 0944  gupdate - ok
07:52:35.0746 0944  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
07:52:35.0761 0944  gupdatem - ok
07:52:35.0808 0944  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:52:35.0855 0944  HdAudAddService - ok
07:52:35.0917 0944  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
07:52:35.0995 0944  HDAudBus - ok
07:52:36.0042 0944  [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
07:52:36.0073 0944  HidBth - ok
07:52:36.0089 0944  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
07:52:36.0120 0944  HidIr - ok
07:52:36.0151 0944  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
07:52:36.0183 0944  hidserv - ok
07:52:36.0229 0944  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:52:36.0261 0944  HidUsb - ok
07:52:36.0307 0944  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:52:36.0354 0944  hkmsvc - ok
07:52:36.0385 0944  [ D308726110A6011514DCDFC6E3FC21F2 ] hotcore3        C:\Windows\system32\DRIVERS\hotcore3.sys
07:52:36.0385 0944  hotcore3 - ok
07:52:36.0432 0944  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
07:52:36.0448 0944  HpCISSs - ok
07:52:36.0510 0944  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
07:52:36.0573 0944  HSFHWAZL - ok
07:52:36.0619 0944  [ FADD7095163CB3CB4073793EBB50FE75 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
07:52:36.0744 0944  HSF_DPV - ok
07:52:36.0791 0944  [ 058783BEDD17615D1FECE09F77960436 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
07:52:36.0822 0944  HSXHWAZL - ok
07:52:36.0838 0944  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:52:36.0916 0944  HTTP - ok
07:52:36.0947 0944  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
07:52:36.0947 0944  i2omp - ok
07:52:37.0009 0944  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
07:52:37.0041 0944  i8042prt - ok
07:52:37.0103 0944  [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
07:52:37.0119 0944  IAANTMON - ok
07:52:37.0181 0944  [ 707C1692214B1C290271067197F075F6 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
07:52:37.0197 0944  iaStor - ok
07:52:37.0212 0944  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
07:52:37.0228 0944  iaStorV - ok
07:52:37.0275 0944  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:52:37.0321 0944  idsvc - ok
07:52:37.0415 0944  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120921.001\IDSvix86.sys
07:52:37.0446 0944  IDSVix86 - ok
07:52:37.0618 0944  [ 33FFC1E1117C4BE00A07AEDD72AE68B1 ] IGBASVC         C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
07:52:37.0789 0944  IGBASVC ( UnsignedFile.Multi.Generic ) - warning
07:52:37.0789 0944  IGBASVC - detected UnsignedFile.Multi.Generic (1)
07:52:37.0821 0944  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
07:52:37.0836 0944  iirsp - ok
07:52:37.0883 0944  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
07:52:37.0930 0944  IKEEXT - ok
07:52:37.0992 0944  [ 219CA9A36D6DE2EC04F958C907673436 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
07:52:38.0226 0944  IntcAzAudAddService - ok
07:52:38.0257 0944  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:52:38.0273 0944  intelide - ok
07:52:38.0304 0944  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:52:38.0351 0944  intelppm - ok
07:52:38.0382 0944  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:52:38.0429 0944  IPBusEnum - ok
07:52:38.0476 0944  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:52:38.0523 0944  IpFilterDriver - ok
07:52:38.0569 0944  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:52:38.0616 0944  iphlpsvc - ok
07:52:38.0616 0944  IpInIp - ok
07:52:38.0647 0944  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
07:52:38.0679 0944  IPMIDRV - ok
07:52:38.0679 0944  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
07:52:38.0741 0944  IPNAT - ok
07:52:38.0757 0944  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:52:38.0788 0944  IRENUM - ok
07:52:38.0819 0944  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:52:38.0819 0944  isapnp - ok
07:52:38.0866 0944  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
07:52:38.0881 0944  iScsiPrt - ok
07:52:38.0897 0944  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
07:52:38.0913 0944  iteatapi - ok
07:52:38.0928 0944  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
07:52:38.0944 0944  iteraid - ok
07:52:38.0959 0944  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:52:38.0975 0944  kbdclass - ok
07:52:39.0053 0944  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
07:52:39.0084 0944  kbdhid - ok
07:52:39.0100 0944  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
07:52:39.0147 0944  KeyIso - ok
07:52:39.0193 0944  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:52:39.0225 0944  KSecDD - ok
07:52:39.0256 0944  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:52:39.0287 0944  KtmRm - ok
07:52:39.0443 0944  [ 24ABDDEB766C8459F9D562EB083B6CB8 ] L1E             C:\Windows\system32\DRIVERS\L1E60x86.sys
07:52:39.0490 0944  L1E - ok
07:52:39.0521 0944  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
07:52:39.0583 0944  LanmanServer - ok
07:52:39.0630 0944  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:52:39.0661 0944  LanmanWorkstation - ok
07:52:39.0724 0944  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:52:39.0739 0944  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
07:52:39.0739 0944  LightScribeService - detected UnsignedFile.Multi.Generic (1)
07:52:39.0771 0944  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:52:39.0817 0944  lltdio - ok
07:52:39.0864 0944  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:52:39.0895 0944  lltdsvc - ok
07:52:39.0911 0944  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:52:39.0973 0944  lmhosts - ok
07:52:39.0989 0944  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
07:52:40.0005 0944  LSI_FC - ok
07:52:40.0036 0944  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
07:52:40.0051 0944  LSI_SAS - ok
07:52:40.0067 0944  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:52:40.0083 0944  LSI_SCSI - ok
07:52:40.0098 0944  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
07:52:40.0145 0944  luafv - ok
07:52:40.0223 0944  [ 2349335A8033FD9834D1C401EAE1C9BF ] lxeaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
07:52:40.0254 0944  lxeaCATSCustConnectService - ok
07:52:40.0270 0944  lxea_device - ok
07:52:40.0301 0944  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
07:52:40.0317 0944  MBAMProtector - ok
07:52:40.0395 0944  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:52:40.0410 0944  MBAMScheduler - ok
07:52:40.0488 0944  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:52:40.0535 0944  MBAMService - ok
07:52:40.0597 0944  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:52:40.0597 0944  Mcx2Svc - ok
07:52:40.0629 0944  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
07:52:40.0660 0944  mdmxsdk - ok
07:52:40.0707 0944  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
07:52:40.0707 0944  megasas - ok
07:52:40.0738 0944  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
07:52:40.0753 0944  MegaSR - ok
07:52:40.0816 0944  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
07:52:40.0847 0944  MMCSS - ok
07:52:40.0878 0944  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
07:52:40.0909 0944  Modem - ok
07:52:40.0909 0944  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:52:40.0956 0944  monitor - ok
07:52:40.0987 0944  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:52:41.0003 0944  mouclass - ok
07:52:41.0003 0944  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:52:41.0050 0944  mouhid - ok
07:52:41.0081 0944  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
07:52:41.0097 0944  MountMgr - ok
07:52:41.0128 0944  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:52:41.0143 0944  MozillaMaintenance - ok
07:52:41.0175 0944  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:52:41.0190 0944  mpio - ok
07:52:41.0190 0944  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:52:41.0237 0944  mpsdrv - ok
07:52:41.0268 0944  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:52:41.0299 0944  MpsSvc - ok
07:52:41.0346 0944  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
07:52:41.0346 0944  Mraid35x - ok
07:52:41.0377 0944  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:52:41.0424 0944  MRxDAV - ok
07:52:41.0440 0944  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:52:41.0487 0944  mrxsmb - ok
07:52:41.0533 0944  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:52:41.0565 0944  mrxsmb10 - ok
07:52:41.0596 0944  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:52:41.0627 0944  mrxsmb20 - ok
07:52:41.0674 0944  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
07:52:41.0689 0944  msahci - ok
07:52:41.0705 0944  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:52:41.0721 0944  msdsm - ok
07:52:41.0752 0944  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
07:52:41.0783 0944  MSDTC - ok
07:52:41.0814 0944  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:52:41.0845 0944  Msfs - ok
07:52:41.0877 0944  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:52:41.0892 0944  msisadrv - ok
07:52:41.0923 0944  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:52:41.0970 0944  MSiSCSI - ok
07:52:41.0970 0944  msiserver - ok
07:52:42.0001 0944  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:52:42.0048 0944  MSKSSRV - ok
07:52:42.0064 0944  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:52:42.0111 0944  MSPCLOCK - ok
07:52:42.0111 0944  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:52:42.0157 0944  MSPQM - ok
07:52:42.0204 0944  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:52:42.0220 0944  MsRPC - ok
07:52:42.0235 0944  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
07:52:42.0251 0944  mssmbios - ok
07:52:42.0251 0944  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:52:42.0298 0944  MSTEE - ok
07:52:42.0329 0944  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
07:52:42.0329 0944  Mup - ok
07:52:42.0391 0944  [ F2840DBFE9322F35557219AE82CC4597 ] N360            C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
07:52:42.0407 0944  N360 - ok
07:52:42.0438 0944  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
07:52:42.0485 0944  napagent - ok
07:52:42.0516 0944  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:52:42.0547 0944  NativeWifiP - ok
07:52:42.0641 0944  [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120922.008\NAVENG.SYS
07:52:42.0657 0944  NAVENG - ok
07:52:42.0703 0944  [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120922.008\NAVEX15.SYS
07:52:42.0781 0944  NAVEX15 - ok
07:52:42.0859 0944  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:52:42.0891 0944  NDIS - ok
07:52:42.0922 0944  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:52:42.0953 0944  NdisTapi - ok
07:52:42.0969 0944  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:52:43.0000 0944  Ndisuio - ok
07:52:43.0031 0944  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:52:43.0062 0944  NdisWan - ok
07:52:43.0109 0944  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:52:43.0156 0944  NDProxy - ok
07:52:43.0187 0944  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:52:43.0203 0944  NetBIOS - ok
07:52:43.0234 0944  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
07:52:43.0281 0944  netbt - ok
07:52:43.0312 0944  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
07:52:43.0312 0944  Netlogon - ok
07:52:43.0359 0944  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
07:52:43.0390 0944  Netman - ok
07:52:43.0421 0944  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
07:52:43.0452 0944  netprofm - ok
07:52:43.0483 0944  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:52:43.0499 0944  NetTcpPortSharing - ok
07:52:43.0608 0944  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
07:52:43.0827 0944  NETw5v32 - ok
07:52:43.0842 0944  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
07:52:43.0858 0944  nfrd960 - ok
07:52:43.0889 0944  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:52:43.0920 0944  NlaSvc - ok
07:52:43.0951 0944  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:52:43.0967 0944  Npfs - ok
07:52:43.0983 0944  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
07:52:44.0029 0944  nsi - ok
07:52:44.0061 0944  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:52:44.0107 0944  nsiproxy - ok
07:52:44.0154 0944  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:52:44.0217 0944  Ntfs - ok
07:52:44.0263 0944  [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
07:52:44.0279 0944  NTIDrvr - ok
07:52:44.0357 0944  [ 547BFA3591C70674B0BFC99354AB78B3 ] NTIPPKernel     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
07:52:44.0373 0944  NTIPPKernel ( UnsignedFile.Multi.Generic ) - warning
07:52:44.0373 0944  NTIPPKernel - detected UnsignedFile.Multi.Generic (1)
07:52:44.0388 0944  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
07:52:44.0451 0944  ntrigdigi - ok
07:52:44.0466 0944  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
07:52:44.0513 0944  Null - ok
07:52:44.0575 0944  [ 2C7AC27710E8D41C1EB7D1599187D237 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
07:52:44.0591 0944  NVHDA - ok
07:52:44.0763 0944  [ CB0D6F8F65B8766FF2AAAA78881FD9F8 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:52:45.0137 0944  nvlddmkm - ok
07:52:45.0168 0944  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:52:45.0184 0944  nvraid - ok
07:52:45.0215 0944  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:52:45.0231 0944  nvstor - ok
07:52:45.0246 0944  [ 15315BB51E9025FE41B482681C6E7BA2 ] nvsvc           C:\Windows\system32\nvvsvc.exe
07:52:45.0262 0944  nvsvc - ok
07:52:45.0293 0944  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:52:45.0309 0944  nv_agp - ok
07:52:45.0324 0944  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:52:45.0371 0944  ohci1394 - ok
07:52:45.0449 0944  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
07:52:45.0511 0944  p2pimsvc - ok
07:52:45.0527 0944  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
07:52:45.0558 0944  p2psvc - ok
07:52:45.0605 0944  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
07:52:45.0667 0944  Parport - ok
07:52:45.0730 0944  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:52:45.0730 0944  partmgr - ok
07:52:45.0761 0944  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
07:52:45.0808 0944  Parvdm - ok
07:52:45.0839 0944  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:52:45.0870 0944  PcaSvc - ok
07:52:45.0901 0944  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
07:52:45.0917 0944  pci - ok
07:52:45.0948 0944  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
07:52:45.0948 0944  pciide - ok
07:52:45.0979 0944  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:52:45.0995 0944  pcmcia - ok
07:52:46.0011 0944  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
07:52:46.0073 0944  pcouffin - ok
07:52:46.0120 0944  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:52:46.0213 0944  PEAUTH - ok
07:52:46.0260 0944  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
07:52:46.0338 0944  pla - ok
07:52:46.0401 0944  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:52:46.0447 0944  PlugPlay - ok
07:52:46.0494 0944  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
07:52:46.0557 0944  PNRPAutoReg - ok
07:52:46.0619 0944  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
07:52:46.0650 0944  PNRPsvc - ok
07:52:46.0744 0944  [ 94CE8D68338E72B915468D10ECEF07BE ] Polar Daemon    C:\Program Files\Polar\Daemon\polard.exe
07:52:46.0759 0944  Polar Daemon ( UnsignedFile.Multi.Generic ) - warning
07:52:46.0759 0944  Polar Daemon - detected UnsignedFile.Multi.Generic (1)
07:52:46.0791 0944  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:52:46.0853 0944  PolicyAgent - ok
07:52:46.0884 0944  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:52:46.0931 0944  PptpMiniport - ok
07:52:46.0947 0944  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
07:52:46.0993 0944  Processor - ok
07:52:47.0009 0944  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
07:52:47.0040 0944  ProfSvc - ok
07:52:47.0056 0944  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
07:52:47.0071 0944  ProtectedStorage - ok
07:52:47.0103 0944  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
07:52:47.0118 0944  PSched - ok
07:52:47.0181 0944  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
07:52:47.0243 0944  ql2300 - ok
07:52:47.0274 0944  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
07:52:47.0274 0944  ql40xx - ok
07:52:47.0305 0944  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
07:52:47.0352 0944  QWAVE - ok
07:52:47.0368 0944  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:52:47.0415 0944  QWAVEdrv - ok
07:52:47.0461 0944  [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
07:52:47.0508 0944  RapiMgr - ok
07:52:47.0524 0944  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:52:47.0555 0944  RasAcd - ok
07:52:47.0586 0944  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
07:52:47.0602 0944  RasAuto - ok
07:52:47.0633 0944  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:52:47.0680 0944  Rasl2tp - ok
07:52:47.0711 0944  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
07:52:47.0773 0944  RasMan - ok
07:52:47.0789 0944  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:52:47.0836 0944  RasPppoe - ok
07:52:47.0867 0944  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:52:47.0883 0944  RasSstp - ok
07:52:47.0914 0944  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:52:47.0961 0944  rdbss - ok
07:52:47.0992 0944  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:52:48.0039 0944  RDPCDD - ok
07:52:48.0070 0944  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
07:52:48.0101 0944  rdpdr - ok
07:52:48.0101 0944  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:52:48.0132 0944  RDPENCDD - ok
07:52:48.0195 0944  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:52:48.0226 0944  RDPWD - ok
07:52:48.0335 0944  [ 3FF45B7F17D5837216ABAE652CC61540 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
07:52:48.0366 0944  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
07:52:48.0366 0944  RegSrvc - detected UnsignedFile.Multi.Generic (1)
07:52:48.0413 0944  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:52:48.0444 0944  RemoteAccess - ok
07:52:48.0475 0944  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:52:48.0522 0944  RemoteRegistry - ok
07:52:48.0569 0944  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
07:52:48.0600 0944  RFCOMM - ok
07:52:48.0663 0944  [ D1F1D0EE50F8C070A612796676971699 ] RichVideo       C:\Program Files\Cyberlink\Shared files\RichVideo.exe
07:52:48.0678 0944  RichVideo ( UnsignedFile.Multi.Generic ) - warning
07:52:48.0678 0944  RichVideo - detected UnsignedFile.Multi.Generic (1)
07:52:48.0694 0944  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
07:52:48.0725 0944  RpcLocator - ok
07:52:48.0756 0944  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
07:52:48.0787 0944  RpcSs - ok
07:52:48.0850 0944  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:52:48.0881 0944  rspndr - ok
07:52:48.0897 0944  [ 7A4F79DF3793160B280CDE152B61FE33 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
07:52:48.0912 0944  RTSTOR - ok
07:52:48.0943 0944  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
07:52:48.0959 0944  SamSs - ok
07:52:48.0990 0944  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:52:49.0006 0944  sbp2port - ok
07:52:49.0037 0944  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:52:49.0084 0944  SCardSvr - ok
07:52:49.0131 0944  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
07:52:49.0177 0944  Schedule - ok
07:52:49.0224 0944  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:52:49.0240 0944  SCPolicySvc - ok
07:52:49.0271 0944  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:52:49.0302 0944  SDRSVC - ok
07:52:49.0333 0944  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:52:49.0396 0944  secdrv - ok
07:52:49.0427 0944  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
07:52:49.0474 0944  seclogon - ok
07:52:49.0505 0944  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
07:52:49.0552 0944  SENS - ok
07:52:49.0583 0944  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
07:52:49.0645 0944  Serenum - ok
07:52:49.0677 0944  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
07:52:49.0723 0944  Serial - ok
07:52:49.0739 0944  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
07:52:49.0755 0944  sermouse - ok
07:52:49.0801 0944  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
07:52:49.0848 0944  SessionEnv - ok
07:52:49.0848 0944  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:52:49.0895 0944  sffdisk - ok
07:52:49.0911 0944  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:52:49.0942 0944  sffp_mmc - ok
07:52:49.0957 0944  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:52:49.0989 0944  sffp_sd - ok
07:52:50.0004 0944  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
07:52:50.0051 0944  sfloppy - ok
07:52:50.0082 0944  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:52:50.0113 0944  SharedAccess - ok
07:52:50.0145 0944  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:52:50.0191 0944  ShellHWDetection - ok
07:52:50.0223 0944  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
07:52:50.0238 0944  sisagp - ok
07:52:50.0269 0944  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
07:52:50.0285 0944  SiSRaid2 - ok
07:52:50.0301 0944  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:52:50.0316 0944  SiSRaid4 - ok
07:52:50.0363 0944  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
07:52:50.0363 0944  SkypeUpdate - ok
07:52:50.0472 0944  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
07:52:50.0659 0944  slsvc - ok
07:52:50.0691 0944  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
07:52:50.0737 0944  SLUINotify - ok
07:52:50.0769 0944  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:52:50.0800 0944  Smb - ok
07:52:50.0815 0944  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:52:50.0847 0944  SNMPTRAP - ok
07:52:50.0878 0944  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
07:52:50.0893 0944  spldr - ok
07:52:50.0909 0944  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
07:52:50.0956 0944  Spooler - ok
07:52:51.0034 0944  [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP           C:\Windows\System32\Drivers\N360\0603000.00E\SRTSP.SYS
07:52:51.0049 0944  SRTSP - ok
07:52:51.0065 0944  [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX          C:\Windows\system32\drivers\N360\0603000.00E\SRTSPX.SYS
07:52:51.0081 0944  SRTSPX - ok
07:52:51.0127 0944  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:52:51.0174 0944  srv - ok
07:52:51.0205 0944  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:52:51.0283 0944  srv2 - ok
07:52:51.0315 0944  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:52:51.0330 0944  srvnet - ok
07:52:51.0361 0944  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:52:51.0424 0944  SSDPSRV - ok
07:52:51.0455 0944  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:52:51.0502 0944  SstpSvc - ok
07:52:51.0549 0944  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
07:52:51.0595 0944  stisvc - ok
07:52:51.0627 0944  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
07:52:51.0642 0944  swenum - ok
07:52:51.0673 0944  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
07:52:51.0720 0944  swprv - ok
07:52:51.0736 0944  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
07:52:51.0751 0944  Symc8xx - ok
07:52:51.0783 0944  [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS           C:\Windows\system32\drivers\N360\0603000.00E\SYMDS.SYS
07:52:51.0814 0944  SymDS - ok
07:52:51.0907 0944  [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA          C:\Windows\system32\drivers\N360\0603000.00E\SYMEFA.SYS
07:52:51.0954 0944  SymEFA - ok
07:52:52.0032 0944  [ 74E2521E96176A4449570E50BE91954D ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
07:52:52.0048 0944  SymEvent - ok
07:52:52.0079 0944  [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON         C:\Windows\system32\drivers\N360\0603000.00E\Ironx86.SYS
07:52:52.0095 0944  SymIRON - ok
07:52:52.0110 0944  [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv         C:\Windows\System32\Drivers\N360\0603000.00E\SYMTDIV.SYS
07:52:52.0126 0944  SYMTDIv - ok
07:52:52.0157 0944  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
07:52:52.0157 0944  Sym_hi - ok
07:52:52.0173 0944  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
07:52:52.0188 0944  Sym_u3 - ok
07:52:52.0219 0944  [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
07:52:52.0235 0944  SynTP - ok
07:52:52.0251 0944  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
07:52:52.0313 0944  SysMain - ok
07:52:52.0344 0944  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:52:52.0375 0944  TabletInputService - ok
07:52:52.0407 0944  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:52:52.0438 0944  TapiSrv - ok
07:52:52.0469 0944  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
07:52:52.0485 0944  TBS - ok
07:52:52.0609 0944  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:52:52.0656 0944  Tcpip - ok
07:52:52.0703 0944  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
07:52:52.0734 0944  Tcpip6 - ok
07:52:52.0781 0944  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:52:52.0843 0944  tcpipreg - ok
07:52:52.0859 0944  [ 72B9E77565DA5FA564581976E000D29B ] TcUsb           C:\Windows\system32\Drivers\tcusb.sys
07:52:52.0875 0944  TcUsb - ok
07:52:52.0906 0944  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:52:52.0937 0944  TDPIPE - ok
07:52:52.0953 0944  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:52:52.0984 0944  TDTCP - ok
07:52:53.0015 0944  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:52:53.0031 0944  tdx - ok
07:52:53.0140 0944  [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
07:52:53.0249 0944  TeamViewer7 - ok
07:52:53.0296 0944  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
07:52:53.0311 0944  TermDD - ok
07:52:53.0343 0944  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
07:52:53.0389 0944  TermService - ok
07:52:53.0436 0944  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
07:52:53.0452 0944  Themes - ok
07:52:53.0467 0944  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
07:52:53.0499 0944  THREADORDER - ok
07:52:53.0530 0944  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
07:52:53.0592 0944  TrkWks - ok
07:52:53.0639 0944  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:52:53.0670 0944  TrustedInstaller - ok
07:52:53.0686 0944  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:52:53.0717 0944  tssecsrv - ok
07:52:53.0733 0944  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
07:52:53.0748 0944  tunmp - ok
07:52:53.0779 0944  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:52:53.0811 0944  tunnel - ok
07:52:53.0857 0944  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:52:53.0857 0944  uagp35 - ok
07:52:53.0889 0944  [ F763E070843EE2803DE1395002B42938 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
07:52:53.0904 0944  UBHelper - ok
07:52:53.0935 0944  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:52:53.0982 0944  udfs - ok
07:52:54.0013 0944  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:52:54.0060 0944  UI0Detect - ok
07:52:54.0091 0944  [ 78B63388550028AED6C52F843ABF6000 ] UimBus          C:\Windows\system32\DRIVERS\UimBus.sys
07:52:54.0107 0944  UimBus - ok
07:52:54.0123 0944  [ 3412EFAF3CB0B6C21818A3C407714CA1 ] Uim_IM          C:\Windows\system32\Drivers\Uim_IM.sys
07:52:54.0138 0944  Uim_IM - ok
07:52:54.0138 0944  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:52:54.0154 0944  uliagpkx - ok
07:52:54.0185 0944  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
07:52:54.0201 0944  uliahci - ok
07:52:54.0216 0944  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
07:52:54.0232 0944  UlSata - ok
07:52:54.0232 0944  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
07:52:54.0247 0944  ulsata2 - ok
07:52:54.0263 0944  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
07:52:54.0310 0944  umbus - ok
07:52:54.0357 0944  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
07:52:54.0403 0944  upnphost - ok
07:52:54.0435 0944  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:52:54.0450 0944  usbccgp - ok
07:52:54.0481 0944  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:52:54.0544 0944  usbcir - ok
07:52:54.0591 0944  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
07:52:54.0606 0944  usbehci - ok
07:52:54.0637 0944  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:52:54.0653 0944  usbhub - ok
07:52:54.0669 0944  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
07:52:54.0747 0944  usbohci - ok
07:52:54.0778 0944  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:52:54.0825 0944  usbprint - ok
07:52:54.0856 0944  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
07:52:54.0887 0944  usbscan - ok
07:52:54.0887 0944  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:52:54.0934 0944  USBSTOR - ok
07:52:54.0965 0944  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
07:52:55.0012 0944  usbuhci - ok
07:52:55.0043 0944  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
07:52:55.0090 0944  usbvideo - ok
07:52:55.0105 0944  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
07:52:55.0152 0944  UxSms - ok
07:52:55.0199 0944  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
07:52:55.0230 0944  vds - ok
07:52:55.0261 0944  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:52:55.0308 0944  vga - ok
07:52:55.0339 0944  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:52:55.0371 0944  VgaSave - ok
07:52:55.0386 0944  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
07:52:55.0402 0944  viaagp - ok
07:52:55.0433 0944  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
07:52:55.0449 0944  ViaC7 - ok
07:52:55.0480 0944  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
07:52:55.0495 0944  viaide - ok
07:52:55.0511 0944  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:52:55.0527 0944  volmgr - ok
07:52:55.0558 0944  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:52:55.0573 0944  volmgrx - ok
07:52:55.0605 0944  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:52:55.0636 0944  volsnap - ok
07:52:55.0667 0944  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
07:52:55.0667 0944  vsmraid - ok
07:52:55.0729 0944  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
07:52:55.0807 0944  VSS - ok
07:52:55.0823 0944  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
07:52:55.0854 0944  W32Time - ok
07:52:55.0870 0944  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
07:52:55.0917 0944  WacomPen - ok
07:52:55.0917 0944  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
07:52:55.0963 0944  Wanarp - ok
07:52:55.0963 0944  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:52:55.0979 0944  Wanarpv6 - ok
07:52:56.0026 0944  [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
07:52:56.0057 0944  WcesComm - ok
07:52:56.0073 0944  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:52:56.0119 0944  wcncsvc - ok
07:52:56.0151 0944  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:52:56.0182 0944  WcsPlugInService - ok
07:52:56.0197 0944  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
07:52:56.0213 0944  Wd - ok
07:52:56.0260 0944  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:52:56.0291 0944  Wdf01000 - ok
07:52:56.0291 0944  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:52:56.0322 0944  WdiServiceHost - ok
07:52:56.0338 0944  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:52:56.0353 0944  WdiSystemHost - ok
07:52:56.0400 0944  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
07:52:56.0447 0944  WebClient - ok
07:52:56.0478 0944  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:52:56.0556 0944  Wecsvc - ok
07:52:56.0572 0944  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:52:56.0603 0944  wercplsupport - ok
07:52:56.0619 0944  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:52:56.0650 0944  WerSvc - ok
07:52:56.0665 0944  [ BB9CBAF6AC20452B245C324F1F50EE81 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
07:52:56.0712 0944  winachsf - ok
07:52:56.0759 0944  [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir      C:\Windows\system32\DRIVERS\winbondcir.sys
07:52:56.0806 0944  winbondcir - ok
07:52:56.0853 0944  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
07:52:56.0868 0944  WinDefend - ok
07:52:56.0884 0944  WinHttpAutoProxySvc - ok
07:52:56.0931 0944  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:52:56.0962 0944  Winmgmt - ok
07:52:57.0009 0944  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
07:52:57.0118 0944  WinRM - ok
07:52:57.0165 0944  [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb          C:\Windows\system32\DRIVERS\WinUSB.SYS
07:52:57.0180 0944  winusb - ok
07:52:57.0227 0944  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:52:57.0274 0944  Wlansvc - ok
07:52:57.0321 0944  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
07:52:57.0352 0944  WmiAcpi - ok
07:52:57.0399 0944  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:52:57.0445 0944  wmiApSrv - ok
07:52:57.0508 0944  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
07:52:57.0617 0944  WMPNetworkSvc - ok
07:52:57.0648 0944  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:52:57.0695 0944  WPCSvc - ok
07:52:57.0726 0944  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:52:57.0773 0944  WPDBusEnum - ok
07:52:57.0804 0944  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
07:52:57.0835 0944  WpdUsb - ok
07:52:57.0945 0944  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:52:57.0991 0944  WPFFontCache_v0400 - ok
07:52:58.0007 0944  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:52:58.0085 0944  ws2ifsl - ok
07:52:58.0116 0944  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
07:52:58.0132 0944  wscsvc - ok
07:52:58.0147 0944  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
07:52:58.0179 0944  WSDPrintDevice - ok
07:52:58.0194 0944  WSearch - ok
07:52:58.0257 0944  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
07:52:58.0350 0944  wuauserv - ok
07:52:58.0397 0944  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:52:58.0444 0944  WUDFRd - ok
07:52:58.0459 0944  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:52:58.0491 0944  wudfsvc - ok
07:52:58.0522 0944  [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
07:52:58.0553 0944  XAudio - ok
07:52:58.0584 0944  [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
07:52:58.0631 0944  XAudioService - ok
07:52:58.0693 0944  [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
07:52:58.0693 0944  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
07:52:58.0709 0944  ================ Scan global ===============================
07:52:58.0725 0944  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
07:52:58.0756 0944  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
07:52:58.0771 0944  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
07:52:58.0818 0944  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
07:52:58.0818 0944  [Global] - ok
07:52:58.0818 0944  ================ Scan MBR ==================================
07:52:58.0834 0944  [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0
07:52:59.0770 0944  \Device\Harddisk0\DR0 - ok
07:52:59.0770 0944  ================ Scan VBR ==================================
07:52:59.0770 0944  [ C78215C9610E1A165B5C79393A5C1655 ] \Device\Harddisk0\DR0\Partition1
07:52:59.0770 0944  \Device\Harddisk0\DR0\Partition1 - ok
07:52:59.0770 0944  ============================================================
07:52:59.0770 0944  Scan finished
07:52:59.0770 0944  ============================================================
07:52:59.0785 1224  Detected object count: 9
07:52:59.0785 1224  Actual detected object count: 9
07:53:35.0431 1224  CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0431 1224  CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:53:35.0431 1224  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0431 1224  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:53:35.0463 1224  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0463 1224  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:53:35.0463 1224  IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0463 1224  IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:53:35.0463 1224  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0463 1224  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:53:35.0463 1224  NTIPPKernel ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0463 1224  NTIPPKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:53:35.0463 1224  Polar Daemon ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0463 1224  Polar Daemon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:53:35.0478 1224  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0478 1224  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:53:35.0478 1224  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0478 1224  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 01.10.2012, 09:52   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.10.2012, 10:27   #23
boris1
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Konnte den PC nicht im normalen Modus starten, bekam nach dem hochfahren statt des Desktops einen schwarzen Bildschirm zu sehen.
Im abgesicherten Modus klappt es, hier die LOG Datei:

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-09-30.03 - matthes 01.10.2012  11:00:20.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2577 [GMT 2:00]
ausgeführt von:: c:\users\matthes\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\programdata\Roaming
c:\programdata\SPL21D2.tmp
c:\programdata\SPL52A6.tmp
c:\programdata\SPL86C3.tmp
c:\programdata\SPLC0DC.tmp
c:\programdata\SPLCADC.tmp
c:\programdata\SPLCD26.tmp
c:\programdata\SPLD9CA.tmp
c:\programdata\SPLDAC4.tmp
c:\programdata\SPLDBFC.tmp
c:\programdata\SPLF8FE.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\wininit.dll
E:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-01 bis 2012-10-01  ))))))))))))))))))))))))))))))
.
.
2012-09-28 18:50 . 2012-09-28 18:50	--------	d-----w-	C:\_OTL
2012-09-27 14:35 . 2012-09-27 14:35	--------	d-----w-	c:\program files\ESET
2012-09-25 19:59 . 2012-09-25 19:59	--------	d-----w-	c:\program files\CCleaner
2012-09-25 17:36 . 2012-09-25 17:36	--------	d-----w-	c:\users\matthes\AppData\Roaming\Malwarebytes
2012-09-25 17:36 . 2012-09-25 17:36	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-25 17:36 . 2012-09-25 17:36	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-25 17:36 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-17 17:15 . 2012-09-20 14:44	--------	d-----w-	c:\users\matthes\Ordnerdeckblätter
2012-09-11 12:27 . 2012-09-12 12:53	--------	d-----w-	c:\windows\system32\Samsung_USB_Drivers
2012-09-11 09:03 . 2012-09-11 09:03	73696	----a-w-	c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 17:49 . 2012-05-11 13:11	696240	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-20 17:49 . 2011-06-09 12:43	73136	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 15:46 . 2010-03-07 09:45	47360	----a-w-	c:\users\matthes\AppData\Roaming\pcouffin.sys
2012-07-06 02:17 . 2012-08-15 08:00	574112	----a-w-	c:\windows\system32\drivers\N360\0603000.00E\srtsp.sys
2012-07-06 02:17 . 2012-08-15 08:00	32928	----a-w-	c:\windows\system32\drivers\N360\0603000.00E\srtspx.sys
2012-07-04 14:02 . 2012-08-17 11:18	2047488	----a-w-	c:\windows\system32\win32k.sys
2004-07-09 03:08 . 2004-07-09 03:08	472576	----a-w-	c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08	2242560	----a-w-	c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03	62976	----a-w-	c:\program files\DSETUP.dll
2012-09-11 09:03 . 2011-04-11 15:27	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2008-06-30 12:44 . 2009-12-13 21:53	324976	----a-w-	c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72}]
2010-01-26 14:52	192512	----a-w-	c:\users\matthes\AppData\Roaming\AdobeReader\IE\AdobeReader.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2009-04-29 139944]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\matthes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-28 10:38	3197952	----a-w-	c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 14:24	567560	----a-w-	c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\Acer\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-07-24 14:54	147456	------w-	c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-24 14:54	167936	------w-	c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 10:00	49152	----a-w-	c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-07-18 15:04	167936	------w-	c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07	252296	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]
2008-10-28 10:38	3676160	----a-w-	c:\program files\Acer\Acer Bio Protection\PdtWzd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1437981379-4010485698-1217947183-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 17:50]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 18:35]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 18:35]
.
2012-09-25 c:\windows\Tasks\User_Feed_Synchronization-{52A60082-F11F-4DC0-815C-41B71B2E7AD3}.job
- c:\windows\system32\msfeedssync.exe [2012-09-22 08:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{603D3CE5-33BC-4d51-A31E-613A2B826E21} - c:\users\matthes\AppData\Roaming\IEButtons\toolbutton2.js
IE: {{804420A5-7F05-4ee9-92F2-D2B644AD9102} - c:\users\matthes\AppData\Roaming\IEButtons\toolbutton3.js
IE: {{C376BD23-6DC3-4e10-9ED0-AB8C0444E45C} - c:\users\matthes\AppData\Roaming\IEButtons\toolbutton1.js
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\matthes\AppData\Roaming\Mozilla\Firefox\Profiles\38gpdnax.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
HKCU-Run-SearchIndexer - c:\users\matthes\AppData\Local\Microsoft\Windows\89\SearchIndexer.exe
MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
MSConfigStartUp-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
AddRemove-sv.net - e:\sozial~1.hls\svnet\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-01 11:21
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1408)
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\helppane.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-01  11:23:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-01 09:23
.
Vor Suchlauf: 18 Verzeichnis(se), 33.673.388.032 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 33.296.908.288 Bytes frei
.
- - End Of File - - E539618963764A787E48D3DF4FB3384F
         
--- --- ---

Alt 01.10.2012, 13:35   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.10.2012, 16:41   #25
boris1
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-01 16:05:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0303
Running: 7jr8d694.exe; Driver: C:\Users\matthes\AppData\Local\Temp\kxriifow.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [74AD7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [74B1B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [74ADBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [74ACF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [74AD75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [74ACE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74B073F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [74ADDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [74ACFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [74ACFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [74AC71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [74B5CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [74AFC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [74ACD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [74AC6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [74AC687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [74AD2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                               hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                               hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                               hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                               hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                               hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ddfef6                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ddfef6@001ee29f991a             0x9B 0x60 0xDD 0xE0 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ddfef6@60a10a10ad8a             0x0D 0x03 0x14 0x27 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ddfef6 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ddfef6@001ee29f991a                 0x9B 0x60 0xDD 0xE0 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ddfef6@60a10a10ad8a                 0x0D 0x03 0x14 0x27 ...

---- EOF - GMER 1.0.15 ----
         

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:23:02 on 01.10.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AlfaFF File System mini-filter" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\Drivers\AlfaFF.sys
"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120919.001\BHDrvx86.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"cpuz132" (cpuz132) - ? - C:\Users\matthes\AppData\Local\Temp\cpuz132\cpuz132_x32.sys  (File not found)
"Dritek Keyboard Filter Driver" (DKbFltr) - ? - C:\Windows\System32\DRIVERS\DKbFltr.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"hc3ServiceName" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\DRIVERS\hotcore3.sys
"IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120921.001\IDSvix86.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"kxriifow" (kxriifow) - ? - C:\Users\matthes\AppData\Local\Temp\kxriifow.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120922.008\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120922.008\NAVEX15.SYS
"Norton 360 Settings Manager" (ccSet_N360) - "Symantec Corporation" - C:\Windows\system32\drivers\N360\0603000.00E\ccSetx86.sys
"NTIPPKernel" (NTIPPKernel) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\N360\0603000.00E\SYMDS.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\N360\0603000.00E\SYMEFA.SYS
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\N360\0603000.00E\Ironx86.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\N360\0603000.00E\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\N360\0603000.00E\SRTSPX.SYS
"Symantec Vista Network Dispatch Driver" (SYMTDIv) - "Symantec Corporation" - C:\Windows\System32\Drivers\N360\0603000.00E\SYMTDIV.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{A40526DD-F152-4C1D-844C-CE668D29B77E} "Shell extension for NTP" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\coIEPlg.dll
<binary data> "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
"Amazon (amazon.de)" - ? - C:\Users\matthes\AppData\Roaming\IEButtons\toolbutton2.js
"easy Shopping" - ? - C:\Users\matthes\AppData\Roaming\IEButtons\toolbutton3.js
"eBay (ebay.de)" - ? - C:\Users\matthes\AppData\Roaming\IEButtons\toolbutton1.js
"Quick-Launching Area" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\coIEPlg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72} "Adobe Reader" - "Adobe Systems, Incorporated" - C:\Users\matthes\AppData\Roaming\AdobeReader\IE\AdobeReader.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{D2C5E510-BE6D-42CC-9F61-E4F939078474} "Lexmark " - ? - C:\Program Files\Lexmark Printable Web\bho.dll
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\coIEPlg.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" - ? -   (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdFilter  (File not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\matthes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"EzPrint" - ? - "C:\Program Files\Lexmark S300-S400 Series\ezprint.exe"
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"lxeamon.exe" - ? - "C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe"
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iGroupTec Service" (IGBASVC) - ? - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe  (File found, but it contains no detailed information)
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Norton 360" (N360) - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
"Polar Daemon" (Polar Daemon) - ? - C:\Program Files\Polar\Daemon\polard.exe  (File found, but it contains no detailed information)
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AWinNotifyVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
"spba" - "UPEK Inc." - C:\Program Files\Common Files\SPBA\homefus2.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-01 16:26:01
-----------------------------
16:26:01.323    OS Version: Windows 6.0.6002 Service Pack 2
16:26:01.323    Number of processors: 2 586 0xF0D
16:26:01.323    ComputerName: MATTHES-PC  UserName: matthes
16:26:02.025    Initialize success
16:40:45.999    AVAST engine defs: 12100100
16:49:50.967    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:49:50.967    Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3
16:49:51.317    Disk 0 MBR read successfully
16:49:51.317    Disk 0 MBR scan
16:49:51.327    Disk 0 unknown MBR code
16:49:51.337    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
16:49:51.397    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        79920 MB offset 20973568
16:49:51.407    Disk 0 Partition - 00     0F Extended LBA            211452 MB offset 184651110
16:49:51.517    Disk 0 Partition 3 00     12  Compaq diag NTFS         3630 MB offset 617705472
16:49:51.607    Disk 0 Partition - 00     05     Extended            109053 MB offset 184662015
16:49:51.617    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       109053 MB offset 184662016
16:49:51.627    Disk 0 Partition - 00     05     Extended            102393 MB offset 408013710
16:49:51.667    Disk 0 Partition 5 00     07    HPFS/NTFS NTFS       102393 MB offset 408002868
16:49:51.717    Disk 0 scanning sectors +625139712
16:49:51.927    Disk 0 scanning C:\Windows\system32\drivers
16:50:15.136    Service scanning
16:50:40.221    Modules scanning
16:50:45.993    Disk 0 trace - called modules:
16:50:46.008    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
16:50:46.024    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869e05b0]
16:50:46.024    3 CLASSPNP.SYS[8b1a68b3] -> nt!IofCallDriver -> [0x84ddf6b8]
16:50:46.040    5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84da0028]
16:50:46.554    AVAST engine scan C:\Windows
16:50:54.573    AVAST engine scan C:\Windows\system32
16:54:41.662    AVAST engine scan C:\Windows\system32\drivers
16:54:59.711    AVAST engine scan C:\Users\matthes
16:58:08.190    AVAST engine scan C:\ProgramData
17:00:02.538    Scan finished successfully
17:25:40.932    Disk 0 MBR has been saved successfully to "C:\Users\matthes\Desktop\MBR.dat"
17:25:40.932    The log file has been saved successfully to "C:\Users\matthes\Desktop\aswMBR.txt"
         

Alt 02.10.2012, 13:01   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.10.2012, 15:43   #27
boris1
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Ich brauchte nur das Programm öffnen und direkt auf FIXMBR klicken? Oder hätte ich vorab noch einmal scannen müssen?

Im normalen Modus bekomme ich das Desktop wieder zu sehen, kann aber weder Programme noch Startmenü öffnen.

Hier Das neue Log:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 16:13:04
-----------------------------
16:13:04.800    OS Version: Windows 6.0.6002 Service Pack 2
16:13:04.800    Number of processors: 2 586 0xF0D
16:13:04.800    ComputerName: MATTHES-PC  UserName: matthes
16:13:13.911    Initialize success
16:13:27.779    AVAST engine defs: 12100100
16:13:31.492    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:13:31.492    Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3
16:13:31.507    Disk 0 MBR read successfully
16:13:31.507    Disk 0 MBR scan
16:13:31.523    Disk 0 Windows VISTA default MBR code
16:13:31.523    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
16:13:31.539    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        79920 MB offset 20973568
16:13:31.554    Disk 0 Partition - 00     0F Extended LBA            211452 MB offset 184651110
16:13:31.601    Disk 0 Partition 3 00     12  Compaq diag NTFS         3630 MB offset 617705472
16:13:31.648    Disk 0 Partition - 00     05     Extended            109053 MB offset 184662015
16:13:31.663    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       109053 MB offset 184662016
16:13:31.663    Disk 0 Partition - 00     05     Extended            102393 MB offset 408013710
16:13:31.695    Disk 0 Partition 5 00     07    HPFS/NTFS NTFS       102393 MB offset 408002868
16:13:31.710    Disk 0 scanning sectors +625139712
16:13:31.819    Disk 0 scanning C:\Windows\system32\drivers
16:13:45.407    Service scanning
16:14:12.036    Modules scanning
16:14:16.155    Disk 0 trace - called modules:
16:14:16.186    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
16:14:16.201    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8695b440]
16:14:16.201    3 CLASSPNP.SYS[8b1a28b3] -> nt!IofCallDriver -> [0x860cd408]
16:14:16.217    5 acpi.sys[806916bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84da0028]
16:14:16.779    AVAST engine scan C:\Windows
16:14:21.115    AVAST engine scan C:\Windows\system32
16:17:55.459    AVAST engine scan C:\Windows\system32\drivers
16:18:11.574    AVAST engine scan C:\Users\matthes
16:21:13.579    AVAST engine scan C:\ProgramData
16:22:53.856    Scan finished successfully
16:39:23.520    Disk 0 MBR has been saved successfully to "C:\Users\matthes\Desktop\MBR.dat"
16:39:23.536    The log file has been saved successfully to "C:\Users\matthes\Desktop\aswMBR.txt"
         

Alt 02.10.2012, 19:27   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.10.2012, 19:41   #29
boris1
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Ich kann aber noch immer im normalen Modus nichts machen, kein Startmenü und keine Programme öffnen. Ist doch im Moment noch ok?

Der Scan läuft.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.02.07

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19328
matthes :: MATTHES-PC [Administrator]

Schutz: Deaktiviert

02.10.2012 20:39:23
mbam-log-2012-10-02 (20-39-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382731
Laufzeit: 1 Stunde(n), 1 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/03/2012 at 10:03 AM

Application Version : 5.5.1022

Core Rules Database Version : 9330
Trace Rules Database Version: 7142

Scan type       : Complete Scan
Total Scan Time : 01:54:36

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned      : 381
Memory threats detected   : 0
Registry items scanned    : 34361
Registry threats detected : 0
File items scanned        : 165327
File threats detected     : 111

Adware.Tracking Cookie
	.atdmt.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wjkyglc5kdp.stats.esomniture.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.autoscout24.112.2o7.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.tracking.mindshare.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	tracking.mobile.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.dyntracker.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.secmedia.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.secmedia.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	partners.webmasterplan.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
         

Alt 05.10.2012, 11:11   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner 1.15 (Windows Vista) - Standard

BKA Trojaner 1.15 (Windows Vista)



Wenn der normale Modus immer noch nicht geht, hilft evtl ein ältere Wiederherstellungspunkt.
Seit wann genau geht der normale Modus denn nicht mehr?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu BKA Trojaner 1.15 (Windows Vista)
administrator, aktion, anti-malware, appdata, autostart, code, dateien, explorer, fat32, gen, infiziert, laptop, logfile, malwarebytes, modus, roaming, service, service pack 2, speicher, test, trojaner, version, vista, windows, windows 7




Ähnliche Themen: BKA Trojaner 1.15 (Windows Vista)


  1. GVU Trojaner auf Windows Vista
    Log-Analyse und Auswertung - 19.04.2014 (12)
  2. GVU - Trojaner in Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 09.12.2013 (2)
  3. Windows Vista Trojaner
    Log-Analyse und Auswertung - 09.10.2013 (17)
  4. GVU Trojaner auf windows vista
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (1)
  5. Windows Vista GVU-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (1)
  6. gvu trojaner windows vista
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (23)
  7. GVU Trojaner Windows Vista
    Log-Analyse und Auswertung - 22.07.2013 (1)
  8. GVU/Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (5)
  9. GVU-Trojaner auf Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (1)
  10. GVU- Trojaner Windows Vista
    Log-Analyse und Auswertung - 20.01.2013 (7)
  11. GVU Trojaner , Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (23)
  12. GVU Trojaner 2.07 auf Windows Vista
    Log-Analyse und Auswertung - 28.10.2012 (24)
  13. GUV Trojaner Windows Vista
    Log-Analyse und Auswertung - 01.08.2012 (3)
  14. Windows Vista GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (8)
  15. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  16. BKA-Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  17. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)

Zum Thema BKA Trojaner 1.15 (Windows Vista) - Das LOg vom Fix fehlt -.- - BKA Trojaner 1.15 (Windows Vista)...
Archiv
Du betrachtest: BKA Trojaner 1.15 (Windows Vista) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.