| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: - Rookit und Sirefef -MalwarebytesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.06.2012, 09:09
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  - Rookit und Sirefef -Malwarebytes Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2012, 15:01
| #17 |
 | - Rookit und Sirefef -Malwarebytes Alles klar Chef,
__________________Code:
ATTFilter 15:53:26.0859 5288 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
15:53:27.0082 5288 ============================================================
15:53:27.0082 5288 Current date / time: 2012/06/26 15:53:27.0082
15:53:27.0082 5288 SystemInfo:
15:53:27.0082 5288
15:53:27.0082 5288 OS Version: 6.0.6001 ServicePack: 1.0
15:53:27.0082 5288 Product type: Workstation
15:53:27.0082 5288 ComputerName: MEINPC
15:53:27.0083 5288 UserName: Marcel Klahn
15:53:27.0083 5288 Windows directory: C:\Windows
15:53:27.0083 5288 System windows directory: C:\Windows
15:53:27.0083 5288 Processor architecture: Intel x86
15:53:27.0083 5288 Number of processors: 2
15:53:27.0083 5288 Page size: 0x1000
15:53:27.0083 5288 Boot type: Normal boot
15:53:27.0083 5288 ============================================================
15:53:27.0650 5288 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:53:27.0652 5288 ============================================================
15:53:27.0652 5288 \Device\Harddisk0\DR0:
15:53:27.0652 5288 MBR partitions:
15:53:27.0652 5288 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000
15:53:27.0652 5288 ============================================================
15:53:27.0696 5288 C: <-> \Device\Harddisk0\DR0\Partition0
15:53:27.0697 5288 ============================================================
15:53:27.0697 5288 Initialize success
15:53:27.0697 5288 ============================================================
15:54:33.0903 5240 ============================================================
15:54:33.0903 5240 Scan started
15:54:33.0903 5240 Mode: Manual; SigCheck; TDLFS;
15:54:33.0903 5240 ============================================================
15:54:34.0228 5240 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
15:54:34.0394 5240 ACPI - ok
15:54:34.0451 5240 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:54:34.0491 5240 adp94xx - ok
15:54:34.0554 5240 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:54:34.0576 5240 adpahci - ok
15:54:34.0600 5240 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:54:34.0619 5240 adpu160m - ok
15:54:34.0650 5240 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:54:34.0669 5240 adpu320 - ok
15:54:34.0745 5240 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:54:34.0869 5240 AeLookupSvc - ok
15:54:34.0912 5240 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
15:54:34.0965 5240 AFD - ok
15:54:35.0075 5240 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
15:54:35.0357 5240 AgereSoftModem - ok
15:54:35.0409 5240 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:54:35.0425 5240 agp440 - ok
15:54:35.0446 5240 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:54:35.0460 5240 aic78xx - ok
15:54:35.0491 5240 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:54:35.0536 5240 ALG - ok
15:54:35.0560 5240 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:54:35.0574 5240 aliide - ok
15:54:35.0643 5240 AMD External Events Utility (cde41d99db840ff9454fc981ebd0ec50) C:\Windows\system32\atiesrxx.exe
15:54:35.0736 5240 AMD External Events Utility - ok
15:54:35.0801 5240 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:54:35.0816 5240 amdagp - ok
15:54:35.0845 5240 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:54:35.0858 5240 amdide - ok
15:54:35.0886 5240 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:54:35.0942 5240 AmdK7 - ok
15:54:35.0971 5240 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:54:36.0009 5240 AmdK8 - ok
15:54:36.0686 5240 amdkmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys
15:54:37.0835 5240 amdkmdag - ok
15:54:38.0060 5240 amdkmdap (c541da5b72fa638469e8dc1e66079330) C:\Windows\system32\DRIVERS\atikmpag.sys
15:54:38.0141 5240 amdkmdap - ok
15:54:38.0245 5240 AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:54:38.0268 5240 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning
15:54:38.0268 5240 AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)
15:54:38.0304 5240 AntiVirService (b8720a787c1223492e6f319465e996ce) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:54:38.0315 5240 AntiVirService ( UnsignedFile.Multi.Generic ) - warning
15:54:38.0315 5240 AntiVirService - detected UnsignedFile.Multi.Generic (1)
15:54:38.0352 5240 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:54:38.0420 5240 Appinfo - ok
15:54:38.0498 5240 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:54:38.0515 5240 Apple Mobile Device - ok
15:54:38.0539 5240 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:54:38.0554 5240 arc - ok
15:54:38.0593 5240 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:54:38.0608 5240 arcsas - ok
15:54:38.0647 5240 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:54:38.0715 5240 AsyncMac - ok
15:54:38.0731 5240 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
15:54:38.0745 5240 atapi - ok
15:54:38.0890 5240 athr (acdb46b1a467752a2f280c68c8461556) C:\Windows\system32\DRIVERS\athr.sys
15:54:39.0053 5240 athr - ok
15:54:39.0113 5240 AtiHDAudioService (9f7ccf1d6faf646f71f029a30ded2dc7) C:\Windows\system32\drivers\AtihdLH3.sys
15:54:39.0166 5240 AtiHDAudioService - ok
15:54:39.0827 5240 atikmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys
15:54:40.0192 5240 atikmdag - ok
15:54:40.0344 5240 AudioEndpointBuilder (20c195b959ea0fcccb986c7619bd347e) C:\Windows\System32\Audiosrv.dll
15:54:40.0412 5240 AudioEndpointBuilder - ok
15:54:40.0422 5240 Audiosrv (20c195b959ea0fcccb986c7619bd347e) C:\Windows\System32\Audiosrv.dll
15:54:40.0447 5240 Audiosrv - ok
15:54:40.0535 5240 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:54:40.0546 5240 avgio - ok
15:54:40.0607 5240 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
15:54:40.0618 5240 avgntflt - ok
15:54:40.0665 5240 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
15:54:40.0676 5240 avipbb - ok
15:54:40.0747 5240 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:54:40.0811 5240 b57nd60x - ok
15:54:40.0852 5240 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:54:40.0910 5240 Beep - ok
15:54:40.0965 5240 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
15:54:41.0026 5240 BFE - ok
15:54:41.0117 5240 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
15:54:41.0258 5240 BITS - ok
15:54:41.0290 5240 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:54:41.0339 5240 blbdrive - ok
15:54:41.0437 5240 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:54:41.0460 5240 Bonjour Service - ok
15:54:41.0478 5240 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
15:54:41.0523 5240 bowser - ok
15:54:41.0557 5240 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:54:41.0611 5240 BrFiltLo - ok
15:54:41.0639 5240 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:54:41.0689 5240 BrFiltUp - ok
15:54:41.0723 5240 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:54:41.0821 5240 Browser - ok
15:54:41.0842 5240 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:54:41.0925 5240 Brserid - ok
15:54:41.0949 5240 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:54:42.0026 5240 BrSerWdm - ok
15:54:42.0043 5240 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:54:42.0113 5240 BrUsbMdm - ok
15:54:42.0128 5240 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:54:42.0198 5240 BrUsbSer - ok
15:54:42.0221 5240 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:54:42.0295 5240 BTHMODEM - ok
15:54:42.0327 5240 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:54:42.0381 5240 cdfs - ok
15:54:42.0412 5240 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
15:54:42.0467 5240 cdrom - ok
15:54:42.0514 5240 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
15:54:42.0558 5240 CertPropSvc - ok
15:54:42.0592 5240 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:54:42.0641 5240 circlass - ok
15:54:42.0684 5240 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
15:54:42.0704 5240 CLFS - ok
15:54:42.0821 5240 CLHNService (2b272d0a6e5071829b516ffdc7f841ca) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
15:54:42.0832 5240 CLHNService - ok
15:54:42.0924 5240 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:54:42.0938 5240 clr_optimization_v2.0.50727_32 - ok
15:54:42.0986 5240 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:54:43.0039 5240 CmBatt - ok
15:54:43.0065 5240 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:54:43.0079 5240 cmdide - ok
15:54:43.0103 5240 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:54:43.0116 5240 Compbatt - ok
15:54:43.0121 5240 COMSysApp - ok
15:54:43.0130 5240 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:54:43.0144 5240 crcdisk - ok
15:54:43.0162 5240 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:54:43.0217 5240 Crusoe - ok
15:54:43.0261 5240 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
15:54:43.0311 5240 CryptSvc - ok
15:54:43.0381 5240 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
15:54:43.0462 5240 DcomLaunch - ok
15:54:43.0494 5240 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
15:54:43.0545 5240 DfsC - ok
15:54:43.0731 5240 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
15:54:43.0881 5240 DFSR - ok
15:54:44.0053 5240 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
15:54:44.0105 5240 Dhcp - ok
15:54:44.0148 5240 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
15:54:44.0163 5240 disk - ok
15:54:44.0197 5240 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
15:54:44.0208 5240 DKbFltr - ok
15:54:44.0231 5240 Dnscache (f5a0f1da1ed8b429597e71d27d976e31) C:\Windows\System32\dnsrslvr.dll
15:54:44.0347 5240 Dnscache - ok
15:54:44.0378 5240 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
15:54:44.0419 5240 dot3svc - ok
15:54:44.0487 5240 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
15:54:44.0550 5240 Dot4 - ok
15:54:44.0578 5240 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:54:44.0728 5240 Dot4Print - ok
15:54:44.0781 5240 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
15:54:44.0832 5240 dot4usb - ok
15:54:44.0864 5240 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:54:44.0905 5240 DPS - ok
15:54:44.0932 5240 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:54:44.0977 5240 drmkaud - ok
15:54:45.0066 5240 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:54:45.0083 5240 dtsoftbus01 - ok
15:54:45.0145 5240 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
15:54:45.0262 5240 DXGKrnl - ok
15:54:45.0340 5240 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:54:45.0398 5240 E1G60 - ok
15:54:45.0415 5240 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:54:45.0462 5240 EapHost - ok
15:54:45.0513 5240 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
15:54:45.0531 5240 Ecache - ok
15:54:45.0610 5240 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:54:45.0645 5240 ehRecvr - ok
15:54:45.0677 5240 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:54:45.0718 5240 ehSched - ok
15:54:45.0739 5240 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:54:45.0767 5240 ehstart - ok
15:54:45.0842 5240 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:54:45.0912 5240 elxstor - ok
15:54:46.0036 5240 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
15:54:46.0136 5240 EMDMgmt - ok
15:54:46.0306 5240 ePowerSvc (2072cbe938dd355c4a52e9a4dcf5439f) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
15:54:46.0337 5240 ePowerSvc - ok
15:54:46.0420 5240 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:54:46.0466 5240 ErrDev - ok
15:54:46.0510 5240 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
15:54:46.0554 5240 EventSystem - ok
15:54:46.0601 5240 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
15:54:46.0641 5240 exfat - ok
15:54:46.0686 5240 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
15:54:46.0740 5240 fastfat - ok
15:54:46.0773 5240 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:54:46.0827 5240 fdc - ok
15:54:46.0900 5240 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:54:46.0939 5240 fdPHost - ok
15:54:46.0948 5240 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:54:47.0019 5240 FDResPub - ok
15:54:47.0050 5240 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:54:47.0061 5240 FileInfo - ok
15:54:47.0083 5240 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:54:47.0136 5240 Filetrace - ok
15:54:47.0159 5240 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:54:47.0213 5240 flpydisk - ok
15:54:47.0238 5240 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
15:54:47.0256 5240 FltMgr - ok
15:54:47.0330 5240 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:54:47.0342 5240 FontCache3.0.0.0 - ok
15:54:47.0372 5240 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:54:47.0421 5240 Fs_Rec - ok
15:54:47.0447 5240 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:54:47.0461 5240 gagp30kx - ok
15:54:47.0525 5240 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:54:47.0535 5240 GEARAspiWDM - ok
15:54:47.0653 5240 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:54:47.0664 5240 GoogleDesktopManager-051210-111108 - ok
15:54:47.0746 5240 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
15:54:47.0806 5240 gpsvc - ok
15:54:47.0884 5240 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:54:47.0910 5240 gupdate - ok
15:54:47.0916 5240 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:54:47.0929 5240 gupdatem - ok
15:54:47.0986 5240 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:54:48.0001 5240 gusvc - ok
15:54:48.0048 5240 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:54:48.0141 5240 HdAudAddService - ok
15:54:48.0164 5240 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:54:48.0213 5240 HDAudBus - ok
15:54:48.0231 5240 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:54:48.0311 5240 HidBth - ok
15:54:48.0336 5240 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:54:48.0404 5240 HidIr - ok
15:54:48.0437 5240 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
15:54:48.0506 5240 hidserv - ok
15:54:48.0550 5240 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
15:54:48.0573 5240 HidUsb - ok
15:54:48.0607 5240 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:54:48.0658 5240 hkmsvc - ok
15:54:48.0679 5240 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:54:48.0694 5240 HpCISSs - ok
15:54:48.0860 5240 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:54:48.0879 5240 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
15:54:48.0879 5240 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
15:54:48.0933 5240 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:54:48.0991 5240 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
15:54:48.0991 5240 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
15:54:49.0044 5240 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:54:49.0085 5240 HSFHWAZL - ok
15:54:49.0146 5240 HsfXAudioService (1e7c79cbaf71aa92e0eee924907dcb55) C:\Windows\system32\XAudio32.dll
15:54:49.0226 5240 HsfXAudioService - ok
15:54:49.0361 5240 HSF_DPV (efed6bd9b9d5f407adca918bbe2d410d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:54:49.0497 5240 HSF_DPV - ok
15:54:49.0570 5240 HSXHWAZL (c2eb8396c46e13f76037d70eae8820a9) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:54:49.0634 5240 HSXHWAZL - ok
15:54:49.0703 5240 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
15:54:49.0763 5240 HTTP - ok
15:54:49.0778 5240 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:54:49.0792 5240 i2omp - ok
15:54:49.0827 5240 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:54:49.0882 5240 i8042prt - ok
15:54:49.0934 5240 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
15:54:49.0953 5240 iaStor - ok
15:54:49.0998 5240 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:54:50.0018 5240 iaStorV - ok
15:54:50.0160 5240 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:54:50.0247 5240 idsvc - ok
15:54:50.0276 5240 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:54:50.0290 5240 iirsp - ok
15:54:50.0342 5240 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
15:54:50.0436 5240 IKEEXT - ok
15:54:50.0630 5240 IntcAzAudAddService (80919a856693b1d1d4177f11f5bda545) C:\Windows\system32\drivers\RTKVHDA.sys
15:54:50.0846 5240 IntcAzAudAddService - ok
15:54:51.0022 5240 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:54:51.0035 5240 intelide - ok
15:54:51.0076 5240 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:54:51.0125 5240 intelppm - ok
15:54:51.0162 5240 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:54:51.0219 5240 IPBusEnum - ok
15:54:51.0241 5240 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:54:51.0281 5240 IpFilterDriver - ok
15:54:51.0306 5240 iphlpsvc (cad416b8a4309b5e1ce75425381e7d2f) C:\Windows\System32\iphlpsvc.dll
15:54:51.0347 5240 iphlpsvc - ok
15:54:51.0352 5240 IpInIp - ok
15:54:51.0373 5240 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:54:51.0422 5240 IPMIDRV - ok
15:54:51.0455 5240 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:54:51.0495 5240 IPNAT - ok
15:54:51.0606 5240 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
15:54:51.0687 5240 iPod Service - ok
15:54:51.0744 5240 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
15:54:51.0784 5240 irda - ok
15:54:51.0830 5240 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:54:51.0868 5240 IRENUM - ok
15:54:51.0902 5240 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
15:54:51.0977 5240 Irmon - ok
15:54:52.0004 5240 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:54:52.0018 5240 isapnp - ok
15:54:52.0058 5240 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
15:54:52.0075 5240 iScsiPrt - ok
15:54:52.0099 5240 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:54:52.0113 5240 iteatapi - ok
15:54:52.0130 5240 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:54:52.0143 5240 iteraid - ok
15:54:52.0190 5240 k57nd60x (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
15:54:52.0230 5240 k57nd60x - ok
15:54:52.0249 5240 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:54:52.0264 5240 kbdclass - ok
15:54:52.0274 5240 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
15:54:52.0312 5240 kbdhid - ok
15:54:52.0336 5240 KeyIso (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
15:54:52.0379 5240 KeyIso - ok
15:54:52.0431 5240 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
15:54:52.0457 5240 KSecDD - ok
15:54:52.0507 5240 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:54:52.0560 5240 KtmRm - ok
15:54:52.0589 5240 LanmanServer (05ce901a4472b3fbf9407c94ad1db693) C:\Windows\system32\srvsvc.dll
15:54:52.0644 5240 LanmanServer - ok
15:54:52.0672 5240 LanmanWorkstation (dec1a338b86c5d582c25c40836dd76c3) C:\Windows\System32\wkssvc.dll
15:54:52.0741 5240 LanmanWorkstation - ok
15:54:52.0804 5240 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:54:52.0843 5240 lltdio - ok
15:54:52.0868 5240 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:54:52.0912 5240 lltdsvc - ok
15:54:52.0926 5240 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:54:52.0996 5240 lmhosts - ok
15:54:53.0037 5240 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:54:53.0048 5240 LSI_FC - ok
15:54:53.0068 5240 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:54:53.0080 5240 LSI_SAS - ok
15:54:53.0109 5240 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:54:53.0125 5240 LSI_SCSI - ok
15:54:53.0156 5240 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:54:53.0201 5240 luafv - ok
15:54:53.0263 5240 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
15:54:53.0277 5240 MBAMProtector - ok
15:54:53.0430 5240 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:54:53.0460 5240 MBAMService - ok
15:54:53.0643 5240 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
15:54:53.0658 5240 McComponentHostService - ok
15:54:53.0690 5240 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
15:54:53.0733 5240 Mcx2Svc - ok
15:54:53.0759 5240 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:54:53.0775 5240 mdmxsdk - ok
15:54:53.0821 5240 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:54:53.0835 5240 megasas - ok
15:54:53.0907 5240 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:54:53.0963 5240 MegaSR - ok
15:54:54.0071 5240 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:54:54.0084 5240 Microsoft Office Groove Audit Service - ok
15:54:54.0161 5240 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:54:54.0215 5240 MMCSS - ok
15:54:54.0236 5240 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:54:54.0288 5240 Modem - ok
15:54:54.0327 5240 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:54:54.0365 5240 monitor - ok
15:54:54.0412 5240 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:54:54.0426 5240 mouclass - ok
15:54:54.0455 5240 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:54:54.0493 5240 mouhid - ok
15:54:54.0513 5240 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:54:54.0527 5240 MountMgr - ok
15:54:54.0631 5240 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:54:54.0646 5240 MozillaMaintenance - ok
15:54:54.0682 5240 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:54:54.0698 5240 mpio - ok
15:54:54.0720 5240 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:54:54.0759 5240 mpsdrv - ok
15:54:54.0805 5240 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
15:54:54.0871 5240 MpsSvc - ok
15:54:54.0957 5240 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:54:54.0971 5240 Mraid35x - ok
15:54:55.0004 5240 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
15:54:55.0048 5240 MRxDAV - ok
15:54:55.0076 5240 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:54:55.0116 5240 mrxsmb - ok
15:54:55.0146 5240 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:54:55.0183 5240 mrxsmb10 - ok
15:54:55.0193 5240 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:54:55.0232 5240 mrxsmb20 - ok
15:54:55.0255 5240 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
15:54:55.0270 5240 msahci - ok
15:54:55.0304 5240 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:54:55.0319 5240 msdsm - ok
15:54:55.0362 5240 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:54:55.0408 5240 MSDTC - ok
15:54:55.0417 5240 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:54:55.0463 5240 Msfs - ok
15:54:55.0487 5240 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:54:55.0500 5240 msisadrv - ok
15:54:55.0535 5240 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:54:55.0576 5240 MSiSCSI - ok
15:54:55.0580 5240 msiserver - ok
15:54:55.0600 5240 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:54:55.0646 5240 MSKSSRV - ok
15:54:55.0664 5240 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:54:55.0702 5240 MSPCLOCK - ok
15:54:55.0719 5240 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:54:55.0757 5240 MSPQM - ok
15:54:55.0788 5240 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
15:54:55.0805 5240 MsRPC - ok
15:54:55.0824 5240 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:54:55.0838 5240 mssmbios - ok
15:54:55.0858 5240 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:54:55.0895 5240 MSTEE - ok
15:54:55.0914 5240 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
15:54:55.0928 5240 Mup - ok
15:54:55.0957 5240 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:54:55.0968 5240 mwlPSDFilter - ok
15:54:55.0978 5240 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:54:55.0989 5240 mwlPSDNServ - ok
15:54:56.0003 5240 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:54:56.0013 5240 mwlPSDVDisk - ok
15:54:56.0106 5240 MWLService (fd257cd94057d02108b954156d7b2770) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
15:54:56.0125 5240 MWLService - ok
15:54:56.0179 5240 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
15:54:56.0244 5240 napagent - ok
15:54:56.0288 5240 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
15:54:56.0331 5240 NativeWifiP - ok
15:54:56.0389 5240 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
15:54:56.0444 5240 NDIS - ok
15:54:56.0520 5240 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:54:56.0571 5240 NdisTapi - ok
15:54:56.0583 5240 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:54:56.0620 5240 Ndisuio - ok
15:54:56.0653 5240 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
15:54:56.0696 5240 NdisWan - ok
15:54:56.0713 5240 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:54:56.0751 5240 NDProxy - ok
15:54:56.0791 5240 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
15:54:56.0812 5240 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:54:56.0812 5240 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:54:56.0823 5240 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:54:56.0860 5240 NetBIOS - ok
15:54:56.0885 5240 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
15:54:56.0936 5240 netbt - ok
15:54:56.0957 5240 Netlogon (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
15:54:56.0977 5240 Netlogon - ok
15:54:57.0012 5240 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:54:57.0068 5240 Netman - ok
15:54:57.0103 5240 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:54:57.0155 5240 netprofm - ok
15:54:57.0227 5240 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:54:57.0241 5240 NetTcpPortSharing - ok
15:54:57.0287 5240 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:54:57.0300 5240 nfrd960 - ok
15:54:57.0340 5240 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:54:57.0382 5240 NlaSvc - ok
15:54:57.0401 5240 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
15:54:57.0449 5240 Npfs - ok
15:54:57.0463 5240 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
15:54:57.0510 5240 NSCIRDA - ok
15:54:57.0538 5240 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:54:57.0592 5240 nsi - ok
15:54:57.0605 5240 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:54:57.0657 5240 nsiproxy - ok
15:54:57.0744 5240 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
15:54:57.0818 5240 Ntfs - ok
15:54:57.0911 5240 NTI IScheduleSvc (944e3911888b9fffd843b91c8abbd3f6) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
15:54:57.0923 5240 NTI IScheduleSvc - ok
15:54:57.0948 5240 NTIBackupSvc (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
15:54:57.0959 5240 NTIBackupSvc - ok
15:54:57.0986 5240 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
15:54:57.0996 5240 NTIDrvr - ok
15:54:58.0022 5240 NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
15:54:58.0034 5240 NTISchedulerSvc - ok
15:54:58.0075 5240 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:54:58.0165 5240 ntrigdigi - ok
15:54:58.0183 5240 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:54:58.0226 5240 Null - ok
15:54:58.0257 5240 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:54:58.0269 5240 nvraid - ok
15:54:58.0294 5240 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:54:58.0305 5240 nvstor - ok
15:54:58.0329 5240 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:54:58.0345 5240 nv_agp - ok
15:54:58.0350 5240 NwlnkFlt - ok
15:54:58.0358 5240 NwlnkFwd - ok
15:54:58.0476 5240 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:54:58.0500 5240 odserv - ok
15:54:58.0541 5240 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
15:54:58.0588 5240 ohci1394 - ok
15:54:58.0619 5240 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:54:58.0633 5240 ose - ok
15:54:58.0704 5240 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:54:58.0829 5240 p2pimsvc - ok
15:54:58.0841 5240 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:54:58.0926 5240 p2psvc - ok
15:54:58.0995 5240 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:54:59.0099 5240 Parport - ok
15:54:59.0117 5240 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
15:54:59.0133 5240 partmgr - ok
15:54:59.0158 5240 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:54:59.0226 5240 Parvdm - ok
15:54:59.0252 5240 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:54:59.0287 5240 PcaSvc - ok
15:54:59.0301 5240 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
15:54:59.0318 5240 pci - ok
15:54:59.0342 5240 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:54:59.0355 5240 pciide - ok
15:54:59.0411 5240 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
15:54:59.0428 5240 pcmcia - ok
15:54:59.0522 5240 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:54:59.0666 5240 PEAUTH - ok
15:54:59.0826 5240 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:54:59.0913 5240 pla - ok
15:55:00.0061 5240 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
15:55:00.0116 5240 PlugPlay - ok
15:55:00.0156 5240 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
15:55:00.0180 5240 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:55:00.0180 5240 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:55:00.0248 5240 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:55:00.0324 5240 PNRPAutoReg - ok
15:55:00.0343 5240 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:55:00.0420 5240 PNRPsvc - ok
15:55:00.0519 5240 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
15:55:00.0576 5240 PolicyAgent - ok
15:55:00.0651 5240 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:55:00.0694 5240 PptpMiniport - ok
15:55:00.0722 5240 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:55:00.0761 5240 Processor - ok
15:55:00.0791 5240 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
15:55:00.0843 5240 ProfSvc - ok
15:55:00.0868 5240 ProtectedStorage (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
15:55:00.0888 5240 ProtectedStorage - ok
15:55:00.0914 5240 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
15:55:00.0957 5240 PSched - ok
15:55:01.0079 5240 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:55:01.0198 5240 ql2300 - ok
15:55:01.0220 5240 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:55:01.0235 5240 ql40xx - ok
15:55:01.0295 5240 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:55:01.0325 5240 QWAVE - ok
15:55:01.0352 5240 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:55:01.0371 5240 QWAVEdrv - ok
15:55:01.0388 5240 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:55:01.0442 5240 RasAcd - ok
15:55:01.0459 5240 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:55:01.0500 5240 RasAuto - ok
15:55:01.0523 5240 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:55:01.0564 5240 Rasl2tp - ok
15:55:01.0610 5240 RasMan (afb474438762f0418060653f7294d92c) C:\Windows\System32\rasmans.dll
15:55:01.0654 5240 RasMan - ok
15:55:01.0678 5240 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
15:55:01.0725 5240 RasPppoe - ok
15:55:01.0741 5240 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
15:55:01.0780 5240 RasSstp - ok
15:55:01.0814 5240 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
15:55:01.0856 5240 rdbss - ok
15:55:01.0872 5240 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:55:01.0910 5240 RDPCDD - ok
15:55:01.0957 5240 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:55:01.0999 5240 rdpdr - ok
15:55:02.0005 5240 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:55:02.0071 5240 RDPENCDD - ok
15:55:02.0109 5240 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
15:55:02.0166 5240 RDPWD - ok
15:55:02.0210 5240 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:55:02.0250 5240 RemoteAccess - ok
15:55:02.0299 5240 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
15:55:02.0342 5240 RemoteRegistry - ok
15:55:02.0379 5240 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:55:02.0397 5240 RpcLocator - ok
15:55:02.0455 5240 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
15:55:02.0486 5240 RpcSs - ok
15:55:02.0522 5240 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:55:02.0562 5240 rspndr - ok
15:55:02.0590 5240 RTHDMIAzAudService (d85da4371af61359edfca4ea06619dd4) C:\Windows\system32\drivers\RtHDMIV.sys
15:55:02.0603 5240 RTHDMIAzAudService - ok
15:55:02.0650 5240 RTSTOR (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS
15:55:02.0692 5240 RTSTOR - ok
15:55:02.0735 5240 SamSs (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
15:55:02.0754 5240 SamSs - ok
15:55:02.0781 5240 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:55:02.0795 5240 sbp2port - ok
15:55:02.0836 5240 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
15:55:02.0883 5240 SCardSvr - ok
15:55:03.0010 5240 Schedule (1d5e99db3c10f4fa034010dc49043ca4) C:\Windows\system32\schedsvc.dll
15:55:03.0155 5240 Schedule - ok
15:55:03.0201 5240 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
15:55:03.0239 5240 SCPolicySvc - ok
15:55:03.0278 5240 SCREAMINGBDRIVER (a643d6df1b7546256b11fb5d6b5d1375) C:\Windows\system32\drivers\ScreamingBAudio.sys
15:55:03.0289 5240 SCREAMINGBDRIVER - ok
15:55:03.0334 5240 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
15:55:03.0391 5240 sdbus - ok
15:55:03.0431 5240 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:55:03.0472 5240 SDRSVC - ok
15:55:03.0504 5240 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:55:03.0588 5240 secdrv - ok
15:55:03.0595 5240 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:55:03.0636 5240 seclogon - ok
15:55:03.0655 5240 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
15:55:03.0695 5240 SENS - ok
15:55:03.0725 5240 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:55:03.0814 5240 Serenum - ok
15:55:03.0851 5240 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:55:03.0946 5240 Serial - ok
15:55:03.0987 5240 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:55:04.0025 5240 sermouse - ok
15:55:04.0056 5240 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:55:04.0099 5240 SessionEnv - ok
15:55:04.0132 5240 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:55:04.0170 5240 sffdisk - ok
15:55:04.0199 5240 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:55:04.0260 5240 sffp_mmc - ok
15:55:04.0293 5240 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:55:04.0331 5240 sffp_sd - ok
15:55:04.0347 5240 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:55:04.0431 5240 sfloppy - ok
15:55:04.0500 5240 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:55:04.0572 5240 SharedAccess - ok
15:55:04.0611 5240 ShellHWDetection (27f10f348e508243f6254846f8370d0d) C:\Windows\System32\shsvcs.dll
15:55:04.0655 5240 ShellHWDetection - ok
15:55:04.0688 5240 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:55:04.0703 5240 sisagp - ok
15:55:04.0725 5240 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:55:04.0740 5240 SiSRaid2 - ok
15:55:04.0761 5240 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:55:04.0776 5240 SiSRaid4 - ok
15:55:04.0974 5240 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
15:55:05.0221 5240 slsvc - ok
15:55:05.0407 5240 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
15:55:05.0457 5240 SLUINotify - ok
15:55:05.0495 5240 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
15:55:05.0542 5240 Smb - ok
15:55:05.0567 5240 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:55:05.0586 5240 SNMPTRAP - ok
15:55:05.0604 5240 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:55:05.0617 5240 spldr - ok
15:55:05.0637 5240 Spooler (846cdf9a3cf4da9b306adfb7d55ee4c2) C:\Windows\System32\spoolsv.exe
15:55:05.0679 5240 Spooler - ok
15:55:05.0722 5240 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
15:55:05.0766 5240 srv - ok
15:55:05.0780 5240 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
15:55:05.0820 5240 srv2 - ok
15:55:05.0831 5240 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
15:55:05.0871 5240 srvnet - ok
15:55:05.0899 5240 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:55:05.0953 5240 SSDPSRV - ok
15:55:05.0994 5240 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:55:06.0004 5240 ssmdrv - ok
15:55:06.0036 5240 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:55:06.0089 5240 SstpSvc - ok
15:55:06.0148 5240 Steam Client Service - ok
15:55:06.0214 5240 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
15:55:06.0244 5240 stisvc - ok
15:55:06.0278 5240 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:55:06.0293 5240 swenum - ok
15:55:06.0327 5240 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
15:55:06.0374 5240 swprv - ok
15:55:06.0400 5240 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:55:06.0413 5240 Symc8xx - ok
15:55:06.0440 5240 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:55:06.0453 5240 Sym_hi - ok
15:55:06.0480 5240 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:55:06.0494 5240 Sym_u3 - ok
15:55:06.0548 5240 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
15:55:06.0564 5240 SynTP - ok
15:55:06.0621 5240 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
15:55:06.0704 5240 SysMain - ok
15:55:06.0731 5240 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:55:06.0767 5240 TabletInputService - ok
15:55:06.0795 5240 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
15:55:06.0849 5240 TapiSrv - ok
15:55:06.0871 5240 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:55:06.0923 5240 TBS - ok
15:55:07.0012 5240 Tcpip (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys
15:55:07.0132 5240 Tcpip - ok
15:55:07.0147 5240 Tcpip6 (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys
15:55:07.0237 5240 Tcpip6 - ok
15:55:07.0293 5240 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
15:55:07.0347 5240 tcpipreg - ok
15:55:07.0369 5240 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:55:07.0432 5240 TDPIPE - ok
15:55:07.0450 5240 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:55:07.0487 5240 TDTCP - ok
15:55:07.0517 5240 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
15:55:07.0563 5240 tdx - ok
15:55:07.0585 5240 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
15:55:07.0600 5240 TermDD - ok
15:55:07.0649 5240 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
15:55:07.0720 5240 TermService - ok
15:55:07.0777 5240 Themes (27f10f348e508243f6254846f8370d0d) C:\Windows\system32\shsvcs.dll
15:55:07.0821 5240 Themes - ok
15:55:07.0859 5240 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:55:07.0899 5240 THREADORDER - ok
15:55:07.0914 5240 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:55:07.0969 5240 TrkWks - ok
15:55:08.0020 5240 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
15:55:08.0059 5240 TrustedInstaller - ok
15:55:08.0087 5240 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:55:08.0152 5240 tssecsrv - ok
15:55:08.0162 5240 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:55:08.0200 5240 tunmp - ok
15:55:08.0229 5240 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
15:55:08.0278 5240 tunnel - ok
15:55:08.0303 5240 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:55:08.0317 5240 uagp35 - ok
15:55:08.0346 5240 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
15:55:08.0356 5240 UBHelper - ok
15:55:08.0400 5240 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
15:55:08.0441 5240 udfs - ok
15:55:08.0470 5240 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:55:08.0520 5240 UI0Detect - ok
15:55:08.0538 5240 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:55:08.0554 5240 uliagpkx - ok
15:55:08.0599 5240 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:55:08.0618 5240 uliahci - ok
15:55:08.0654 5240 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:55:08.0669 5240 UlSata - ok
15:55:08.0687 5240 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:55:08.0702 5240 ulsata2 - ok
15:55:08.0731 5240 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:55:08.0779 5240 umbus - ok
15:55:08.0818 5240 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:55:08.0876 5240 upnphost - ok
15:55:08.0922 5240 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:55:08.0972 5240 USBAAPL - ok
15:55:09.0027 5240 usbccgp (3955375c83afbe4b110c5fb1231345af) C:\Windows\system32\DRIVERS\usbccgp.sys
15:55:09.0075 5240 usbccgp - ok
15:55:09.0122 5240 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:55:09.0192 5240 usbcir - ok
15:55:09.0231 5240 usbehci (7f8d9d95a00072ccdd43ad3f7b4450c2) C:\Windows\system32\DRIVERS\usbehci.sys
15:55:09.0260 5240 usbehci - ok
15:55:09.0285 5240 usbhub (63b44b390451ed3b95405adddcc1984e) C:\Windows\system32\DRIVERS\usbhub.sys
15:55:09.0304 5240 usbhub - ok
15:55:09.0331 5240 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:55:09.0399 5240 usbohci - ok
15:55:09.0439 5240 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:55:09.0489 5240 usbprint - ok
15:55:09.0545 5240 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:55:09.0597 5240 usbscan - ok
15:55:09.0633 5240 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:55:09.0691 5240 USBSTOR - ok
15:55:09.0704 5240 usbuhci (ca62c65383513c365e1ca5796ccac7b5) C:\Windows\system32\DRIVERS\usbuhci.sys
15:55:09.0721 5240 usbuhci - ok
15:55:09.0738 5240 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:55:09.0784 5240 usbvideo - ok
15:55:09.0818 5240 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
15:55:09.0859 5240 UxSms - ok
15:55:09.0892 5240 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\Windows\system32\DRIVERS\vcsvad.sys
15:55:09.0924 5240 VCSVADHWSer - ok
15:55:09.0967 5240 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
15:55:10.0024 5240 vds - ok
15:55:10.0092 5240 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:55:10.0154 5240 vga - ok
15:55:10.0167 5240 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:55:10.0216 5240 VgaSave - ok
15:55:10.0245 5240 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:55:10.0259 5240 viaagp - ok
15:55:10.0277 5240 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:55:10.0315 5240 ViaC7 - ok
15:55:10.0333 5240 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:55:10.0346 5240 viaide - ok
15:55:10.0381 5240 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:55:10.0396 5240 volmgr - ok
15:55:10.0418 5240 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
15:55:10.0439 5240 volmgrx - ok
15:55:10.0459 5240 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
15:55:10.0478 5240 volsnap - ok
15:55:10.0525 5240 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:55:10.0541 5240 vsmraid - ok
15:55:10.0658 5240 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
15:55:10.0783 5240 VSS - ok
15:55:10.0818 5240 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
15:55:10.0874 5240 W32Time - ok
15:55:10.0941 5240 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:55:11.0032 5240 WacomPen - ok
15:55:11.0076 5240 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:55:11.0133 5240 Wanarp - ok
15:55:11.0141 5240 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:55:11.0183 5240 Wanarpv6 - ok
15:55:11.0237 5240 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
15:55:11.0327 5240 wcncsvc - ok
15:55:11.0385 5240 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:55:11.0423 5240 WcsPlugInService - ok
15:55:11.0448 5240 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:55:11.0458 5240 Wd - ok
15:55:11.0528 5240 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:55:11.0576 5240 Wdf01000 - ok
15:55:11.0641 5240 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:55:11.0682 5240 WdiServiceHost - ok
15:55:11.0687 5240 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:55:11.0729 5240 WdiSystemHost - ok
15:55:11.0772 5240 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
15:55:11.0807 5240 WebClient - ok
15:55:11.0830 5240 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
15:55:11.0873 5240 Wecsvc - ok
15:55:11.0891 5240 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:55:11.0942 5240 wercplsupport - ok
15:55:11.0979 5240 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
15:55:12.0016 5240 WerSvc - ok
15:55:12.0077 5240 winachsf (d0116c473ef3c381a42bb55036a1adb1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:55:12.0182 5240 winachsf - ok
15:55:12.0287 5240 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:55:12.0314 5240 WinDefend - ok
15:55:12.0322 5240 WinHttpAutoProxySvc - ok
15:55:12.0403 5240 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
15:55:12.0463 5240 Winmgmt - ok
15:55:12.0546 5240 WinRM (20fc93fdc916843cfdfcaa7a1b0db16f) C:\Windows\system32\WsmSvc.dll
15:55:12.0646 5240 WinRM - ok
15:55:12.0701 5240 Wlansvc (4b40ff01db5357299dcbdb5a5746ad21) C:\Windows\System32\wlansvc.dll
15:55:12.0725 5240 Wlansvc - ok
15:55:12.0804 5240 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:55:12.0855 5240 WmiAcpi - ok
15:55:12.0928 5240 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
15:55:12.0968 5240 wmiApSrv - ok
15:55:13.0101 5240 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:55:13.0267 5240 WMPNetworkSvc - ok
15:55:13.0345 5240 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
15:55:13.0386 5240 WPCSvc - ok
15:55:13.0415 5240 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
15:55:13.0464 5240 WPDBusEnum - ok
15:55:13.0559 5240 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
15:55:13.0597 5240 WpdUsb - ok
15:55:13.0628 5240 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:55:13.0670 5240 ws2ifsl - ok
15:55:13.0690 5240 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
15:55:13.0713 5240 wscsvc - ok
15:55:13.0722 5240 WSearch - ok
15:55:13.0858 5240 wuauserv (d79538b67fa641e986855def651e78fe) C:\Windows\system32\wuaueng.dll
15:55:14.0076 5240 wuauserv - ok
15:55:14.0241 5240 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:55:14.0279 5240 WUDFRd - ok
15:55:14.0318 5240 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:55:14.0360 5240 wudfsvc - ok
15:55:14.0379 5240 XAudio (22a08b9faecd6a306868f59b7f03f188) C:\Windows\system32\DRIVERS\XAudio32.sys
15:55:14.0396 5240 XAudio - ok
15:55:14.0429 5240 MBR (0x1B8) (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0
15:55:14.0828 5240 \Device\Harddisk0\DR0 - ok
15:55:14.0832 5240 Boot (0x1200) (2b1801ad0246a445ff5091bb2fa14b1b) \Device\Harddisk0\DR0\Partition0
15:55:14.0834 5240 \Device\Harddisk0\DR0\Partition0 - ok
15:55:14.0836 5240 ============================================================
15:55:14.0836 5240 Scan finished
15:55:14.0836 5240 ============================================================
15:55:14.0920 6032 Detected object count: 6
15:55:14.0920 6032 Actual detected object count: 6
15:59:19.0686 6032 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:19.0686 6032 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:19.0689 6032 AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:19.0689 6032 AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:19.0692 6032 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:19.0692 6032 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:19.0695 6032 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:19.0695 6032 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:19.0698 6032 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:19.0698 6032 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:19.0700 6032 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:19.0701 6032 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:26.0824 5984 Deinitialize success
|
|
26.06.2012, 15:37
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -Malwarebytes Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
28.06.2012, 16:33
| #19 |
| | - Rookit und Sirefef -MalwarebytesCode:
ATTFilter ComboFix 12-06-28.01 - Marcel Klahn 28.06.2012 17:16:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3066.1984 [GMT 2:00]
ausgeführt von:: c:\users\Marcel Klahn\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\kikin
c:\program files\kikin\default_settings.xml
c:\program files\kikin\file_list.txt
c:\program files\kikin\kikin.ico
c:\program files\kikin\KikinBroker.exe
c:\program files\kikin\KikinCrashReporter.exe
c:\program files\kikin\uninst.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-28 ))))))))))))))))))))))))))))))
.
.
2012-06-28 15:28 . 2012-06-28 15:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 14:17 . 2012-06-25 14:17 -------- d-----w- C:\_OTL
2012-06-22 12:11 . 2012-06-22 12:11 -------- d-----w- c:\users\Marcel Klahn\AppData\Roaming\Malwarebytes
2012-06-21 21:14 . 2012-06-21 21:14 -------- d-----w- c:\program files\ESET
2012-06-06 11:18 . 2012-06-06 11:19 -------- d-----w- c:\program files\PokerStars
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 13:56 . 2011-03-28 20:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-06-14 22:19 . 2012-06-22 11:42 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-22 22:41 . 2009-12-03 14:55 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2008-07-27 18:03 282112 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 68856]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"Facebook Update"="c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-14 137536]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-19 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-25 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-22 30192]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000Core.job
- c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 20:14]
.
2012-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job
- c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 20:14]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 07:41]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 07:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Free YouTube to MP3 Converter - c:\users\Marcel Klahn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\balegvbu.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-FormatFactory - c:\program files\FreeTime\FormatFactory\uninst.exe
AddRemove-kikin Plugin (NO23 Edition) - c:\program files\kikin\uninst.exe
AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe
AddRemove-TeamSpeak 3 Client - c:\users\Marcel Klahn\Desktop\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-28 17:28
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\SecuROM\License information*]
"datasecu"=hex:d7,f1,4b,ea,7c,d6,4b,ee,73,e7,80,47,4e,fa,85,c2,d3,f1,bc,cf,79,
d3,60,7f,71,d5,f4,4d,fc,6b,97,53,b2,1b,6e,09,ea,3f,be,7f,1c,fe,a2,a7,0a,f5,\
"rkeysecu"=hex:cf,93,cb,c3,6b,74,46,3a,94,96,51,0e,7d,ea,65,e2
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-06-28 17:31:40
ComboFix-quarantined-files.txt 2012-06-28 15:31
.
Vor Suchlauf: 16 Verzeichnis(se), 121.768.992.768 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 121.712.115.712 Bytes frei
.
- - End Of File - - 63DBC3A7E816081557E9A743882DF885
|
|
29.06.2012, 11:12
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -Malwarebytes Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.07.2012, 01:35
| #21 |
| | - Rookit und Sirefef -Malwarebytes Einmal der GEMA äh GMER scan  Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-04 00:03:06
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: bfn8crpz.exe; Driver: C:\Users\MARCEL~1\AppData\Local\Temp\kxtdypog.sys
---- System - GMER 1.0.15 ----
SSDT 8B226F3C ZwCreateThread
SSDT 8B226F28 ZwOpenProcess
SSDT 8B226F2D ZwOpenThread
SSDT 8B226F37 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 454 82508A18 4 Bytes [3C, 6F, 22, 8B]
.text ntkrnlpa.exe!KeSetTimerEx + 624 82508BE8 4 Bytes [28, 6F, 22, 8B]
.text ntkrnlpa.exe!KeSetTimerEx + 640 82508C04 4 Bytes [2D, 6F, 22, 8B]
.text ntkrnlpa.exe!KeSetTimerEx + 854 82508E18 4 Bytes [37, 6F, 22, 8B]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E201000, 0x3C9EA5, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[3352] SHELL32.dll!InitNetworkAddressControl + 2939 76FD0064 4 Bytes [20, 28, 00, 10] {AND [EAX], CH; ADD [EAX], DL}
.text C:\Program Files\Mozilla Firefox\firefox.exe[3780] ntdll.dll!LdrLoadDll 77AC7933 5 Bytes JMP 69E0FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3780] kernel32.dll!MapViewOfFile 766B7F30 5 Bytes JMP 6A0B079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3780] kernel32.dll!VirtualAlloc 766BB86F 5 Bytes JMP 6A0B07C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3780] GDI32.dll!CreateDIBSection 76C075C0 5 Bytes JMP 6A0B0728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2144] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [01B41210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74867BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748A98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7486D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7485F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74867599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7485E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7489B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7486D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7486012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74860095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748571F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [748ED802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [748875E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7485DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7485668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748566BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74861E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002D50] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mwlPSDFilter.sys (PSD Filter Driver/Egis Incorporated.)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:09:42 on 04.07.2012 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 13.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000Core.job" - "Facebook Inc." - C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe "FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job" - "Facebook Inc." - C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\MARCEL~1\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kxtdypog" (kxtdypog) - ? - C:\Users\MARCEL~1\AppData\Local\Temp\kxtdypog.sys (Hidden registry entry, rootkit activity | File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys "mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys "mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Facebook Update" - "Facebook Inc." - "C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 "ProductReg" - "Acer" - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k "CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" "EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe "PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "PLFSetI" - ? - C:\Windows\PLFSetI.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5mu.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe "NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "Acer" - C:\Windows\system32\Acer.scr [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-04 00:11:53
-----------------------------
00:11:53.950 OS Version: Windows 6.0.6001 Service Pack 1
00:11:53.950 Number of processors: 2 586 0x170A
00:11:53.953 ComputerName: MEINPC UserName:
00:11:56.521 Initialize success
00:14:17.142 AVAST engine defs: 12070301
00:14:46.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:14:46.300 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
00:14:46.660 Disk 0 MBR read successfully
00:14:46.662 Disk 0 MBR scan
00:14:46.668 Disk 0 unknown MBR code
00:14:46.772 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
00:14:46.903 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 466938 MB offset 20482048
00:14:47.317 Disk 0 scanning sectors +976771072
00:14:48.142 Disk 0 scanning C:\Windows\system32\drivers
00:16:20.103 Service scanning
00:16:46.722 Modules scanning
00:17:33.813 Disk 0 trace - called modules:
00:17:33.857 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:17:33.864 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8621c518]
00:17:33.869 3 CLASSPNP.SYS[8a7a2745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x856ec028]
00:17:36.447 AVAST engine scan C:\Windows
00:19:45.623 AVAST engine scan C:\Windows\system32
00:24:19.222 AVAST engine scan C:\Windows\system32\drivers
00:24:58.356 AVAST engine scan C:\Users\Marcel Klahn
01:06:44.306 AVAST engine scan C:\ProgramData
01:14:54.557 Scan finished successfully
02:31:21.601 Disk 0 MBR has been saved successfully to "C:\Users\Marcel Klahn\Desktop\MBR.dat"
02:31:21.609 The log file has been saved successfully to "C:\Users\Marcel Klahn\Desktop\aswMBR.txt"
|
|
05.07.2012, 08:35
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -Malwarebytes Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.07.2012, 17:21
| #23 |
| | - Rookit und Sirefef -Malwarebytes So, mir hats gereicht, komplett das system neu aufgesetzt, danke für die mühen, kannst du bitte das thema löschen, ich will nicht, dass man hier googeln kann und private Daten erfährt. LG DANKE FÜR DIE BEMÜHUNGEN |
|
15.07.2012, 18:50
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -Malwarebytes Schade, dass du so kurz vorm Ziel aufgehört hast, naja Themen werden hier nicht gelöscht
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu - Rookit und Sirefef -Malwarebytes |
| 80000000.@, 800000cb.@, administrator, anti-malware, antivir, appdata, autostart, code, dateien, dateisystem, ebanking, explorer, firefox, folge, frage, gelöscht, google, heuristiks/extra, heuristiks/shuriken, hotmail, mail, problem, rootkit, scan, seite, seiten, software, trojaner, virus, vista, wichtig |
Linear-Darstellung
