Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?

Rotary41 · 10.09.2012, 22:31

Hier das Log:

Code:

ATTFilter

 All processes killed
========== OTL ==========
HKU\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-649290938-3021887346-2181847563-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-649290938-3021887346-2181847563-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-649290938-3021887346-2181847563-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-649290938-3021887346-2181847563-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
HKU\S-1-5-21-649290938-3021887346-2181847563-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-649290938-3021887346-2181847563-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\UseDefaultTile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_USERS\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogOff deleted successfully.
Registry value HKEY_USERS\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose deleted successfully.
Registry value HKEY_USERS\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
Registry value HKEY_USERS\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18517f45-9d3f-11de-883d-00235a4df5de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18517f45-9d3f-11de-883d-00235a4df5de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18517f45-9d3f-11de-883d-00235a4df5de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18517f45-9d3f-11de-883d-00235a4df5de}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499b3145-39c7-11de-977a-00235a4df5de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499b3145-39c7-11de-977a-00235a4df5de}\ not found.
File F:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86102433-7e69-11de-93eb-00235a4df5de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86102433-7e69-11de-93eb-00235a4df5de}\ not found.
File G:\wdsync.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c592e948-6750-11df-b30e-00059a3c7800}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c592e948-6750-11df-b30e-00059a3c7800}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c592e948-6750-11df-b30e-00059a3c7800}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c592e948-6750-11df-b30e-00059a3c7800}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c890fdfd-43f4-11de-a320-00235a4df5de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c890fdfd-43f4-11de-a320-00235a4df5de}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NuOIV.EXE not found.
========== FILES ==========
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RZL1A7Y folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RYR4TOE\Exams0809 folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RYR4TOE folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RUESCQ7\Unknown Album (5-29-2010 10-48-01 AM) folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RUESCQ7 folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RU3RO39.0\plug-ins folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RU3RO39.0 folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RTUH9KQ\xulrunner\defaults folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RTUH9KQ\xulrunner folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RTUH9KQ folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RPZMAQD folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$ROKCG5F folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RM3QZ23 folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJPQZET\Otto folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJPQZET folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJ2U0X0\HOME\Sharing folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJ2U0X0\HOME\FromDevice folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJ2U0X0\HOME\Download\temp folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJ2U0X0\HOME\Download\complete\program\TomTom_Application_for__ONE folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJ2U0X0\HOME\Download\complete\program folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJ2U0X0\HOME\Download\complete\partialupdate\RDS-TMC_supplier_data folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJ2U0X0\HOME\Download\complete\partialupdate folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJ2U0X0\HOME\Download\complete\ephemeris\QuickGPSfix folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJ2U0X0\HOME\Download\complete\ephemeris folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJ2U0X0\HOME\Download\complete folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJ2U0X0\HOME\Download folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJ2U0X0\HOME folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RJ2U0X0 folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RIK8X6K folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RH50TKT folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RFZ2ZHD.jenny folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RCHLMH7 folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RCBY35A folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R9Y07LO\Klausuren folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R9Y07LO folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R9RX06L folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R852ZSD folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R7PJ81A folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R7LBHTJ folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R7263EE\Data\TempBook\Images\temp folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R7263EE\Data\TempBook\Images folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R7263EE\Data\TempBook folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R7263EE\Data folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R7263EE\Books folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R7263EE\Backgrounds folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R7263EE folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R1X2VVZ folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$R0AV04B folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000 folder moved successfully.
C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_gimp.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Matthias\Desktop\cmd.bat deleted successfully.
C:\Users\Matthias\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 286800 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 321 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Matthias
->Temp folder emptied: 2458349603 bytes
->Temporary Internet Files folder emptied: 840307619 bytes
->Java cache emptied: 21771440 bytes
->Google Chrome cache emptied: 369967233 bytes
->Flash cache emptied: 1965450 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 159634851 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.674,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.3 log created on 09102012_230015

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 10.09.2012, 22:38

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Rotary41 · 10.09.2012, 22:45

Das ging ja fix

Code:

ATTFilter

 23:41:24.0167 2776  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:41:24.0301 2776  ============================================================
23:41:24.0301 2776  Current date / time: 2012/09/10 23:41:24.0301
23:41:24.0301 2776  SystemInfo:
23:41:24.0302 2776  
23:41:24.0302 2776  OS Version: 6.0.6002 ServicePack: 2.0
23:41:24.0302 2776  Product type: Workstation
23:41:24.0302 2776  ComputerName: ABICOMIII
23:41:24.0302 2776  UserName: Matthias
23:41:24.0302 2776  Windows directory: C:\Windows
23:41:24.0302 2776  System windows directory: C:\Windows
23:41:24.0302 2776  Processor architecture: Intel x86
23:41:24.0302 2776  Number of processors: 2
23:41:24.0302 2776  Page size: 0x1000
23:41:24.0302 2776  Boot type: Normal boot
23:41:24.0302 2776  ============================================================
23:41:25.0348 2776  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:41:25.0350 2776  ============================================================
23:41:25.0350 2776  \Device\Harddisk0\DR0:
23:41:25.0350 2776  MBR partitions:
23:41:25.0350 2776  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1802000, BlocksNum 0xDCE2000
23:41:25.0350 2776  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF4E4000, BlocksNum 0xDCE1000
23:41:25.0350 2776  ============================================================
23:41:25.0389 2776  C: <-> \Device\Harddisk0\DR0\Partition1
23:41:25.0427 2776  D: <-> \Device\Harddisk0\DR0\Partition2
23:41:25.0427 2776  ============================================================
23:41:25.0428 2776  Initialize success
23:41:25.0428 2776  ============================================================
23:43:20.0301 3960  ============================================================
23:43:20.0301 3960  Scan started
23:43:20.0301 3960  Mode: Manual; SigCheck; TDLFS; 
23:43:20.0301 3960  ============================================================
23:43:21.0413 3960  ================ Scan system memory ========================
23:43:21.0413 3960  System memory - ok
23:43:21.0413 3960  ================ Scan services =============================
23:43:21.0786 3960  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
23:43:21.0907 3960  ACPI - ok
23:43:21.0954 3960  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:43:21.0983 3960  adp94xx - ok
23:43:21.0994 3960  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:43:22.0015 3960  adpahci - ok
23:43:22.0029 3960  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
23:43:22.0046 3960  adpu160m - ok
23:43:22.0090 3960  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:43:22.0121 3960  adpu320 - ok
23:43:22.0162 3960  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:43:22.0279 3960  AeLookupSvc - ok
23:43:22.0333 3960  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
23:43:22.0381 3960  AFD - ok
23:43:22.0417 3960  [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
23:43:22.0464 3960  AgereModemAudio - ok
23:43:22.0526 3960  [ 38325C6AA8EAE011897D61CE48EC6435 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
23:43:22.0694 3960  AgereSoftModem - ok
23:43:22.0728 3960  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:43:22.0742 3960  agp440 - ok
23:43:22.0775 3960  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
23:43:22.0800 3960  aic78xx - ok
23:43:22.0842 3960  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
23:43:22.0902 3960  ALG - ok
23:43:22.0948 3960  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:43:22.0961 3960  aliide - ok
23:43:23.0032 3960  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:43:23.0046 3960  amdagp - ok
23:43:23.0073 3960  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:43:23.0086 3960  amdide - ok
23:43:23.0106 3960  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
23:43:23.0168 3960  AmdK7 - ok
23:43:23.0184 3960  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:43:23.0232 3960  AmdK8 - ok
23:43:23.0354 3960  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:43:23.0379 3960  AntiVirSchedulerService - ok
23:43:23.0422 3960  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:43:23.0435 3960  AntiVirService - ok
23:43:23.0476 3960  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
23:43:23.0541 3960  Appinfo - ok
23:43:23.0573 3960  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
23:43:23.0587 3960  arc - ok
23:43:23.0615 3960  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:43:23.0630 3960  arcsas - ok
23:43:23.0656 3960  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:43:23.0704 3960  AsyncMac - ok
23:43:23.0730 3960  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:43:23.0743 3960  atapi - ok
23:43:23.0792 3960  [ 99D78248BFD454BFA9B5BEC37350FADE ] athr            C:\Windows\system32\DRIVERS\athr.sys
23:43:23.0858 3960  athr - ok
23:43:23.0929 3960  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:43:23.0985 3960  AudioEndpointBuilder - ok
23:43:24.0007 3960  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:43:24.0032 3960  Audiosrv - ok
23:43:24.0059 3960  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:43:24.0077 3960  avgntflt - ok
23:43:24.0129 3960  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:43:24.0143 3960  avipbb - ok
23:43:24.0189 3960  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:43:24.0201 3960  avkmgr - ok
23:43:24.0244 3960  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:43:24.0293 3960  Beep - ok
23:43:24.0340 3960  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
23:43:24.0368 3960  BFE - ok
23:43:24.0455 3960  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
23:43:24.0524 3960  BITS - ok
23:43:24.0552 3960  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:43:24.0588 3960  blbdrive - ok
23:43:24.0625 3960  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:43:24.0656 3960  bowser - ok
23:43:24.0682 3960  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
23:43:24.0729 3960  BrFiltLo - ok
23:43:24.0754 3960  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
23:43:24.0804 3960  BrFiltUp - ok
23:43:24.0836 3960  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
23:43:24.0874 3960  Browser - ok
23:43:24.0908 3960  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\DRIVERS\BrSerId.sys
23:43:24.0974 3960  Brserid - ok
23:43:24.0998 3960  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
23:43:25.0058 3960  BrSerWdm - ok
23:43:25.0091 3960  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
23:43:25.0155 3960  BrUsbMdm - ok
23:43:25.0171 3960  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\DRIVERS\BrUsbSer.sys
23:43:25.0227 3960  BrUsbSer - ok
23:43:25.0251 3960  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:43:25.0333 3960  BTHMODEM - ok
23:43:25.0362 3960  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:43:25.0407 3960  cdfs - ok
23:43:25.0421 3960  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:43:25.0462 3960  cdrom - ok
23:43:25.0507 3960  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:43:25.0535 3960  CertPropSvc - ok
23:43:25.0568 3960  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
23:43:25.0610 3960  circlass - ok
23:43:25.0649 3960  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
23:43:25.0669 3960  CLFS - ok
23:43:25.0787 3960  [ 8B67044AE0621C005245EF62EEF0746F ] CLHNService     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
23:43:25.0808 3960  CLHNService ( UnsignedFile.Multi.Generic ) - warning
23:43:25.0809 3960  CLHNService - detected UnsignedFile.Multi.Generic (1)
23:43:25.0875 3960  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:43:25.0888 3960  clr_optimization_v2.0.50727_32 - ok
23:43:25.0961 3960  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:43:25.0975 3960  clr_optimization_v4.0.30319_32 - ok
23:43:26.0019 3960  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:43:26.0054 3960  CmBatt - ok
23:43:26.0086 3960  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:43:26.0098 3960  cmdide - ok
23:43:26.0115 3960  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:43:26.0128 3960  Compbatt - ok
23:43:26.0135 3960  COMSysApp - ok
23:43:26.0147 3960  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:43:26.0160 3960  crcdisk - ok
23:43:26.0177 3960  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
23:43:26.0216 3960  Crusoe - ok
23:43:26.0274 3960  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:43:26.0302 3960  CryptSvc - ok
23:43:26.0358 3960  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
23:43:26.0389 3960  CVirtA - ok
23:43:26.0511 3960  [ 5CE32922F8F74A0D2D6ECC30CDAD01E0 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
23:43:26.0675 3960  CVPND - ok
23:43:26.0731 3960  [ D46B2E0EEAF349F2085F8B164E462156 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
23:43:26.0771 3960  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
23:43:26.0771 3960  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
23:43:26.0819 3960  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:43:26.0895 3960  DcomLaunch - ok
23:43:26.0921 3960  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:43:26.0967 3960  DfsC - ok
23:43:27.0074 3960  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
23:43:27.0228 3960  DFSR - ok
23:43:27.0281 3960  [ 770471DE2550820FEEB7E5D24BF2E273 ] DgiVecp         C:\Windows\system32\Drivers\DgiVecp.sys
23:43:27.0297 3960  DgiVecp ( UnsignedFile.Multi.Generic ) - warning
23:43:27.0297 3960  DgiVecp - detected UnsignedFile.Multi.Generic (1)
23:43:27.0362 3960  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
23:43:27.0403 3960  Dhcp - ok
23:43:27.0449 3960  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
23:43:27.0463 3960  disk - ok
23:43:27.0497 3960  [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
23:43:27.0508 3960  DKbFltr - ok
23:43:27.0554 3960  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
23:43:27.0568 3960  DNE - ok
23:43:27.0609 3960  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:43:27.0632 3960  Dnscache - ok
23:43:27.0665 3960  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:43:27.0707 3960  dot3svc - ok
23:43:27.0755 3960  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
23:43:27.0801 3960  DPS - ok
23:43:27.0862 3960  [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO    C:\PROGRA~1\LAUNCH~1\DPortIO.sys
23:43:27.0872 3960  DritekPortIO - ok
23:43:27.0903 3960  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:43:27.0951 3960  drmkaud - ok
23:43:28.0000 3960  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:43:28.0047 3960  DXGKrnl - ok
23:43:28.0080 3960  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
23:43:28.0118 3960  E1G60 - ok
23:43:28.0153 3960  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
23:43:28.0186 3960  EapHost - ok
23:43:28.0234 3960  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
23:43:28.0251 3960  Ecache - ok
23:43:28.0325 3960  [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
23:43:28.0355 3960  eDataSecurity Service - ok
23:43:28.0413 3960  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:43:28.0450 3960  ehRecvr - ok
23:43:28.0475 3960  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
23:43:28.0510 3960  ehSched - ok
23:43:28.0526 3960  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
23:43:28.0545 3960  ehstart - ok
23:43:28.0591 3960  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:43:28.0615 3960  elxstor - ok
23:43:28.0657 3960  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
23:43:28.0732 3960  EMDMgmt - ok
23:43:28.0794 3960  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:43:28.0838 3960  ErrDev - ok
23:43:28.0876 3960  [ F25247D0E011A643EE60052CE23BE05E ] ETService       C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
23:43:28.0891 3960  ETService ( UnsignedFile.Multi.Generic ) - warning
23:43:28.0891 3960  ETService - detected UnsignedFile.Multi.Generic (1)
23:43:28.0936 3960  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
23:43:28.0977 3960  EventSystem - ok
23:43:29.0021 3960  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
23:43:29.0058 3960  exfat - ok
23:43:29.0081 3960  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:43:29.0114 3960  fastfat - ok
23:43:29.0155 3960  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:43:29.0191 3960  fdc - ok
23:43:29.0225 3960  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:43:29.0251 3960  fdPHost - ok
23:43:29.0281 3960  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:43:29.0344 3960  FDResPub - ok
23:43:29.0352 3960  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:43:29.0367 3960  FileInfo - ok
23:43:29.0396 3960  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:43:29.0434 3960  Filetrace - ok
23:43:29.0527 3960  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:43:29.0599 3960  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:43:29.0599 3960  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:43:29.0620 3960  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:43:29.0659 3960  flpydisk - ok
23:43:29.0695 3960  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:43:29.0714 3960  FltMgr - ok
23:43:29.0804 3960  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
23:43:29.0911 3960  FontCache - ok
23:43:30.0002 3960  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:43:30.0014 3960  FontCache3.0.0.0 - ok
23:43:30.0062 3960  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:43:30.0093 3960  Fs_Rec - ok
23:43:30.0122 3960  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:43:30.0136 3960  gagp30kx - ok
23:43:30.0234 3960  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:43:30.0244 3960  GoogleDesktopManager-051210-111108 - ok
23:43:30.0288 3960  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:43:30.0356 3960  gpsvc - ok
23:43:30.0515 3960  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:43:30.0527 3960  gupdate - ok
23:43:30.0594 3960  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:43:30.0606 3960  gupdatem - ok
23:43:30.0665 3960  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:43:30.0681 3960  gusvc - ok
23:43:30.0726 3960  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:43:30.0788 3960  HdAudAddService - ok
23:43:30.0835 3960  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:43:30.0891 3960  HDAudBus - ok
23:43:30.0915 3960  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:43:30.0983 3960  HidBth - ok
23:43:31.0021 3960  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:43:31.0082 3960  HidIr - ok
23:43:31.0114 3960  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
23:43:31.0157 3960  hidserv - ok
23:43:31.0192 3960  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:43:31.0226 3960  HidUsb - ok
23:43:31.0257 3960  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:43:31.0286 3960  hkmsvc - ok
23:43:31.0306 3960  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
23:43:31.0320 3960  HpCISSs - ok
23:43:31.0360 3960  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:43:31.0398 3960  HTTP - ok
23:43:31.0444 3960  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
23:43:31.0457 3960  i2omp - ok
23:43:31.0487 3960  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:43:31.0522 3960  i8042prt - ok
23:43:31.0549 3960  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
23:43:31.0569 3960  iaStorV - ok
23:43:31.0643 3960  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:43:31.0704 3960  idsvc - ok
23:43:31.0981 3960  [ DCE0B53570703CCE580D066F89EF58CD ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
23:43:33.0161 3960  igfx - ok
23:43:33.0188 3960  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:43:33.0201 3960  iirsp - ok
23:43:33.0235 3960  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:43:33.0300 3960  IKEEXT - ok
23:43:33.0347 3960  [ 58FF11C95C3681C9250914521CB9F036 ] int15           C:\Windows\system32\drivers\int15.sys
23:43:33.0357 3960  int15 - ok
23:43:33.0455 3960  [ CF2219A2FED4F8F2E0817A2BF1658799 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:43:33.0687 3960  IntcAzAudAddService - ok
23:43:33.0728 3960  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:43:33.0741 3960  intelide - ok
23:43:33.0753 3960  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:43:33.0791 3960  intelppm - ok
23:43:33.0831 3960  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:43:33.0861 3960  IPBusEnum - ok
23:43:33.0902 3960  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:43:33.0941 3960  IpFilterDriver - ok
23:43:33.0968 3960  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:43:33.0996 3960  iphlpsvc - ok
23:43:34.0003 3960  IpInIp - ok
23:43:34.0023 3960  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
23:43:34.0052 3960  IPMIDRV - ok
23:43:34.0082 3960  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
23:43:34.0113 3960  IPNAT - ok
23:43:34.0135 3960  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:43:34.0162 3960  IRENUM - ok
23:43:34.0180 3960  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:43:34.0194 3960  isapnp - ok
23:43:34.0246 3960  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:43:34.0263 3960  iScsiPrt - ok
23:43:34.0287 3960  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
23:43:34.0299 3960  iteatapi - ok
23:43:34.0320 3960  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
23:43:34.0332 3960  iteraid - ok
23:43:34.0376 3960  [ FA4A5B32CAE6074205B26971191EFEE4 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
23:43:34.0409 3960  JMCR - ok
23:43:34.0427 3960  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:43:34.0443 3960  kbdclass - ok
23:43:34.0466 3960  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:43:34.0488 3960  kbdhid - ok
23:43:34.0507 3960  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
23:43:34.0553 3960  KeyIso - ok
23:43:34.0603 3960  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:43:34.0633 3960  KSecDD - ok
23:43:34.0674 3960  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:43:34.0722 3960  KtmRm - ok
23:43:34.0771 3960  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:43:34.0807 3960  LanmanServer - ok
23:43:34.0842 3960  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:43:34.0889 3960  LanmanWorkstation - ok
23:43:34.0919 3960  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:43:34.0962 3960  lltdio - ok
23:43:35.0003 3960  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:43:35.0045 3960  lltdsvc - ok
23:43:35.0064 3960  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:43:35.0115 3960  lmhosts - ok
23:43:35.0140 3960  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:43:35.0155 3960  LSI_FC - ok
23:43:35.0191 3960  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:43:35.0205 3960  LSI_SAS - ok
23:43:35.0225 3960  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:43:35.0240 3960  LSI_SCSI - ok
23:43:35.0253 3960  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
23:43:35.0282 3960  luafv - ok
23:43:35.0329 3960  [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
23:43:35.0343 3960  MBAMProtector - ok
23:43:35.0415 3960  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:43:35.0444 3960  MBAMService - ok
23:43:35.0487 3960  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:43:35.0525 3960  Mcx2Svc - ok
23:43:35.0561 3960  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:43:35.0575 3960  megasas - ok
23:43:35.0597 3960  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
23:43:35.0658 3960  MegaSR - ok
23:43:35.0694 3960  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
23:43:35.0744 3960  MMCSS - ok
23:43:35.0773 3960  MobilityService - ok
23:43:35.0799 3960  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
23:43:35.0837 3960  Modem - ok
23:43:35.0864 3960  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:43:35.0891 3960  monitor - ok
23:43:35.0905 3960  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:43:35.0919 3960  mouclass - ok
23:43:35.0929 3960  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:43:35.0963 3960  mouhid - ok
23:43:35.0997 3960  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
23:43:36.0010 3960  MountMgr - ok
23:43:36.0025 3960  [ 447D50511A7AAC23D4CBBE527E1FF1F2 ] MPFP            C:\Windows\system32\Drivers\Mpfp.sys
23:43:36.0039 3960  MPFP - ok
23:43:36.0072 3960  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:43:36.0088 3960  mpio - ok
23:43:36.0110 3960  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:43:36.0147 3960  mpsdrv - ok
23:43:36.0191 3960  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:43:36.0236 3960  MpsSvc - ok
23:43:36.0290 3960  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
23:43:36.0302 3960  Mraid35x - ok
23:43:36.0350 3960  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:43:36.0378 3960  MRxDAV - ok
23:43:36.0396 3960  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:43:36.0432 3960  mrxsmb - ok
23:43:36.0478 3960  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:43:36.0515 3960  mrxsmb10 - ok
23:43:36.0538 3960  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:43:36.0566 3960  mrxsmb20 - ok
23:43:36.0618 3960  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:43:36.0632 3960  msahci - ok
23:43:36.0695 3960  [ 641199534871783DD74138FE0BCFDAE7 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS32.exe
23:43:36.0713 3960  MSCamSvc - ok
23:43:36.0738 3960  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:43:36.0753 3960  msdsm - ok
23:43:36.0777 3960  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
23:43:36.0824 3960  MSDTC - ok
23:43:36.0852 3960  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:43:36.0887 3960  Msfs - ok
23:43:36.0913 3960  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:43:36.0925 3960  msisadrv - ok
23:43:36.0959 3960  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:43:36.0990 3960  MSiSCSI - ok
23:43:36.0997 3960  msiserver - ok
23:43:37.0036 3960  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:43:37.0076 3960  MSKSSRV - ok
23:43:37.0107 3960  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:43:37.0134 3960  MSPCLOCK - ok
23:43:37.0153 3960  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:43:37.0181 3960  MSPQM - ok
23:43:37.0206 3960  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:43:37.0223 3960  MsRPC - ok
23:43:37.0236 3960  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:43:37.0249 3960  mssmbios - ok
23:43:37.0280 3960  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:43:37.0306 3960  MSTEE - ok
23:43:37.0331 3960  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
23:43:37.0346 3960  Mup - ok
23:43:37.0382 3960  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
23:43:37.0421 3960  napagent - ok
23:43:37.0467 3960  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:43:37.0484 3960  NativeWifiP - ok
23:43:37.0536 3960  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:43:37.0580 3960  NDIS - ok
23:43:37.0611 3960  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:43:37.0643 3960  NdisTapi - ok
23:43:37.0674 3960  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:43:37.0701 3960  Ndisuio - ok
23:43:37.0745 3960  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:43:37.0780 3960  NdisWan - ok
23:43:37.0801 3960  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:43:37.0822 3960  NDProxy - ok
23:43:37.0868 3960  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:43:37.0883 3960  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:43:37.0883 3960  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:43:37.0905 3960  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:43:37.0942 3960  NetBIOS - ok
23:43:37.0980 3960  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
23:43:38.0026 3960  netbt - ok
23:43:38.0041 3960  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
23:43:38.0055 3960  Netlogon - ok
23:43:38.0093 3960  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
23:43:38.0142 3960  Netman - ok
23:43:38.0167 3960  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
23:43:38.0209 3960  netprofm - ok
23:43:38.0249 3960  [ A013222A9A890DDAAC967DEBADE59EAD ] netr28          C:\Windows\system32\DRIVERS\netr28.sys
23:43:38.0297 3960  netr28 - ok
23:43:38.0326 3960  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:43:38.0340 3960  NetTcpPortSharing - ok
23:43:38.0375 3960  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:43:38.0388 3960  nfrd960 - ok
23:43:38.0417 3960  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:43:38.0464 3960  NlaSvc - ok
23:43:38.0497 3960  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:43:38.0518 3960  Npfs - ok
23:43:38.0552 3960  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
23:43:38.0596 3960  nsi - ok
23:43:38.0615 3960  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:43:38.0642 3960  nsiproxy - ok
23:43:38.0698 3960  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:43:38.0800 3960  Ntfs - ok
23:43:38.0855 3960  [ 973DCB15731339FCA176E534055CF115 ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
23:43:38.0866 3960  NTIBackupSvc - ok
23:43:38.0892 3960  [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
23:43:38.0902 3960  NTIDrvr - ok
23:43:38.0946 3960  [ 58751F9248D50BCE1053976C9E2F0859 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
23:43:38.0959 3960  NTISchedulerSvc - ok
23:43:38.0981 3960  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
23:43:39.0032 3960  ntrigdigi - ok
23:43:39.0052 3960  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
23:43:39.0087 3960  Null - ok
23:43:39.0113 3960  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:43:39.0128 3960  nvraid - ok
23:43:39.0146 3960  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:43:39.0159 3960  nvstor - ok
23:43:39.0174 3960  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:43:39.0190 3960  nv_agp - ok
23:43:39.0198 3960  NwlnkFlt - ok
23:43:39.0210 3960  NwlnkFwd - ok
23:43:39.0235 3960  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:43:39.0284 3960  ohci1394 - ok
23:43:39.0335 3960  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:43:39.0348 3960  ose - ok
23:43:39.0410 3960  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
23:43:39.0496 3960  p2pimsvc - ok
23:43:39.0543 3960  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:43:39.0572 3960  p2psvc - ok
23:43:39.0631 3960  [ 8D797E55EAEFF7ED79CB04CA0A3FD5B8 ] PAC7311         C:\Windows\system32\DRIVERS\PA707UCM.SYS
23:43:39.0722 3960  PAC7311 - ok
23:43:39.0756 3960  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
23:43:39.0804 3960  Parport - ok
23:43:39.0848 3960  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:43:39.0865 3960  partmgr - ok
23:43:39.0889 3960  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
23:43:39.0945 3960  Parvdm - ok
23:43:39.0970 3960  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:43:40.0008 3960  PcaSvc - ok
23:43:40.0042 3960  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
23:43:40.0059 3960  pci - ok
23:43:40.0077 3960  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
23:43:40.0090 3960  pciide - ok
23:43:40.0131 3960  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:43:40.0146 3960  pcmcia - ok
23:43:40.0187 3960  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:43:40.0267 3960  PEAUTH - ok
23:43:40.0350 3960  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
23:43:40.0510 3960  pla - ok
23:43:40.0594 3960  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:43:40.0620 3960  PlugPlay - ok
23:43:40.0679 3960  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:43:40.0760 3960  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:43:40.0760 3960  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:43:40.0874 3960  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
23:43:40.0932 3960  PNRPAutoReg - ok
23:43:40.0984 3960  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
23:43:41.0051 3960  PNRPsvc - ok
23:43:41.0100 3960  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:43:41.0159 3960  PolicyAgent - ok
23:43:41.0184 3960  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:43:41.0223 3960  PptpMiniport - ok
23:43:41.0249 3960  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
23:43:41.0276 3960  Processor - ok
23:43:41.0310 3960  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:43:41.0333 3960  ProfSvc - ok
23:43:41.0345 3960  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:43:41.0360 3960  ProtectedStorage - ok
23:43:41.0387 3960  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
23:43:41.0418 3960  PSched - ok
23:43:41.0438 3960  [ 628321C8DD76AD369B362B202E655A68 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
23:43:41.0448 3960  PSDFilter - ok
23:43:41.0461 3960  [ 79D7117E62709C7690CF3DD55ACEAD37 ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys
23:43:41.0472 3960  PSDNServ - ok
23:43:41.0492 3960  [ CAE5E82827990CF4BD4A49576BDE3A43 ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys
23:43:41.0504 3960  psdvdisk - ok
23:43:41.0554 3960  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:43:41.0685 3960  ql2300 - ok
23:43:41.0717 3960  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:43:41.0731 3960  ql40xx - ok
23:43:41.0787 3960  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
23:43:41.0808 3960  QWAVE - ok
23:43:41.0820 3960  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:43:41.0847 3960  QWAVEdrv - ok
23:43:41.0862 3960  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:43:41.0903 3960  RasAcd - ok
23:43:41.0928 3960  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
23:43:41.0970 3960  RasAuto - ok
23:43:41.0996 3960  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:43:42.0025 3960  Rasl2tp - ok
23:43:42.0058 3960  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
23:43:42.0096 3960  RasMan - ok
23:43:42.0127 3960  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:43:42.0162 3960  RasPppoe - ok
23:43:42.0199 3960  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:43:42.0215 3960  RasSstp - ok
23:43:42.0244 3960  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:43:42.0270 3960  rdbss - ok
23:43:42.0304 3960  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:43:42.0346 3960  RDPCDD - ok
23:43:42.0392 3960  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
23:43:42.0424 3960  rdpdr - ok
23:43:42.0431 3960  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:43:42.0468 3960  RDPENCDD - ok
23:43:42.0515 3960  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:43:42.0557 3960  RDPWD - ok
23:43:42.0595 3960  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:43:42.0644 3960  RemoteAccess - ok
23:43:42.0679 3960  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:43:42.0714 3960  RemoteRegistry - ok
23:43:42.0781 3960  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\Cyberlink\Shared files\RichVideo.exe
23:43:42.0799 3960  RichVideo - ok
23:43:42.0839 3960  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
23:43:42.0889 3960  RpcLocator - ok
23:43:42.0914 3960  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
23:43:42.0947 3960  RpcSs - ok
23:43:42.0971 3960  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:43:43.0023 3960  rspndr - ok
23:43:43.0053 3960  [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
23:43:43.0117 3960  RTL8169 - ok
23:43:43.0141 3960  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
23:43:43.0155 3960  SamSs - ok
23:43:43.0176 3960  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:43:43.0190 3960  sbp2port - ok
23:43:43.0221 3960  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:43:43.0245 3960  SCardSvr - ok
23:43:43.0302 3960  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
23:43:43.0367 3960  Schedule - ok
23:43:43.0411 3960  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:43:43.0431 3960  SCPolicySvc - ok
23:43:43.0475 3960  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
23:43:43.0519 3960  sdbus - ok
23:43:43.0555 3960  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:43:43.0595 3960  SDRSVC - ok
23:43:43.0613 3960  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:43:43.0673 3960  secdrv - ok
23:43:43.0692 3960  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
23:43:43.0720 3960  seclogon - ok
23:43:43.0736 3960  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
23:43:43.0772 3960  SENS - ok
23:43:43.0789 3960  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:43:43.0849 3960  Serenum - ok
23:43:43.0868 3960  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
23:43:43.0930 3960  Serial - ok
23:43:43.0964 3960  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:43:43.0992 3960  sermouse - ok
23:43:44.0033 3960  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:43:44.0061 3960  SessionEnv - ok
23:43:44.0080 3960  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:43:44.0101 3960  sffdisk - ok
23:43:44.0116 3960  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:43:44.0149 3960  sffp_mmc - ok
23:43:44.0169 3960  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:43:44.0211 3960  sffp_sd - ok
23:43:44.0251 3960  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:43:44.0305 3960  sfloppy - ok
23:43:44.0347 3960  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:43:44.0397 3960  SharedAccess - ok
23:43:44.0440 3960  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:43:44.0471 3960  ShellHWDetection - ok
23:43:44.0494 3960  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:43:44.0508 3960  sisagp - ok
23:43:44.0530 3960  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
23:43:44.0544 3960  SiSRaid2 - ok
23:43:44.0565 3960  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:43:44.0580 3960  SiSRaid4 - ok
23:43:44.0632 3960  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
23:43:44.0647 3960  SkypeUpdate - ok
23:43:44.0762 3960  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
23:43:44.0971 3960  slsvc - ok
23:43:44.0999 3960  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
23:43:45.0032 3960  SLUINotify - ok
23:43:45.0063 3960  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:43:45.0095 3960  Smb - ok
23:43:45.0138 3960  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:43:45.0153 3960  SNMPTRAP - ok
23:43:45.0178 3960  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
23:43:45.0191 3960  spldr - ok
23:43:45.0226 3960  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
23:43:45.0266 3960  Spooler - ok
23:43:45.0318 3960  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:43:45.0351 3960  srv - ok
23:43:45.0387 3960  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:43:45.0420 3960  srv2 - ok
23:43:45.0448 3960  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:43:45.0471 3960  srvnet - ok
23:43:45.0504 3960  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:43:45.0554 3960  SSDPSRV - ok
23:43:45.0580 3960  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
23:43:45.0599 3960  ssmdrv - ok
23:43:45.0630 3960  [ EF3458337D7341A05169CEFC73709264 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
23:43:45.0637 3960  SSPORT ( UnsignedFile.Multi.Generic ) - warning
23:43:45.0637 3960  SSPORT - detected UnsignedFile.Multi.Generic (1)
23:43:45.0654 3960  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:43:45.0670 3960  SstpSvc - ok
23:43:45.0724 3960  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
23:43:45.0795 3960  stisvc - ok
23:43:45.0822 3960  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:43:45.0835 3960  swenum - ok
23:43:45.0869 3960  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
23:43:45.0997 3960  swprv - ok
23:43:46.0037 3960  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
23:43:46.0066 3960  Symc8xx - ok
23:43:46.0084 3960  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
23:43:46.0096 3960  Sym_hi - ok
23:43:46.0115 3960  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
23:43:46.0130 3960  Sym_u3 - ok
23:43:46.0168 3960  [ 32E8B307F0E9F72B66B518FD62EAB91E ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:43:46.0184 3960  SynTP - ok
23:43:46.0233 3960  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
23:43:46.0268 3960  SysMain - ok
23:43:46.0296 3960  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:43:46.0314 3960  TabletInputService - ok
23:43:46.0340 3960  [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
23:43:46.0351 3960  taphss - ok
23:43:46.0388 3960  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:43:46.0432 3960  TapiSrv - ok
23:43:46.0464 3960  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
23:43:46.0500 3960  TBS - ok
23:43:46.0558 3960  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:43:46.0641 3960  Tcpip - ok
23:43:46.0691 3960  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
23:43:46.0782 3960  Tcpip6 - ok
23:43:46.0817 3960  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:43:46.0877 3960  tcpipreg - ok
23:43:46.0909 3960  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:43:46.0954 3960  TDPIPE - ok
23:43:46.0984 3960  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:43:47.0010 3960  TDTCP - ok
23:43:47.0047 3960  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:43:47.0077 3960  tdx - ok
23:43:47.0098 3960  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:43:47.0112 3960  TermDD - ok
23:43:47.0150 3960  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
23:43:47.0195 3960  TermService - ok
23:43:47.0223 3960  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
23:43:47.0240 3960  Themes - ok
23:43:47.0257 3960  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
23:43:47.0284 3960  THREADORDER - ok
23:43:47.0308 3960  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
23:43:47.0337 3960  TrkWks - ok
23:43:47.0371 3960  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:43:47.0392 3960  TrustedInstaller - ok
23:43:47.0428 3960  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:43:47.0462 3960  tssecsrv - ok
23:43:47.0477 3960  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
23:43:47.0502 3960  tunmp - ok
23:43:47.0531 3960  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:43:47.0545 3960  tunnel - ok
23:43:47.0573 3960  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:43:47.0588 3960  uagp35 - ok
23:43:47.0609 3960  [ F763E070843EE2803DE1395002B42938 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
23:43:47.0619 3960  UBHelper - ok
23:43:47.0678 3960  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:43:47.0707 3960  udfs - ok
23:43:47.0750 3960  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:43:47.0790 3960  UI0Detect - ok
23:43:47.0816 3960  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:43:47.0830 3960  uliagpkx - ok
23:43:47.0856 3960  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
23:43:47.0876 3960  uliahci - ok
23:43:47.0899 3960  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
23:43:47.0919 3960  UlSata - ok
23:43:47.0944 3960  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
23:43:47.0959 3960  ulsata2 - ok
23:43:47.0987 3960  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:43:48.0039 3960  umbus - ok
23:43:48.0066 3960  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
23:43:48.0098 3960  upnphost - ok
23:43:48.0140 3960  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:43:48.0173 3960  usbaudio - ok
23:43:48.0209 3960  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:43:48.0243 3960  usbccgp - ok
23:43:48.0265 3960  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:43:48.0322 3960  usbcir - ok
23:43:48.0379 3960  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:43:48.0415 3960  usbehci - ok
23:43:48.0442 3960  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:43:48.0467 3960  usbhub - ok
23:43:48.0491 3960  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:43:48.0545 3960  usbohci - ok
23:43:48.0572 3960  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:43:48.0598 3960  usbprint - ok
23:43:48.0650 3960  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:43:48.0685 3960  usbscan - ok
23:43:48.0719 3960  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:43:48.0741 3960  USBSTOR - ok
23:43:48.0770 3960  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:43:48.0805 3960  usbuhci - ok
23:43:48.0831 3960  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:43:48.0874 3960  usbvideo - ok
23:43:48.0913 3960  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
23:43:48.0956 3960  UxSms - ok
23:43:49.0009 3960  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
23:43:49.0042 3960  vds - ok
23:43:49.0072 3960  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:43:49.0112 3960  vga - ok
23:43:49.0131 3960  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:43:49.0180 3960  VgaSave - ok
23:43:49.0218 3960  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:43:49.0232 3960  viaagp - ok
23:43:49.0246 3960  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
23:43:49.0283 3960  ViaC7 - ok
23:43:49.0305 3960  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
23:43:49.0318 3960  viaide - ok
23:43:49.0332 3960  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:43:49.0346 3960  volmgr - ok
23:43:49.0384 3960  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:43:49.0406 3960  volmgrx - ok
23:43:49.0445 3960  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:43:49.0465 3960  volsnap - ok
23:43:49.0486 3960  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:43:49.0503 3960  vsmraid - ok
23:43:49.0565 3960  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
23:43:49.0699 3960  VSS - ok
23:43:49.0828 3960  [ 13ACFED0E6ADCA97440169DFD127EBCF ] VX3000          C:\Windows\system32\DRIVERS\VX3000.sys
23:43:49.0933 3960  VX3000 - ok
23:43:49.0983 3960  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
23:43:50.0010 3960  W32Time - ok
23:43:50.0044 3960  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:43:50.0090 3960  WacomPen - ok
23:43:50.0114 3960  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
23:43:50.0137 3960  Wanarp - ok
23:43:50.0147 3960  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:43:50.0168 3960  Wanarpv6 - ok
23:43:50.0203 3960  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:43:50.0244 3960  wcncsvc - ok
23:43:50.0280 3960  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:43:50.0302 3960  WcsPlugInService - ok
23:43:50.0326 3960  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
23:43:50.0339 3960  Wd - ok
23:43:50.0378 3960  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:43:50.0421 3960  Wdf01000 - ok
23:43:50.0453 3960  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:43:50.0495 3960  WdiServiceHost - ok
23:43:50.0500 3960  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:43:50.0530 3960  WdiSystemHost - ok
23:43:50.0564 3960  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
23:43:50.0583 3960  WebClient - ok
23:43:50.0627 3960  [ 996580B183E878F692411BAFFE276F19 ] WebUpdate4      C:\Windows\system32\WebUpdateSvc4.exe
23:43:50.0647 3960  WebUpdate4 - ok
23:43:50.0682 3960  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:43:50.0730 3960  Wecsvc - ok
23:43:50.0767 3960  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:43:50.0800 3960  wercplsupport - ok
23:43:50.0829 3960  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:43:50.0852 3960  WerSvc - ok
23:43:50.0890 3960  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:43:50.0912 3960  WinDefend - ok
23:43:50.0919 3960  WinHttpAutoProxySvc - ok
23:43:50.0999 3960  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:43:51.0025 3960  Winmgmt - ok
23:43:51.0125 3960  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:43:51.0249 3960  WinRM - ok
23:43:51.0310 3960  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:43:51.0383 3960  Wlansvc - ok
23:43:51.0498 3960  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:43:51.0673 3960  wlidsvc - ok
23:43:51.0704 3960  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:43:51.0738 3960  WmiAcpi - ok
23:43:51.0791 3960  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:43:51.0815 3960  wmiApSrv - ok
23:43:51.0887 3960  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:43:51.0969 3960  WMPNetworkSvc - ok
23:43:52.0001 3960  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:43:52.0050 3960  WPCSvc - ok
23:43:52.0090 3960  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:43:52.0138 3960  WPDBusEnum - ok
23:43:52.0168 3960  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
23:43:52.0182 3960  WpdUsb - ok
23:43:52.0277 3960  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:43:52.0323 3960  WPFFontCache_v0400 - ok
23:43:52.0358 3960  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:43:52.0401 3960  ws2ifsl - ok
23:43:52.0424 3960  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
23:43:52.0449 3960  wscsvc - ok
23:43:52.0457 3960  WSearch - ok
23:43:52.0555 3960  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
23:43:52.0659 3960  wuauserv - ok
23:43:52.0684 3960  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:43:52.0722 3960  WUDFRd - ok
23:43:52.0753 3960  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:43:52.0782 3960  wudfsvc - ok
23:43:52.0796 3960  ================ Scan global ===============================
23:43:52.0828 3960  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:43:52.0884 3960  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:43:52.0917 3960  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:43:52.0954 3960  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:43:52.0960 3960  [Global] - ok
23:43:52.0960 3960  ================ Scan MBR ==================================
23:43:52.0982 3960  [ EF9CDC51B437D322D54016B68F003416 ] \Device\Harddisk0\DR0
23:43:55.0385 3960  \Device\Harddisk0\DR0 - ok
23:43:55.0385 3960  ================ Scan VBR ==================================
23:43:55.0389 3960  [ 245A2AB677E1BFB5EC96017EA160A709 ] \Device\Harddisk0\DR0\Partition1
23:43:55.0391 3960  \Device\Harddisk0\DR0\Partition1 - ok
23:43:55.0421 3960  [ 25A67732C223D800F89E7F6648496A83 ] \Device\Harddisk0\DR0\Partition2
23:43:55.0423 3960  \Device\Harddisk0\DR0\Partition2 - ok
23:43:55.0423 3960  ============================================================
23:43:55.0423 3960  Scan finished
23:43:55.0423 3960  ============================================================
23:43:55.0438 1080  Detected object count: 8
23:43:55.0438 1080  Actual detected object count: 8
23:44:16.0456 1080  CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user
23:44:16.0456 1080  CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:44:16.0459 1080  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
23:44:16.0459 1080  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:44:16.0461 1080  DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
23:44:16.0462 1080  DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:44:16.0464 1080  ETService ( UnsignedFile.Multi.Generic ) - skipped by user
23:44:16.0464 1080  ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:44:16.0469 1080  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:44:16.0470 1080  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:44:16.0471 1080  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:44:16.0471 1080  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:44:16.0474 1080  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:44:16.0475 1080  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:44:16.0477 1080  SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
23:44:16.0477 1080  SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 11.09.2012, 13:25

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Rotary41 · 11.09.2012, 14:24

Und das nächste Log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-09-11.01 - Matthias 11.09.2012  15:03:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1977.909 [GMT 2:00]
ausgeführt von:: c:\users\Matthias\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-11 bis 2012-09-11  ))))))))))))))))))))))))))))))
.
.
2012-09-11 13:11 . 2012-09-11 13:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-11 13:11 . 2012-09-11 13:11	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-09-10 21:00 . 2012-09-10 21:00	--------	d-----w-	C:\_OTL
2012-09-10 20:46 . 2012-09-10 20:46	--------	d-----w-	c:\windows\system32\drivers\UMDF\de-DE
2012-09-10 20:46 . 2012-09-10 20:46	3584	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\de-DE\LMPRTPRC.DLL.mui
2012-09-10 20:44 . 2012-09-10 20:44	40960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\de\Microsoft.Ink.Resources.dll
2012-09-10 20:43 . 2012-09-10 20:44	--------	d-----w-	c:\windows\system32\0407
2012-09-10 20:43 . 2012-09-10 20:46	--------	d-----w-	c:\windows\de-DE
2012-09-10 20:43 . 2012-09-10 20:46	--------	d-----w-	c:\windows\system32\drivers\de-DE
2012-09-10 20:43 . 2012-09-10 20:46	--------	d-----w-	c:\windows\system32\de
2012-09-10 20:43 . 2012-09-10 20:46	--------	d-----w-	c:\windows\system32\wbem\de-DE
2012-09-10 20:43 . 2012-09-10 20:43	--------	d-----w-	c:\windows\system32\Windows System Resource Manager
2012-09-10 20:40 . 2012-09-10 20:40	--------	d-----w-	c:\windows\system32\Vistalizator
2012-09-05 15:29 . 2012-09-05 15:29	--------	d-----w-	c:\program files\ESET
2012-09-04 10:37 . 2012-09-04 10:37	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-04 10:37 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-16 06:01 . 2012-07-04 14:02	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 14:48 . 2012-05-11 15:57	623616	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-10 20:46 . 2012-09-10 20:46	6144	----a-w-	c:\windows\system32\drivers\UMDF\de-DE\WpdMtpDr.dll.mui
2012-09-10 20:46 . 2012-09-10 20:46	3584	----a-w-	c:\windows\system32\drivers\de-DE\umbus.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wd.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	4608	----a-w-	c:\windows\system32\drivers\de-DE\SCR111.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	4608	----a-w-	c:\windows\system32\drivers\de-DE\pscr.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	4608	----a-w-	c:\windows\system32\drivers\de-DE\grserial.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	4096	----a-w-	c:\windows\system32\drivers\de-DE\scmstcs.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	4096	----a-w-	c:\windows\system32\drivers\de-DE\gpr400.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	3584	----a-w-	c:\windows\system32\drivers\de-DE\stcusb.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	3584	----a-w-	c:\windows\system32\drivers\de-DE\serscan.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	3584	----a-w-	c:\windows\system32\drivers\de-DE\cxbp0wdm.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	3072	----a-w-	c:\windows\system32\drivers\de-DE\cmbp0wdm.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	5120	----a-w-	c:\windows\system32\drivers\de-DE\pcmcia.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	5632	----a-w-	c:\windows\system32\drivers\de-DE\nv4_mini.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	5120	----a-w-	c:\windows\system32\drivers\de-DE\ntrigdigi.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	6656	----a-w-	c:\windows\system32\drivers\de-DE\yk60x86.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	6144	----a-w-	c:\windows\system32\drivers\de-DE\bcm4sbxp.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	4608	----a-w-	c:\windows\system32\drivers\de-DE\msdsm.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	4096	----a-w-	c:\windows\system32\drivers\de-DE\parport.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	3584	----a-w-	c:\windows\system32\drivers\de-DE\rndismpx.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	3584	----a-w-	c:\windows\system32\drivers\de-DE\parvdm.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\amdide.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	3584	----a-w-	c:\windows\system32\drivers\de-DE\scsiport.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	10240	----a-w-	c:\windows\system32\drivers\de-DE\afd.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	4096	----a-w-	c:\windows\system32\drivers\de-DE\modem.sys.mui
2012-09-10 20:46 . 2012-09-10 20:46	3072	----a-w-	c:\windows\system32\drivers\de-DE\srv.sys.mui
2012-09-10 20:45 . 2012-09-10 20:45	3584	----a-w-	c:\windows\system32\drivers\de-DE\RNDISMP.sys.mui
2012-09-10 20:45 . 2012-09-10 20:45	3072	----a-w-	c:\windows\system32\drivers\de-DE\qwavedrv.sys.mui
2012-09-10 20:45 . 2012-09-10 20:45	3584	----a-w-	c:\windows\system32\drivers\de-DE\pacer.sys.mui
2012-09-10 20:45 . 2012-09-10 20:45	77824	----a-w-	c:\windows\system32\drivers\de-DE\ntfs.sys.mui
2012-09-10 20:45 . 2012-09-10 20:45	3584	----a-w-	c:\windows\system32\drivers\de-DE\nfsrdr.sys.mui
2012-09-10 20:45 . 2012-09-10 20:45	4096	----a-w-	c:\windows\system32\drivers\de-DE\ipnat.sys.mui
2012-09-10 20:45 . 2012-09-10 20:45	4096	----a-w-	c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2012-09-10 20:45 . 2012-09-10 20:45	5632	----a-w-	c:\windows\system32\drivers\de-DE\fltmgr.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	3072	----a-w-	c:\windows\system32\drivers\de-DE\pnpmem.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	10752	----a-w-	c:\windows\system32\drivers\de-DE\ltmdmnt.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	7168	----a-w-	c:\windows\system32\drivers\de-DE\IPMIDrv.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	4608	----a-w-	c:\windows\system32\drivers\de-DE\wacompen.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	3584	----a-w-	c:\windows\system32\drivers\de-DE\hidbth.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	12288	----a-w-	c:\windows\system32\drivers\de-DE\serial.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	3072	----a-w-	c:\windows\system32\drivers\de-DE\Dot4usb.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	5120	----a-w-	c:\windows\system32\drivers\de-DE\bthpan.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	2560	----a-w-	c:\windows\system32\drivers\de-DE\BrParwdm.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	11776	----a-w-	c:\windows\system32\drivers\de-DE\BrSerId.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	3584	----a-w-	c:\windows\system32\drivers\de-DE\atikmdag.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	3584	----a-w-	c:\windows\system32\drivers\de-DE\ati2mtag.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	3584	----a-w-	c:\windows\system32\drivers\de-DE\ati2mpad.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	3072	----a-w-	c:\windows\system32\drivers\de-DE\UAGP35.SYS.mui
2012-09-10 20:44 . 2012-09-10 20:44	3072	----a-w-	c:\windows\system32\drivers\de-DE\GAGP30KX.SYS.mui
2012-09-10 20:44 . 2012-09-10 20:44	12288	----a-w-	c:\windows\system32\drivers\de-DE\ohci1394.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	45056	----a-w-	c:\windows\system32\drivers\de-DE\http.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	7680	----a-w-	c:\windows\system32\drivers\de-DE\luafv.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	6144	----a-w-	c:\windows\system32\drivers\de-DE\b57nd60x.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	25088	----a-w-	c:\windows\system32\drivers\de-DE\e1e6032.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	6144	----a-w-	c:\windows\system32\drivers\de-DE\sermouse.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	5120	----a-w-	c:\windows\system32\drivers\de-DE\mouclass.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	5120	----a-w-	c:\windows\system32\drivers\de-DE\e100b325.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	40960	----a-w-	c:\windows\system32\drivers\de-DE\volsnap.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	3584	----a-w-	c:\windows\system32\drivers\de-DE\mouhid.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	22016	----a-w-	c:\windows\system32\drivers\de-DE\E1G60I32.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	5632	----a-w-	c:\windows\system32\drivers\de-DE\tpm.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	3072	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-09-10 20:44 . 2012-09-10 20:44	28160	----a-w-	c:\windows\system32\drivers\de-DE\mpio.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	15872	----a-w-	c:\windows\system32\drivers\de-DE\fvevol.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	5632	----a-w-	c:\windows\system32\drivers\de-DE\kbdclass.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	3072	----a-w-	c:\windows\system32\drivers\de-DE\VIAAGP.SYS.mui
2012-09-10 20:43 . 2012-09-10 20:43	3072	----a-w-	c:\windows\system32\drivers\de-DE\ULIAGPKX.SYS.mui
2012-09-10 20:43 . 2012-09-10 20:43	3072	----a-w-	c:\windows\system32\drivers\de-DE\SISAGP.SYS.mui
2012-09-10 20:43 . 2012-09-10 20:43	3072	----a-w-	c:\windows\system32\drivers\de-DE\kbdhid.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	11264	----a-w-	c:\windows\system32\drivers\de-DE\i8042prt.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	3072	----a-w-	c:\windows\system32\drivers\de-DE\NV_AGP.SYS.mui
2012-09-10 20:43 . 2012-09-10 20:43	8704	----a-w-	c:\windows\system32\drivers\de-DE\pci.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	4608	----a-w-	c:\windows\system32\drivers\de-DE\isapnp.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	3584	----a-w-	c:\windows\system32\drivers\de-DE\mssmbios.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	3072	----a-w-	c:\windows\system32\drivers\de-DE\AMDAGP.SYS.mui
2012-09-10 20:43 . 2012-09-10 20:43	3072	----a-w-	c:\windows\system32\drivers\de-DE\AGP440.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	21504	----a-w-	c:\windows\system32\drivers\de-DE\viac7.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	21504	----a-w-	c:\windows\system32\drivers\de-DE\processr.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	21504	----a-w-	c:\windows\system32\drivers\de-DE\intelppm.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	21504	----a-w-	c:\windows\system32\drivers\de-DE\crusoe.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	21504	----a-w-	c:\windows\system32\drivers\de-DE\amdk8.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	21504	----a-w-	c:\windows\system32\drivers\de-DE\amdk7.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	11264	----a-w-	c:\windows\system32\drivers\de-DE\acpi.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	8704	----a-w-	c:\windows\system32\drivers\de-DE\bthport.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	4096	----a-w-	c:\windows\system32\drivers\de-DE\hdaudbus.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	10240	----a-w-	c:\windows\system32\drivers\de-DE\battc.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	4096	----a-w-	c:\windows\system32\drivers\de-DE\vmbus.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	3584	----a-w-	c:\windows\system32\drivers\de-DE\vmstorfl.sys.mui
2012-09-10 20:43 . 2012-09-10 20:43	15872	----a-w-	c:\windows\web\ts\bin\de\TSPortalWebPart.resources.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17	1261568	----a-w-	c:\program files\Acer\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21	3387392	----a-w-	c:\program files\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43	640376	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25	37232	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57	948672	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-10-09 05:49	147456	------w-	c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-10-03 03:18	294544	----a-w-	c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-10-09 05:49	167936	------w-	c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-07-30 01:52	526896	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-15 17:16	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-05 23:59	133104	----atw-	c:\users\Matthias\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-11 18:26	171032	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-11 18:26	137752	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45	279912	----a-w-	c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-07-02 18:35	850440	----a-w-	c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46	462920	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-11 18:26	172568	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-10-17 22:54	167936	------w-	c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-06-20 00:52	6244896	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 01:15	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07	252296	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-02-22 18:50	1037608	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-26 06:08	198160	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2007-04-10 21:46	709992	----a-w-	c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28	2153472	----a-w-	c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:36]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:36]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-649290938-3021887346-2181847563-1000Core.job
- c:\users\Matthias\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-05 23:59]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-649290938-3021887346-2181847563-1000UA.job
- c:\users\Matthias\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-05 23:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0209&m=aspire_4730z
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-11 15:16
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\windows\system32\wbem\Performance\WmiApRpl_new.h 357 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-649290938-3021887346-2181847563-1000\Software\SecuROM\License information*]
"datasecu"=hex:35,92,e1,91,33,4e,29,6e,e0,01,d0,0c,4b,6b,a0,21,21,9a,a6,1f,88,
   ff,5e,17,54,96,45,7c,0a,85,72,8d,18,f0,cb,6c,7c,10,d5,86,e1,95,0e,30,62,79,\
"rkeysecu"=hex:c4,66,44,8c,7c,08,40,32,f9,80,49,ff,1c,bb,ee,55
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2656)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Audible\Bin\AAXSDKWin.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\WebUpdateSvc4.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-11  15:22:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-11 13:22
.
Vor Suchlauf: 16 Verzeichnis(se), 34.727.518.208 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 34.549.776.384 Bytes frei
.
- - End Of File - - 9A15021AC1B4DFDA1D6E99D40B91CBC0

--- --- ---

cosinus · 11.09.2012, 20:56

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Rotary41 · 11.09.2012, 21:35

So, hier die nächsten Logs.

GMER
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-11 17:59:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA
Running: p5d79n66.exe; Driver: C:\Users\Matthias\AppData\Local\Temp\fwliipog.sys


---- System - GMER 1.0.15 ----

SSDT            89DED37E                                                                                                 ZwCreateSection
SSDT            89DED388                                                                                                 ZwRequestWaitReplyPort
SSDT            89DED383                                                                                                 ZwSetContextThread
SSDT            89DED38D                                                                                                 ZwSetSecurityObject
SSDT            89DED392                                                                                                 ZwSystemDebugControl
SSDT            89DED31F                                                                                                 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                            822B98D8 4 Bytes  [7E, D3, DE, 89]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                            822B9BFC 4 Bytes  [88, D3, DE, 89]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                            822B9C30 4 Bytes  [83, D3, DE, 89]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                            822B9C94 4 Bytes  [8D, D3, DE, 89]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                            822B9CDC 4 Bytes  [92, D3, DE, 89]
.text           ...                                                                                                      

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[2924] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                               7634B37C 4 Bytes  [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}
.text           C:\Windows\Explorer.EXE[2924] SHELL32.dll!ShellExecuteExW + 18B7                                         7637DA14 4 Bytes  [10, 1B, 00, 10] {ADC [EBX], BL; ADD [EAX], DL}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]              [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT             C:\Windows\Explorer.EXE[2924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]  [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT             C:\Windows\Explorer.EXE[2924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]            [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT             C:\Windows\Explorer.EXE[2924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]              [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                  Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                  Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:10:59 on 11.09.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Google Inc. Google Chrome 21.0.1180.89

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-649290938-3021887346-2181847563-1000Core.job" - "Google Inc." - C:\Users\Matthias\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-649290938-3021887346-2181847563-1000UA.job" - "Google Inc." - C:\Users\Matthias\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\Windows\system32\Drivers\DgiVecp.sys
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys
"fwliipog" (fwliipog) - ? - C:\Users\Matthias\AppData\Local\Temp\fwliipog.sys  (Hidden registry entry, rootkit activity | File not found)
"int15" (int15) - "Acer, Inc." - C:\Windows\system32\drivers\int15.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys
"PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Inc." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{00000000-0000-0000-0000-000000000000}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{888078C6-70B2-4F88-8EE7-1F50DDEA6120} "CeWe Color AG & Co. OHG Control" - "CeWe Color AG & Co. OHG" - C:\Windows\Downloaded Program Files\ImageUploader6.ocx / https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\Windows\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\Windows\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "Egis" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
"eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
"Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update Service (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft LifeCam\MSCamS32.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Web Update Wizard Service V4" (WebUpdate4) - "Data Perceptions / PowerProgrammer" - C:\Windows\system32\WebUpdateSvc4.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

aswMBR

Code:

ATTFilter

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-11 22:05:07
-----------------------------
22:05:07.617    OS Version: Windows 6.0.6002 Service Pack 2
22:05:07.617    Number of processors: 2 586 0xF0D
22:05:07.618    ComputerName: ABICOMIII  UserName: Matthias
22:06:14.213    Initialize success
22:06:14.265    write error "aswCmnB.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
22:08:41.522    AVAST engine defs: 12091101
22:08:46.799    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:08:46.804    Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 3
22:08:46.845    Disk 0 MBR read successfully
22:08:46.849    Disk 0 MBR scan
22:08:47.097    Disk 0 unknown MBR code
22:08:47.135    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12291 MB offset 63
22:08:47.215    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       113092 MB offset 25174016
22:08:47.246    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       113090 MB offset 256786432
22:08:47.297    Disk 0 scanning sectors +488394752
22:08:47.521    Disk 0 scanning C:\Windows\system32\drivers
22:09:42.904    Service scanning
22:10:38.362    Modules scanning
22:11:13.622    Disk 0 trace - called modules:
22:11:13.650    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys 
22:11:13.658    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852a1ac8]
22:11:13.665    3 CLASSPNP.SYS[87da78b3] -> nt!IofCallDriver -> [0x84c07aa0]
22:11:13.672    5 acpi.sys[806996bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84bf21b0]
22:11:15.034    AVAST engine scan C:\Windows
22:11:27.214    AVAST engine scan C:\Windows\system32
22:17:36.740    AVAST engine scan C:\Windows\system32\drivers
22:17:59.695    AVAST engine scan C:\Users\Matthias
22:30:24.570    AVAST engine scan C:\ProgramData
22:32:59.458    Scan finished successfully
22:34:43.202    Disk 0 MBR has been saved successfully to "C:\Users\Matthias\Desktop\MBR.dat"
22:34:43.215    The log file has been saved successfully to "C:\Users\Matthias\Desktop\aswMBR.txt"

cosinus · 11.09.2012, 23:59

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Rotary41 · 12.09.2012, 00:15

Heißt

"ein neues Log mit aswMBR machen"

einen neuen Scan durchführen?

cosinus · 12.09.2012, 00:31

ja genau, wie beim ersten Durchgang

Rotary41 · 12.09.2012, 00:37

Ah, vielen Dank; das hatte ich fast vermutet

Code:

ATTFilter

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-11 22:05:07
-----------------------------
22:05:07.617    OS Version: Windows 6.0.6002 Service Pack 2
22:05:07.617    Number of processors: 2 586 0xF0D
22:05:07.618    ComputerName: ABICOMIII  UserName: Matthias
22:06:14.213    Initialize success
22:06:14.265    write error "aswCmnB.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
22:08:41.522    AVAST engine defs: 12091101
22:08:46.799    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:08:46.804    Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 3
22:08:46.845    Disk 0 MBR read successfully
22:08:46.849    Disk 0 MBR scan
22:08:47.097    Disk 0 unknown MBR code
22:08:47.135    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12291 MB offset 63
22:08:47.215    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       113092 MB offset 25174016
22:08:47.246    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       113090 MB offset 256786432
22:08:47.297    Disk 0 scanning sectors +488394752
22:08:47.521    Disk 0 scanning C:\Windows\system32\drivers
22:09:42.904    Service scanning
22:10:38.362    Modules scanning
22:11:13.622    Disk 0 trace - called modules:
22:11:13.650    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys 
22:11:13.658    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852a1ac8]
22:11:13.665    3 CLASSPNP.SYS[87da78b3] -> nt!IofCallDriver -> [0x84c07aa0]
22:11:13.672    5 acpi.sys[806996bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84bf21b0]
22:11:15.034    AVAST engine scan C:\Windows
22:11:27.214    AVAST engine scan C:\Windows\system32
22:17:36.740    AVAST engine scan C:\Windows\system32\drivers
22:17:59.695    AVAST engine scan C:\Users\Matthias
22:30:24.570    AVAST engine scan C:\ProgramData
22:32:59.458    Scan finished successfully
22:34:43.202    Disk 0 MBR has been saved successfully to "C:\Users\Matthias\Desktop\MBR.dat"
22:34:43.215    The log file has been saved successfully to "C:\Users\Matthias\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-12 01:15:36
-----------------------------
01:15:36.103    OS Version: Windows 6.0.6002 Service Pack 2
01:15:36.104    Number of processors: 2 586 0xF0D
01:15:36.105    ComputerName: ABICOMIII  UserName: Matthias
01:15:40.543    Initialize success
01:15:59.860    AVAST engine defs: 12091101
01:16:26.433    The log file has been saved successfully to "C:\Users\Matthias\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-12 01:15:36
-----------------------------
01:15:36.103    OS Version: Windows 6.0.6002 Service Pack 2
01:15:36.104    Number of processors: 2 586 0xF0D
01:15:36.105    ComputerName: ABICOMIII  UserName: Matthias
01:15:40.543    Initialize success
01:15:59.860    AVAST engine defs: 12091101
01:16:26.433    The log file has been saved successfully to "C:\Users\Matthias\Desktop\aswMBR.txt"
01:17:38.539    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:17:38.542    Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 3
01:17:38.629    Disk 0 MBR read successfully
01:17:38.632    Disk 0 MBR scan
01:17:38.743    Disk 0 Windows VISTA default MBR code
01:17:38.771    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12291 MB offset 63
01:17:38.840    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       113092 MB offset 25174016
01:17:38.881    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       113090 MB offset 256786432
01:17:38.910    Disk 0 scanning sectors +488394752
01:17:39.230    Disk 0 scanning C:\Windows\system32\drivers
01:17:58.265    Service scanning
01:18:29.605    Modules scanning
01:19:10.575    Disk 0 trace - called modules:
01:19:10.608    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys afd.sys NETIO.SYS tcpip.sys rdbss.sys 
01:19:10.615    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85294ac8]
01:19:10.622    3 CLASSPNP.SYS[87daa8b3] -> nt!IofCallDriver -> [0x84b9a918]
01:19:10.629    5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84bf2390]
01:19:11.329    AVAST engine scan C:\Windows
01:19:22.355    AVAST engine scan C:\Windows\system32
01:23:35.018    AVAST engine scan C:\Windows\system32\drivers
01:23:50.291    AVAST engine scan C:\Users\Matthias
01:33:24.129    AVAST engine scan C:\ProgramData
01:36:06.387    Scan finished successfully
01:36:19.059    Disk 0 MBR has been saved successfully to "C:\Users\Matthias\Desktop\MBR.dat"
01:36:19.088    The log file has been saved successfully to "C:\Users\Matthias\Desktop\aswMBR.txt"

cosinus · 12.09.2012, 00:39

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Rotary41 · 12.09.2012, 00:41

Mache ich

Zunächst das Malwarebytes-Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.07.13

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Matthias :: ABICOMIII [administrator]

12.09.2012 01:47:15
mbam-log-2012-09-12 (10-57-37).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391584
Time elapsed: 1 hour(s), 37 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Matthias\Documents\Downloads\ezCoverMaker3.exe (Adware.Onlinegames) -> No action taken.
C:\_OTL\MovedFiles\09102012_230015\C_Users\Matthias\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> No action taken.

(end)

cosinus · 12.09.2012, 12:32

Code:

ATTFilter

C:\Users\Matthias\Documents\Downloads\ezCoverMaker3.exe (Adware.Onlinegames) -> No action taken.
C:\_OTL\MovedFiles\09102012_230015\C_Users\Matthias\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.Off

1) ist nur Adware - wahrscheinlich Toolbar im Installer
2) isolierter Schädling in der Q von OTL - das ist folgerichtig, dass dort Schädlinge liegen, die sind aber nicht aktiv

Rotary41 · 12.09.2012, 15:19

So:

Code:

ATTFilter

 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/12/2012 at 04:15 PM

Application Version : 5.5.1016

Core Rules Database Version : 9212
Trace Rules Database Version: 7024

Scan type       : Complete Scan
Total Scan Time : 02:04:58

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 752
Memory threats detected   : 0
Registry items scanned    : 34963
Registry threats detected : 0
File items scanned        : 171028
File threats detected     : 4

Adware.Tracking Cookie
	.doubleclick.net [ C:\USERS\MATTHIAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\MATTHIAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\MATTHIAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-SoftonicDownloader
	C:\_OTL\MOVEDFILES\09102012_230015\C_USERS\MATTHIAS\DOWNLOADS\SOFTONICDOWNLOADER_FUER_GIMP.EXE

12.09.2012, 00:31	#40
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? ja genau, wie beim ersten Durchgang __________________ Logfiles bitte immer in CODE-Tags posten

12.09.2012, 00:39	#42
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?

Plagegeister aller Art und deren Bekämpfung: Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?