| |
| |||||||
Log-Analyse und Auswertung: BKA Trojaner 1.15 (Windows Vista)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.09.2012, 20:26
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  BKA Trojaner 1.15 (Windows Vista) Das LOg vom Fix fehlt -.-
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.09.2012, 20:29
| #17 |
 | BKA Trojaner 1.15 (Windows Vista) Von allein hat es sich nicht geöffnet. Jetzt habe ich otl noch einmal gestartet, da kam dieses Log:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Service SYMNDISV stopped successfully!
Service SYMNDISV deleted successfully!
File C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS File not found not found.
Service SYMFW stopped successfully!
Service SYMFW deleted successfully!
File C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS File not found not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Prefs.js: "search for firefox" removed from browser.search.defaultenginename
Prefs.js: "search for firefox" removed from browser.search.order.1
Prefs.js: "moz2-ytff-" removed from browser.search.param.yahoo-fr
Prefs.js: "moz2-ytff-" removed from browser.search.param.yahoo-fr-cjkt
Prefs.js: "search for firefox" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: addon@gutscheine-live.de:1.1 removed from extensions.enabledAddons
Prefs.js: finder@meingutscheincode.de:3.0.3 removed from extensions.enabledAddons
Prefs.js: ciuvo-extension@billiger.de:1.0.462 removed from extensions.enabledAddons
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Users\matthes\AppData\Roaming\mozilla\firefox\profiles\38gpdnax.default\extensions\addon@gutscheine-live.de.xpi moved successfully.
C:\Users\matthes\AppData\Roaming\mozilla\firefox\profiles\38gpdnax.default\searchplugins\safesearch.xml moved successfully.
C:\Users\matthes\AppData\Roaming\mozilla\firefox\profiles\38gpdnax.default\searchplugins\winamp-search.xml moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults\preferences folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\chrome folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\content\lib folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\content\icons\billigerde folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\content\icons folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npwachk.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A6EE5B-5AE3-4159-9134-938BCA95B753}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92A6EE5B-5AE3-4159-9134-938BCA95B753}\ deleted successfully.
C:\Program Files\billigerde\Internet Explorer\billigerde.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
C:\Program Files\Lexmark Toolbar\toolband.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-21-1437981379-4010485698-1217947183-1000\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc6e75ed-8782-11df-84a4-00238b010b31}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc6e75ed-8782-11df-84a4-00238b010b31}\ not found.
File Menu.exe not found.
========== FILES ==========
C:\Users\matthes\AppData\Roaming\inst.exe moved successfully.
C:\ProgramData\WinMaximizer\WinMaximizer\LOGS folder moved successfully.
C:\ProgramData\WinMaximizer\WinMaximizer\InstallCache\{B6796CC9-76A5-46C8-BF10-B057474FECA3} folder moved successfully.
C:\ProgramData\WinMaximizer\WinMaximizer\InstallCache folder moved successfully.
C:\ProgramData\WinMaximizer\WinMaximizer\Backup folder moved successfully.
C:\ProgramData\WinMaximizer\WinMaximizer folder moved successfully.
C:\ProgramData\WinMaximizer folder moved successfully.
File\Folder C:\Users\All Users\WinMaximizer not found.
C:\Users\matthes\AppData\Local\Microsoft\Windows\89 folder moved successfully.
File\Folder D:\xxx\Downloads\registrybooster* not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\matthes\Desktop\cmd.bat deleted successfully.
C:\Users\matthes\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
User: matthes
->Temp folder emptied: 1096635 bytes
->Temporary Internet Files folder emptied: 721973 bytes
->Java cache emptied: 16994011 bytes
->FireFox cache emptied: 45263032 bytes
->Flash cache emptied: 580 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 99370653 bytes
Total Files Cleaned = 156,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 09282012_205042
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
28.09.2012, 20:58
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
28.09.2012, 21:19
| #19 |
| | BKA Trojaner 1.15 (Windows Vista) Im normalen Modus bekomme ich nur die Eieruhr zu sehen |
|
28.09.2012, 21:31
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Dann mach es bitte im abgesicherten Modus mit Netzwerktreibern
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.09.2012, 06:55
| #21 |
| | BKA Trojaner 1.15 (Windows Vista)Code:
ATTFilter 07:51:46.0075 0316 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
07:51:48.0088 0316 ============================================================
07:51:48.0088 0316 Current date / time: 2012/09/29 07:51:48.0088
07:51:48.0088 0316 SystemInfo:
07:51:48.0088 0316
07:51:48.0088 0316 OS Version: 6.0.6002 ServicePack: 2.0
07:51:48.0088 0316 Product type: Workstation
07:51:48.0088 0316 ComputerName: MATTHES-PC
07:51:48.0088 0316 UserName: matthes
07:51:48.0088 0316 Windows directory: C:\Windows
07:51:48.0088 0316 System windows directory: C:\Windows
07:51:48.0088 0316 Processor architecture: Intel x86
07:51:48.0088 0316 Number of processors: 2
07:51:48.0088 0316 Page size: 0x1000
07:51:48.0088 0316 Boot type: Safe boot with network
07:51:48.0088 0316 ============================================================
07:51:48.0540 0316 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:51:48.0540 0316 ============================================================
07:51:48.0540 0316 \Device\Harddisk0\DR0:
07:51:48.0540 0316 MBR partitions:
07:51:48.0540 0316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x9C18566
07:51:48.0571 0316 ============================================================
07:51:48.0634 0316 C: <-> \Device\Harddisk0\DR0\Partition1
07:51:48.0634 0316 ============================================================
07:51:48.0634 0316 Initialize success
07:51:48.0634 0316 ============================================================
07:52:26.0214 0944 ============================================================
07:52:26.0214 0944 Scan started
07:52:26.0214 0944 Mode: Manual; SigCheck; TDLFS;
07:52:26.0214 0944 ============================================================
07:52:26.0323 0944 ================ Scan system memory ========================
07:52:26.0323 0944 System memory - ok
07:52:26.0323 0944 ================ Scan services =============================
07:52:26.0589 0944 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
07:52:26.0698 0944 ACDaemon - ok
07:52:26.0823 0944 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
07:52:26.0854 0944 ACPI - ok
07:52:26.0901 0944 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:52:26.0916 0944 AdobeARMservice - ok
07:52:26.0994 0944 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:52:27.0010 0944 AdobeFlashPlayerUpdateSvc - ok
07:52:27.0057 0944 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
07:52:27.0088 0944 adp94xx - ok
07:52:27.0150 0944 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
07:52:27.0166 0944 adpahci - ok
07:52:27.0197 0944 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
07:52:27.0213 0944 adpu160m - ok
07:52:27.0228 0944 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
07:52:27.0244 0944 adpu320 - ok
07:52:27.0291 0944 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:52:27.0431 0944 AeLookupSvc - ok
07:52:27.0478 0944 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys
07:52:27.0493 0944 Afc - ok
07:52:27.0540 0944 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
07:52:27.0603 0944 AFD - ok
07:52:27.0649 0944 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:52:27.0649 0944 agp440 - ok
07:52:27.0696 0944 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
07:52:27.0712 0944 aic78xx - ok
07:52:27.0743 0944 [ 4490B8BDF38750458EB9B24835FDA8FE ] AlfaFF C:\Windows\system32\Drivers\AlfaFF.sys
07:52:27.0759 0944 AlfaFF - ok
07:52:27.0790 0944 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
07:52:27.0961 0944 ALG - ok
07:52:27.0977 0944 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
07:52:27.0977 0944 aliide - ok
07:52:27.0993 0944 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
07:52:28.0008 0944 amdagp - ok
07:52:28.0024 0944 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
07:52:28.0039 0944 amdide - ok
07:52:28.0071 0944 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
07:52:28.0149 0944 AmdK7 - ok
07:52:28.0164 0944 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
07:52:28.0195 0944 AmdK8 - ok
07:52:28.0227 0944 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
07:52:28.0289 0944 Appinfo - ok
07:52:28.0320 0944 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
07:52:28.0320 0944 arc - ok
07:52:28.0351 0944 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
07:52:28.0367 0944 arcsas - ok
07:52:28.0398 0944 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:52:28.0429 0944 AsyncMac - ok
07:52:28.0461 0944 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
07:52:28.0476 0944 atapi - ok
07:52:28.0523 0944 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:52:28.0570 0944 AudioEndpointBuilder - ok
07:52:28.0570 0944 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
07:52:28.0601 0944 Audiosrv - ok
07:52:28.0632 0944 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
07:52:28.0695 0944 Beep - ok
07:52:28.0757 0944 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
07:52:28.0804 0944 BFE - ok
07:52:28.0991 0944 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120919.001\BHDrvx86.sys
07:52:29.0053 0944 BHDrvx86 - ok
07:52:29.0147 0944 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
07:52:29.0209 0944 BITS - ok
07:52:29.0225 0944 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
07:52:29.0256 0944 blbdrive - ok
07:52:29.0287 0944 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:52:29.0334 0944 bowser - ok
07:52:29.0381 0944 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
07:52:29.0412 0944 BrFiltLo - ok
07:52:29.0443 0944 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
07:52:29.0506 0944 BrFiltUp - ok
07:52:29.0521 0944 [ B1564976D98E91FC764D5DC28A0297DA ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
07:52:29.0568 0944 Bridge - ok
07:52:29.0599 0944 [ B1564976D98E91FC764D5DC28A0297DA ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
07:52:29.0631 0944 BridgeMP - ok
07:52:29.0677 0944 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
07:52:29.0740 0944 Browser - ok
07:52:29.0771 0944 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
07:52:29.0943 0944 Brserid - ok
07:52:29.0989 0944 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
07:52:30.0036 0944 BrSerWdm - ok
07:52:30.0067 0944 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
07:52:30.0145 0944 BrUsbMdm - ok
07:52:30.0161 0944 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
07:52:30.0208 0944 BrUsbSer - ok
07:52:30.0255 0944 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
07:52:30.0301 0944 BthEnum - ok
07:52:30.0333 0944 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:52:30.0379 0944 BTHMODEM - ok
07:52:30.0411 0944 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
07:52:30.0457 0944 BthPan - ok
07:52:30.0489 0944 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
07:52:30.0551 0944 BTHPORT - ok
07:52:30.0567 0944 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
07:52:30.0613 0944 BthServ - ok
07:52:30.0660 0944 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
07:52:30.0691 0944 BTHUSB - ok
07:52:30.0723 0944 [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
07:52:30.0738 0944 btwaudio - ok
07:52:30.0769 0944 [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
07:52:30.0769 0944 btwavdt - ok
07:52:30.0785 0944 [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
07:52:30.0801 0944 btwrchid - ok
07:52:30.0894 0944 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\Windows\system32\drivers\N360\0603000.00E\ccSetx86.sys
07:52:30.0894 0944 ccSet_N360 - ok
07:52:30.0925 0944 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:52:30.0988 0944 cdfs - ok
07:52:31.0035 0944 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:52:31.0081 0944 cdrom - ok
07:52:31.0128 0944 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
07:52:31.0175 0944 CertPropSvc - ok
07:52:31.0206 0944 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:52:31.0253 0944 circlass - ok
07:52:31.0300 0944 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
07:52:31.0315 0944 CLFS - ok
07:52:31.0393 0944 [ 5CA9B1062C0C3E3AE19C23AD9D8A5048 ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
07:52:31.0440 0944 CLHNService ( UnsignedFile.Multi.Generic ) - warning
07:52:31.0440 0944 CLHNService - detected UnsignedFile.Multi.Generic (1)
07:52:31.0503 0944 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:52:31.0518 0944 clr_optimization_v2.0.50727_32 - ok
07:52:31.0581 0944 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:52:31.0627 0944 clr_optimization_v4.0.30319_32 - ok
07:52:31.0659 0944 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:52:31.0705 0944 CmBatt - ok
07:52:31.0721 0944 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:52:31.0737 0944 cmdide - ok
07:52:31.0752 0944 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:52:31.0752 0944 Compbatt - ok
07:52:31.0768 0944 COMSysApp - ok
07:52:31.0846 0944 cpuz132 - ok
07:52:31.0861 0944 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
07:52:31.0877 0944 crcdisk - ok
07:52:31.0893 0944 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
07:52:31.0924 0944 Crusoe - ok
07:52:31.0971 0944 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:52:32.0017 0944 CryptSvc - ok
07:52:32.0080 0944 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:52:32.0142 0944 DcomLaunch - ok
07:52:32.0173 0944 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:52:32.0205 0944 DfsC - ok
07:52:32.0298 0944 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
07:52:32.0454 0944 DFSR - ok
07:52:32.0548 0944 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
07:52:32.0610 0944 Dhcp - ok
07:52:32.0657 0944 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
07:52:32.0673 0944 disk - ok
07:52:32.0688 0944 DKbFltr - ok
07:52:32.0719 0944 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:52:32.0766 0944 Dnscache - ok
07:52:32.0797 0944 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
07:52:32.0844 0944 dot3svc - ok
07:52:32.0891 0944 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
07:52:32.0938 0944 DPS - ok
07:52:32.0969 0944 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:52:33.0016 0944 drmkaud - ok
07:52:33.0063 0944 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:52:33.0094 0944 DXGKrnl - ok
07:52:33.0125 0944 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
07:52:33.0172 0944 E1G60 - ok
07:52:33.0219 0944 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
07:52:33.0250 0944 EapHost - ok
07:52:33.0281 0944 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
07:52:33.0297 0944 Ecache - ok
07:52:33.0359 0944 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
07:52:33.0375 0944 eeCtrl - ok
07:52:33.0437 0944 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:52:33.0515 0944 ehRecvr - ok
07:52:33.0531 0944 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
07:52:33.0546 0944 ehSched - ok
07:52:33.0546 0944 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
07:52:33.0593 0944 ehstart - ok
07:52:33.0655 0944 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
07:52:33.0671 0944 elxstor - ok
07:52:33.0718 0944 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
07:52:33.0780 0944 EMDMgmt - ok
07:52:33.0827 0944 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:52:33.0843 0944 EraserUtilRebootDrv - ok
07:52:33.0858 0944 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:52:33.0905 0944 ErrDev - ok
07:52:33.0967 0944 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
07:52:34.0030 0944 EventSystem - ok
07:52:34.0123 0944 [ 54B6E150BFF4A47EB0D204119D262E46 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
07:52:34.0170 0944 EvtEng ( UnsignedFile.Multi.Generic ) - warning
07:52:34.0170 0944 EvtEng - detected UnsignedFile.Multi.Generic (1)
07:52:34.0217 0944 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
07:52:34.0248 0944 exfat - ok
07:52:34.0295 0944 Fabs - ok
07:52:34.0342 0944 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:52:34.0373 0944 fastfat - ok
07:52:34.0420 0944 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:52:34.0482 0944 fdc - ok
07:52:34.0513 0944 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
07:52:34.0545 0944 fdPHost - ok
07:52:34.0560 0944 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
07:52:34.0607 0944 FDResPub - ok
07:52:34.0654 0944 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:52:34.0654 0944 FileInfo - ok
07:52:34.0685 0944 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:52:34.0716 0944 Filetrace - ok
07:52:34.0825 0944 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
07:52:35.0028 0944 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
07:52:35.0028 0944 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
07:52:35.0044 0944 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:52:35.0075 0944 flpydisk - ok
07:52:35.0106 0944 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:52:35.0122 0944 FltMgr - ok
07:52:35.0169 0944 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
07:52:35.0262 0944 FontCache - ok
07:52:35.0325 0944 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:52:35.0340 0944 FontCache3.0.0.0 - ok
07:52:35.0371 0944 [ 10398B515653442A5B89FDF6A1D06180 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
07:52:35.0387 0944 FsUsbExDisk - ok
07:52:35.0434 0944 [ 2A0D3EE7D2D42A3A812D3E6795A2382B ] FsUsbExService C:\Windows\system32\FsUsbExService.Exe
07:52:35.0449 0944 FsUsbExService - ok
07:52:35.0465 0944 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:52:35.0512 0944 Fs_Rec - ok
07:52:35.0543 0944 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
07:52:35.0543 0944 gagp30kx - ok
07:52:35.0590 0944 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
07:52:35.0637 0944 gpsvc - ok
07:52:35.0715 0944 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:52:35.0730 0944 gupdate - ok
07:52:35.0746 0944 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:52:35.0761 0944 gupdatem - ok
07:52:35.0808 0944 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:52:35.0855 0944 HdAudAddService - ok
07:52:35.0917 0944 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
07:52:35.0995 0944 HDAudBus - ok
07:52:36.0042 0944 [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:52:36.0073 0944 HidBth - ok
07:52:36.0089 0944 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:52:36.0120 0944 HidIr - ok
07:52:36.0151 0944 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
07:52:36.0183 0944 hidserv - ok
07:52:36.0229 0944 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:52:36.0261 0944 HidUsb - ok
07:52:36.0307 0944 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:52:36.0354 0944 hkmsvc - ok
07:52:36.0385 0944 [ D308726110A6011514DCDFC6E3FC21F2 ] hotcore3 C:\Windows\system32\DRIVERS\hotcore3.sys
07:52:36.0385 0944 hotcore3 - ok
07:52:36.0432 0944 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
07:52:36.0448 0944 HpCISSs - ok
07:52:36.0510 0944 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
07:52:36.0573 0944 HSFHWAZL - ok
07:52:36.0619 0944 [ FADD7095163CB3CB4073793EBB50FE75 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
07:52:36.0744 0944 HSF_DPV - ok
07:52:36.0791 0944 [ 058783BEDD17615D1FECE09F77960436 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
07:52:36.0822 0944 HSXHWAZL - ok
07:52:36.0838 0944 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:52:36.0916 0944 HTTP - ok
07:52:36.0947 0944 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
07:52:36.0947 0944 i2omp - ok
07:52:37.0009 0944 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
07:52:37.0041 0944 i8042prt - ok
07:52:37.0103 0944 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
07:52:37.0119 0944 IAANTMON - ok
07:52:37.0181 0944 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
07:52:37.0197 0944 iaStor - ok
07:52:37.0212 0944 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
07:52:37.0228 0944 iaStorV - ok
07:52:37.0275 0944 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:52:37.0321 0944 idsvc - ok
07:52:37.0415 0944 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120921.001\IDSvix86.sys
07:52:37.0446 0944 IDSVix86 - ok
07:52:37.0618 0944 [ 33FFC1E1117C4BE00A07AEDD72AE68B1 ] IGBASVC C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
07:52:37.0789 0944 IGBASVC ( UnsignedFile.Multi.Generic ) - warning
07:52:37.0789 0944 IGBASVC - detected UnsignedFile.Multi.Generic (1)
07:52:37.0821 0944 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
07:52:37.0836 0944 iirsp - ok
07:52:37.0883 0944 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
07:52:37.0930 0944 IKEEXT - ok
07:52:37.0992 0944 [ 219CA9A36D6DE2EC04F958C907673436 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
07:52:38.0226 0944 IntcAzAudAddService - ok
07:52:38.0257 0944 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
07:52:38.0273 0944 intelide - ok
07:52:38.0304 0944 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:52:38.0351 0944 intelppm - ok
07:52:38.0382 0944 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:52:38.0429 0944 IPBusEnum - ok
07:52:38.0476 0944 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:52:38.0523 0944 IpFilterDriver - ok
07:52:38.0569 0944 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:52:38.0616 0944 iphlpsvc - ok
07:52:38.0616 0944 IpInIp - ok
07:52:38.0647 0944 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
07:52:38.0679 0944 IPMIDRV - ok
07:52:38.0679 0944 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
07:52:38.0741 0944 IPNAT - ok
07:52:38.0757 0944 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:52:38.0788 0944 IRENUM - ok
07:52:38.0819 0944 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:52:38.0819 0944 isapnp - ok
07:52:38.0866 0944 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
07:52:38.0881 0944 iScsiPrt - ok
07:52:38.0897 0944 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
07:52:38.0913 0944 iteatapi - ok
07:52:38.0928 0944 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
07:52:38.0944 0944 iteraid - ok
07:52:38.0959 0944 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:52:38.0975 0944 kbdclass - ok
07:52:39.0053 0944 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:52:39.0084 0944 kbdhid - ok
07:52:39.0100 0944 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
07:52:39.0147 0944 KeyIso - ok
07:52:39.0193 0944 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:52:39.0225 0944 KSecDD - ok
07:52:39.0256 0944 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
07:52:39.0287 0944 KtmRm - ok
07:52:39.0443 0944 [ 24ABDDEB766C8459F9D562EB083B6CB8 ] L1E C:\Windows\system32\DRIVERS\L1E60x86.sys
07:52:39.0490 0944 L1E - ok
07:52:39.0521 0944 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
07:52:39.0583 0944 LanmanServer - ok
07:52:39.0630 0944 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:52:39.0661 0944 LanmanWorkstation - ok
07:52:39.0724 0944 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:52:39.0739 0944 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
07:52:39.0739 0944 LightScribeService - detected UnsignedFile.Multi.Generic (1)
07:52:39.0771 0944 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:52:39.0817 0944 lltdio - ok
07:52:39.0864 0944 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:52:39.0895 0944 lltdsvc - ok
07:52:39.0911 0944 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:52:39.0973 0944 lmhosts - ok
07:52:39.0989 0944 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
07:52:40.0005 0944 LSI_FC - ok
07:52:40.0036 0944 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
07:52:40.0051 0944 LSI_SAS - ok
07:52:40.0067 0944 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
07:52:40.0083 0944 LSI_SCSI - ok
07:52:40.0098 0944 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
07:52:40.0145 0944 luafv - ok
07:52:40.0223 0944 [ 2349335A8033FD9834D1C401EAE1C9BF ] lxeaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
07:52:40.0254 0944 lxeaCATSCustConnectService - ok
07:52:40.0270 0944 lxea_device - ok
07:52:40.0301 0944 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
07:52:40.0317 0944 MBAMProtector - ok
07:52:40.0395 0944 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:52:40.0410 0944 MBAMScheduler - ok
07:52:40.0488 0944 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:52:40.0535 0944 MBAMService - ok
07:52:40.0597 0944 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:52:40.0597 0944 Mcx2Svc - ok
07:52:40.0629 0944 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
07:52:40.0660 0944 mdmxsdk - ok
07:52:40.0707 0944 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
07:52:40.0707 0944 megasas - ok
07:52:40.0738 0944 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
07:52:40.0753 0944 MegaSR - ok
07:52:40.0816 0944 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
07:52:40.0847 0944 MMCSS - ok
07:52:40.0878 0944 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
07:52:40.0909 0944 Modem - ok
07:52:40.0909 0944 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:52:40.0956 0944 monitor - ok
07:52:40.0987 0944 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:52:41.0003 0944 mouclass - ok
07:52:41.0003 0944 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:52:41.0050 0944 mouhid - ok
07:52:41.0081 0944 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
07:52:41.0097 0944 MountMgr - ok
07:52:41.0128 0944 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:52:41.0143 0944 MozillaMaintenance - ok
07:52:41.0175 0944 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
07:52:41.0190 0944 mpio - ok
07:52:41.0190 0944 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:52:41.0237 0944 mpsdrv - ok
07:52:41.0268 0944 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
07:52:41.0299 0944 MpsSvc - ok
07:52:41.0346 0944 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
07:52:41.0346 0944 Mraid35x - ok
07:52:41.0377 0944 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:52:41.0424 0944 MRxDAV - ok
07:52:41.0440 0944 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:52:41.0487 0944 mrxsmb - ok
07:52:41.0533 0944 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:52:41.0565 0944 mrxsmb10 - ok
07:52:41.0596 0944 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:52:41.0627 0944 mrxsmb20 - ok
07:52:41.0674 0944 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
07:52:41.0689 0944 msahci - ok
07:52:41.0705 0944 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:52:41.0721 0944 msdsm - ok
07:52:41.0752 0944 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
07:52:41.0783 0944 MSDTC - ok
07:52:41.0814 0944 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:52:41.0845 0944 Msfs - ok
07:52:41.0877 0944 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:52:41.0892 0944 msisadrv - ok
07:52:41.0923 0944 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:52:41.0970 0944 MSiSCSI - ok
07:52:41.0970 0944 msiserver - ok
07:52:42.0001 0944 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:52:42.0048 0944 MSKSSRV - ok
07:52:42.0064 0944 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:52:42.0111 0944 MSPCLOCK - ok
07:52:42.0111 0944 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:52:42.0157 0944 MSPQM - ok
07:52:42.0204 0944 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:52:42.0220 0944 MsRPC - ok
07:52:42.0235 0944 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
07:52:42.0251 0944 mssmbios - ok
07:52:42.0251 0944 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:52:42.0298 0944 MSTEE - ok
07:52:42.0329 0944 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
07:52:42.0329 0944 Mup - ok
07:52:42.0391 0944 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
07:52:42.0407 0944 N360 - ok
07:52:42.0438 0944 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
07:52:42.0485 0944 napagent - ok
07:52:42.0516 0944 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:52:42.0547 0944 NativeWifiP - ok
07:52:42.0641 0944 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120922.008\NAVENG.SYS
07:52:42.0657 0944 NAVENG - ok
07:52:42.0703 0944 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120922.008\NAVEX15.SYS
07:52:42.0781 0944 NAVEX15 - ok
07:52:42.0859 0944 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:52:42.0891 0944 NDIS - ok
07:52:42.0922 0944 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:52:42.0953 0944 NdisTapi - ok
07:52:42.0969 0944 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:52:43.0000 0944 Ndisuio - ok
07:52:43.0031 0944 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:52:43.0062 0944 NdisWan - ok
07:52:43.0109 0944 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:52:43.0156 0944 NDProxy - ok
07:52:43.0187 0944 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:52:43.0203 0944 NetBIOS - ok
07:52:43.0234 0944 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
07:52:43.0281 0944 netbt - ok
07:52:43.0312 0944 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
07:52:43.0312 0944 Netlogon - ok
07:52:43.0359 0944 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
07:52:43.0390 0944 Netman - ok
07:52:43.0421 0944 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
07:52:43.0452 0944 netprofm - ok
07:52:43.0483 0944 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:52:43.0499 0944 NetTcpPortSharing - ok
07:52:43.0608 0944 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
07:52:43.0827 0944 NETw5v32 - ok
07:52:43.0842 0944 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
07:52:43.0858 0944 nfrd960 - ok
07:52:43.0889 0944 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:52:43.0920 0944 NlaSvc - ok
07:52:43.0951 0944 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:52:43.0967 0944 Npfs - ok
07:52:43.0983 0944 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
07:52:44.0029 0944 nsi - ok
07:52:44.0061 0944 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:52:44.0107 0944 nsiproxy - ok
07:52:44.0154 0944 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:52:44.0217 0944 Ntfs - ok
07:52:44.0263 0944 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
07:52:44.0279 0944 NTIDrvr - ok
07:52:44.0357 0944 [ 547BFA3591C70674B0BFC99354AB78B3 ] NTIPPKernel C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
07:52:44.0373 0944 NTIPPKernel ( UnsignedFile.Multi.Generic ) - warning
07:52:44.0373 0944 NTIPPKernel - detected UnsignedFile.Multi.Generic (1)
07:52:44.0388 0944 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
07:52:44.0451 0944 ntrigdigi - ok
07:52:44.0466 0944 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
07:52:44.0513 0944 Null - ok
07:52:44.0575 0944 [ 2C7AC27710E8D41C1EB7D1599187D237 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
07:52:44.0591 0944 NVHDA - ok
07:52:44.0763 0944 [ CB0D6F8F65B8766FF2AAAA78881FD9F8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:52:45.0137 0944 nvlddmkm - ok
07:52:45.0168 0944 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:52:45.0184 0944 nvraid - ok
07:52:45.0215 0944 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:52:45.0231 0944 nvstor - ok
07:52:45.0246 0944 [ 15315BB51E9025FE41B482681C6E7BA2 ] nvsvc C:\Windows\system32\nvvsvc.exe
07:52:45.0262 0944 nvsvc - ok
07:52:45.0293 0944 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:52:45.0309 0944 nv_agp - ok
07:52:45.0324 0944 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:52:45.0371 0944 ohci1394 - ok
07:52:45.0449 0944 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
07:52:45.0511 0944 p2pimsvc - ok
07:52:45.0527 0944 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
07:52:45.0558 0944 p2psvc - ok
07:52:45.0605 0944 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
07:52:45.0667 0944 Parport - ok
07:52:45.0730 0944 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:52:45.0730 0944 partmgr - ok
07:52:45.0761 0944 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
07:52:45.0808 0944 Parvdm - ok
07:52:45.0839 0944 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
07:52:45.0870 0944 PcaSvc - ok
07:52:45.0901 0944 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
07:52:45.0917 0944 pci - ok
07:52:45.0948 0944 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
07:52:45.0948 0944 pciide - ok
07:52:45.0979 0944 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
07:52:45.0995 0944 pcmcia - ok
07:52:46.0011 0944 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
07:52:46.0073 0944 pcouffin - ok
07:52:46.0120 0944 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:52:46.0213 0944 PEAUTH - ok
07:52:46.0260 0944 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
07:52:46.0338 0944 pla - ok
07:52:46.0401 0944 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:52:46.0447 0944 PlugPlay - ok
07:52:46.0494 0944 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
07:52:46.0557 0944 PNRPAutoReg - ok
07:52:46.0619 0944 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
07:52:46.0650 0944 PNRPsvc - ok
07:52:46.0744 0944 [ 94CE8D68338E72B915468D10ECEF07BE ] Polar Daemon C:\Program Files\Polar\Daemon\polard.exe
07:52:46.0759 0944 Polar Daemon ( UnsignedFile.Multi.Generic ) - warning
07:52:46.0759 0944 Polar Daemon - detected UnsignedFile.Multi.Generic (1)
07:52:46.0791 0944 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:52:46.0853 0944 PolicyAgent - ok
07:52:46.0884 0944 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:52:46.0931 0944 PptpMiniport - ok
07:52:46.0947 0944 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
07:52:46.0993 0944 Processor - ok
07:52:47.0009 0944 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
07:52:47.0040 0944 ProfSvc - ok
07:52:47.0056 0944 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
07:52:47.0071 0944 ProtectedStorage - ok
07:52:47.0103 0944 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
07:52:47.0118 0944 PSched - ok
07:52:47.0181 0944 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
07:52:47.0243 0944 ql2300 - ok
07:52:47.0274 0944 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
07:52:47.0274 0944 ql40xx - ok
07:52:47.0305 0944 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
07:52:47.0352 0944 QWAVE - ok
07:52:47.0368 0944 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:52:47.0415 0944 QWAVEdrv - ok
07:52:47.0461 0944 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
07:52:47.0508 0944 RapiMgr - ok
07:52:47.0524 0944 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:52:47.0555 0944 RasAcd - ok
07:52:47.0586 0944 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
07:52:47.0602 0944 RasAuto - ok
07:52:47.0633 0944 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:52:47.0680 0944 Rasl2tp - ok
07:52:47.0711 0944 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
07:52:47.0773 0944 RasMan - ok
07:52:47.0789 0944 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:52:47.0836 0944 RasPppoe - ok
07:52:47.0867 0944 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:52:47.0883 0944 RasSstp - ok
07:52:47.0914 0944 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:52:47.0961 0944 rdbss - ok
07:52:47.0992 0944 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:52:48.0039 0944 RDPCDD - ok
07:52:48.0070 0944 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
07:52:48.0101 0944 rdpdr - ok
07:52:48.0101 0944 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:52:48.0132 0944 RDPENCDD - ok
07:52:48.0195 0944 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:52:48.0226 0944 RDPWD - ok
07:52:48.0335 0944 [ 3FF45B7F17D5837216ABAE652CC61540 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
07:52:48.0366 0944 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
07:52:48.0366 0944 RegSrvc - detected UnsignedFile.Multi.Generic (1)
07:52:48.0413 0944 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:52:48.0444 0944 RemoteAccess - ok
07:52:48.0475 0944 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:52:48.0522 0944 RemoteRegistry - ok
07:52:48.0569 0944 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
07:52:48.0600 0944 RFCOMM - ok
07:52:48.0663 0944 [ D1F1D0EE50F8C070A612796676971699 ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe
07:52:48.0678 0944 RichVideo ( UnsignedFile.Multi.Generic ) - warning
07:52:48.0678 0944 RichVideo - detected UnsignedFile.Multi.Generic (1)
07:52:48.0694 0944 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
07:52:48.0725 0944 RpcLocator - ok
07:52:48.0756 0944 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
07:52:48.0787 0944 RpcSs - ok
07:52:48.0850 0944 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:52:48.0881 0944 rspndr - ok
07:52:48.0897 0944 [ 7A4F79DF3793160B280CDE152B61FE33 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
07:52:48.0912 0944 RTSTOR - ok
07:52:48.0943 0944 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
07:52:48.0959 0944 SamSs - ok
07:52:48.0990 0944 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:52:49.0006 0944 sbp2port - ok
07:52:49.0037 0944 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:52:49.0084 0944 SCardSvr - ok
07:52:49.0131 0944 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
07:52:49.0177 0944 Schedule - ok
07:52:49.0224 0944 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
07:52:49.0240 0944 SCPolicySvc - ok
07:52:49.0271 0944 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:52:49.0302 0944 SDRSVC - ok
07:52:49.0333 0944 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:52:49.0396 0944 secdrv - ok
07:52:49.0427 0944 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
07:52:49.0474 0944 seclogon - ok
07:52:49.0505 0944 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
07:52:49.0552 0944 SENS - ok
07:52:49.0583 0944 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
07:52:49.0645 0944 Serenum - ok
07:52:49.0677 0944 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
07:52:49.0723 0944 Serial - ok
07:52:49.0739 0944 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
07:52:49.0755 0944 sermouse - ok
07:52:49.0801 0944 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
07:52:49.0848 0944 SessionEnv - ok
07:52:49.0848 0944 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:52:49.0895 0944 sffdisk - ok
07:52:49.0911 0944 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:52:49.0942 0944 sffp_mmc - ok
07:52:49.0957 0944 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:52:49.0989 0944 sffp_sd - ok
07:52:50.0004 0944 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
07:52:50.0051 0944 sfloppy - ok
07:52:50.0082 0944 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:52:50.0113 0944 SharedAccess - ok
07:52:50.0145 0944 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:52:50.0191 0944 ShellHWDetection - ok
07:52:50.0223 0944 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
07:52:50.0238 0944 sisagp - ok
07:52:50.0269 0944 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
07:52:50.0285 0944 SiSRaid2 - ok
07:52:50.0301 0944 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
07:52:50.0316 0944 SiSRaid4 - ok
07:52:50.0363 0944 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:52:50.0363 0944 SkypeUpdate - ok
07:52:50.0472 0944 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
07:52:50.0659 0944 slsvc - ok
07:52:50.0691 0944 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
07:52:50.0737 0944 SLUINotify - ok
07:52:50.0769 0944 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:52:50.0800 0944 Smb - ok
07:52:50.0815 0944 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:52:50.0847 0944 SNMPTRAP - ok
07:52:50.0878 0944 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
07:52:50.0893 0944 spldr - ok
07:52:50.0909 0944 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
07:52:50.0956 0944 Spooler - ok
07:52:51.0034 0944 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\N360\0603000.00E\SRTSP.SYS
07:52:51.0049 0944 SRTSP - ok
07:52:51.0065 0944 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\N360\0603000.00E\SRTSPX.SYS
07:52:51.0081 0944 SRTSPX - ok
07:52:51.0127 0944 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:52:51.0174 0944 srv - ok
07:52:51.0205 0944 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:52:51.0283 0944 srv2 - ok
07:52:51.0315 0944 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:52:51.0330 0944 srvnet - ok
07:52:51.0361 0944 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:52:51.0424 0944 SSDPSRV - ok
07:52:51.0455 0944 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:52:51.0502 0944 SstpSvc - ok
07:52:51.0549 0944 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
07:52:51.0595 0944 stisvc - ok
07:52:51.0627 0944 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
07:52:51.0642 0944 swenum - ok
07:52:51.0673 0944 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
07:52:51.0720 0944 swprv - ok
07:52:51.0736 0944 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
07:52:51.0751 0944 Symc8xx - ok
07:52:51.0783 0944 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\N360\0603000.00E\SYMDS.SYS
07:52:51.0814 0944 SymDS - ok
07:52:51.0907 0944 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\N360\0603000.00E\SYMEFA.SYS
07:52:51.0954 0944 SymEFA - ok
07:52:52.0032 0944 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
07:52:52.0048 0944 SymEvent - ok
07:52:52.0079 0944 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\N360\0603000.00E\Ironx86.SYS
07:52:52.0095 0944 SymIRON - ok
07:52:52.0110 0944 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\N360\0603000.00E\SYMTDIV.SYS
07:52:52.0126 0944 SYMTDIv - ok
07:52:52.0157 0944 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
07:52:52.0157 0944 Sym_hi - ok
07:52:52.0173 0944 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
07:52:52.0188 0944 Sym_u3 - ok
07:52:52.0219 0944 [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
07:52:52.0235 0944 SynTP - ok
07:52:52.0251 0944 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
07:52:52.0313 0944 SysMain - ok
07:52:52.0344 0944 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:52:52.0375 0944 TabletInputService - ok
07:52:52.0407 0944 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
07:52:52.0438 0944 TapiSrv - ok
07:52:52.0469 0944 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
07:52:52.0485 0944 TBS - ok
07:52:52.0609 0944 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:52:52.0656 0944 Tcpip - ok
07:52:52.0703 0944 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
07:52:52.0734 0944 Tcpip6 - ok
07:52:52.0781 0944 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:52:52.0843 0944 tcpipreg - ok
07:52:52.0859 0944 [ 72B9E77565DA5FA564581976E000D29B ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
07:52:52.0875 0944 TcUsb - ok
07:52:52.0906 0944 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:52:52.0937 0944 TDPIPE - ok
07:52:52.0953 0944 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:52:52.0984 0944 TDTCP - ok
07:52:53.0015 0944 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:52:53.0031 0944 tdx - ok
07:52:53.0140 0944 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
07:52:53.0249 0944 TeamViewer7 - ok
07:52:53.0296 0944 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
07:52:53.0311 0944 TermDD - ok
07:52:53.0343 0944 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
07:52:53.0389 0944 TermService - ok
07:52:53.0436 0944 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
07:52:53.0452 0944 Themes - ok
07:52:53.0467 0944 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
07:52:53.0499 0944 THREADORDER - ok
07:52:53.0530 0944 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
07:52:53.0592 0944 TrkWks - ok
07:52:53.0639 0944 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:52:53.0670 0944 TrustedInstaller - ok
07:52:53.0686 0944 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:52:53.0717 0944 tssecsrv - ok
07:52:53.0733 0944 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
07:52:53.0748 0944 tunmp - ok
07:52:53.0779 0944 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:52:53.0811 0944 tunnel - ok
07:52:53.0857 0944 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
07:52:53.0857 0944 uagp35 - ok
07:52:53.0889 0944 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
07:52:53.0904 0944 UBHelper - ok
07:52:53.0935 0944 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:52:53.0982 0944 udfs - ok
07:52:54.0013 0944 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:52:54.0060 0944 UI0Detect - ok
07:52:54.0091 0944 [ 78B63388550028AED6C52F843ABF6000 ] UimBus C:\Windows\system32\DRIVERS\UimBus.sys
07:52:54.0107 0944 UimBus - ok
07:52:54.0123 0944 [ 3412EFAF3CB0B6C21818A3C407714CA1 ] Uim_IM C:\Windows\system32\Drivers\Uim_IM.sys
07:52:54.0138 0944 Uim_IM - ok
07:52:54.0138 0944 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:52:54.0154 0944 uliagpkx - ok
07:52:54.0185 0944 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
07:52:54.0201 0944 uliahci - ok
07:52:54.0216 0944 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
07:52:54.0232 0944 UlSata - ok
07:52:54.0232 0944 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
07:52:54.0247 0944 ulsata2 - ok
07:52:54.0263 0944 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
07:52:54.0310 0944 umbus - ok
07:52:54.0357 0944 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
07:52:54.0403 0944 upnphost - ok
07:52:54.0435 0944 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:52:54.0450 0944 usbccgp - ok
07:52:54.0481 0944 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:52:54.0544 0944 usbcir - ok
07:52:54.0591 0944 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:52:54.0606 0944 usbehci - ok
07:52:54.0637 0944 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:52:54.0653 0944 usbhub - ok
07:52:54.0669 0944 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:52:54.0747 0944 usbohci - ok
07:52:54.0778 0944 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:52:54.0825 0944 usbprint - ok
07:52:54.0856 0944 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:52:54.0887 0944 usbscan - ok
07:52:54.0887 0944 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:52:54.0934 0944 USBSTOR - ok
07:52:54.0965 0944 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
07:52:55.0012 0944 usbuhci - ok
07:52:55.0043 0944 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
07:52:55.0090 0944 usbvideo - ok
07:52:55.0105 0944 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
07:52:55.0152 0944 UxSms - ok
07:52:55.0199 0944 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
07:52:55.0230 0944 vds - ok
07:52:55.0261 0944 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:52:55.0308 0944 vga - ok
07:52:55.0339 0944 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
07:52:55.0371 0944 VgaSave - ok
07:52:55.0386 0944 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
07:52:55.0402 0944 viaagp - ok
07:52:55.0433 0944 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
07:52:55.0449 0944 ViaC7 - ok
07:52:55.0480 0944 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
07:52:55.0495 0944 viaide - ok
07:52:55.0511 0944 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:52:55.0527 0944 volmgr - ok
07:52:55.0558 0944 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:52:55.0573 0944 volmgrx - ok
07:52:55.0605 0944 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:52:55.0636 0944 volsnap - ok
07:52:55.0667 0944 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
07:52:55.0667 0944 vsmraid - ok
07:52:55.0729 0944 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
07:52:55.0807 0944 VSS - ok
07:52:55.0823 0944 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
07:52:55.0854 0944 W32Time - ok
07:52:55.0870 0944 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
07:52:55.0917 0944 WacomPen - ok
07:52:55.0917 0944 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
07:52:55.0963 0944 Wanarp - ok
07:52:55.0963 0944 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:52:55.0979 0944 Wanarpv6 - ok
07:52:56.0026 0944 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
07:52:56.0057 0944 WcesComm - ok
07:52:56.0073 0944 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:52:56.0119 0944 wcncsvc - ok
07:52:56.0151 0944 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:52:56.0182 0944 WcsPlugInService - ok
07:52:56.0197 0944 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
07:52:56.0213 0944 Wd - ok
07:52:56.0260 0944 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:52:56.0291 0944 Wdf01000 - ok
07:52:56.0291 0944 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:52:56.0322 0944 WdiServiceHost - ok
07:52:56.0338 0944 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:52:56.0353 0944 WdiSystemHost - ok
07:52:56.0400 0944 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
07:52:56.0447 0944 WebClient - ok
07:52:56.0478 0944 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:52:56.0556 0944 Wecsvc - ok
07:52:56.0572 0944 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:52:56.0603 0944 wercplsupport - ok
07:52:56.0619 0944 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
07:52:56.0650 0944 WerSvc - ok
07:52:56.0665 0944 [ BB9CBAF6AC20452B245C324F1F50EE81 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
07:52:56.0712 0944 winachsf - ok
07:52:56.0759 0944 [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
07:52:56.0806 0944 winbondcir - ok
07:52:56.0853 0944 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
07:52:56.0868 0944 WinDefend - ok
07:52:56.0884 0944 WinHttpAutoProxySvc - ok
07:52:56.0931 0944 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:52:56.0962 0944 Winmgmt - ok
07:52:57.0009 0944 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
07:52:57.0118 0944 WinRM - ok
07:52:57.0165 0944 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\WinUSB.SYS
07:52:57.0180 0944 winusb - ok
07:52:57.0227 0944 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:52:57.0274 0944 Wlansvc - ok
07:52:57.0321 0944 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
07:52:57.0352 0944 WmiAcpi - ok
07:52:57.0399 0944 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:52:57.0445 0944 wmiApSrv - ok
07:52:57.0508 0944 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
07:52:57.0617 0944 WMPNetworkSvc - ok
07:52:57.0648 0944 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:52:57.0695 0944 WPCSvc - ok
07:52:57.0726 0944 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:52:57.0773 0944 WPDBusEnum - ok
07:52:57.0804 0944 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
07:52:57.0835 0944 WpdUsb - ok
07:52:57.0945 0944 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:52:57.0991 0944 WPFFontCache_v0400 - ok
07:52:58.0007 0944 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:52:58.0085 0944 ws2ifsl - ok
07:52:58.0116 0944 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
07:52:58.0132 0944 wscsvc - ok
07:52:58.0147 0944 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
07:52:58.0179 0944 WSDPrintDevice - ok
07:52:58.0194 0944 WSearch - ok
07:52:58.0257 0944 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
07:52:58.0350 0944 wuauserv - ok
07:52:58.0397 0944 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:52:58.0444 0944 WUDFRd - ok
07:52:58.0459 0944 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:52:58.0491 0944 wudfsvc - ok
07:52:58.0522 0944 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
07:52:58.0553 0944 XAudio - ok
07:52:58.0584 0944 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
07:52:58.0631 0944 XAudioService - ok
07:52:58.0693 0944 [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
07:52:58.0693 0944 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
07:52:58.0709 0944 ================ Scan global ===============================
07:52:58.0725 0944 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
07:52:58.0756 0944 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
07:52:58.0771 0944 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
07:52:58.0818 0944 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
07:52:58.0818 0944 [Global] - ok
07:52:58.0818 0944 ================ Scan MBR ==================================
07:52:58.0834 0944 [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0
07:52:59.0770 0944 \Device\Harddisk0\DR0 - ok
07:52:59.0770 0944 ================ Scan VBR ==================================
07:52:59.0770 0944 [ C78215C9610E1A165B5C79393A5C1655 ] \Device\Harddisk0\DR0\Partition1
07:52:59.0770 0944 \Device\Harddisk0\DR0\Partition1 - ok
07:52:59.0770 0944 ============================================================
07:52:59.0770 0944 Scan finished
07:52:59.0770 0944 ============================================================
07:52:59.0785 1224 Detected object count: 9
07:52:59.0785 1224 Actual detected object count: 9
07:53:35.0431 1224 CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0431 1224 CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:53:35.0431 1224 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0431 1224 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:53:35.0463 1224 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0463 1224 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:53:35.0463 1224 IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0463 1224 IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:53:35.0463 1224 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0463 1224 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:53:35.0463 1224 NTIPPKernel ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0463 1224 NTIPPKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:53:35.0463 1224 Polar Daemon ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0463 1224 Polar Daemon ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:53:35.0478 1224 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0478 1224 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:53:35.0478 1224 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:35.0478 1224 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
01.10.2012, 09:52
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.10.2012, 10:27
| #23 |
| | BKA Trojaner 1.15 (Windows Vista) Konnte den PC nicht im normalen Modus starten, bekam nach dem hochfahren statt des Desktops einen schwarzen Bildschirm zu sehen. Im abgesicherten Modus klappt es, hier die LOG Datei: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-09-30.03 - matthes 01.10.2012 11:00:20.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2577 [GMT 2:00]
ausgeführt von:: c:\users\matthes\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\programdata\Roaming
c:\programdata\SPL21D2.tmp
c:\programdata\SPL52A6.tmp
c:\programdata\SPL86C3.tmp
c:\programdata\SPLC0DC.tmp
c:\programdata\SPLCADC.tmp
c:\programdata\SPLCD26.tmp
c:\programdata\SPLD9CA.tmp
c:\programdata\SPLDAC4.tmp
c:\programdata\SPLDBFC.tmp
c:\programdata\SPLF8FE.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\wininit.dll
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-01 bis 2012-10-01 ))))))))))))))))))))))))))))))
.
.
2012-09-28 18:50 . 2012-09-28 18:50 -------- d-----w- C:\_OTL
2012-09-27 14:35 . 2012-09-27 14:35 -------- d-----w- c:\program files\ESET
2012-09-25 19:59 . 2012-09-25 19:59 -------- d-----w- c:\program files\CCleaner
2012-09-25 17:36 . 2012-09-25 17:36 -------- d-----w- c:\users\matthes\AppData\Roaming\Malwarebytes
2012-09-25 17:36 . 2012-09-25 17:36 -------- d-----w- c:\programdata\Malwarebytes
2012-09-25 17:36 . 2012-09-25 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-25 17:36 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-17 17:15 . 2012-09-20 14:44 -------- d-----w- c:\users\matthes\Ordnerdeckblätter
2012-09-11 12:27 . 2012-09-12 12:53 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2012-09-11 09:03 . 2012-09-11 09:03 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 17:49 . 2012-05-11 13:11 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 17:49 . 2011-06-09 12:43 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 15:46 . 2010-03-07 09:45 47360 ----a-w- c:\users\matthes\AppData\Roaming\pcouffin.sys
2012-07-06 02:17 . 2012-08-15 08:00 574112 ----a-w- c:\windows\system32\drivers\N360\0603000.00E\srtsp.sys
2012-07-06 02:17 . 2012-08-15 08:00 32928 ----a-w- c:\windows\system32\drivers\N360\0603000.00E\srtspx.sys
2012-07-04 14:02 . 2012-08-17 11:18 2047488 ----a-w- c:\windows\system32\win32k.sys
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\program files\DSETUP.dll
2012-09-11 09:03 . 2011-04-11 15:27 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-06-30 12:44 . 2009-12-13 21:53 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72}]
2010-01-26 14:52 192512 ----a-w- c:\users\matthes\AppData\Roaming\AdobeReader\IE\AdobeReader.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2009-04-29 139944]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\matthes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-28 10:38 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 14:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Acer\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-07-24 14:54 147456 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-24 14:54 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 10:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-07-18 15:04 167936 ------w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]
2008-10-28 10:38 3676160 ----a-w- c:\program files\Acer\Acer Bio Protection\PdtWzd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1437981379-4010485698-1217947183-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 17:50]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 18:35]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 18:35]
.
2012-09-25 c:\windows\Tasks\User_Feed_Synchronization-{52A60082-F11F-4DC0-815C-41B71B2E7AD3}.job
- c:\windows\system32\msfeedssync.exe [2012-09-22 08:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{603D3CE5-33BC-4d51-A31E-613A2B826E21} - c:\users\matthes\AppData\Roaming\IEButtons\toolbutton2.js
IE: {{804420A5-7F05-4ee9-92F2-D2B644AD9102} - c:\users\matthes\AppData\Roaming\IEButtons\toolbutton3.js
IE: {{C376BD23-6DC3-4e10-9ED0-AB8C0444E45C} - c:\users\matthes\AppData\Roaming\IEButtons\toolbutton1.js
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\matthes\AppData\Roaming\Mozilla\Firefox\Profiles\38gpdnax.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
HKCU-Run-SearchIndexer - c:\users\matthes\AppData\Local\Microsoft\Windows\89\SearchIndexer.exe
MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
MSConfigStartUp-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
AddRemove-sv.net - e:\sozial~1.hls\svnet\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-01 11:21
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1408)
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\helppane.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-01 11:23:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-01 09:23
.
Vor Suchlauf: 18 Verzeichnis(se), 33.673.388.032 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 33.296.908.288 Bytes frei
.
- - End Of File - - E539618963764A787E48D3DF4FB3384F
|
|
01.10.2012, 13:35
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.10.2012, 16:41
| #25 |
| | BKA Trojaner 1.15 (Windows Vista)Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-01 16:05:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0303
Running: 7jr8d694.exe; Driver: C:\Users\matthes\AppData\Local\Temp\kxriifow.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74AD7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74B1B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74ADBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74ACF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74AD75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74ACE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74B073F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74ADDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74ACFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74ACFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74AC71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74B5CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74AFC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74ACD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74AC6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74AC687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74AD2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ddfef6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ddfef6@001ee29f991a 0x9B 0x60 0xDD 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ddfef6@60a10a10ad8a 0x0D 0x03 0x14 0x27 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ddfef6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ddfef6@001ee29f991a 0x9B 0x60 0xDD 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ddfef6@60a10a10ad8a 0x0D 0x03 0x14 0x27 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:23:02 on 01.10.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 15.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AlfaFF File System mini-filter" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\Drivers\AlfaFF.sys "BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120919.001\BHDrvx86.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "cpuz132" (cpuz132) - ? - C:\Users\matthes\AppData\Local\Temp\cpuz132\cpuz132_x32.sys (File not found) "Dritek Keyboard Filter Driver" (DKbFltr) - ? - C:\Windows\System32\DRIVERS\DKbFltr.sys (File not found) "EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys "hc3ServiceName" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\DRIVERS\hotcore3.sys "IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120921.001\IDSvix86.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "kxriifow" (kxriifow) - ? - C:\Users\matthes\AppData\Local\Temp\kxriifow.sys (Hidden registry entry, rootkit activity | File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120922.008\NAVENG.SYS "NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120922.008\NAVEX15.SYS "Norton 360 Settings Manager" (ccSet_N360) - "Symantec Corporation" - C:\Windows\system32\drivers\N360\0603000.00E\ccSetx86.sys "NTIPPKernel" (NTIPPKernel) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys "Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\N360\0603000.00E\SYMDS.SYS "Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys "Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\N360\0603000.00E\SYMEFA.SYS "Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\N360\0603000.00E\Ironx86.SYS "Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\N360\0603000.00E\SRTSP.SYS "Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\N360\0603000.00E\SRTSPX.SYS "Symantec Vista Network Dispatch Driver" (SYMTDIv) - "Symantec Corporation" - C:\Windows\System32\Drivers\N360\0603000.00E\SYMTDIV.SYS "SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {A40526DD-F152-4C1D-844C-CE668D29B77E} "Shell extension for NTP" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\coIEPlg.dll <binary data> "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm "Amazon (amazon.de)" - ? - C:\Users\matthes\AppData\Roaming\IEButtons\toolbutton2.js "easy Shopping" - ? - C:\Users\matthes\AppData\Roaming\IEButtons\toolbutton3.js "eBay (ebay.de)" - ? - C:\Users\matthes\AppData\Roaming\IEButtons\toolbutton1.js "Quick-Launching Area" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\coIEPlg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72} "Adobe Reader" - "Adobe Systems, Incorporated" - C:\Users\matthes\AppData\Roaming\AdobeReader\IE\AdobeReader.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll {D2C5E510-BE6D-42CC-9F61-E4F939078474} "Lexmark " - ? - C:\Program Files\Lexmark Printable Web\bho.dll {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\coIEPlg.dll {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL {1017A80C-6F09-4548-A84D-EDD6AC9525F0} "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdFilter (File not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\matthes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "EzPrint" - ? - "C:\Program Files\Lexmark S300-S400 Series\ezprint.exe" "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "lxeamon.exe" - ? - "C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe" "PLFSetI" - ? - C:\Windows\PLFSetI.exe "WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iGroupTec Service" (IGBASVC) - ? - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe (File found, but it contains no detailed information) "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "Norton 360" (N360) - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe "Polar Daemon" (Polar Daemon) - ? - C:\Program Files\Polar\Daemon\polard.exe (File found, but it contains no detailed information) "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "AWinNotifyVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll "spba" - "UPEK Inc." - C:\Program Files\Common Files\SPBA\homefus2.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-01 16:26:01
-----------------------------
16:26:01.323 OS Version: Windows 6.0.6002 Service Pack 2
16:26:01.323 Number of processors: 2 586 0xF0D
16:26:01.323 ComputerName: MATTHES-PC UserName: matthes
16:26:02.025 Initialize success
16:40:45.999 AVAST engine defs: 12100100
16:49:50.967 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:49:50.967 Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3
16:49:51.317 Disk 0 MBR read successfully
16:49:51.317 Disk 0 MBR scan
16:49:51.327 Disk 0 unknown MBR code
16:49:51.337 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
16:49:51.397 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 79920 MB offset 20973568
16:49:51.407 Disk 0 Partition - 00 0F Extended LBA 211452 MB offset 184651110
16:49:51.517 Disk 0 Partition 3 00 12 Compaq diag NTFS 3630 MB offset 617705472
16:49:51.607 Disk 0 Partition - 00 05 Extended 109053 MB offset 184662015
16:49:51.617 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 109053 MB offset 184662016
16:49:51.627 Disk 0 Partition - 00 05 Extended 102393 MB offset 408013710
16:49:51.667 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 102393 MB offset 408002868
16:49:51.717 Disk 0 scanning sectors +625139712
16:49:51.927 Disk 0 scanning C:\Windows\system32\drivers
16:50:15.136 Service scanning
16:50:40.221 Modules scanning
16:50:45.993 Disk 0 trace - called modules:
16:50:46.008 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
16:50:46.024 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869e05b0]
16:50:46.024 3 CLASSPNP.SYS[8b1a68b3] -> nt!IofCallDriver -> [0x84ddf6b8]
16:50:46.040 5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84da0028]
16:50:46.554 AVAST engine scan C:\Windows
16:50:54.573 AVAST engine scan C:\Windows\system32
16:54:41.662 AVAST engine scan C:\Windows\system32\drivers
16:54:59.711 AVAST engine scan C:\Users\matthes
16:58:08.190 AVAST engine scan C:\ProgramData
17:00:02.538 Scan finished successfully
17:25:40.932 Disk 0 MBR has been saved successfully to "C:\Users\matthes\Desktop\MBR.dat"
17:25:40.932 The log file has been saved successfully to "C:\Users\matthes\Desktop\aswMBR.txt"
|
|
02.10.2012, 13:01
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.10.2012, 15:43
| #27 |
| | BKA Trojaner 1.15 (Windows Vista) Ich brauchte nur das Programm öffnen und direkt auf FIXMBR klicken? Oder hätte ich vorab noch einmal scannen müssen? Im normalen Modus bekomme ich das Desktop wieder zu sehen, kann aber weder Programme noch Startmenü öffnen. Hier Das neue Log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 16:13:04
-----------------------------
16:13:04.800 OS Version: Windows 6.0.6002 Service Pack 2
16:13:04.800 Number of processors: 2 586 0xF0D
16:13:04.800 ComputerName: MATTHES-PC UserName: matthes
16:13:13.911 Initialize success
16:13:27.779 AVAST engine defs: 12100100
16:13:31.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:13:31.492 Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3
16:13:31.507 Disk 0 MBR read successfully
16:13:31.507 Disk 0 MBR scan
16:13:31.523 Disk 0 Windows VISTA default MBR code
16:13:31.523 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
16:13:31.539 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 79920 MB offset 20973568
16:13:31.554 Disk 0 Partition - 00 0F Extended LBA 211452 MB offset 184651110
16:13:31.601 Disk 0 Partition 3 00 12 Compaq diag NTFS 3630 MB offset 617705472
16:13:31.648 Disk 0 Partition - 00 05 Extended 109053 MB offset 184662015
16:13:31.663 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 109053 MB offset 184662016
16:13:31.663 Disk 0 Partition - 00 05 Extended 102393 MB offset 408013710
16:13:31.695 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 102393 MB offset 408002868
16:13:31.710 Disk 0 scanning sectors +625139712
16:13:31.819 Disk 0 scanning C:\Windows\system32\drivers
16:13:45.407 Service scanning
16:14:12.036 Modules scanning
16:14:16.155 Disk 0 trace - called modules:
16:14:16.186 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
16:14:16.201 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8695b440]
16:14:16.201 3 CLASSPNP.SYS[8b1a28b3] -> nt!IofCallDriver -> [0x860cd408]
16:14:16.217 5 acpi.sys[806916bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84da0028]
16:14:16.779 AVAST engine scan C:\Windows
16:14:21.115 AVAST engine scan C:\Windows\system32
16:17:55.459 AVAST engine scan C:\Windows\system32\drivers
16:18:11.574 AVAST engine scan C:\Users\matthes
16:21:13.579 AVAST engine scan C:\ProgramData
16:22:53.856 Scan finished successfully
16:39:23.520 Disk 0 MBR has been saved successfully to "C:\Users\matthes\Desktop\MBR.dat"
16:39:23.536 The log file has been saved successfully to "C:\Users\matthes\Desktop\aswMBR.txt"
|
|
02.10.2012, 19:27
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.10.2012, 19:41
| #29 |
| | BKA Trojaner 1.15 (Windows Vista) Ich kann aber noch immer im normalen Modus nichts machen, kein Startmenü und keine Programme öffnen. Ist doch im Moment noch ok? Der Scan läuft. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.02.07 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.6001.19328 matthes :: MATTHES-PC [Administrator] Schutz: Deaktiviert 02.10.2012 20:39:23 mbam-log-2012-10-02 (20-39-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 382731 Laufzeit: 1 Stunde(n), 1 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/03/2012 at 10:03 AM
Application Version : 5.5.1022
Core Rules Database Version : 9330
Trace Rules Database Version: 7142
Scan type : Complete Scan
Total Scan Time : 01:54:36
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator
Memory items scanned : 381
Memory threats detected : 0
Registry items scanned : 34361
Registry threats detected : 0
File items scanned : 165327
File threats detected : 111
Adware.Tracking Cookie
.atdmt.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkyglc5kdp.stats.esomniture.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.autoscout24.112.2o7.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.tracking.mindshare.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adform.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
tracking.mobile.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.dyntracker.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.secmedia.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.secmedia.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
partners.webmasterplan.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ]
|
|
05.10.2012, 11:11
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Wenn der normale Modus immer noch nicht geht, hilft evtl ein ältere Wiederherstellungspunkt. Seit wann genau geht der normale Modus denn nicht mehr?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu BKA Trojaner 1.15 (Windows Vista) |
| administrator, aktion, anti-malware, appdata, autostart, code, dateien, explorer, fat32, gen, infiziert, laptop, logfile, malwarebytes, modus, roaming, service, service pack 2, speicher, test, trojaner, version, vista, windows, windows 7 |
Linear-Darstellung
