Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: - Rookit und Sirefef -Malwarebytes

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.06.2012, 10:09   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.06.2012, 16:01   #17
Mr.Mkay
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Alles klar Chef,

Code:
ATTFilter
15:53:26.0859 5288	TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
15:53:27.0082 5288	============================================================
15:53:27.0082 5288	Current date / time: 2012/06/26 15:53:27.0082
15:53:27.0082 5288	SystemInfo:
15:53:27.0082 5288	
15:53:27.0082 5288	OS Version: 6.0.6001 ServicePack: 1.0
15:53:27.0082 5288	Product type: Workstation
15:53:27.0082 5288	ComputerName: MEINPC
15:53:27.0083 5288	UserName: Marcel Klahn
15:53:27.0083 5288	Windows directory: C:\Windows
15:53:27.0083 5288	System windows directory: C:\Windows
15:53:27.0083 5288	Processor architecture: Intel x86
15:53:27.0083 5288	Number of processors: 2
15:53:27.0083 5288	Page size: 0x1000
15:53:27.0083 5288	Boot type: Normal boot
15:53:27.0083 5288	============================================================
15:53:27.0650 5288	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:53:27.0652 5288	============================================================
15:53:27.0652 5288	\Device\Harddisk0\DR0:
15:53:27.0652 5288	MBR partitions:
15:53:27.0652 5288	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000
15:53:27.0652 5288	============================================================
15:53:27.0696 5288	C: <-> \Device\Harddisk0\DR0\Partition0
15:53:27.0697 5288	============================================================
15:53:27.0697 5288	Initialize success
15:53:27.0697 5288	============================================================
15:54:33.0903 5240	============================================================
15:54:33.0903 5240	Scan started
15:54:33.0903 5240	Mode: Manual; SigCheck; TDLFS; 
15:54:33.0903 5240	============================================================
15:54:34.0228 5240	ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
15:54:34.0394 5240	ACPI - ok
15:54:34.0451 5240	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:54:34.0491 5240	adp94xx - ok
15:54:34.0554 5240	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:54:34.0576 5240	adpahci - ok
15:54:34.0600 5240	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:54:34.0619 5240	adpu160m - ok
15:54:34.0650 5240	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:54:34.0669 5240	adpu320 - ok
15:54:34.0745 5240	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:54:34.0869 5240	AeLookupSvc - ok
15:54:34.0912 5240	AFD             (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
15:54:34.0965 5240	AFD - ok
15:54:35.0075 5240	AgereSoftModem  (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
15:54:35.0357 5240	AgereSoftModem - ok
15:54:35.0409 5240	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:54:35.0425 5240	agp440 - ok
15:54:35.0446 5240	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:54:35.0460 5240	aic78xx - ok
15:54:35.0491 5240	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:54:35.0536 5240	ALG - ok
15:54:35.0560 5240	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:54:35.0574 5240	aliide - ok
15:54:35.0643 5240	AMD External Events Utility (cde41d99db840ff9454fc981ebd0ec50) C:\Windows\system32\atiesrxx.exe
15:54:35.0736 5240	AMD External Events Utility - ok
15:54:35.0801 5240	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:54:35.0816 5240	amdagp - ok
15:54:35.0845 5240	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:54:35.0858 5240	amdide - ok
15:54:35.0886 5240	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:54:35.0942 5240	AmdK7 - ok
15:54:35.0971 5240	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:54:36.0009 5240	AmdK8 - ok
15:54:36.0686 5240	amdkmdag        (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys
15:54:37.0835 5240	amdkmdag - ok
15:54:38.0060 5240	amdkmdap        (c541da5b72fa638469e8dc1e66079330) C:\Windows\system32\DRIVERS\atikmpag.sys
15:54:38.0141 5240	amdkmdap - ok
15:54:38.0245 5240	AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:54:38.0268 5240	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning
15:54:38.0268 5240	AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)
15:54:38.0304 5240	AntiVirService  (b8720a787c1223492e6f319465e996ce) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:54:38.0315 5240	AntiVirService ( UnsignedFile.Multi.Generic ) - warning
15:54:38.0315 5240	AntiVirService - detected UnsignedFile.Multi.Generic (1)
15:54:38.0352 5240	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:54:38.0420 5240	Appinfo - ok
15:54:38.0498 5240	Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:54:38.0515 5240	Apple Mobile Device - ok
15:54:38.0539 5240	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:54:38.0554 5240	arc - ok
15:54:38.0593 5240	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:54:38.0608 5240	arcsas - ok
15:54:38.0647 5240	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:54:38.0715 5240	AsyncMac - ok
15:54:38.0731 5240	atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
15:54:38.0745 5240	atapi - ok
15:54:38.0890 5240	athr            (acdb46b1a467752a2f280c68c8461556) C:\Windows\system32\DRIVERS\athr.sys
15:54:39.0053 5240	athr - ok
15:54:39.0113 5240	AtiHDAudioService (9f7ccf1d6faf646f71f029a30ded2dc7) C:\Windows\system32\drivers\AtihdLH3.sys
15:54:39.0166 5240	AtiHDAudioService - ok
15:54:39.0827 5240	atikmdag        (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys
15:54:40.0192 5240	atikmdag - ok
15:54:40.0344 5240	AudioEndpointBuilder (20c195b959ea0fcccb986c7619bd347e) C:\Windows\System32\Audiosrv.dll
15:54:40.0412 5240	AudioEndpointBuilder - ok
15:54:40.0422 5240	Audiosrv        (20c195b959ea0fcccb986c7619bd347e) C:\Windows\System32\Audiosrv.dll
15:54:40.0447 5240	Audiosrv - ok
15:54:40.0535 5240	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:54:40.0546 5240	avgio - ok
15:54:40.0607 5240	avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
15:54:40.0618 5240	avgntflt - ok
15:54:40.0665 5240	avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
15:54:40.0676 5240	avipbb - ok
15:54:40.0747 5240	b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:54:40.0811 5240	b57nd60x - ok
15:54:40.0852 5240	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:54:40.0910 5240	Beep - ok
15:54:40.0965 5240	BFE             (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
15:54:41.0026 5240	BFE - ok
15:54:41.0117 5240	BITS            (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
15:54:41.0258 5240	BITS - ok
15:54:41.0290 5240	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:54:41.0339 5240	blbdrive - ok
15:54:41.0437 5240	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:54:41.0460 5240	Bonjour Service - ok
15:54:41.0478 5240	bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
15:54:41.0523 5240	bowser - ok
15:54:41.0557 5240	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:54:41.0611 5240	BrFiltLo - ok
15:54:41.0639 5240	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:54:41.0689 5240	BrFiltUp - ok
15:54:41.0723 5240	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:54:41.0821 5240	Browser - ok
15:54:41.0842 5240	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:54:41.0925 5240	Brserid - ok
15:54:41.0949 5240	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:54:42.0026 5240	BrSerWdm - ok
15:54:42.0043 5240	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:54:42.0113 5240	BrUsbMdm - ok
15:54:42.0128 5240	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:54:42.0198 5240	BrUsbSer - ok
15:54:42.0221 5240	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:54:42.0295 5240	BTHMODEM - ok
15:54:42.0327 5240	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:54:42.0381 5240	cdfs - ok
15:54:42.0412 5240	cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
15:54:42.0467 5240	cdrom - ok
15:54:42.0514 5240	CertPropSvc     (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
15:54:42.0558 5240	CertPropSvc - ok
15:54:42.0592 5240	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:54:42.0641 5240	circlass - ok
15:54:42.0684 5240	CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
15:54:42.0704 5240	CLFS - ok
15:54:42.0821 5240	CLHNService     (2b272d0a6e5071829b516ffdc7f841ca) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
15:54:42.0832 5240	CLHNService - ok
15:54:42.0924 5240	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:54:42.0938 5240	clr_optimization_v2.0.50727_32 - ok
15:54:42.0986 5240	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:54:43.0039 5240	CmBatt - ok
15:54:43.0065 5240	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:54:43.0079 5240	cmdide - ok
15:54:43.0103 5240	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:54:43.0116 5240	Compbatt - ok
15:54:43.0121 5240	COMSysApp - ok
15:54:43.0130 5240	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:54:43.0144 5240	crcdisk - ok
15:54:43.0162 5240	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:54:43.0217 5240	Crusoe - ok
15:54:43.0261 5240	CryptSvc        (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
15:54:43.0311 5240	CryptSvc - ok
15:54:43.0381 5240	DcomLaunch      (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
15:54:43.0462 5240	DcomLaunch - ok
15:54:43.0494 5240	DfsC            (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
15:54:43.0545 5240	DfsC - ok
15:54:43.0731 5240	DFSR            (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
15:54:43.0881 5240	DFSR - ok
15:54:44.0053 5240	Dhcp            (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
15:54:44.0105 5240	Dhcp - ok
15:54:44.0148 5240	disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
15:54:44.0163 5240	disk - ok
15:54:44.0197 5240	DKbFltr         (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
15:54:44.0208 5240	DKbFltr - ok
15:54:44.0231 5240	Dnscache        (f5a0f1da1ed8b429597e71d27d976e31) C:\Windows\System32\dnsrslvr.dll
15:54:44.0347 5240	Dnscache - ok
15:54:44.0378 5240	dot3svc         (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
15:54:44.0419 5240	dot3svc - ok
15:54:44.0487 5240	Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
15:54:44.0550 5240	Dot4 - ok
15:54:44.0578 5240	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:54:44.0728 5240	Dot4Print - ok
15:54:44.0781 5240	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
15:54:44.0832 5240	dot4usb - ok
15:54:44.0864 5240	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:54:44.0905 5240	DPS - ok
15:54:44.0932 5240	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:54:44.0977 5240	drmkaud - ok
15:54:45.0066 5240	dtsoftbus01     (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:54:45.0083 5240	dtsoftbus01 - ok
15:54:45.0145 5240	DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
15:54:45.0262 5240	DXGKrnl - ok
15:54:45.0340 5240	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:54:45.0398 5240	E1G60 - ok
15:54:45.0415 5240	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:54:45.0462 5240	EapHost - ok
15:54:45.0513 5240	Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
15:54:45.0531 5240	Ecache - ok
15:54:45.0610 5240	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:54:45.0645 5240	ehRecvr - ok
15:54:45.0677 5240	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:54:45.0718 5240	ehSched - ok
15:54:45.0739 5240	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:54:45.0767 5240	ehstart - ok
15:54:45.0842 5240	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:54:45.0912 5240	elxstor - ok
15:54:46.0036 5240	EMDMgmt         (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
15:54:46.0136 5240	EMDMgmt - ok
15:54:46.0306 5240	ePowerSvc       (2072cbe938dd355c4a52e9a4dcf5439f) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
15:54:46.0337 5240	ePowerSvc - ok
15:54:46.0420 5240	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:54:46.0466 5240	ErrDev - ok
15:54:46.0510 5240	EventSystem     (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
15:54:46.0554 5240	EventSystem - ok
15:54:46.0601 5240	exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
15:54:46.0641 5240	exfat - ok
15:54:46.0686 5240	fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
15:54:46.0740 5240	fastfat - ok
15:54:46.0773 5240	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:54:46.0827 5240	fdc - ok
15:54:46.0900 5240	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:54:46.0939 5240	fdPHost - ok
15:54:46.0948 5240	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:54:47.0019 5240	FDResPub - ok
15:54:47.0050 5240	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:54:47.0061 5240	FileInfo - ok
15:54:47.0083 5240	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:54:47.0136 5240	Filetrace - ok
15:54:47.0159 5240	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:54:47.0213 5240	flpydisk - ok
15:54:47.0238 5240	FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
15:54:47.0256 5240	FltMgr - ok
15:54:47.0330 5240	FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:54:47.0342 5240	FontCache3.0.0.0 - ok
15:54:47.0372 5240	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:54:47.0421 5240	Fs_Rec - ok
15:54:47.0447 5240	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:54:47.0461 5240	gagp30kx - ok
15:54:47.0525 5240	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:54:47.0535 5240	GEARAspiWDM - ok
15:54:47.0653 5240	GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:54:47.0664 5240	GoogleDesktopManager-051210-111108 - ok
15:54:47.0746 5240	gpsvc           (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
15:54:47.0806 5240	gpsvc - ok
15:54:47.0884 5240	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:54:47.0910 5240	gupdate - ok
15:54:47.0916 5240	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:54:47.0929 5240	gupdatem - ok
15:54:47.0986 5240	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:54:48.0001 5240	gusvc - ok
15:54:48.0048 5240	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:54:48.0141 5240	HdAudAddService - ok
15:54:48.0164 5240	HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:54:48.0213 5240	HDAudBus - ok
15:54:48.0231 5240	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:54:48.0311 5240	HidBth - ok
15:54:48.0336 5240	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:54:48.0404 5240	HidIr - ok
15:54:48.0437 5240	hidserv         (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
15:54:48.0506 5240	hidserv - ok
15:54:48.0550 5240	HidUsb          (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
15:54:48.0573 5240	HidUsb - ok
15:54:48.0607 5240	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:54:48.0658 5240	hkmsvc - ok
15:54:48.0679 5240	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:54:48.0694 5240	HpCISSs - ok
15:54:48.0860 5240	hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:54:48.0879 5240	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
15:54:48.0879 5240	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
15:54:48.0933 5240	hpqddsvc        (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:54:48.0991 5240	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
15:54:48.0991 5240	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
15:54:49.0044 5240	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:54:49.0085 5240	HSFHWAZL - ok
15:54:49.0146 5240	HsfXAudioService (1e7c79cbaf71aa92e0eee924907dcb55) C:\Windows\system32\XAudio32.dll
15:54:49.0226 5240	HsfXAudioService - ok
15:54:49.0361 5240	HSF_DPV         (efed6bd9b9d5f407adca918bbe2d410d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:54:49.0497 5240	HSF_DPV - ok
15:54:49.0570 5240	HSXHWAZL        (c2eb8396c46e13f76037d70eae8820a9) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:54:49.0634 5240	HSXHWAZL - ok
15:54:49.0703 5240	HTTP            (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
15:54:49.0763 5240	HTTP - ok
15:54:49.0778 5240	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:54:49.0792 5240	i2omp - ok
15:54:49.0827 5240	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:54:49.0882 5240	i8042prt - ok
15:54:49.0934 5240	iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
15:54:49.0953 5240	iaStor - ok
15:54:49.0998 5240	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:54:50.0018 5240	iaStorV - ok
15:54:50.0160 5240	idsvc           (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:54:50.0247 5240	idsvc - ok
15:54:50.0276 5240	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:54:50.0290 5240	iirsp - ok
15:54:50.0342 5240	IKEEXT          (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
15:54:50.0436 5240	IKEEXT - ok
15:54:50.0630 5240	IntcAzAudAddService (80919a856693b1d1d4177f11f5bda545) C:\Windows\system32\drivers\RTKVHDA.sys
15:54:50.0846 5240	IntcAzAudAddService - ok
15:54:51.0022 5240	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:54:51.0035 5240	intelide - ok
15:54:51.0076 5240	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:54:51.0125 5240	intelppm - ok
15:54:51.0162 5240	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:54:51.0219 5240	IPBusEnum - ok
15:54:51.0241 5240	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:54:51.0281 5240	IpFilterDriver - ok
15:54:51.0306 5240	iphlpsvc        (cad416b8a4309b5e1ce75425381e7d2f) C:\Windows\System32\iphlpsvc.dll
15:54:51.0347 5240	iphlpsvc - ok
15:54:51.0352 5240	IpInIp - ok
15:54:51.0373 5240	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:54:51.0422 5240	IPMIDRV - ok
15:54:51.0455 5240	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:54:51.0495 5240	IPNAT - ok
15:54:51.0606 5240	iPod Service    (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
15:54:51.0687 5240	iPod Service - ok
15:54:51.0744 5240	irda            (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
15:54:51.0784 5240	irda - ok
15:54:51.0830 5240	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:54:51.0868 5240	IRENUM - ok
15:54:51.0902 5240	Irmon           (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
15:54:51.0977 5240	Irmon - ok
15:54:52.0004 5240	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:54:52.0018 5240	isapnp - ok
15:54:52.0058 5240	iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
15:54:52.0075 5240	iScsiPrt - ok
15:54:52.0099 5240	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:54:52.0113 5240	iteatapi - ok
15:54:52.0130 5240	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:54:52.0143 5240	iteraid - ok
15:54:52.0190 5240	k57nd60x        (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
15:54:52.0230 5240	k57nd60x - ok
15:54:52.0249 5240	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:54:52.0264 5240	kbdclass - ok
15:54:52.0274 5240	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
15:54:52.0312 5240	kbdhid - ok
15:54:52.0336 5240	KeyIso          (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
15:54:52.0379 5240	KeyIso - ok
15:54:52.0431 5240	KSecDD          (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
15:54:52.0457 5240	KSecDD - ok
15:54:52.0507 5240	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:54:52.0560 5240	KtmRm - ok
15:54:52.0589 5240	LanmanServer    (05ce901a4472b3fbf9407c94ad1db693) C:\Windows\system32\srvsvc.dll
15:54:52.0644 5240	LanmanServer - ok
15:54:52.0672 5240	LanmanWorkstation (dec1a338b86c5d582c25c40836dd76c3) C:\Windows\System32\wkssvc.dll
15:54:52.0741 5240	LanmanWorkstation - ok
15:54:52.0804 5240	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:54:52.0843 5240	lltdio - ok
15:54:52.0868 5240	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:54:52.0912 5240	lltdsvc - ok
15:54:52.0926 5240	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:54:52.0996 5240	lmhosts - ok
15:54:53.0037 5240	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:54:53.0048 5240	LSI_FC - ok
15:54:53.0068 5240	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:54:53.0080 5240	LSI_SAS - ok
15:54:53.0109 5240	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:54:53.0125 5240	LSI_SCSI - ok
15:54:53.0156 5240	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:54:53.0201 5240	luafv - ok
15:54:53.0263 5240	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
15:54:53.0277 5240	MBAMProtector - ok
15:54:53.0430 5240	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:54:53.0460 5240	MBAMService - ok
15:54:53.0643 5240	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
15:54:53.0658 5240	McComponentHostService - ok
15:54:53.0690 5240	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
15:54:53.0733 5240	Mcx2Svc - ok
15:54:53.0759 5240	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:54:53.0775 5240	mdmxsdk - ok
15:54:53.0821 5240	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:54:53.0835 5240	megasas - ok
15:54:53.0907 5240	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:54:53.0963 5240	MegaSR - ok
15:54:54.0071 5240	Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:54:54.0084 5240	Microsoft Office Groove Audit Service - ok
15:54:54.0161 5240	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:54:54.0215 5240	MMCSS - ok
15:54:54.0236 5240	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:54:54.0288 5240	Modem - ok
15:54:54.0327 5240	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:54:54.0365 5240	monitor - ok
15:54:54.0412 5240	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:54:54.0426 5240	mouclass - ok
15:54:54.0455 5240	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:54:54.0493 5240	mouhid - ok
15:54:54.0513 5240	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:54:54.0527 5240	MountMgr - ok
15:54:54.0631 5240	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:54:54.0646 5240	MozillaMaintenance - ok
15:54:54.0682 5240	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:54:54.0698 5240	mpio - ok
15:54:54.0720 5240	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:54:54.0759 5240	mpsdrv - ok
15:54:54.0805 5240	MpsSvc          (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
15:54:54.0871 5240	MpsSvc - ok
15:54:54.0957 5240	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:54:54.0971 5240	Mraid35x - ok
15:54:55.0004 5240	MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
15:54:55.0048 5240	MRxDAV - ok
15:54:55.0076 5240	mrxsmb          (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:54:55.0116 5240	mrxsmb - ok
15:54:55.0146 5240	mrxsmb10        (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:54:55.0183 5240	mrxsmb10 - ok
15:54:55.0193 5240	mrxsmb20        (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:54:55.0232 5240	mrxsmb20 - ok
15:54:55.0255 5240	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
15:54:55.0270 5240	msahci - ok
15:54:55.0304 5240	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:54:55.0319 5240	msdsm - ok
15:54:55.0362 5240	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:54:55.0408 5240	MSDTC - ok
15:54:55.0417 5240	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:54:55.0463 5240	Msfs - ok
15:54:55.0487 5240	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:54:55.0500 5240	msisadrv - ok
15:54:55.0535 5240	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:54:55.0576 5240	MSiSCSI - ok
15:54:55.0580 5240	msiserver - ok
15:54:55.0600 5240	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:54:55.0646 5240	MSKSSRV - ok
15:54:55.0664 5240	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:54:55.0702 5240	MSPCLOCK - ok
15:54:55.0719 5240	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:54:55.0757 5240	MSPQM - ok
15:54:55.0788 5240	MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
15:54:55.0805 5240	MsRPC - ok
15:54:55.0824 5240	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:54:55.0838 5240	mssmbios - ok
15:54:55.0858 5240	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:54:55.0895 5240	MSTEE - ok
15:54:55.0914 5240	Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
15:54:55.0928 5240	Mup - ok
15:54:55.0957 5240	mwlPSDFilter    (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:54:55.0968 5240	mwlPSDFilter - ok
15:54:55.0978 5240	mwlPSDNServ     (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:54:55.0989 5240	mwlPSDNServ - ok
15:54:56.0003 5240	mwlPSDVDisk     (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:54:56.0013 5240	mwlPSDVDisk - ok
15:54:56.0106 5240	MWLService      (fd257cd94057d02108b954156d7b2770) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
15:54:56.0125 5240	MWLService - ok
15:54:56.0179 5240	napagent        (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
15:54:56.0244 5240	napagent - ok
15:54:56.0288 5240	NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
15:54:56.0331 5240	NativeWifiP - ok
15:54:56.0389 5240	NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
15:54:56.0444 5240	NDIS - ok
15:54:56.0520 5240	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:54:56.0571 5240	NdisTapi - ok
15:54:56.0583 5240	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:54:56.0620 5240	Ndisuio - ok
15:54:56.0653 5240	NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
15:54:56.0696 5240	NdisWan - ok
15:54:56.0713 5240	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:54:56.0751 5240	NDProxy - ok
15:54:56.0791 5240	Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
15:54:56.0812 5240	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:54:56.0812 5240	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:54:56.0823 5240	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:54:56.0860 5240	NetBIOS - ok
15:54:56.0885 5240	netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
15:54:56.0936 5240	netbt - ok
15:54:56.0957 5240	Netlogon        (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
15:54:56.0977 5240	Netlogon - ok
15:54:57.0012 5240	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:54:57.0068 5240	Netman - ok
15:54:57.0103 5240	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:54:57.0155 5240	netprofm - ok
15:54:57.0227 5240	NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:54:57.0241 5240	NetTcpPortSharing - ok
15:54:57.0287 5240	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:54:57.0300 5240	nfrd960 - ok
15:54:57.0340 5240	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:54:57.0382 5240	NlaSvc - ok
15:54:57.0401 5240	Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
15:54:57.0449 5240	Npfs - ok
15:54:57.0463 5240	NSCIRDA         (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
15:54:57.0510 5240	NSCIRDA - ok
15:54:57.0538 5240	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:54:57.0592 5240	nsi - ok
15:54:57.0605 5240	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:54:57.0657 5240	nsiproxy - ok
15:54:57.0744 5240	Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
15:54:57.0818 5240	Ntfs - ok
15:54:57.0911 5240	NTI IScheduleSvc (944e3911888b9fffd843b91c8abbd3f6) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
15:54:57.0923 5240	NTI IScheduleSvc - ok
15:54:57.0948 5240	NTIBackupSvc    (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
15:54:57.0959 5240	NTIBackupSvc - ok
15:54:57.0986 5240	NTIDrvr         (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
15:54:57.0996 5240	NTIDrvr - ok
15:54:58.0022 5240	NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
15:54:58.0034 5240	NTISchedulerSvc - ok
15:54:58.0075 5240	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:54:58.0165 5240	ntrigdigi - ok
15:54:58.0183 5240	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:54:58.0226 5240	Null - ok
15:54:58.0257 5240	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:54:58.0269 5240	nvraid - ok
15:54:58.0294 5240	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:54:58.0305 5240	nvstor - ok
15:54:58.0329 5240	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:54:58.0345 5240	nv_agp - ok
15:54:58.0350 5240	NwlnkFlt - ok
15:54:58.0358 5240	NwlnkFwd - ok
15:54:58.0476 5240	odserv          (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:54:58.0500 5240	odserv - ok
15:54:58.0541 5240	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
15:54:58.0588 5240	ohci1394 - ok
15:54:58.0619 5240	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:54:58.0633 5240	ose - ok
15:54:58.0704 5240	p2pimsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:54:58.0829 5240	p2pimsvc - ok
15:54:58.0841 5240	p2psvc          (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:54:58.0926 5240	p2psvc - ok
15:54:58.0995 5240	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:54:59.0099 5240	Parport - ok
15:54:59.0117 5240	partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
15:54:59.0133 5240	partmgr - ok
15:54:59.0158 5240	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:54:59.0226 5240	Parvdm - ok
15:54:59.0252 5240	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:54:59.0287 5240	PcaSvc - ok
15:54:59.0301 5240	pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
15:54:59.0318 5240	pci - ok
15:54:59.0342 5240	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:54:59.0355 5240	pciide - ok
15:54:59.0411 5240	pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
15:54:59.0428 5240	pcmcia - ok
15:54:59.0522 5240	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:54:59.0666 5240	PEAUTH - ok
15:54:59.0826 5240	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:54:59.0913 5240	pla - ok
15:55:00.0061 5240	PlugPlay        (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
15:55:00.0116 5240	PlugPlay - ok
15:55:00.0156 5240	Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
15:55:00.0180 5240	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:55:00.0180 5240	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:55:00.0248 5240	PNRPAutoReg     (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:55:00.0324 5240	PNRPAutoReg - ok
15:55:00.0343 5240	PNRPsvc         (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:55:00.0420 5240	PNRPsvc - ok
15:55:00.0519 5240	PolicyAgent     (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
15:55:00.0576 5240	PolicyAgent - ok
15:55:00.0651 5240	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:55:00.0694 5240	PptpMiniport - ok
15:55:00.0722 5240	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:55:00.0761 5240	Processor - ok
15:55:00.0791 5240	ProfSvc         (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
15:55:00.0843 5240	ProfSvc - ok
15:55:00.0868 5240	ProtectedStorage (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
15:55:00.0888 5240	ProtectedStorage - ok
15:55:00.0914 5240	PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
15:55:00.0957 5240	PSched - ok
15:55:01.0079 5240	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:55:01.0198 5240	ql2300 - ok
15:55:01.0220 5240	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:55:01.0235 5240	ql40xx - ok
15:55:01.0295 5240	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:55:01.0325 5240	QWAVE - ok
15:55:01.0352 5240	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:55:01.0371 5240	QWAVEdrv - ok
15:55:01.0388 5240	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:55:01.0442 5240	RasAcd - ok
15:55:01.0459 5240	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:55:01.0500 5240	RasAuto - ok
15:55:01.0523 5240	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:55:01.0564 5240	Rasl2tp - ok
15:55:01.0610 5240	RasMan          (afb474438762f0418060653f7294d92c) C:\Windows\System32\rasmans.dll
15:55:01.0654 5240	RasMan - ok
15:55:01.0678 5240	RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
15:55:01.0725 5240	RasPppoe - ok
15:55:01.0741 5240	RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
15:55:01.0780 5240	RasSstp - ok
15:55:01.0814 5240	rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
15:55:01.0856 5240	rdbss - ok
15:55:01.0872 5240	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:55:01.0910 5240	RDPCDD - ok
15:55:01.0957 5240	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:55:01.0999 5240	rdpdr - ok
15:55:02.0005 5240	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:55:02.0071 5240	RDPENCDD - ok
15:55:02.0109 5240	RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
15:55:02.0166 5240	RDPWD - ok
15:55:02.0210 5240	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:55:02.0250 5240	RemoteAccess - ok
15:55:02.0299 5240	RemoteRegistry  (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
15:55:02.0342 5240	RemoteRegistry - ok
15:55:02.0379 5240	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:55:02.0397 5240	RpcLocator - ok
15:55:02.0455 5240	RpcSs           (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
15:55:02.0486 5240	RpcSs - ok
15:55:02.0522 5240	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:55:02.0562 5240	rspndr - ok
15:55:02.0590 5240	RTHDMIAzAudService (d85da4371af61359edfca4ea06619dd4) C:\Windows\system32\drivers\RtHDMIV.sys
15:55:02.0603 5240	RTHDMIAzAudService - ok
15:55:02.0650 5240	RTSTOR          (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS
15:55:02.0692 5240	RTSTOR - ok
15:55:02.0735 5240	SamSs           (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
15:55:02.0754 5240	SamSs - ok
15:55:02.0781 5240	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:55:02.0795 5240	sbp2port - ok
15:55:02.0836 5240	SCardSvr        (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
15:55:02.0883 5240	SCardSvr - ok
15:55:03.0010 5240	Schedule        (1d5e99db3c10f4fa034010dc49043ca4) C:\Windows\system32\schedsvc.dll
15:55:03.0155 5240	Schedule - ok
15:55:03.0201 5240	SCPolicySvc     (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
15:55:03.0239 5240	SCPolicySvc - ok
15:55:03.0278 5240	SCREAMINGBDRIVER (a643d6df1b7546256b11fb5d6b5d1375) C:\Windows\system32\drivers\ScreamingBAudio.sys
15:55:03.0289 5240	SCREAMINGBDRIVER - ok
15:55:03.0334 5240	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
15:55:03.0391 5240	sdbus - ok
15:55:03.0431 5240	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:55:03.0472 5240	SDRSVC - ok
15:55:03.0504 5240	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:55:03.0588 5240	secdrv - ok
15:55:03.0595 5240	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:55:03.0636 5240	seclogon - ok
15:55:03.0655 5240	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
15:55:03.0695 5240	SENS - ok
15:55:03.0725 5240	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:55:03.0814 5240	Serenum - ok
15:55:03.0851 5240	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:55:03.0946 5240	Serial - ok
15:55:03.0987 5240	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:55:04.0025 5240	sermouse - ok
15:55:04.0056 5240	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:55:04.0099 5240	SessionEnv - ok
15:55:04.0132 5240	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:55:04.0170 5240	sffdisk - ok
15:55:04.0199 5240	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:55:04.0260 5240	sffp_mmc - ok
15:55:04.0293 5240	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:55:04.0331 5240	sffp_sd - ok
15:55:04.0347 5240	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:55:04.0431 5240	sfloppy - ok
15:55:04.0500 5240	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:55:04.0572 5240	SharedAccess - ok
15:55:04.0611 5240	ShellHWDetection (27f10f348e508243f6254846f8370d0d) C:\Windows\System32\shsvcs.dll
15:55:04.0655 5240	ShellHWDetection - ok
15:55:04.0688 5240	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:55:04.0703 5240	sisagp - ok
15:55:04.0725 5240	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:55:04.0740 5240	SiSRaid2 - ok
15:55:04.0761 5240	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:55:04.0776 5240	SiSRaid4 - ok
15:55:04.0974 5240	slsvc           (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
15:55:05.0221 5240	slsvc - ok
15:55:05.0407 5240	SLUINotify      (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
15:55:05.0457 5240	SLUINotify - ok
15:55:05.0495 5240	Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
15:55:05.0542 5240	Smb - ok
15:55:05.0567 5240	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:55:05.0586 5240	SNMPTRAP - ok
15:55:05.0604 5240	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:55:05.0617 5240	spldr - ok
15:55:05.0637 5240	Spooler         (846cdf9a3cf4da9b306adfb7d55ee4c2) C:\Windows\System32\spoolsv.exe
15:55:05.0679 5240	Spooler - ok
15:55:05.0722 5240	srv             (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
15:55:05.0766 5240	srv - ok
15:55:05.0780 5240	srv2            (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
15:55:05.0820 5240	srv2 - ok
15:55:05.0831 5240	srvnet          (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
15:55:05.0871 5240	srvnet - ok
15:55:05.0899 5240	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:55:05.0953 5240	SSDPSRV - ok
15:55:05.0994 5240	ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:55:06.0004 5240	ssmdrv - ok
15:55:06.0036 5240	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:55:06.0089 5240	SstpSvc - ok
15:55:06.0148 5240	Steam Client Service - ok
15:55:06.0214 5240	stisvc          (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
15:55:06.0244 5240	stisvc - ok
15:55:06.0278 5240	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:55:06.0293 5240	swenum - ok
15:55:06.0327 5240	swprv           (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
15:55:06.0374 5240	swprv - ok
15:55:06.0400 5240	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:55:06.0413 5240	Symc8xx - ok
15:55:06.0440 5240	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:55:06.0453 5240	Sym_hi - ok
15:55:06.0480 5240	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:55:06.0494 5240	Sym_u3 - ok
15:55:06.0548 5240	SynTP           (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
15:55:06.0564 5240	SynTP - ok
15:55:06.0621 5240	SysMain         (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
15:55:06.0704 5240	SysMain - ok
15:55:06.0731 5240	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:55:06.0767 5240	TabletInputService - ok
15:55:06.0795 5240	TapiSrv         (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
15:55:06.0849 5240	TapiSrv - ok
15:55:06.0871 5240	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:55:06.0923 5240	TBS - ok
15:55:07.0012 5240	Tcpip           (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys
15:55:07.0132 5240	Tcpip - ok
15:55:07.0147 5240	Tcpip6          (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys
15:55:07.0237 5240	Tcpip6 - ok
15:55:07.0293 5240	tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
15:55:07.0347 5240	tcpipreg - ok
15:55:07.0369 5240	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:55:07.0432 5240	TDPIPE - ok
15:55:07.0450 5240	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:55:07.0487 5240	TDTCP - ok
15:55:07.0517 5240	tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
15:55:07.0563 5240	tdx - ok
15:55:07.0585 5240	TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
15:55:07.0600 5240	TermDD - ok
15:55:07.0649 5240	TermService     (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
15:55:07.0720 5240	TermService - ok
15:55:07.0777 5240	Themes          (27f10f348e508243f6254846f8370d0d) C:\Windows\system32\shsvcs.dll
15:55:07.0821 5240	Themes - ok
15:55:07.0859 5240	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:55:07.0899 5240	THREADORDER - ok
15:55:07.0914 5240	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:55:07.0969 5240	TrkWks - ok
15:55:08.0020 5240	TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
15:55:08.0059 5240	TrustedInstaller - ok
15:55:08.0087 5240	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:55:08.0152 5240	tssecsrv - ok
15:55:08.0162 5240	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:55:08.0200 5240	tunmp - ok
15:55:08.0229 5240	tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
15:55:08.0278 5240	tunnel - ok
15:55:08.0303 5240	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:55:08.0317 5240	uagp35 - ok
15:55:08.0346 5240	UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
15:55:08.0356 5240	UBHelper - ok
15:55:08.0400 5240	udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
15:55:08.0441 5240	udfs - ok
15:55:08.0470 5240	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:55:08.0520 5240	UI0Detect - ok
15:55:08.0538 5240	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:55:08.0554 5240	uliagpkx - ok
15:55:08.0599 5240	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:55:08.0618 5240	uliahci - ok
15:55:08.0654 5240	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:55:08.0669 5240	UlSata - ok
15:55:08.0687 5240	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:55:08.0702 5240	ulsata2 - ok
15:55:08.0731 5240	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:55:08.0779 5240	umbus - ok
15:55:08.0818 5240	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:55:08.0876 5240	upnphost - ok
15:55:08.0922 5240	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:55:08.0972 5240	USBAAPL - ok
15:55:09.0027 5240	usbccgp         (3955375c83afbe4b110c5fb1231345af) C:\Windows\system32\DRIVERS\usbccgp.sys
15:55:09.0075 5240	usbccgp - ok
15:55:09.0122 5240	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:55:09.0192 5240	usbcir - ok
15:55:09.0231 5240	usbehci         (7f8d9d95a00072ccdd43ad3f7b4450c2) C:\Windows\system32\DRIVERS\usbehci.sys
15:55:09.0260 5240	usbehci - ok
15:55:09.0285 5240	usbhub          (63b44b390451ed3b95405adddcc1984e) C:\Windows\system32\DRIVERS\usbhub.sys
15:55:09.0304 5240	usbhub - ok
15:55:09.0331 5240	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:55:09.0399 5240	usbohci - ok
15:55:09.0439 5240	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:55:09.0489 5240	usbprint - ok
15:55:09.0545 5240	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:55:09.0597 5240	usbscan - ok
15:55:09.0633 5240	USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:55:09.0691 5240	USBSTOR - ok
15:55:09.0704 5240	usbuhci         (ca62c65383513c365e1ca5796ccac7b5) C:\Windows\system32\DRIVERS\usbuhci.sys
15:55:09.0721 5240	usbuhci - ok
15:55:09.0738 5240	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:55:09.0784 5240	usbvideo - ok
15:55:09.0818 5240	UxSms           (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
15:55:09.0859 5240	UxSms - ok
15:55:09.0892 5240	VCSVADHWSer     (b2abab4ca46bad182e27763dc19c780f) C:\Windows\system32\DRIVERS\vcsvad.sys
15:55:09.0924 5240	VCSVADHWSer - ok
15:55:09.0967 5240	vds             (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
15:55:10.0024 5240	vds - ok
15:55:10.0092 5240	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:55:10.0154 5240	vga - ok
15:55:10.0167 5240	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:55:10.0216 5240	VgaSave - ok
15:55:10.0245 5240	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:55:10.0259 5240	viaagp - ok
15:55:10.0277 5240	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:55:10.0315 5240	ViaC7 - ok
15:55:10.0333 5240	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:55:10.0346 5240	viaide - ok
15:55:10.0381 5240	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:55:10.0396 5240	volmgr - ok
15:55:10.0418 5240	volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
15:55:10.0439 5240	volmgrx - ok
15:55:10.0459 5240	volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
15:55:10.0478 5240	volsnap - ok
15:55:10.0525 5240	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:55:10.0541 5240	vsmraid - ok
15:55:10.0658 5240	VSS             (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
15:55:10.0783 5240	VSS - ok
15:55:10.0818 5240	W32Time         (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
15:55:10.0874 5240	W32Time - ok
15:55:10.0941 5240	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:55:11.0032 5240	WacomPen - ok
15:55:11.0076 5240	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:55:11.0133 5240	Wanarp - ok
15:55:11.0141 5240	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:55:11.0183 5240	Wanarpv6 - ok
15:55:11.0237 5240	wcncsvc         (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
15:55:11.0327 5240	wcncsvc - ok
15:55:11.0385 5240	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:55:11.0423 5240	WcsPlugInService - ok
15:55:11.0448 5240	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:55:11.0458 5240	Wd - ok
15:55:11.0528 5240	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:55:11.0576 5240	Wdf01000 - ok
15:55:11.0641 5240	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:55:11.0682 5240	WdiServiceHost - ok
15:55:11.0687 5240	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:55:11.0729 5240	WdiSystemHost - ok
15:55:11.0772 5240	WebClient       (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
15:55:11.0807 5240	WebClient - ok
15:55:11.0830 5240	Wecsvc          (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
15:55:11.0873 5240	Wecsvc - ok
15:55:11.0891 5240	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:55:11.0942 5240	wercplsupport - ok
15:55:11.0979 5240	WerSvc          (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
15:55:12.0016 5240	WerSvc - ok
15:55:12.0077 5240	winachsf        (d0116c473ef3c381a42bb55036a1adb1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:55:12.0182 5240	winachsf - ok
15:55:12.0287 5240	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:55:12.0314 5240	WinDefend - ok
15:55:12.0322 5240	WinHttpAutoProxySvc - ok
15:55:12.0403 5240	Winmgmt         (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
15:55:12.0463 5240	Winmgmt - ok
15:55:12.0546 5240	WinRM           (20fc93fdc916843cfdfcaa7a1b0db16f) C:\Windows\system32\WsmSvc.dll
15:55:12.0646 5240	WinRM - ok
15:55:12.0701 5240	Wlansvc         (4b40ff01db5357299dcbdb5a5746ad21) C:\Windows\System32\wlansvc.dll
15:55:12.0725 5240	Wlansvc - ok
15:55:12.0804 5240	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:55:12.0855 5240	WmiAcpi - ok
15:55:12.0928 5240	wmiApSrv        (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
15:55:12.0968 5240	wmiApSrv - ok
15:55:13.0101 5240	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:55:13.0267 5240	WMPNetworkSvc - ok
15:55:13.0345 5240	WPCSvc          (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
15:55:13.0386 5240	WPCSvc - ok
15:55:13.0415 5240	WPDBusEnum      (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
15:55:13.0464 5240	WPDBusEnum - ok
15:55:13.0559 5240	WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
15:55:13.0597 5240	WpdUsb - ok
15:55:13.0628 5240	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:55:13.0670 5240	ws2ifsl - ok
15:55:13.0690 5240	wscsvc          (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
15:55:13.0713 5240	wscsvc - ok
15:55:13.0722 5240	WSearch - ok
15:55:13.0858 5240	wuauserv        (d79538b67fa641e986855def651e78fe) C:\Windows\system32\wuaueng.dll
15:55:14.0076 5240	wuauserv - ok
15:55:14.0241 5240	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:55:14.0279 5240	WUDFRd - ok
15:55:14.0318 5240	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:55:14.0360 5240	wudfsvc - ok
15:55:14.0379 5240	XAudio          (22a08b9faecd6a306868f59b7f03f188) C:\Windows\system32\DRIVERS\XAudio32.sys
15:55:14.0396 5240	XAudio - ok
15:55:14.0429 5240	MBR (0x1B8)     (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0
15:55:14.0828 5240	\Device\Harddisk0\DR0 - ok
15:55:14.0832 5240	Boot (0x1200)   (2b1801ad0246a445ff5091bb2fa14b1b) \Device\Harddisk0\DR0\Partition0
15:55:14.0834 5240	\Device\Harddisk0\DR0\Partition0 - ok
15:55:14.0836 5240	============================================================
15:55:14.0836 5240	Scan finished
15:55:14.0836 5240	============================================================
15:55:14.0920 6032	Detected object count: 6
15:55:14.0920 6032	Actual detected object count: 6
15:59:19.0686 6032	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:19.0686 6032	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:59:19.0689 6032	AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:19.0689 6032	AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:59:19.0692 6032	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:19.0692 6032	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:59:19.0695 6032	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:19.0695 6032	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:59:19.0698 6032	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:19.0698 6032	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:59:19.0700 6032	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:19.0701 6032	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:59:26.0824 5984	Deinitialize success
         
__________________


Alt 26.06.2012, 16:37   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
__________________

Alt 28.06.2012, 17:33   #19
Mr.Mkay
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Code:
ATTFilter
ComboFix 12-06-28.01 - Marcel Klahn 28.06.2012  17:16:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.1984 [GMT 2:00]
ausgeführt von:: c:\users\Marcel Klahn\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\kikin
c:\program files\kikin\default_settings.xml
c:\program files\kikin\file_list.txt
c:\program files\kikin\kikin.ico
c:\program files\kikin\KikinBroker.exe
c:\program files\kikin\KikinCrashReporter.exe
c:\program files\kikin\uninst.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-28 bis 2012-06-28  ))))))))))))))))))))))))))))))
.
.
2012-06-28 15:28 . 2012-06-28 15:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-25 14:17 . 2012-06-25 14:17	--------	d-----w-	C:\_OTL
2012-06-22 12:11 . 2012-06-22 12:11	--------	d-----w-	c:\users\Marcel Klahn\AppData\Roaming\Malwarebytes
2012-06-21 21:14 . 2012-06-21 21:14	--------	d-----w-	c:\program files\ESET
2012-06-06 11:18 . 2012-06-06 11:19	--------	d-----w-	c:\program files\PokerStars
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 13:56 . 2011-03-28 20:13	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-06-14 22:19 . 2012-06-22 11:42	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-22 22:41 . 2009-12-03 14:55	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2008-07-27 18:03	282112	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02	120104	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 68856]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"Facebook Update"="c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-14 137536]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-19 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-25 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-22 30192]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000Core.job
- c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 20:14]
.
2012-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job
- c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 20:14]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 07:41]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 07:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = 
mLocal Page = 
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = 
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Free YouTube to MP3 Converter - c:\users\Marcel Klahn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\balegvbu.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-FormatFactory - c:\program files\FreeTime\FormatFactory\uninst.exe
AddRemove-kikin Plugin (NO23 Edition) - c:\program files\kikin\uninst.exe
AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe
AddRemove-TeamSpeak 3 Client - c:\users\Marcel Klahn\Desktop\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-28 17:28
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\SecuROM\License information*]
"datasecu"=hex:d7,f1,4b,ea,7c,d6,4b,ee,73,e7,80,47,4e,fa,85,c2,d3,f1,bc,cf,79,
   d3,60,7f,71,d5,f4,4d,fc,6b,97,53,b2,1b,6e,09,ea,3f,be,7f,1c,fe,a2,a7,0a,f5,\
"rkeysecu"=hex:cf,93,cb,c3,6b,74,46,3a,94,96,51,0e,7d,ea,65,e2
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-06-28  17:31:40
ComboFix-quarantined-files.txt  2012-06-28 15:31
.
Vor Suchlauf: 16 Verzeichnis(se), 121.768.992.768 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 121.712.115.712 Bytes frei
.
- - End Of File - - 63DBC3A7E816081557E9A743882DF885
         

Alt 29.06.2012, 12:12   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.07.2012, 02:35   #21
Mr.Mkay
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Einmal der GEMA äh GMER scan
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-04 00:03:06
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: bfn8crpz.exe; Driver: C:\Users\MARCEL~1\AppData\Local\Temp\kxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT            8B226F3C                                                                                                                                      ZwCreateThread
SSDT            8B226F28                                                                                                                                      ZwOpenProcess
SSDT            8B226F2D                                                                                                                                      ZwOpenThread
SSDT            8B226F37                                                                                                                                      ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 454                                                                                                               82508A18 4 Bytes  [3C, 6F, 22, 8B]
.text           ntkrnlpa.exe!KeSetTimerEx + 624                                                                                                               82508BE8 4 Bytes  [28, 6F, 22, 8B]
.text           ntkrnlpa.exe!KeSetTimerEx + 640                                                                                                               82508C04 4 Bytes  [2D, 6F, 22, 8B]
.text           ntkrnlpa.exe!KeSetTimerEx + 854                                                                                                               82508E18 4 Bytes  [37, 6F, 22, 8B]
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                      section is writeable [0x8E201000, 0x3C9EA5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[3352] SHELL32.dll!InitNetworkAddressControl + 2939                                                                    76FD0064 4 Bytes  [20, 28, 00, 10] {AND [EAX], CH; ADD [EAX], DL}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3780] ntdll.dll!LdrLoadDll                                                                       77AC7933 5 Bytes  JMP 69E0FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3780] kernel32.dll!MapViewOfFile                                                                 766B7F30 5 Bytes  JMP 6A0B079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3780] kernel32.dll!VirtualAlloc                                                                  766BB86F 5 Bytes  JMP 6A0B07C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3780] GDI32.dll!CreateDIBSection                                                                 76C075C0 5 Bytes  JMP 6A0B0728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2144] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]  [01B41210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                         [74867BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                          [748A98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                      [7486D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                [7485F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                          [74867599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                       [7485E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                           [7489B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                              [7486D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                      [7486012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                       [74860095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                        [748571F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                [748ED802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                   [748875E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                      [7485DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                [7485668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                               [748566BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                  [74861E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                                   [10002A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                       [10001E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                                 [10002D50] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                   [100011D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                        mwlPSDFilter.sys (PSD Filter Driver/Egis Incorporated.)

---- EOF - GMER 1.0.15 ----
         
und OSAM
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:09:42 on 04.07.2012

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000Core.job" - "Facebook Inc." - C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job" - "Facebook Inc." - C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\MARCEL~1\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kxtdypog" (kxtdypog) - ? - C:\Users\MARCEL~1\AppData\Local\Temp\kxtdypog.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys
"mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys
"mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Facebook Update" - "Facebook Inc." - "C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
"ProductReg" - "Acer" - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
"CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
"PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5mu.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Acer" - C:\Windows\system32\Acer.scr

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
asw scan:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-04 00:11:53
-----------------------------
00:11:53.950    OS Version: Windows 6.0.6001 Service Pack 1
00:11:53.950    Number of processors: 2 586 0x170A
00:11:53.953    ComputerName: MEINPC  UserName: 
00:11:56.521    Initialize success
00:14:17.142    AVAST engine defs: 12070301
00:14:46.296    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:14:46.300    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
00:14:46.660    Disk 0 MBR read successfully
00:14:46.662    Disk 0 MBR scan
00:14:46.668    Disk 0 unknown MBR code
00:14:46.772    Disk 0 Partition 1 00     27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
00:14:46.903    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       466938 MB offset 20482048
00:14:47.317    Disk 0 scanning sectors +976771072
00:14:48.142    Disk 0 scanning C:\Windows\system32\drivers
00:16:20.103    Service scanning
00:16:46.722    Modules scanning
00:17:33.813    Disk 0 trace - called modules:
00:17:33.857    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
00:17:33.864    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8621c518]
00:17:33.869    3 CLASSPNP.SYS[8a7a2745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x856ec028]
00:17:36.447    AVAST engine scan C:\Windows
00:19:45.623    AVAST engine scan C:\Windows\system32
00:24:19.222    AVAST engine scan C:\Windows\system32\drivers
00:24:58.356    AVAST engine scan C:\Users\Marcel Klahn
01:06:44.306    AVAST engine scan C:\ProgramData
01:14:54.557    Scan finished successfully
02:31:21.601    Disk 0 MBR has been saved successfully to "C:\Users\Marcel Klahn\Desktop\MBR.dat"
02:31:21.609    The log file has been saved successfully to "C:\Users\Marcel Klahn\Desktop\aswMBR.txt"
         

Alt 05.07.2012, 09:35   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.07.2012, 18:21   #23
Mr.Mkay
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



So, mir hats gereicht, komplett das system neu aufgesetzt, danke für die mühen, kannst du bitte das thema löschen, ich will nicht, dass man hier googeln kann und private Daten erfährt. LG DANKE FÜR DIE BEMÜHUNGEN

Alt 15.07.2012, 19:50   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Schade, dass du so kurz vorm Ziel aufgehört hast, naja
Themen werden hier nicht gelöscht
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu - Rookit und Sirefef -Malwarebytes
80000000.@, 800000cb.@, administrator, anti-malware, antivir, appdata, autostart, code, dateien, dateisystem, ebanking, explorer, firefox, folge, frage, gelöscht, google, heuristiks/extra, heuristiks/shuriken, hotmail, mail, problem, rootkit, scan, seite, seiten, software, trojaner, virus, vista, wichtig



Ähnliche Themen: - Rookit und Sirefef -Malwarebytes


  1. Trojaner TR/Sirefef.BC.57, TR/Sirefef.AG.9, TR/ATRAPS.Gen2, TR/Necurs.A.71 und SpyHunter 4 auf Rechner
    Log-Analyse und Auswertung - 07.05.2013 (7)
  2. Trojaner Sirefef.AG.9 u. Sirefef.AL.50 in C:\$Recycle.Bin\, Vista-Sicherheitscenter u. Firewall nach anschl. VistaUpdate nicht mehr startbar
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (41)
  3. Sirefef-A und Sirefef.mc Virenfund - eigenständiges Öffnen von Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (9)
  4. Trojaner eingefangen - Sirefef-A/Sirefef-AHF/BitCoinMiner-U/Malware-gen
    Log-Analyse und Auswertung - 31.08.2012 (27)
  5. Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (29)
  6. Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (18)
  7. win 32:Sirefef-AO und Malware.gen, win64:Sirefef-A gefunden von avast!
    Log-Analyse und Auswertung - 11.08.2012 (1)
  8. sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (37)
  9. Trojana:Win32/Sirefef.R und Sirefef.AH kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (13)
  10. Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (37)
  11. Trojan:Win64/Sirefef.K + .../Sirefef.D + .../Sirefef.E
    Log-Analyse und Auswertung - 13.01.2012 (15)
  12. Trojan:Win64/Sirefef.K, Sirefef.E und Sirefef.D kommen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)
  13. Trojan:Win64/Sirefef.K & Sirefef.D & Sirefef.E
    Log-Analyse und Auswertung - 02.01.2012 (6)
  14. TR/Rootkit.Gen .... rookit.agent ..... security tool ..... C:\System Volume Informat
    Plagegeister aller Art und deren Bekämpfung - 12.03.2010 (3)
  15. Google zeigt mir unbekannte seiten! rookit oder malware vermutet bitte um hilfe ;)
    Log-Analyse und Auswertung - 25.02.2010 (2)
  16. TR/Rookit.Gen? noch drauf?
    Plagegeister aller Art und deren Bekämpfung - 14.12.2009 (4)
  17. [help]TR/rookit - neustinstallation ? hijack-log. inside
    Plagegeister aller Art und deren Bekämpfung - 21.09.2005 (6)

Zum Thema - Rookit und Sirefef -Malwarebytes - Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis : Bitte den Virenscanner abstellen bevor du den - - Rookit und Sirefef -Malwarebytes...
Archiv
Du betrachtest: - Rookit und Sirefef -Malwarebytes auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.