|
Log-Analyse und Auswertung: BKA Trojaner 1.15 (Windows Vista)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.09.2012, 20:26 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Das LOg vom Fix fehlt -.-
__________________ Logfiles bitte immer in CODE-Tags posten |
28.09.2012, 20:29 | #17 |
| BKA Trojaner 1.15 (Windows Vista) Von allein hat es sich nicht geöffnet. Jetzt habe ich otl noch einmal gestartet, da kam dieses Log:
__________________Code:
ATTFilter All processes killed ========== OTL ========== Service SYMNDISV stopped successfully! Service SYMNDISV deleted successfully! File C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS File not found not found. Service SYMFW stopped successfully! Service SYMFW deleted successfully! File C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS File not found not found. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File system32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File system32\DRIVERS\nwlnkflt.sys File not found not found. Prefs.js: "search for firefox" removed from browser.search.defaultenginename Prefs.js: "search for firefox" removed from browser.search.order.1 Prefs.js: "moz2-ytff-" removed from browser.search.param.yahoo-fr Prefs.js: "moz2-ytff-" removed from browser.search.param.yahoo-fr-cjkt Prefs.js: "search for firefox" removed from browser.search.selectedEngine Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: addon@gutscheine-live.de:1.1 removed from extensions.enabledAddons Prefs.js: finder@meingutscheincode.de:3.0.3 removed from extensions.enabledAddons Prefs.js: ciuvo-extension@billiger.de:1.0.462 removed from extensions.enabledAddons Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL C:\Users\matthes\AppData\Roaming\mozilla\firefox\profiles\38gpdnax.default\extensions\addon@gutscheine-live.de.xpi moved successfully. C:\Users\matthes\AppData\Roaming\mozilla\firefox\profiles\38gpdnax.default\searchplugins\safesearch.xml moved successfully. C:\Users\matthes\AppData\Roaming\mozilla\firefox\profiles\38gpdnax.default\searchplugins\winamp-search.xml moved successfully. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults\preferences folder moved successfully. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults folder moved successfully. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\chrome folder moved successfully. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\locale\en-US folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\locale\de-DE folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\locale folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\content\lib folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\content\icons\billigerde folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\content\icons folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome\content folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de\chrome folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\ciuvo-extension@billiger.de folder moved successfully. C:\Program Files\Mozilla Firefox\plugins\npwachk.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A6EE5B-5AE3-4159-9134-938BCA95B753}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92A6EE5B-5AE3-4159-9134-938BCA95B753}\ deleted successfully. C:\Program Files\billigerde\Internet Explorer\billigerde.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully. C:\Program Files\Lexmark Toolbar\toolband.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found. Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found. Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found. Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found. Registry key HKEY_USERS\S-1-5-21-1437981379-4010485698-1217947183-1000\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc6e75ed-8782-11df-84a4-00238b010b31}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc6e75ed-8782-11df-84a4-00238b010b31}\ not found. File Menu.exe not found. ========== FILES ========== C:\Users\matthes\AppData\Roaming\inst.exe moved successfully. C:\ProgramData\WinMaximizer\WinMaximizer\LOGS folder moved successfully. C:\ProgramData\WinMaximizer\WinMaximizer\InstallCache\{B6796CC9-76A5-46C8-BF10-B057474FECA3} folder moved successfully. C:\ProgramData\WinMaximizer\WinMaximizer\InstallCache folder moved successfully. C:\ProgramData\WinMaximizer\WinMaximizer\Backup folder moved successfully. C:\ProgramData\WinMaximizer\WinMaximizer folder moved successfully. C:\ProgramData\WinMaximizer folder moved successfully. File\Folder C:\Users\All Users\WinMaximizer not found. C:\Users\matthes\AppData\Local\Microsoft\Windows\89 folder moved successfully. File\Folder D:\xxx\Downloads\registrybooster* not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\matthes\Desktop\cmd.bat deleted successfully. C:\Users\matthes\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gast User: matthes ->Temp folder emptied: 1096635 bytes ->Temporary Internet Files folder emptied: 721973 bytes ->Java cache emptied: 16994011 bytes ->FireFox cache emptied: 45263032 bytes ->Flash cache emptied: 580 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 99370653 bytes Total Files Cleaned = 156,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 09282012_205042 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
28.09.2012, 20:58 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ |
28.09.2012, 21:19 | #19 |
| BKA Trojaner 1.15 (Windows Vista) Im normalen Modus bekomme ich nur die Eieruhr zu sehen |
28.09.2012, 21:31 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Dann mach es bitte im abgesicherten Modus mit Netzwerktreibern
__________________ Logfiles bitte immer in CODE-Tags posten |
29.09.2012, 06:55 | #21 |
| BKA Trojaner 1.15 (Windows Vista)Code:
ATTFilter 07:51:46.0075 0316 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 07:51:48.0088 0316 ============================================================ 07:51:48.0088 0316 Current date / time: 2012/09/29 07:51:48.0088 07:51:48.0088 0316 SystemInfo: 07:51:48.0088 0316 07:51:48.0088 0316 OS Version: 6.0.6002 ServicePack: 2.0 07:51:48.0088 0316 Product type: Workstation 07:51:48.0088 0316 ComputerName: MATTHES-PC 07:51:48.0088 0316 UserName: matthes 07:51:48.0088 0316 Windows directory: C:\Windows 07:51:48.0088 0316 System windows directory: C:\Windows 07:51:48.0088 0316 Processor architecture: Intel x86 07:51:48.0088 0316 Number of processors: 2 07:51:48.0088 0316 Page size: 0x1000 07:51:48.0088 0316 Boot type: Safe boot with network 07:51:48.0088 0316 ============================================================ 07:51:48.0540 0316 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 07:51:48.0540 0316 ============================================================ 07:51:48.0540 0316 \Device\Harddisk0\DR0: 07:51:48.0540 0316 MBR partitions: 07:51:48.0540 0316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x9C18566 07:51:48.0571 0316 ============================================================ 07:51:48.0634 0316 C: <-> \Device\Harddisk0\DR0\Partition1 07:51:48.0634 0316 ============================================================ 07:51:48.0634 0316 Initialize success 07:51:48.0634 0316 ============================================================ 07:52:26.0214 0944 ============================================================ 07:52:26.0214 0944 Scan started 07:52:26.0214 0944 Mode: Manual; SigCheck; TDLFS; 07:52:26.0214 0944 ============================================================ 07:52:26.0323 0944 ================ Scan system memory ======================== 07:52:26.0323 0944 System memory - ok 07:52:26.0323 0944 ================ Scan services ============================= 07:52:26.0589 0944 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 07:52:26.0698 0944 ACDaemon - ok 07:52:26.0823 0944 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 07:52:26.0854 0944 ACPI - ok 07:52:26.0901 0944 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 07:52:26.0916 0944 AdobeARMservice - ok 07:52:26.0994 0944 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 07:52:27.0010 0944 AdobeFlashPlayerUpdateSvc - ok 07:52:27.0057 0944 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 07:52:27.0088 0944 adp94xx - ok 07:52:27.0150 0944 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 07:52:27.0166 0944 adpahci - ok 07:52:27.0197 0944 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 07:52:27.0213 0944 adpu160m - ok 07:52:27.0228 0944 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 07:52:27.0244 0944 adpu320 - ok 07:52:27.0291 0944 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 07:52:27.0431 0944 AeLookupSvc - ok 07:52:27.0478 0944 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys 07:52:27.0493 0944 Afc - ok 07:52:27.0540 0944 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 07:52:27.0603 0944 AFD - ok 07:52:27.0649 0944 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 07:52:27.0649 0944 agp440 - ok 07:52:27.0696 0944 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 07:52:27.0712 0944 aic78xx - ok 07:52:27.0743 0944 [ 4490B8BDF38750458EB9B24835FDA8FE ] AlfaFF C:\Windows\system32\Drivers\AlfaFF.sys 07:52:27.0759 0944 AlfaFF - ok 07:52:27.0790 0944 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 07:52:27.0961 0944 ALG - ok 07:52:27.0977 0944 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 07:52:27.0977 0944 aliide - ok 07:52:27.0993 0944 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 07:52:28.0008 0944 amdagp - ok 07:52:28.0024 0944 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 07:52:28.0039 0944 amdide - ok 07:52:28.0071 0944 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 07:52:28.0149 0944 AmdK7 - ok 07:52:28.0164 0944 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 07:52:28.0195 0944 AmdK8 - ok 07:52:28.0227 0944 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 07:52:28.0289 0944 Appinfo - ok 07:52:28.0320 0944 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 07:52:28.0320 0944 arc - ok 07:52:28.0351 0944 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 07:52:28.0367 0944 arcsas - ok 07:52:28.0398 0944 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 07:52:28.0429 0944 AsyncMac - ok 07:52:28.0461 0944 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys 07:52:28.0476 0944 atapi - ok 07:52:28.0523 0944 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 07:52:28.0570 0944 AudioEndpointBuilder - ok 07:52:28.0570 0944 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 07:52:28.0601 0944 Audiosrv - ok 07:52:28.0632 0944 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 07:52:28.0695 0944 Beep - ok 07:52:28.0757 0944 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 07:52:28.0804 0944 BFE - ok 07:52:28.0991 0944 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120919.001\BHDrvx86.sys 07:52:29.0053 0944 BHDrvx86 - ok 07:52:29.0147 0944 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 07:52:29.0209 0944 BITS - ok 07:52:29.0225 0944 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 07:52:29.0256 0944 blbdrive - ok 07:52:29.0287 0944 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 07:52:29.0334 0944 bowser - ok 07:52:29.0381 0944 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 07:52:29.0412 0944 BrFiltLo - ok 07:52:29.0443 0944 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 07:52:29.0506 0944 BrFiltUp - ok 07:52:29.0521 0944 [ B1564976D98E91FC764D5DC28A0297DA ] Bridge C:\Windows\system32\DRIVERS\bridge.sys 07:52:29.0568 0944 Bridge - ok 07:52:29.0599 0944 [ B1564976D98E91FC764D5DC28A0297DA ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 07:52:29.0631 0944 BridgeMP - ok 07:52:29.0677 0944 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 07:52:29.0740 0944 Browser - ok 07:52:29.0771 0944 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 07:52:29.0943 0944 Brserid - ok 07:52:29.0989 0944 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 07:52:30.0036 0944 BrSerWdm - ok 07:52:30.0067 0944 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 07:52:30.0145 0944 BrUsbMdm - ok 07:52:30.0161 0944 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 07:52:30.0208 0944 BrUsbSer - ok 07:52:30.0255 0944 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 07:52:30.0301 0944 BthEnum - ok 07:52:30.0333 0944 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 07:52:30.0379 0944 BTHMODEM - ok 07:52:30.0411 0944 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 07:52:30.0457 0944 BthPan - ok 07:52:30.0489 0944 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 07:52:30.0551 0944 BTHPORT - ok 07:52:30.0567 0944 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll 07:52:30.0613 0944 BthServ - ok 07:52:30.0660 0944 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 07:52:30.0691 0944 BTHUSB - ok 07:52:30.0723 0944 [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 07:52:30.0738 0944 btwaudio - ok 07:52:30.0769 0944 [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 07:52:30.0769 0944 btwavdt - ok 07:52:30.0785 0944 [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 07:52:30.0801 0944 btwrchid - ok 07:52:30.0894 0944 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\Windows\system32\drivers\N360\0603000.00E\ccSetx86.sys 07:52:30.0894 0944 ccSet_N360 - ok 07:52:30.0925 0944 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 07:52:30.0988 0944 cdfs - ok 07:52:31.0035 0944 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 07:52:31.0081 0944 cdrom - ok 07:52:31.0128 0944 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 07:52:31.0175 0944 CertPropSvc - ok 07:52:31.0206 0944 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys 07:52:31.0253 0944 circlass - ok 07:52:31.0300 0944 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 07:52:31.0315 0944 CLFS - ok 07:52:31.0393 0944 [ 5CA9B1062C0C3E3AE19C23AD9D8A5048 ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe 07:52:31.0440 0944 CLHNService ( UnsignedFile.Multi.Generic ) - warning 07:52:31.0440 0944 CLHNService - detected UnsignedFile.Multi.Generic (1) 07:52:31.0503 0944 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 07:52:31.0518 0944 clr_optimization_v2.0.50727_32 - ok 07:52:31.0581 0944 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 07:52:31.0627 0944 clr_optimization_v4.0.30319_32 - ok 07:52:31.0659 0944 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 07:52:31.0705 0944 CmBatt - ok 07:52:31.0721 0944 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 07:52:31.0737 0944 cmdide - ok 07:52:31.0752 0944 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 07:52:31.0752 0944 Compbatt - ok 07:52:31.0768 0944 COMSysApp - ok 07:52:31.0846 0944 cpuz132 - ok 07:52:31.0861 0944 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 07:52:31.0877 0944 crcdisk - ok 07:52:31.0893 0944 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 07:52:31.0924 0944 Crusoe - ok 07:52:31.0971 0944 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll 07:52:32.0017 0944 CryptSvc - ok 07:52:32.0080 0944 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 07:52:32.0142 0944 DcomLaunch - ok 07:52:32.0173 0944 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 07:52:32.0205 0944 DfsC - ok 07:52:32.0298 0944 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 07:52:32.0454 0944 DFSR - ok 07:52:32.0548 0944 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 07:52:32.0610 0944 Dhcp - ok 07:52:32.0657 0944 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 07:52:32.0673 0944 disk - ok 07:52:32.0688 0944 DKbFltr - ok 07:52:32.0719 0944 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 07:52:32.0766 0944 Dnscache - ok 07:52:32.0797 0944 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 07:52:32.0844 0944 dot3svc - ok 07:52:32.0891 0944 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 07:52:32.0938 0944 DPS - ok 07:52:32.0969 0944 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 07:52:33.0016 0944 drmkaud - ok 07:52:33.0063 0944 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 07:52:33.0094 0944 DXGKrnl - ok 07:52:33.0125 0944 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 07:52:33.0172 0944 E1G60 - ok 07:52:33.0219 0944 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 07:52:33.0250 0944 EapHost - ok 07:52:33.0281 0944 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 07:52:33.0297 0944 Ecache - ok 07:52:33.0359 0944 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 07:52:33.0375 0944 eeCtrl - ok 07:52:33.0437 0944 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 07:52:33.0515 0944 ehRecvr - ok 07:52:33.0531 0944 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 07:52:33.0546 0944 ehSched - ok 07:52:33.0546 0944 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 07:52:33.0593 0944 ehstart - ok 07:52:33.0655 0944 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 07:52:33.0671 0944 elxstor - ok 07:52:33.0718 0944 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 07:52:33.0780 0944 EMDMgmt - ok 07:52:33.0827 0944 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 07:52:33.0843 0944 EraserUtilRebootDrv - ok 07:52:33.0858 0944 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 07:52:33.0905 0944 ErrDev - ok 07:52:33.0967 0944 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 07:52:34.0030 0944 EventSystem - ok 07:52:34.0123 0944 [ 54B6E150BFF4A47EB0D204119D262E46 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 07:52:34.0170 0944 EvtEng ( UnsignedFile.Multi.Generic ) - warning 07:52:34.0170 0944 EvtEng - detected UnsignedFile.Multi.Generic (1) 07:52:34.0217 0944 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 07:52:34.0248 0944 exfat - ok 07:52:34.0295 0944 Fabs - ok 07:52:34.0342 0944 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 07:52:34.0373 0944 fastfat - ok 07:52:34.0420 0944 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 07:52:34.0482 0944 fdc - ok 07:52:34.0513 0944 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 07:52:34.0545 0944 fdPHost - ok 07:52:34.0560 0944 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 07:52:34.0607 0944 FDResPub - ok 07:52:34.0654 0944 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 07:52:34.0654 0944 FileInfo - ok 07:52:34.0685 0944 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 07:52:34.0716 0944 Filetrace - ok 07:52:34.0825 0944 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe 07:52:35.0028 0944 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 07:52:35.0028 0944 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 07:52:35.0044 0944 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 07:52:35.0075 0944 flpydisk - ok 07:52:35.0106 0944 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 07:52:35.0122 0944 FltMgr - ok 07:52:35.0169 0944 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 07:52:35.0262 0944 FontCache - ok 07:52:35.0325 0944 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 07:52:35.0340 0944 FontCache3.0.0.0 - ok 07:52:35.0371 0944 [ 10398B515653442A5B89FDF6A1D06180 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS 07:52:35.0387 0944 FsUsbExDisk - ok 07:52:35.0434 0944 [ 2A0D3EE7D2D42A3A812D3E6795A2382B ] FsUsbExService C:\Windows\system32\FsUsbExService.Exe 07:52:35.0449 0944 FsUsbExService - ok 07:52:35.0465 0944 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 07:52:35.0512 0944 Fs_Rec - ok 07:52:35.0543 0944 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 07:52:35.0543 0944 gagp30kx - ok 07:52:35.0590 0944 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 07:52:35.0637 0944 gpsvc - ok 07:52:35.0715 0944 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 07:52:35.0730 0944 gupdate - ok 07:52:35.0746 0944 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 07:52:35.0761 0944 gupdatem - ok 07:52:35.0808 0944 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 07:52:35.0855 0944 HdAudAddService - ok 07:52:35.0917 0944 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 07:52:35.0995 0944 HDAudBus - ok 07:52:36.0042 0944 [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 07:52:36.0073 0944 HidBth - ok 07:52:36.0089 0944 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 07:52:36.0120 0944 HidIr - ok 07:52:36.0151 0944 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 07:52:36.0183 0944 hidserv - ok 07:52:36.0229 0944 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 07:52:36.0261 0944 HidUsb - ok 07:52:36.0307 0944 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 07:52:36.0354 0944 hkmsvc - ok 07:52:36.0385 0944 [ D308726110A6011514DCDFC6E3FC21F2 ] hotcore3 C:\Windows\system32\DRIVERS\hotcore3.sys 07:52:36.0385 0944 hotcore3 - ok 07:52:36.0432 0944 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 07:52:36.0448 0944 HpCISSs - ok 07:52:36.0510 0944 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 07:52:36.0573 0944 HSFHWAZL - ok 07:52:36.0619 0944 [ FADD7095163CB3CB4073793EBB50FE75 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 07:52:36.0744 0944 HSF_DPV - ok 07:52:36.0791 0944 [ 058783BEDD17615D1FECE09F77960436 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 07:52:36.0822 0944 HSXHWAZL - ok 07:52:36.0838 0944 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 07:52:36.0916 0944 HTTP - ok 07:52:36.0947 0944 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 07:52:36.0947 0944 i2omp - ok 07:52:37.0009 0944 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 07:52:37.0041 0944 i8042prt - ok 07:52:37.0103 0944 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 07:52:37.0119 0944 IAANTMON - ok 07:52:37.0181 0944 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 07:52:37.0197 0944 iaStor - ok 07:52:37.0212 0944 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 07:52:37.0228 0944 iaStorV - ok 07:52:37.0275 0944 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 07:52:37.0321 0944 idsvc - ok 07:52:37.0415 0944 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120921.001\IDSvix86.sys 07:52:37.0446 0944 IDSVix86 - ok 07:52:37.0618 0944 [ 33FFC1E1117C4BE00A07AEDD72AE68B1 ] IGBASVC C:\Program Files\Acer\Acer Bio Protection\BASVC.exe 07:52:37.0789 0944 IGBASVC ( UnsignedFile.Multi.Generic ) - warning 07:52:37.0789 0944 IGBASVC - detected UnsignedFile.Multi.Generic (1) 07:52:37.0821 0944 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 07:52:37.0836 0944 iirsp - ok 07:52:37.0883 0944 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 07:52:37.0930 0944 IKEEXT - ok 07:52:37.0992 0944 [ 219CA9A36D6DE2EC04F958C907673436 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 07:52:38.0226 0944 IntcAzAudAddService - ok 07:52:38.0257 0944 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 07:52:38.0273 0944 intelide - ok 07:52:38.0304 0944 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 07:52:38.0351 0944 intelppm - ok 07:52:38.0382 0944 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 07:52:38.0429 0944 IPBusEnum - ok 07:52:38.0476 0944 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 07:52:38.0523 0944 IpFilterDriver - ok 07:52:38.0569 0944 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 07:52:38.0616 0944 iphlpsvc - ok 07:52:38.0616 0944 IpInIp - ok 07:52:38.0647 0944 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 07:52:38.0679 0944 IPMIDRV - ok 07:52:38.0679 0944 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 07:52:38.0741 0944 IPNAT - ok 07:52:38.0757 0944 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 07:52:38.0788 0944 IRENUM - ok 07:52:38.0819 0944 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 07:52:38.0819 0944 isapnp - ok 07:52:38.0866 0944 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 07:52:38.0881 0944 iScsiPrt - ok 07:52:38.0897 0944 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 07:52:38.0913 0944 iteatapi - ok 07:52:38.0928 0944 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 07:52:38.0944 0944 iteraid - ok 07:52:38.0959 0944 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 07:52:38.0975 0944 kbdclass - ok 07:52:39.0053 0944 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 07:52:39.0084 0944 kbdhid - ok 07:52:39.0100 0944 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 07:52:39.0147 0944 KeyIso - ok 07:52:39.0193 0944 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 07:52:39.0225 0944 KSecDD - ok 07:52:39.0256 0944 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 07:52:39.0287 0944 KtmRm - ok 07:52:39.0443 0944 [ 24ABDDEB766C8459F9D562EB083B6CB8 ] L1E C:\Windows\system32\DRIVERS\L1E60x86.sys 07:52:39.0490 0944 L1E - ok 07:52:39.0521 0944 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 07:52:39.0583 0944 LanmanServer - ok 07:52:39.0630 0944 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 07:52:39.0661 0944 LanmanWorkstation - ok 07:52:39.0724 0944 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 07:52:39.0739 0944 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 07:52:39.0739 0944 LightScribeService - detected UnsignedFile.Multi.Generic (1) 07:52:39.0771 0944 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 07:52:39.0817 0944 lltdio - ok 07:52:39.0864 0944 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 07:52:39.0895 0944 lltdsvc - ok 07:52:39.0911 0944 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 07:52:39.0973 0944 lmhosts - ok 07:52:39.0989 0944 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 07:52:40.0005 0944 LSI_FC - ok 07:52:40.0036 0944 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 07:52:40.0051 0944 LSI_SAS - ok 07:52:40.0067 0944 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 07:52:40.0083 0944 LSI_SCSI - ok 07:52:40.0098 0944 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 07:52:40.0145 0944 luafv - ok 07:52:40.0223 0944 [ 2349335A8033FD9834D1C401EAE1C9BF ] lxeaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe 07:52:40.0254 0944 lxeaCATSCustConnectService - ok 07:52:40.0270 0944 lxea_device - ok 07:52:40.0301 0944 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 07:52:40.0317 0944 MBAMProtector - ok 07:52:40.0395 0944 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 07:52:40.0410 0944 MBAMScheduler - ok 07:52:40.0488 0944 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 07:52:40.0535 0944 MBAMService - ok 07:52:40.0597 0944 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 07:52:40.0597 0944 Mcx2Svc - ok 07:52:40.0629 0944 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 07:52:40.0660 0944 mdmxsdk - ok 07:52:40.0707 0944 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 07:52:40.0707 0944 megasas - ok 07:52:40.0738 0944 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 07:52:40.0753 0944 MegaSR - ok 07:52:40.0816 0944 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 07:52:40.0847 0944 MMCSS - ok 07:52:40.0878 0944 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 07:52:40.0909 0944 Modem - ok 07:52:40.0909 0944 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 07:52:40.0956 0944 monitor - ok 07:52:40.0987 0944 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 07:52:41.0003 0944 mouclass - ok 07:52:41.0003 0944 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 07:52:41.0050 0944 mouhid - ok 07:52:41.0081 0944 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 07:52:41.0097 0944 MountMgr - ok 07:52:41.0128 0944 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 07:52:41.0143 0944 MozillaMaintenance - ok 07:52:41.0175 0944 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 07:52:41.0190 0944 mpio - ok 07:52:41.0190 0944 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 07:52:41.0237 0944 mpsdrv - ok 07:52:41.0268 0944 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 07:52:41.0299 0944 MpsSvc - ok 07:52:41.0346 0944 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 07:52:41.0346 0944 Mraid35x - ok 07:52:41.0377 0944 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 07:52:41.0424 0944 MRxDAV - ok 07:52:41.0440 0944 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 07:52:41.0487 0944 mrxsmb - ok 07:52:41.0533 0944 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 07:52:41.0565 0944 mrxsmb10 - ok 07:52:41.0596 0944 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 07:52:41.0627 0944 mrxsmb20 - ok 07:52:41.0674 0944 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 07:52:41.0689 0944 msahci - ok 07:52:41.0705 0944 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 07:52:41.0721 0944 msdsm - ok 07:52:41.0752 0944 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 07:52:41.0783 0944 MSDTC - ok 07:52:41.0814 0944 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 07:52:41.0845 0944 Msfs - ok 07:52:41.0877 0944 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 07:52:41.0892 0944 msisadrv - ok 07:52:41.0923 0944 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 07:52:41.0970 0944 MSiSCSI - ok 07:52:41.0970 0944 msiserver - ok 07:52:42.0001 0944 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 07:52:42.0048 0944 MSKSSRV - ok 07:52:42.0064 0944 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 07:52:42.0111 0944 MSPCLOCK - ok 07:52:42.0111 0944 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 07:52:42.0157 0944 MSPQM - ok 07:52:42.0204 0944 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 07:52:42.0220 0944 MsRPC - ok 07:52:42.0235 0944 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 07:52:42.0251 0944 mssmbios - ok 07:52:42.0251 0944 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 07:52:42.0298 0944 MSTEE - ok 07:52:42.0329 0944 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 07:52:42.0329 0944 Mup - ok 07:52:42.0391 0944 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe 07:52:42.0407 0944 N360 - ok 07:52:42.0438 0944 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 07:52:42.0485 0944 napagent - ok 07:52:42.0516 0944 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 07:52:42.0547 0944 NativeWifiP - ok 07:52:42.0641 0944 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120922.008\NAVENG.SYS 07:52:42.0657 0944 NAVENG - ok 07:52:42.0703 0944 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120922.008\NAVEX15.SYS 07:52:42.0781 0944 NAVEX15 - ok 07:52:42.0859 0944 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 07:52:42.0891 0944 NDIS - ok 07:52:42.0922 0944 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 07:52:42.0953 0944 NdisTapi - ok 07:52:42.0969 0944 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 07:52:43.0000 0944 Ndisuio - ok 07:52:43.0031 0944 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 07:52:43.0062 0944 NdisWan - ok 07:52:43.0109 0944 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 07:52:43.0156 0944 NDProxy - ok 07:52:43.0187 0944 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 07:52:43.0203 0944 NetBIOS - ok 07:52:43.0234 0944 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 07:52:43.0281 0944 netbt - ok 07:52:43.0312 0944 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 07:52:43.0312 0944 Netlogon - ok 07:52:43.0359 0944 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 07:52:43.0390 0944 Netman - ok 07:52:43.0421 0944 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 07:52:43.0452 0944 netprofm - ok 07:52:43.0483 0944 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 07:52:43.0499 0944 NetTcpPortSharing - ok 07:52:43.0608 0944 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys 07:52:43.0827 0944 NETw5v32 - ok 07:52:43.0842 0944 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 07:52:43.0858 0944 nfrd960 - ok 07:52:43.0889 0944 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 07:52:43.0920 0944 NlaSvc - ok 07:52:43.0951 0944 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 07:52:43.0967 0944 Npfs - ok 07:52:43.0983 0944 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 07:52:44.0029 0944 nsi - ok 07:52:44.0061 0944 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 07:52:44.0107 0944 nsiproxy - ok 07:52:44.0154 0944 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 07:52:44.0217 0944 Ntfs - ok 07:52:44.0263 0944 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys 07:52:44.0279 0944 NTIDrvr - ok 07:52:44.0357 0944 [ 547BFA3591C70674B0BFC99354AB78B3 ] NTIPPKernel C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys 07:52:44.0373 0944 NTIPPKernel ( UnsignedFile.Multi.Generic ) - warning 07:52:44.0373 0944 NTIPPKernel - detected UnsignedFile.Multi.Generic (1) 07:52:44.0388 0944 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 07:52:44.0451 0944 ntrigdigi - ok 07:52:44.0466 0944 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 07:52:44.0513 0944 Null - ok 07:52:44.0575 0944 [ 2C7AC27710E8D41C1EB7D1599187D237 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys 07:52:44.0591 0944 NVHDA - ok 07:52:44.0763 0944 [ CB0D6F8F65B8766FF2AAAA78881FD9F8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 07:52:45.0137 0944 nvlddmkm - ok 07:52:45.0168 0944 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 07:52:45.0184 0944 nvraid - ok 07:52:45.0215 0944 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 07:52:45.0231 0944 nvstor - ok 07:52:45.0246 0944 [ 15315BB51E9025FE41B482681C6E7BA2 ] nvsvc C:\Windows\system32\nvvsvc.exe 07:52:45.0262 0944 nvsvc - ok 07:52:45.0293 0944 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 07:52:45.0309 0944 nv_agp - ok 07:52:45.0324 0944 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 07:52:45.0371 0944 ohci1394 - ok 07:52:45.0449 0944 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 07:52:45.0511 0944 p2pimsvc - ok 07:52:45.0527 0944 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 07:52:45.0558 0944 p2psvc - ok 07:52:45.0605 0944 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 07:52:45.0667 0944 Parport - ok 07:52:45.0730 0944 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 07:52:45.0730 0944 partmgr - ok 07:52:45.0761 0944 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 07:52:45.0808 0944 Parvdm - ok 07:52:45.0839 0944 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 07:52:45.0870 0944 PcaSvc - ok 07:52:45.0901 0944 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 07:52:45.0917 0944 pci - ok 07:52:45.0948 0944 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 07:52:45.0948 0944 pciide - ok 07:52:45.0979 0944 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 07:52:45.0995 0944 pcmcia - ok 07:52:46.0011 0944 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys 07:52:46.0073 0944 pcouffin - ok 07:52:46.0120 0944 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 07:52:46.0213 0944 PEAUTH - ok 07:52:46.0260 0944 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 07:52:46.0338 0944 pla - ok 07:52:46.0401 0944 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 07:52:46.0447 0944 PlugPlay - ok 07:52:46.0494 0944 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 07:52:46.0557 0944 PNRPAutoReg - ok 07:52:46.0619 0944 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 07:52:46.0650 0944 PNRPsvc - ok 07:52:46.0744 0944 [ 94CE8D68338E72B915468D10ECEF07BE ] Polar Daemon C:\Program Files\Polar\Daemon\polard.exe 07:52:46.0759 0944 Polar Daemon ( UnsignedFile.Multi.Generic ) - warning 07:52:46.0759 0944 Polar Daemon - detected UnsignedFile.Multi.Generic (1) 07:52:46.0791 0944 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 07:52:46.0853 0944 PolicyAgent - ok 07:52:46.0884 0944 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 07:52:46.0931 0944 PptpMiniport - ok 07:52:46.0947 0944 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 07:52:46.0993 0944 Processor - ok 07:52:47.0009 0944 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 07:52:47.0040 0944 ProfSvc - ok 07:52:47.0056 0944 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 07:52:47.0071 0944 ProtectedStorage - ok 07:52:47.0103 0944 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 07:52:47.0118 0944 PSched - ok 07:52:47.0181 0944 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 07:52:47.0243 0944 ql2300 - ok 07:52:47.0274 0944 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 07:52:47.0274 0944 ql40xx - ok 07:52:47.0305 0944 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 07:52:47.0352 0944 QWAVE - ok 07:52:47.0368 0944 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 07:52:47.0415 0944 QWAVEdrv - ok 07:52:47.0461 0944 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 07:52:47.0508 0944 RapiMgr - ok 07:52:47.0524 0944 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 07:52:47.0555 0944 RasAcd - ok 07:52:47.0586 0944 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 07:52:47.0602 0944 RasAuto - ok 07:52:47.0633 0944 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 07:52:47.0680 0944 Rasl2tp - ok 07:52:47.0711 0944 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 07:52:47.0773 0944 RasMan - ok 07:52:47.0789 0944 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 07:52:47.0836 0944 RasPppoe - ok 07:52:47.0867 0944 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 07:52:47.0883 0944 RasSstp - ok 07:52:47.0914 0944 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 07:52:47.0961 0944 rdbss - ok 07:52:47.0992 0944 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 07:52:48.0039 0944 RDPCDD - ok 07:52:48.0070 0944 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 07:52:48.0101 0944 rdpdr - ok 07:52:48.0101 0944 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 07:52:48.0132 0944 RDPENCDD - ok 07:52:48.0195 0944 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 07:52:48.0226 0944 RDPWD - ok 07:52:48.0335 0944 [ 3FF45B7F17D5837216ABAE652CC61540 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 07:52:48.0366 0944 RegSrvc ( UnsignedFile.Multi.Generic ) - warning 07:52:48.0366 0944 RegSrvc - detected UnsignedFile.Multi.Generic (1) 07:52:48.0413 0944 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 07:52:48.0444 0944 RemoteAccess - ok 07:52:48.0475 0944 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 07:52:48.0522 0944 RemoteRegistry - ok 07:52:48.0569 0944 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 07:52:48.0600 0944 RFCOMM - ok 07:52:48.0663 0944 [ D1F1D0EE50F8C070A612796676971699 ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe 07:52:48.0678 0944 RichVideo ( UnsignedFile.Multi.Generic ) - warning 07:52:48.0678 0944 RichVideo - detected UnsignedFile.Multi.Generic (1) 07:52:48.0694 0944 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 07:52:48.0725 0944 RpcLocator - ok 07:52:48.0756 0944 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 07:52:48.0787 0944 RpcSs - ok 07:52:48.0850 0944 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 07:52:48.0881 0944 rspndr - ok 07:52:48.0897 0944 [ 7A4F79DF3793160B280CDE152B61FE33 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS 07:52:48.0912 0944 RTSTOR - ok 07:52:48.0943 0944 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 07:52:48.0959 0944 SamSs - ok 07:52:48.0990 0944 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 07:52:49.0006 0944 sbp2port - ok 07:52:49.0037 0944 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 07:52:49.0084 0944 SCardSvr - ok 07:52:49.0131 0944 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 07:52:49.0177 0944 Schedule - ok 07:52:49.0224 0944 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 07:52:49.0240 0944 SCPolicySvc - ok 07:52:49.0271 0944 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 07:52:49.0302 0944 SDRSVC - ok 07:52:49.0333 0944 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 07:52:49.0396 0944 secdrv - ok 07:52:49.0427 0944 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 07:52:49.0474 0944 seclogon - ok 07:52:49.0505 0944 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 07:52:49.0552 0944 SENS - ok 07:52:49.0583 0944 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 07:52:49.0645 0944 Serenum - ok 07:52:49.0677 0944 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 07:52:49.0723 0944 Serial - ok 07:52:49.0739 0944 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 07:52:49.0755 0944 sermouse - ok 07:52:49.0801 0944 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 07:52:49.0848 0944 SessionEnv - ok 07:52:49.0848 0944 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 07:52:49.0895 0944 sffdisk - ok 07:52:49.0911 0944 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 07:52:49.0942 0944 sffp_mmc - ok 07:52:49.0957 0944 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 07:52:49.0989 0944 sffp_sd - ok 07:52:50.0004 0944 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 07:52:50.0051 0944 sfloppy - ok 07:52:50.0082 0944 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 07:52:50.0113 0944 SharedAccess - ok 07:52:50.0145 0944 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 07:52:50.0191 0944 ShellHWDetection - ok 07:52:50.0223 0944 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 07:52:50.0238 0944 sisagp - ok 07:52:50.0269 0944 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 07:52:50.0285 0944 SiSRaid2 - ok 07:52:50.0301 0944 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 07:52:50.0316 0944 SiSRaid4 - ok 07:52:50.0363 0944 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 07:52:50.0363 0944 SkypeUpdate - ok 07:52:50.0472 0944 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 07:52:50.0659 0944 slsvc - ok 07:52:50.0691 0944 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 07:52:50.0737 0944 SLUINotify - ok 07:52:50.0769 0944 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 07:52:50.0800 0944 Smb - ok 07:52:50.0815 0944 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 07:52:50.0847 0944 SNMPTRAP - ok 07:52:50.0878 0944 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 07:52:50.0893 0944 spldr - ok 07:52:50.0909 0944 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 07:52:50.0956 0944 Spooler - ok 07:52:51.0034 0944 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\N360\0603000.00E\SRTSP.SYS 07:52:51.0049 0944 SRTSP - ok 07:52:51.0065 0944 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\N360\0603000.00E\SRTSPX.SYS 07:52:51.0081 0944 SRTSPX - ok 07:52:51.0127 0944 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 07:52:51.0174 0944 srv - ok 07:52:51.0205 0944 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 07:52:51.0283 0944 srv2 - ok 07:52:51.0315 0944 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 07:52:51.0330 0944 srvnet - ok 07:52:51.0361 0944 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 07:52:51.0424 0944 SSDPSRV - ok 07:52:51.0455 0944 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 07:52:51.0502 0944 SstpSvc - ok 07:52:51.0549 0944 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 07:52:51.0595 0944 stisvc - ok 07:52:51.0627 0944 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 07:52:51.0642 0944 swenum - ok 07:52:51.0673 0944 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 07:52:51.0720 0944 swprv - ok 07:52:51.0736 0944 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 07:52:51.0751 0944 Symc8xx - ok 07:52:51.0783 0944 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\N360\0603000.00E\SYMDS.SYS 07:52:51.0814 0944 SymDS - ok 07:52:51.0907 0944 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\N360\0603000.00E\SYMEFA.SYS 07:52:51.0954 0944 SymEFA - ok 07:52:52.0032 0944 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS 07:52:52.0048 0944 SymEvent - ok 07:52:52.0079 0944 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\N360\0603000.00E\Ironx86.SYS 07:52:52.0095 0944 SymIRON - ok 07:52:52.0110 0944 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\N360\0603000.00E\SYMTDIV.SYS 07:52:52.0126 0944 SYMTDIv - ok 07:52:52.0157 0944 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 07:52:52.0157 0944 Sym_hi - ok 07:52:52.0173 0944 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 07:52:52.0188 0944 Sym_u3 - ok 07:52:52.0219 0944 [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 07:52:52.0235 0944 SynTP - ok 07:52:52.0251 0944 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 07:52:52.0313 0944 SysMain - ok 07:52:52.0344 0944 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 07:52:52.0375 0944 TabletInputService - ok 07:52:52.0407 0944 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 07:52:52.0438 0944 TapiSrv - ok 07:52:52.0469 0944 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 07:52:52.0485 0944 TBS - ok 07:52:52.0609 0944 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 07:52:52.0656 0944 Tcpip - ok 07:52:52.0703 0944 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 07:52:52.0734 0944 Tcpip6 - ok 07:52:52.0781 0944 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 07:52:52.0843 0944 tcpipreg - ok 07:52:52.0859 0944 [ 72B9E77565DA5FA564581976E000D29B ] TcUsb C:\Windows\system32\Drivers\tcusb.sys 07:52:52.0875 0944 TcUsb - ok 07:52:52.0906 0944 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 07:52:52.0937 0944 TDPIPE - ok 07:52:52.0953 0944 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 07:52:52.0984 0944 TDTCP - ok 07:52:53.0015 0944 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 07:52:53.0031 0944 tdx - ok 07:52:53.0140 0944 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe 07:52:53.0249 0944 TeamViewer7 - ok 07:52:53.0296 0944 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 07:52:53.0311 0944 TermDD - ok 07:52:53.0343 0944 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 07:52:53.0389 0944 TermService - ok 07:52:53.0436 0944 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 07:52:53.0452 0944 Themes - ok 07:52:53.0467 0944 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 07:52:53.0499 0944 THREADORDER - ok 07:52:53.0530 0944 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 07:52:53.0592 0944 TrkWks - ok 07:52:53.0639 0944 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 07:52:53.0670 0944 TrustedInstaller - ok 07:52:53.0686 0944 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 07:52:53.0717 0944 tssecsrv - ok 07:52:53.0733 0944 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 07:52:53.0748 0944 tunmp - ok 07:52:53.0779 0944 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 07:52:53.0811 0944 tunnel - ok 07:52:53.0857 0944 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 07:52:53.0857 0944 uagp35 - ok 07:52:53.0889 0944 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 07:52:53.0904 0944 UBHelper - ok 07:52:53.0935 0944 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 07:52:53.0982 0944 udfs - ok 07:52:54.0013 0944 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 07:52:54.0060 0944 UI0Detect - ok 07:52:54.0091 0944 [ 78B63388550028AED6C52F843ABF6000 ] UimBus C:\Windows\system32\DRIVERS\UimBus.sys 07:52:54.0107 0944 UimBus - ok 07:52:54.0123 0944 [ 3412EFAF3CB0B6C21818A3C407714CA1 ] Uim_IM C:\Windows\system32\Drivers\Uim_IM.sys 07:52:54.0138 0944 Uim_IM - ok 07:52:54.0138 0944 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 07:52:54.0154 0944 uliagpkx - ok 07:52:54.0185 0944 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 07:52:54.0201 0944 uliahci - ok 07:52:54.0216 0944 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 07:52:54.0232 0944 UlSata - ok 07:52:54.0232 0944 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 07:52:54.0247 0944 ulsata2 - ok 07:52:54.0263 0944 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 07:52:54.0310 0944 umbus - ok 07:52:54.0357 0944 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 07:52:54.0403 0944 upnphost - ok 07:52:54.0435 0944 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 07:52:54.0450 0944 usbccgp - ok 07:52:54.0481 0944 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 07:52:54.0544 0944 usbcir - ok 07:52:54.0591 0944 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 07:52:54.0606 0944 usbehci - ok 07:52:54.0637 0944 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 07:52:54.0653 0944 usbhub - ok 07:52:54.0669 0944 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 07:52:54.0747 0944 usbohci - ok 07:52:54.0778 0944 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 07:52:54.0825 0944 usbprint - ok 07:52:54.0856 0944 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 07:52:54.0887 0944 usbscan - ok 07:52:54.0887 0944 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 07:52:54.0934 0944 USBSTOR - ok 07:52:54.0965 0944 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 07:52:55.0012 0944 usbuhci - ok 07:52:55.0043 0944 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 07:52:55.0090 0944 usbvideo - ok 07:52:55.0105 0944 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 07:52:55.0152 0944 UxSms - ok 07:52:55.0199 0944 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 07:52:55.0230 0944 vds - ok 07:52:55.0261 0944 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 07:52:55.0308 0944 vga - ok 07:52:55.0339 0944 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 07:52:55.0371 0944 VgaSave - ok 07:52:55.0386 0944 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 07:52:55.0402 0944 viaagp - ok 07:52:55.0433 0944 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 07:52:55.0449 0944 ViaC7 - ok 07:52:55.0480 0944 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 07:52:55.0495 0944 viaide - ok 07:52:55.0511 0944 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 07:52:55.0527 0944 volmgr - ok 07:52:55.0558 0944 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 07:52:55.0573 0944 volmgrx - ok 07:52:55.0605 0944 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 07:52:55.0636 0944 volsnap - ok 07:52:55.0667 0944 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 07:52:55.0667 0944 vsmraid - ok 07:52:55.0729 0944 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 07:52:55.0807 0944 VSS - ok 07:52:55.0823 0944 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 07:52:55.0854 0944 W32Time - ok 07:52:55.0870 0944 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 07:52:55.0917 0944 WacomPen - ok 07:52:55.0917 0944 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 07:52:55.0963 0944 Wanarp - ok 07:52:55.0963 0944 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 07:52:55.0979 0944 Wanarpv6 - ok 07:52:56.0026 0944 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 07:52:56.0057 0944 WcesComm - ok 07:52:56.0073 0944 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 07:52:56.0119 0944 wcncsvc - ok 07:52:56.0151 0944 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 07:52:56.0182 0944 WcsPlugInService - ok 07:52:56.0197 0944 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 07:52:56.0213 0944 Wd - ok 07:52:56.0260 0944 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 07:52:56.0291 0944 Wdf01000 - ok 07:52:56.0291 0944 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 07:52:56.0322 0944 WdiServiceHost - ok 07:52:56.0338 0944 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 07:52:56.0353 0944 WdiSystemHost - ok 07:52:56.0400 0944 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 07:52:56.0447 0944 WebClient - ok 07:52:56.0478 0944 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 07:52:56.0556 0944 Wecsvc - ok 07:52:56.0572 0944 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 07:52:56.0603 0944 wercplsupport - ok 07:52:56.0619 0944 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 07:52:56.0650 0944 WerSvc - ok 07:52:56.0665 0944 [ BB9CBAF6AC20452B245C324F1F50EE81 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 07:52:56.0712 0944 winachsf - ok 07:52:56.0759 0944 [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys 07:52:56.0806 0944 winbondcir - ok 07:52:56.0853 0944 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 07:52:56.0868 0944 WinDefend - ok 07:52:56.0884 0944 WinHttpAutoProxySvc - ok 07:52:56.0931 0944 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 07:52:56.0962 0944 Winmgmt - ok 07:52:57.0009 0944 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 07:52:57.0118 0944 WinRM - ok 07:52:57.0165 0944 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\WinUSB.SYS 07:52:57.0180 0944 winusb - ok 07:52:57.0227 0944 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 07:52:57.0274 0944 Wlansvc - ok 07:52:57.0321 0944 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 07:52:57.0352 0944 WmiAcpi - ok 07:52:57.0399 0944 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 07:52:57.0445 0944 wmiApSrv - ok 07:52:57.0508 0944 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 07:52:57.0617 0944 WMPNetworkSvc - ok 07:52:57.0648 0944 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 07:52:57.0695 0944 WPCSvc - ok 07:52:57.0726 0944 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 07:52:57.0773 0944 WPDBusEnum - ok 07:52:57.0804 0944 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 07:52:57.0835 0944 WpdUsb - ok 07:52:57.0945 0944 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 07:52:57.0991 0944 WPFFontCache_v0400 - ok 07:52:58.0007 0944 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 07:52:58.0085 0944 ws2ifsl - ok 07:52:58.0116 0944 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 07:52:58.0132 0944 wscsvc - ok 07:52:58.0147 0944 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 07:52:58.0179 0944 WSDPrintDevice - ok 07:52:58.0194 0944 WSearch - ok 07:52:58.0257 0944 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 07:52:58.0350 0944 wuauserv - ok 07:52:58.0397 0944 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 07:52:58.0444 0944 WUDFRd - ok 07:52:58.0459 0944 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 07:52:58.0491 0944 wudfsvc - ok 07:52:58.0522 0944 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 07:52:58.0553 0944 XAudio - ok 07:52:58.0584 0944 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 07:52:58.0631 0944 XAudioService - ok 07:52:58.0693 0944 [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl 07:52:58.0693 0944 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok 07:52:58.0709 0944 ================ Scan global =============================== 07:52:58.0725 0944 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 07:52:58.0756 0944 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 07:52:58.0771 0944 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 07:52:58.0818 0944 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 07:52:58.0818 0944 [Global] - ok 07:52:58.0818 0944 ================ Scan MBR ================================== 07:52:58.0834 0944 [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0 07:52:59.0770 0944 \Device\Harddisk0\DR0 - ok 07:52:59.0770 0944 ================ Scan VBR ================================== 07:52:59.0770 0944 [ C78215C9610E1A165B5C79393A5C1655 ] \Device\Harddisk0\DR0\Partition1 07:52:59.0770 0944 \Device\Harddisk0\DR0\Partition1 - ok 07:52:59.0770 0944 ============================================================ 07:52:59.0770 0944 Scan finished 07:52:59.0770 0944 ============================================================ 07:52:59.0785 1224 Detected object count: 9 07:52:59.0785 1224 Actual detected object count: 9 07:53:35.0431 1224 CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user 07:53:35.0431 1224 CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:53:35.0431 1224 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user 07:53:35.0431 1224 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:53:35.0463 1224 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 07:53:35.0463 1224 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:53:35.0463 1224 IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user 07:53:35.0463 1224 IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:53:35.0463 1224 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 07:53:35.0463 1224 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:53:35.0463 1224 NTIPPKernel ( UnsignedFile.Multi.Generic ) - skipped by user 07:53:35.0463 1224 NTIPPKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:53:35.0463 1224 Polar Daemon ( UnsignedFile.Multi.Generic ) - skipped by user 07:53:35.0463 1224 Polar Daemon ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:53:35.0478 1224 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user 07:53:35.0478 1224 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:53:35.0478 1224 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 07:53:35.0478 1224 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip |
01.10.2012, 09:52 | #22 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
01.10.2012, 10:27 | #23 |
| BKA Trojaner 1.15 (Windows Vista) Konnte den PC nicht im normalen Modus starten, bekam nach dem hochfahren statt des Desktops einen schwarzen Bildschirm zu sehen. Im abgesicherten Modus klappt es, hier die LOG Datei: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-09-30.03 - matthes 01.10.2012 11:00:20.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2577 [GMT 2:00] ausgeführt von:: c:\users\matthes\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Acer\Acer Bio Protection\PwdFilter.dll c:\programdata\Roaming c:\programdata\SPL21D2.tmp c:\programdata\SPL52A6.tmp c:\programdata\SPL86C3.tmp c:\programdata\SPLC0DC.tmp c:\programdata\SPLCADC.tmp c:\programdata\SPLCD26.tmp c:\programdata\SPLD9CA.tmp c:\programdata\SPLDAC4.tmp c:\programdata\SPLDBFC.tmp c:\programdata\SPLF8FE.tmp c:\windows\IsUn0407.exe c:\windows\system32\muzapp.exe c:\windows\system32\System32\MASetupCleaner.exe c:\windows\system32\System32\muzapp.exe c:\windows\system32\wininit.dll E:\install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-09-01 bis 2012-10-01 )))))))))))))))))))))))))))))) . . 2012-09-28 18:50 . 2012-09-28 18:50 -------- d-----w- C:\_OTL 2012-09-27 14:35 . 2012-09-27 14:35 -------- d-----w- c:\program files\ESET 2012-09-25 19:59 . 2012-09-25 19:59 -------- d-----w- c:\program files\CCleaner 2012-09-25 17:36 . 2012-09-25 17:36 -------- d-----w- c:\users\matthes\AppData\Roaming\Malwarebytes 2012-09-25 17:36 . 2012-09-25 17:36 -------- d-----w- c:\programdata\Malwarebytes 2012-09-25 17:36 . 2012-09-25 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-25 17:36 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-17 17:15 . 2012-09-20 14:44 -------- d-----w- c:\users\matthes\Ordnerdeckblätter 2012-09-11 12:27 . 2012-09-12 12:53 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers 2012-09-11 09:03 . 2012-09-11 09:03 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-20 17:49 . 2012-05-11 13:11 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-20 17:49 . 2011-06-09 12:43 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-14 15:46 . 2010-03-07 09:45 47360 ----a-w- c:\users\matthes\AppData\Roaming\pcouffin.sys 2012-07-06 02:17 . 2012-08-15 08:00 574112 ----a-w- c:\windows\system32\drivers\N360\0603000.00E\srtsp.sys 2012-07-06 02:17 . 2012-08-15 08:00 32928 ----a-w- c:\windows\system32\drivers\N360\0603000.00E\srtspx.sys 2012-07-04 14:02 . 2012-08-17 11:18 2047488 ----a-w- c:\windows\system32\win32k.sys 2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\program files\dxsetup.exe 2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\program files\dsetup32.dll 2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\program files\DSETUP.dll 2012-09-11 09:03 . 2011-04-11 15:27 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-06-30 12:44 . 2009-12-13 21:53 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72}] 2010-01-26 14:52 192512 ----a-w- c:\users\matthes\AppData\Roaming\AdobeReader\IE\AdobeReader.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-23 770728] "EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2009-04-29 139944] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . c:\users\matthes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2008-10-28 10:38 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba] 2008-03-25 14:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Acer\Acer Bio Protection\PwdFilter . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent] 2008-07-24 14:54 147456 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2008-07-24 14:54 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] 2003-05-08 10:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] 2008-07-18 15:04 167936 ------w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000] 2008-10-28 10:38 3676160 ----a-w- c:\program files\Acer\Acer Bio Protection\PdtWzd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1437981379-4010485698-1217947183-1000] "EnableNotificationsRef"=dword:00000001 . R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 17:50] . 2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 18:35] . 2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 18:35] . 2012-09-25 c:\windows\Tasks\User_Feed_Synchronization-{52A60082-F11F-4DC0-815C-41B71B2E7AD3}.job - c:\windows\system32\msfeedssync.exe [2012-09-22 08:30] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{603D3CE5-33BC-4d51-A31E-613A2B826E21} - c:\users\matthes\AppData\Roaming\IEButtons\toolbutton2.js IE: {{804420A5-7F05-4ee9-92F2-D2B644AD9102} - c:\users\matthes\AppData\Roaming\IEButtons\toolbutton3.js IE: {{C376BD23-6DC3-4e10-9ED0-AB8C0444E45C} - c:\users\matthes\AppData\Roaming\IEButtons\toolbutton1.js TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\matthes\AppData\Roaming\Mozilla\Firefox\Profiles\38gpdnax.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file) HKCU-Run-SearchIndexer - c:\users\matthes\AppData\Local\Microsoft\Windows\89\SearchIndexer.exe MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe MSConfigStartUp-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe AddRemove-sv.net - e:\sozial~1.hls\svnet\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-10-01 11:21 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(1408) c:\windows\system32\btncopy.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\helppane.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-10-01 11:23:46 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-10-01 09:23 . Vor Suchlauf: 18 Verzeichnis(se), 33.673.388.032 Bytes frei Nach Suchlauf: 24 Verzeichnis(se), 33.296.908.288 Bytes frei . - - End Of File - - E539618963764A787E48D3DF4FB3384F |
01.10.2012, 13:35 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
01.10.2012, 16:41 | #25 |
| BKA Trojaner 1.15 (Windows Vista)Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-10-01 16:05:58 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0303 Running: 7jr8d694.exe; Driver: C:\Users\matthes\AppData\Local\Temp\kxriifow.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74AD7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74B1B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74ADBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74ACF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74AD75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74ACE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74B073F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74ADDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74ACFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74ACFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74AC71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74B5CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74AFC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74ACD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74AC6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74AC687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74AD2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ddfef6 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ddfef6@001ee29f991a 0x9B 0x60 0xDD 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ddfef6@60a10a10ad8a 0x0D 0x03 0x14 0x27 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ddfef6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ddfef6@001ee29f991a 0x9B 0x60 0xDD 0xE0 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ddfef6@60a10a10ad8a 0x0D 0x03 0x14 0x27 ... ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:23:02 on 01.10.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 15.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AlfaFF File System mini-filter" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\Drivers\AlfaFF.sys "BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120919.001\BHDrvx86.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "cpuz132" (cpuz132) - ? - C:\Users\matthes\AppData\Local\Temp\cpuz132\cpuz132_x32.sys (File not found) "Dritek Keyboard Filter Driver" (DKbFltr) - ? - C:\Windows\System32\DRIVERS\DKbFltr.sys (File not found) "EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys "hc3ServiceName" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\DRIVERS\hotcore3.sys "IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120921.001\IDSvix86.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "kxriifow" (kxriifow) - ? - C:\Users\matthes\AppData\Local\Temp\kxriifow.sys (Hidden registry entry, rootkit activity | File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120922.008\NAVENG.SYS "NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120922.008\NAVEX15.SYS "Norton 360 Settings Manager" (ccSet_N360) - "Symantec Corporation" - C:\Windows\system32\drivers\N360\0603000.00E\ccSetx86.sys "NTIPPKernel" (NTIPPKernel) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys "Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\N360\0603000.00E\SYMDS.SYS "Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys "Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\N360\0603000.00E\SYMEFA.SYS "Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\N360\0603000.00E\Ironx86.SYS "Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\N360\0603000.00E\SRTSP.SYS "Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\N360\0603000.00E\SRTSPX.SYS "Symantec Vista Network Dispatch Driver" (SYMTDIv) - "Symantec Corporation" - C:\Windows\System32\Drivers\N360\0603000.00E\SYMTDIV.SYS "SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {A40526DD-F152-4C1D-844C-CE668D29B77E} "Shell extension for NTP" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\coIEPlg.dll <binary data> "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm "Amazon (amazon.de)" - ? - C:\Users\matthes\AppData\Roaming\IEButtons\toolbutton2.js "easy Shopping" - ? - C:\Users\matthes\AppData\Roaming\IEButtons\toolbutton3.js "eBay (ebay.de)" - ? - C:\Users\matthes\AppData\Roaming\IEButtons\toolbutton1.js "Quick-Launching Area" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\coIEPlg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72} "Adobe Reader" - "Adobe Systems, Incorporated" - C:\Users\matthes\AppData\Roaming\AdobeReader\IE\AdobeReader.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll {D2C5E510-BE6D-42CC-9F61-E4F939078474} "Lexmark " - ? - C:\Program Files\Lexmark Printable Web\bho.dll {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\coIEPlg.dll {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL {1017A80C-6F09-4548-A84D-EDD6AC9525F0} "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdFilter (File not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\matthes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "EzPrint" - ? - "C:\Program Files\Lexmark S300-S400 Series\ezprint.exe" "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "lxeamon.exe" - ? - "C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe" "PLFSetI" - ? - C:\Windows\PLFSetI.exe "WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iGroupTec Service" (IGBASVC) - ? - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe (File found, but it contains no detailed information) "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "Norton 360" (N360) - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe "Polar Daemon" (Polar Daemon) - ? - C:\Program Files\Polar\Daemon\polard.exe (File found, but it contains no detailed information) "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "AWinNotifyVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll "spba" - "UPEK Inc." - C:\Program Files\Common Files\SPBA\homefus2.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-10-01 16:26:01 ----------------------------- 16:26:01.323 OS Version: Windows 6.0.6002 Service Pack 2 16:26:01.323 Number of processors: 2 586 0xF0D 16:26:01.323 ComputerName: MATTHES-PC UserName: matthes 16:26:02.025 Initialize success 16:40:45.999 AVAST engine defs: 12100100 16:49:50.967 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:49:50.967 Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3 16:49:51.317 Disk 0 MBR read successfully 16:49:51.317 Disk 0 MBR scan 16:49:51.327 Disk 0 unknown MBR code 16:49:51.337 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048 16:49:51.397 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 79920 MB offset 20973568 16:49:51.407 Disk 0 Partition - 00 0F Extended LBA 211452 MB offset 184651110 16:49:51.517 Disk 0 Partition 3 00 12 Compaq diag NTFS 3630 MB offset 617705472 16:49:51.607 Disk 0 Partition - 00 05 Extended 109053 MB offset 184662015 16:49:51.617 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 109053 MB offset 184662016 16:49:51.627 Disk 0 Partition - 00 05 Extended 102393 MB offset 408013710 16:49:51.667 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 102393 MB offset 408002868 16:49:51.717 Disk 0 scanning sectors +625139712 16:49:51.927 Disk 0 scanning C:\Windows\system32\drivers 16:50:15.136 Service scanning 16:50:40.221 Modules scanning 16:50:45.993 Disk 0 trace - called modules: 16:50:46.008 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 16:50:46.024 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869e05b0] 16:50:46.024 3 CLASSPNP.SYS[8b1a68b3] -> nt!IofCallDriver -> [0x84ddf6b8] 16:50:46.040 5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84da0028] 16:50:46.554 AVAST engine scan C:\Windows 16:50:54.573 AVAST engine scan C:\Windows\system32 16:54:41.662 AVAST engine scan C:\Windows\system32\drivers 16:54:59.711 AVAST engine scan C:\Users\matthes 16:58:08.190 AVAST engine scan C:\ProgramData 17:00:02.538 Scan finished successfully 17:25:40.932 Disk 0 MBR has been saved successfully to "C:\Users\matthes\Desktop\MBR.dat" 17:25:40.932 The log file has been saved successfully to "C:\Users\matthes\Desktop\aswMBR.txt" |
02.10.2012, 13:01 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
02.10.2012, 15:43 | #27 |
| BKA Trojaner 1.15 (Windows Vista) Ich brauchte nur das Programm öffnen und direkt auf FIXMBR klicken? Oder hätte ich vorab noch einmal scannen müssen? Im normalen Modus bekomme ich das Desktop wieder zu sehen, kann aber weder Programme noch Startmenü öffnen. Hier Das neue Log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-10-02 16:13:04 ----------------------------- 16:13:04.800 OS Version: Windows 6.0.6002 Service Pack 2 16:13:04.800 Number of processors: 2 586 0xF0D 16:13:04.800 ComputerName: MATTHES-PC UserName: matthes 16:13:13.911 Initialize success 16:13:27.779 AVAST engine defs: 12100100 16:13:31.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:13:31.492 Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3 16:13:31.507 Disk 0 MBR read successfully 16:13:31.507 Disk 0 MBR scan 16:13:31.523 Disk 0 Windows VISTA default MBR code 16:13:31.523 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048 16:13:31.539 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 79920 MB offset 20973568 16:13:31.554 Disk 0 Partition - 00 0F Extended LBA 211452 MB offset 184651110 16:13:31.601 Disk 0 Partition 3 00 12 Compaq diag NTFS 3630 MB offset 617705472 16:13:31.648 Disk 0 Partition - 00 05 Extended 109053 MB offset 184662015 16:13:31.663 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 109053 MB offset 184662016 16:13:31.663 Disk 0 Partition - 00 05 Extended 102393 MB offset 408013710 16:13:31.695 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 102393 MB offset 408002868 16:13:31.710 Disk 0 scanning sectors +625139712 16:13:31.819 Disk 0 scanning C:\Windows\system32\drivers 16:13:45.407 Service scanning 16:14:12.036 Modules scanning 16:14:16.155 Disk 0 trace - called modules: 16:14:16.186 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 16:14:16.201 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8695b440] 16:14:16.201 3 CLASSPNP.SYS[8b1a28b3] -> nt!IofCallDriver -> [0x860cd408] 16:14:16.217 5 acpi.sys[806916bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84da0028] 16:14:16.779 AVAST engine scan C:\Windows 16:14:21.115 AVAST engine scan C:\Windows\system32 16:17:55.459 AVAST engine scan C:\Windows\system32\drivers 16:18:11.574 AVAST engine scan C:\Users\matthes 16:21:13.579 AVAST engine scan C:\ProgramData 16:22:53.856 Scan finished successfully 16:39:23.520 Disk 0 MBR has been saved successfully to "C:\Users\matthes\Desktop\MBR.dat" 16:39:23.536 The log file has been saved successfully to "C:\Users\matthes\Desktop\aswMBR.txt" |
02.10.2012, 19:27 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
02.10.2012, 19:41 | #29 |
| BKA Trojaner 1.15 (Windows Vista) Ich kann aber noch immer im normalen Modus nichts machen, kein Startmenü und keine Programme öffnen. Ist doch im Moment noch ok? Der Scan läuft. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.02.07 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.6001.19328 matthes :: MATTHES-PC [Administrator] Schutz: Deaktiviert 02.10.2012 20:39:23 mbam-log-2012-10-02 (20-39-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 382731 Laufzeit: 1 Stunde(n), 1 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 10/03/2012 at 10:03 AM Application Version : 5.5.1022 Core Rules Database Version : 9330 Trace Rules Database Version: 7142 Scan type : Complete Scan Total Scan Time : 01:54:36 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC Off - Administrator Memory items scanned : 381 Memory threats detected : 0 Registry items scanned : 34361 Registry threats detected : 0 File items scanned : 165327 File threats detected : 111 Adware.Tracking Cookie .atdmt.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .e-2dj6wjkyglc5kdp.stats.esomniture.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .specificclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .apmebf.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] ad4.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] track.adform.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .autoscout24.112.2o7.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .unitymedia.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .unitymedia.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .hightraffic.hugoboss.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .hightraffic.hugoboss.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .hightraffic.hugoboss.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .tracking.mindshare.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .im.banner.t-online.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] track.adform.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adform.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .bs.serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] tracking.mobile.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] ad3.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .statcounter.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .zanox.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .dyntracker.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .amazon-adsystem.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .amazon-adsystem.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] ad2.adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] track.effiliation.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adxvalue.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .secmedia.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .secmedia.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] partners.webmasterplan.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adtech.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .fastclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .fastclick.net [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] ww251.smartadserver.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .adtech.de [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ D:\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .apmebf.com [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\MATTHES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\38GPDNAX.DEFAULT\COOKIES.SQLITE ] |
05.10.2012, 11:11 | #30 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner 1.15 (Windows Vista) Wenn der normale Modus immer noch nicht geht, hilft evtl ein ältere Wiederherstellungspunkt. Seit wann genau geht der normale Modus denn nicht mehr?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu BKA Trojaner 1.15 (Windows Vista) |
administrator, aktion, anti-malware, appdata, autostart, code, dateien, explorer, fat32, gen, infiziert, laptop, logfile, malwarebytes, modus, roaming, service, service pack 2, speicher, test, trojaner, version, vista, windows, windows 7 |