Trojaner-Board - Trojaner TR/TDss.abx und TR/Alureon, Dateien weg

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Trojaner TR/TDss.abx und TR/Alureon, Dateien weg (https://www.trojaner-board.de/124507-trojaner-tr-tdss-abx-tr-alureon-dateien-weg.html)

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - user.js - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\Shell - "" = AutoRun

O33 - MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\Shell\AutoRun\command - "" = F:\Startme.exe

:Files

C:\Users\Chrissi\Desktop\File_Recovery.lnk

C:\ProgramData\-r9VEbHteCG314Gr

C:\ProgramData\-r9VEbHteCG314G

C:\ProgramData\r9VEbHteCG314G

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Oh oh - der Laptop hat sich währenddessen aufgehängt... "Keine Rückmeldung"

Auf dem Bildschirm ist nur das geöffnete OTL-Programm zu sehen, ansonsten ist im Hintergrund ein Windows-Hintergrundbild, aber keine Icons...

Und nun?? :heulen:

Jetzt stand da gerade: Das Programm wird nicht richtig ausgeführt. Das Programm wird geschlossen.

Und nun ist alles weg.... ?!?! Nur noch ein türkisblauer Windows-Hintergrund und der Mauspfeil sind noch da...

Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.

Ok.

Das kann aber ein Weilchen dauern, er installiert gerade Update 1 von 64!

So, nachdem der Laptop jetzt alle Updates installiert hat und ich ihn neu hochgefahren habe (im abgesicherten Modus mit Netzwerktreibern) stand da nun Folgendes:

Code:



Files\Folders moved on Reboot...

File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_BB01CACA-2267-47EE-991C-01BDDFBA7721.0\3A55CDE6. not found!

File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_B4E1D178-D07F-40EE-B6BA-C2E1E959F2AA.0\81A8421. not found!

File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_7360CF61-5058-404E-924F-C5611F39455A.0\246E4431. not found!

File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_42ECA27C-F6CB-4C64-9EC0-782A156A2C37.0\CA253CDA. not found!
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Ist das nun schon fertig oder muss ich den OTL-Fix nochmal machen?

Sieht aus, als hättest du mein Fixscript nicht komplett bzw. 1:1 kopiert oder du hast das Log unvollständig gepostet!

Nee, also der Log ist komplett so, mehr stand da nicht.

Soll ich das einfach nochmal machen alles??

Dann wiederhol den Fix bitte!

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File C:\autoexec.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\ not found.

File F:\Startme.exe not found.

========== FILES ==========

File\Folder C:\Users\Chrissi\Desktop\File_Recovery.lnk not found.

File\Folder C:\ProgramData\-r9VEbHteCG314Gr not found.

File\Folder C:\ProgramData\-r9VEbHteCG314G not found.

File\Folder C:\ProgramData\r9VEbHteCG314G not found.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\Chrissi\Desktop\cmd.bat deleted successfully.

C:\Users\Chrissi\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Chrissi

->Temp folder emptied: 356119 bytes

->Temporary Internet Files folder emptied: 48235627 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 628 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Schule

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 221052430 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 257,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.66.2 log created on 09262012_161649
 

Files\Folders moved on Reboot...

File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_BB01CACA-2267-47EE-991C-01BDDFBA7721.0\3A55CDE6. not found!

File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_B4E1D178-D07F-40EE-B6BA-C2E1E959F2AA.0\81A8421. not found!

File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_7360CF61-5058-404E-924F-C5611F39455A.0\246E4431. not found!

File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_42ECA27C-F6CB-4C64-9EC0-782A156A2C37.0\CA253CDA. not found!
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Code:

18:54:31.0333 6128  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

18:54:31.0473 6128  ============================================================

18:54:31.0473 6128  Current date / time: 2012/09/26 18:54:31.0473

18:54:31.0473 6128  SystemInfo:

18:54:31.0474 6128  

18:54:31.0474 6128  OS Version: 6.0.6002 ServicePack: 2.0

18:54:31.0474 6128  Product type: Workstation

18:54:31.0474 6128  ComputerName: CHRISSI-PC

18:54:31.0474 6128  UserName: Chrissi

18:54:31.0474 6128  Windows directory: C:\Windows

18:54:31.0474 6128  System windows directory: C:\Windows

18:54:31.0474 6128  Processor architecture: Intel x86

18:54:31.0474 6128  Number of processors: 2

18:54:31.0474 6128  Page size: 0x1000

18:54:31.0474 6128  Boot type: Normal boot

18:54:31.0474 6128  ============================================================

18:54:32.0023 6128  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

18:54:32.0039 6128  ============================================================

18:54:32.0039 6128  \Device\Harddisk0\DR0:

18:54:32.0039 6128  MBR partitions:

18:54:32.0158 6128  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x226D3F70, BlocksNum 0x2D59751

18:54:32.0158 6128  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x226D3EF2

18:54:32.0158 6128  ============================================================

18:54:32.0227 6128  C: <-> \Device\Harddisk0\DR0\Partition2

18:54:32.0227 6128  D: <-> \Device\Harddisk0\DR0\Partition1

18:54:32.0227 6128  ============================================================

18:54:32.0227 6128  Initialize success

18:54:32.0227 6128  ============================================================

18:55:09.0255 5744  ============================================================

18:55:09.0255 5744  Scan started

18:55:09.0255 5744  Mode: Manual; SigCheck; TDLFS; 

18:55:09.0255 5744  ============================================================

18:55:10.0182 5744  ================ Scan system memory ========================

18:55:10.0182 5744  System memory - ok

18:55:10.0182 5744  ================ Scan services =============================

18:55:10.0396 5744  [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

18:55:10.0597 5744  ABBYY.Licensing.FineReader.Sprint.9.0 - ok

18:55:10.0810 5744  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys

18:55:10.0831 5744  ACPI - ok

18:55:10.0922 5744  [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

18:55:10.0937 5744  AdobeFlashPlayerUpdateSvc - ok

18:55:10.0981 5744  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

18:55:11.0009 5744  adp94xx - ok

18:55:11.0041 5744  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys

18:55:11.0062 5744  adpahci - ok

18:55:11.0091 5744  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys

18:55:11.0107 5744  adpu160m - ok

18:55:11.0131 5744  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

18:55:11.0145 5744  adpu320 - ok

18:55:11.0206 5744  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

18:55:11.0353 5744  AeLookupSvc - ok

18:55:11.0426 5744  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys

18:55:11.0491 5744  AFD - ok

18:55:11.0583 5744  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys

18:55:11.0603 5744  agp440 - ok

18:55:11.0653 5744  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys

18:55:11.0675 5744  aic78xx - ok

18:55:11.0708 5744  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe

18:55:11.0851 5744  ALG - ok

18:55:11.0900 5744  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys

18:55:11.0913 5744  aliide - ok

18:55:11.0942 5744  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

18:55:11.0956 5744  amdagp - ok

18:55:11.0980 5744  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys

18:55:11.0993 5744  amdide - ok

18:55:12.0019 5744  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys

18:55:12.0072 5744  AmdK7 - ok

18:55:12.0090 5744  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

18:55:12.0143 5744  AmdK8 - ok

18:55:12.0224 5744  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe

18:55:12.0239 5744  AntiVirSchedulerService - ok

18:55:12.0298 5744  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe

18:55:12.0311 5744  AntiVirService - ok

18:55:12.0345 5744  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll

18:55:12.0402 5744  Appinfo - ok

18:55:12.0538 5744  [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:55:12.0552 5744  Apple Mobile Device - ok

18:55:12.0612 5744  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys

18:55:12.0634 5744  arc - ok

18:55:12.0699 5744  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys

18:55:12.0720 5744  arcsas - ok

18:55:12.0745 5744  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

18:55:12.0829 5744  AsyncMac - ok

18:55:12.0934 5744  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys

18:55:12.0948 5744  atapi - ok

18:55:12.0997 5744  [ 69E65A2CE11619F0C868967CA9540B80 ] ATSWPDRV        C:\Windows\system32\DRIVERS\ATSwpDrv.sys

18:55:13.0016 5744  ATSWPDRV - ok

18:55:13.0104 5744  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

18:55:13.0161 5744  AudioEndpointBuilder - ok

18:55:13.0170 5744  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll

18:55:13.0198 5744  Audiosrv - ok

18:55:13.0249 5744  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys

18:55:13.0264 5744  avgntflt - ok

18:55:13.0346 5744  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys

18:55:13.0362 5744  avipbb - ok

18:55:13.0445 5744  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys

18:55:13.0461 5744  avkmgr - ok

18:55:13.0518 5744  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys

18:55:13.0577 5744  Beep - ok

18:55:13.0691 5744  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll

18:55:13.0745 5744  BFE - ok

18:55:13.0813 5744  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll

18:55:13.0902 5744  BITS - ok

18:55:13.0945 5744  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys

18:55:14.0007 5744  blbdrive - ok

18:55:14.0076 5744  [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

18:55:14.0104 5744  Bonjour Service - ok

18:55:14.0154 5744  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

18:55:14.0215 5744  bowser - ok

18:55:14.0247 5744  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys

18:55:14.0342 5744  BrFiltLo - ok

18:55:14.0396 5744  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys

18:55:14.0454 5744  BrFiltUp - ok

18:55:14.0516 5744  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll

18:55:14.0612 5744  Browser - ok

18:55:14.0643 5744  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys

18:55:14.0897 5744  Brserid - ok

18:55:14.0928 5744  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys

18:55:15.0057 5744  BrSerWdm - ok

18:55:15.0122 5744  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys

18:55:15.0253 5744  BrUsbMdm - ok

18:55:15.0272 5744  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys

18:55:15.0376 5744  BrUsbSer - ok

18:55:15.0458 5744  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

18:55:15.0577 5744  BTHMODEM - ok

18:55:15.0704 5744  [ 48F64A84054771B2FEF55606ADF57557 ] Cam5607         C:\Windows\system32\Drivers\BisonC07.sys

18:55:15.0750 5744  Cam5607 - ok

18:55:15.0789 5744  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

18:55:15.0873 5744  cdfs - ok

18:55:15.0913 5744  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

18:55:15.0999 5744  cdrom - ok

18:55:16.0048 5744  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll

18:55:16.0132 5744  CertPropSvc - ok

18:55:16.0201 5744  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys

18:55:16.0250 5744  circlass - ok

18:55:16.0364 5744  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys

18:55:16.0399 5744  CLFS - ok

18:55:16.0519 5744  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:55:16.0545 5744  clr_optimization_v2.0.50727_32 - ok

18:55:16.0686 5744  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:55:16.0711 5744  clr_optimization_v4.0.30319_32 - ok

18:55:16.0778 5744  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

18:55:16.0850 5744  CmBatt - ok

18:55:16.0907 5744  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

18:55:16.0932 5744  cmdide - ok

18:55:16.0968 5744  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

18:55:16.0993 5744  Compbatt - ok

18:55:17.0005 5744  COMSysApp - ok

18:55:17.0068 5744  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

18:55:17.0093 5744  crcdisk - ok

18:55:17.0111 5744  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys

18:55:17.0189 5744  Crusoe - ok

18:55:17.0233 5744  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

18:55:17.0313 5744  CryptSvc - ok

18:55:17.0391 5744  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll

18:55:17.0474 5744  DcomLaunch - ok

18:55:17.0533 5744  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

18:55:17.0620 5744  DfsC - ok

18:55:17.0767 5744  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe

18:55:17.0934 5744  DFSR - ok

18:55:17.0976 5744  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll

18:55:18.0014 5744  Dhcp - ok

18:55:18.0083 5744  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys

18:55:18.0097 5744  disk - ok

18:55:18.0213 5744  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll

18:55:18.0270 5744  Dnscache - ok

18:55:18.0311 5744  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll

18:55:18.0350 5744  dot3svc - ok

18:55:18.0417 5744  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll

18:55:18.0479 5744  DPS - ok

18:55:18.0539 5744  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

18:55:18.0580 5744  drmkaud - ok

18:55:18.0748 5744  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

18:55:18.0795 5744  DXGKrnl - ok

18:55:18.0919 5744  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys

18:55:18.0993 5744  E1G60 - ok

18:55:19.0028 5744  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll

18:55:19.0086 5744  EapHost - ok

18:55:19.0139 5744  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys

18:55:19.0157 5744  Ecache - ok

18:55:19.0319 5744  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

18:55:19.0366 5744  ehRecvr - ok

18:55:19.0389 5744  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe

18:55:19.0439 5744  ehSched - ok

18:55:19.0450 5744  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll

18:55:19.0476 5744  ehstart - ok

18:55:19.0604 5744  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys

18:55:19.0666 5744  elxstor - ok

18:55:19.0741 5744  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll

18:55:19.0835 5744  EMDMgmt - ok

18:55:19.0958 5744  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

18:55:19.0964 5744  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning

18:55:19.0964 5744  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)

18:55:20.0153 5744  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

18:55:20.0216 5744  ErrDev - ok

18:55:20.0313 5744  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll

18:55:20.0360 5744  EventSystem - ok

18:55:20.0545 5744  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys

18:55:20.0619 5744  exfat - ok

18:55:20.0696 5744  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

18:55:20.0739 5744  fastfat - ok

18:55:20.0805 5744  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

18:55:20.0845 5744  fdc - ok

18:55:20.0885 5744  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll

18:55:20.0927 5744  fdPHost - ok

18:55:20.0951 5744  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll

18:55:21.0032 5744  FDResPub - ok

18:55:21.0067 5744  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

18:55:21.0082 5744  FileInfo - ok

18:55:21.0103 5744  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

18:55:21.0144 5744  Filetrace - ok

18:55:21.0163 5744  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

18:55:21.0206 5744  flpydisk - ok

18:55:21.0253 5744  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

18:55:21.0271 5744  FltMgr - ok

18:55:21.0397 5744  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll

18:55:21.0462 5744  FontCache - ok

18:55:21.0609 5744  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

18:55:21.0626 5744  FontCache3.0.0.0 - ok

18:55:21.0667 5744  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

18:55:21.0708 5744  Fs_Rec - ok

18:55:21.0753 5744  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

18:55:21.0773 5744  gagp30kx - ok

18:55:21.0817 5744  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:55:21.0831 5744  GEARAspiWDM - ok

18:55:21.0913 5744  [ 33EFD5039EA1BFA623D8BB9FB787CB0F ] GoogleDesktopManager C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

18:55:21.0921 5744  GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning

18:55:21.0921 5744  GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1)

18:55:21.0983 5744  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll

18:55:22.0033 5744  gpsvc - ok

18:55:22.0118 5744  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe

18:55:22.0139 5744  gupdate - ok

18:55:22.0162 5744  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe

18:55:22.0183 5744  gupdatem - ok

18:55:22.0208 5744  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

18:55:22.0225 5744  gusvc - ok

18:55:22.0277 5744  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

18:55:22.0347 5744  HdAudAddService - ok

18:55:22.0391 5744  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

18:55:22.0448 5744  HDAudBus - ok

18:55:22.0481 5744  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys

18:55:22.0537 5744  HidBth - ok

18:55:22.0557 5744  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys

18:55:22.0625 5744  HidIr - ok

18:55:22.0688 5744  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll

18:55:22.0752 5744  hidserv - ok

18:55:22.0804 5744  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

18:55:22.0853 5744  HidUsb - ok

18:55:22.0883 5744  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll

18:55:22.0915 5744  hkmsvc - ok

18:55:22.0954 5744  [ 8B566EA71D5B76157A9CDB78F25A5731 ] Hotkey          C:\Windows\system32\drivers\Hotkey.sys

18:55:22.0971 5744  Hotkey ( UnsignedFile.Multi.Generic ) - warning

18:55:22.0971 5744  Hotkey - detected UnsignedFile.Multi.Generic (1)

18:55:23.0009 5744  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys

18:55:23.0027 5744  HpCISSs - ok

18:55:23.0082 5744  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys

18:55:23.0134 5744  HTTP - ok

18:55:23.0168 5744  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys

18:55:23.0187 5744  i2omp - ok

18:55:23.0208 5744  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

18:55:23.0256 5744  i8042prt - ok

18:55:23.0320 5744  [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

18:55:23.0339 5744  IAANTMON - ok

18:55:23.0377 5744  [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys

18:55:23.0392 5744  iaStor - ok

18:55:23.0420 5744  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys

18:55:23.0440 5744  iaStorV - ok

18:55:23.0592 5744  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:55:23.0672 5744  idsvc - ok

18:55:23.0727 5744  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

18:55:23.0743 5744  iirsp - ok

18:55:23.0800 5744  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll

18:55:23.0917 5744  IKEEXT - ok

18:55:24.0067 5744  [ 5D26CCB06E1F3B5C26E863DF3F4F2611 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

18:55:24.0243 5744  IntcAzAudAddService - ok

18:55:24.0308 5744  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys

18:55:24.0327 5744  intelide - ok

18:55:24.0338 5744  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

18:55:24.0394 5744  intelppm - ok

18:55:24.0428 5744  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

18:55:24.0521 5744  IPBusEnum - ok

18:55:24.0538 5744  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:55:24.0588 5744  IpFilterDriver - ok

18:55:24.0649 5744  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

18:55:24.0765 5744  iphlpsvc - ok

18:55:24.0773 5744  IpInIp - ok

18:55:24.0820 5744  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys

18:55:24.0889 5744  IPMIDRV - ok

18:55:24.0922 5744  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys

18:55:24.0973 5744  IPNAT - ok

18:55:25.0037 5744  [ E51BD095B2FDF56B17EE010BB794D6ED ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe

18:55:25.0082 5744  iPod Service - ok

18:55:25.0151 5744  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

18:55:25.0176 5744  IRENUM - ok

18:55:25.0205 5744  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

18:55:25.0218 5744  isapnp - ok

18:55:25.0268 5744  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys

18:55:25.0284 5744  iScsiPrt - ok

18:55:25.0324 5744  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys

18:55:25.0337 5744  iteatapi - ok

18:55:25.0388 5744  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys

18:55:25.0400 5744  iteraid - ok

18:55:25.0432 5744  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

18:55:25.0445 5744  kbdclass - ok

18:55:25.0463 5744  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys

18:55:25.0499 5744  kbdhid - ok

18:55:25.0562 5744  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe

18:55:25.0605 5744  KeyIso - ok

18:55:25.0647 5744  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

18:55:25.0677 5744  KSecDD - ok

18:55:25.0809 5744  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll

18:55:25.0886 5744  KtmRm - ok

18:55:25.0939 5744  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll

18:55:26.0004 5744  LanmanServer - ok

18:55:26.0070 5744  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

18:55:26.0173 5744  LanmanWorkstation - ok

18:55:26.0222 5744  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

18:55:26.0301 5744  lltdio - ok

18:55:26.0342 5744  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

18:55:26.0418 5744  lltdsvc - ok

18:55:26.0438 5744  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll

18:55:26.0521 5744  lmhosts - ok

18:55:26.0552 5744  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

18:55:26.0567 5744  LSI_FC - ok

18:55:26.0624 5744  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

18:55:26.0639 5744  LSI_SAS - ok

18:55:26.0661 5744  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

18:55:26.0676 5744  LSI_SCSI - ok

18:55:26.0700 5744  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys

18:55:26.0742 5744  luafv - ok

18:55:26.0811 5744  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

18:55:26.0824 5744  MBAMProtector - ok

18:55:26.0904 5744  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

18:55:26.0924 5744  MBAMScheduler - ok

18:55:27.0005 5744  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

18:55:27.0034 5744  MBAMService - ok

18:55:27.0120 5744  [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

18:55:27.0138 5744  McComponentHostService - ok

18:55:27.0174 5744  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

18:55:27.0206 5744  Mcx2Svc - ok

18:55:27.0284 5744  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys

18:55:27.0297 5744  megasas - ok

18:55:27.0324 5744  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys

18:55:27.0349 5744  MegaSR - ok

18:55:27.0379 5744  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll

18:55:27.0420 5744  MMCSS - ok

18:55:27.0552 5744  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys

18:55:27.0596 5744  Modem - ok

18:55:27.0675 5744  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

18:55:27.0706 5744  monitor - ok

18:55:27.0758 5744  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

18:55:27.0773 5744  mouclass - ok

18:55:27.0788 5744  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

18:55:27.0836 5744  mouhid - ok

18:55:27.0855 5744  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys

18:55:27.0874 5744  MountMgr - ok

18:55:28.0043 5744  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys

18:55:28.0064 5744  mpio - ok

18:55:28.0094 5744  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

18:55:28.0129 5744  mpsdrv - ok

18:55:28.0181 5744  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll

18:55:28.0270 5744  MpsSvc - ok

18:55:28.0314 5744  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys

18:55:28.0338 5744  Mraid35x - ok

18:55:28.0394 5744  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

18:55:28.0435 5744  MRxDAV - ok

18:55:28.0535 5744  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

18:55:28.0583 5744  mrxsmb - ok

18:55:28.0641 5744  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:55:28.0677 5744  mrxsmb10 - ok

18:55:28.0724 5744  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:55:28.0752 5744  mrxsmb20 - ok

18:55:28.0823 5744  [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci          C:\Windows\system32\drivers\msahci.sys

18:55:28.0839 5744  msahci - ok

18:55:28.0881 5744  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

18:55:28.0898 5744  msdsm - ok

18:55:29.0095 5744  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe

18:55:29.0196 5744  MSDTC - ok

18:55:29.0219 5744  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

18:55:29.0276 5744  Msfs - ok

18:55:29.0308 5744  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

18:55:29.0327 5744  msisadrv - ok

18:55:29.0373 5744  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

18:55:29.0438 5744  MSiSCSI - ok

18:55:29.0447 5744  msiserver - ok

18:55:29.0474 5744  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

18:55:29.0526 5744  MSKSSRV - ok

18:55:29.0545 5744  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

18:55:29.0587 5744  MSPCLOCK - ok

18:55:29.0609 5744  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

18:55:29.0635 5744  MSPQM - ok

18:55:29.0743 5744  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

18:55:29.0760 5744  MsRPC - ok

18:55:29.0833 5744  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

18:55:29.0845 5744  mssmbios - ok

18:55:29.0981 5744  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

18:55:30.0012 5744  MSTEE - ok

18:55:30.0050 5744  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys

18:55:30.0066 5744  Mup - ok

18:55:30.0171 5744  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll

18:55:30.0214 5744  napagent - ok

18:55:30.0285 5744  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

18:55:30.0307 5744  NativeWifiP - ok

18:55:30.0484 5744  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys

18:55:30.0519 5744  NDIS - ok

18:55:30.0579 5744  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

18:55:30.0635 5744  NdisTapi - ok

18:55:30.0684 5744  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

18:55:30.0732 5744  Ndisuio - ok

18:55:30.0811 5744  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

18:55:30.0898 5744  NdisWan - ok

18:55:30.0939 5744  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

18:55:30.0978 5744  NDProxy - ok

18:55:31.0181 5744  [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

18:55:31.0268 5744  Nero BackItUp Scheduler 3 - ok

18:55:31.0300 5744  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

18:55:31.0364 5744  NetBIOS - ok

18:55:31.0419 5744  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys

18:55:31.0462 5744  netbt - ok

18:55:31.0499 5744  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe

18:55:31.0527 5744  Netlogon - ok

18:55:31.0591 5744  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll

18:55:31.0682 5744  Netman - ok

18:55:31.0707 5744  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll

18:55:31.0794 5744  netprofm - ok

18:55:31.0853 5744  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:55:31.0866 5744  NetTcpPortSharing - ok

18:55:31.0968 5744  [ 4547B8AEDD8119FCC127FDC7F282E983 ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys

18:55:32.0147 5744  NETw4v32 - ok

18:55:32.0301 5744  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

18:55:32.0316 5744  nfrd960 - ok

18:55:32.0355 5744  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll

18:55:32.0388 5744  NlaSvc - ok

18:55:32.0471 5744  [ 62F68443D244024845B875B44D76A92F ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

18:55:32.0494 5744  NMIndexingService - ok

18:55:32.0534 5744  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

18:55:32.0558 5744  Npfs - ok

18:55:32.0568 5744  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll

18:55:32.0647 5744  nsi - ok

18:55:32.0690 5744  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

18:55:32.0742 5744  nsiproxy - ok

18:55:32.0879 5744  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

18:55:32.0989 5744  Ntfs - ok

18:55:33.0055 5744  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys

18:55:33.0127 5744  ntrigdigi - ok

18:55:33.0164 5744  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys

18:55:33.0211 5744  Null - ok

18:55:33.0450 5744  [ B0CC8B78A9F0C6D9C8909B9BF874A4DE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys

18:55:33.0981 5744  nvlddmkm - ok

18:55:34.0033 5744  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

18:55:34.0053 5744  nvraid - ok

18:55:34.0077 5744  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

18:55:34.0097 5744  nvstor - ok

18:55:34.0146 5744  [ 1F3671DC1060477E6262E41F9EFD46F6 ] nvsvc           C:\Windows\system32\nvvsvc.exe

18:55:34.0176 5744  nvsvc - ok

18:55:34.0203 5744  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

18:55:34.0219 5744  nv_agp - ok

18:55:34.0226 5744  NwlnkFlt - ok

18:55:34.0234 5744  NwlnkFwd - ok

18:55:34.0266 5744  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

18:55:34.0391 5744  ohci1394 - ok

18:55:34.0434 5744  [ 27915BDFF44CA08E85DA3D1DDB7B6ECD ] omniserv        C:\Program Files\Softex\OmniPass\OmniServ.exe

18:55:34.0475 5744  omniserv ( UnsignedFile.Multi.Generic ) - warning

18:55:34.0475 5744  omniserv - detected UnsignedFile.Multi.Generic (1)

18:55:34.0581 5744  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:55:34.0595 5744  ose - ok

18:55:34.0833 5744  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

18:55:35.0139 5744  osppsvc - ok

18:55:35.0201 5744  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll

18:55:35.0337 5744  p2pimsvc - ok

18:55:35.0361 5744  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll

18:55:35.0420 5744  p2psvc - ok

18:55:35.0449 5744  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys

18:55:35.0495 5744  Parport - ok

18:55:35.0617 5744  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys

18:55:35.0632 5744  partmgr - ok

18:55:35.0690 5744  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys

18:55:35.0749 5744  Parvdm - ok

18:55:35.0774 5744  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll

18:55:35.0842 5744  PcaSvc - ok

18:55:35.0881 5744  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys

18:55:35.0899 5744  pci - ok

18:55:35.0913 5744  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys

18:55:35.0929 5744  pciide - ok

18:55:35.0952 5744  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys

18:55:35.0970 5744  pcmcia - ok

18:55:36.0016 5744  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

18:55:36.0113 5744  PEAUTH - ok

18:55:36.0242 5744  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll

18:55:36.0349 5744  pla - ok

18:55:36.0389 5744  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe

18:55:36.0426 5744  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning

18:55:36.0426 5744  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)

18:55:36.0470 5744  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

18:55:36.0541 5744  PlugPlay - ok

18:55:36.0601 5744  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll

18:55:36.0636 5744  PNRPAutoReg - ok

18:55:36.0651 5744  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll

18:55:36.0774 5744  PNRPsvc - ok

18:55:36.0874 5744  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

18:55:37.0033 5744  PolicyAgent - ok

18:55:37.0081 5744  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

18:55:37.0157 5744  PptpMiniport - ok

18:55:37.0293 5744  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys

18:55:37.0343 5744  Processor - ok

18:55:37.0408 5744  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll

18:55:37.0489 5744  ProfSvc - ok

18:55:37.0514 5744  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

18:55:37.0541 5744  ProtectedStorage - ok

18:55:37.0578 5744  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys

18:55:37.0627 5744  PSched - ok

18:55:37.0835 5744  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

18:55:38.0052 5744  ql2300 - ok

18:55:38.0148 5744  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

18:55:38.0164 5744  ql40xx - ok

18:55:38.0211 5744  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll

18:55:38.0266 5744  QWAVE - ok

18:55:38.0348 5744  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

18:55:38.0427 5744  QWAVEdrv - ok

18:55:38.0452 5744  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

18:55:38.0499 5744  RasAcd - ok

18:55:38.0526 5744  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll

18:55:38.0586 5744  RasAuto - ok

18:55:38.0674 5744  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

18:55:38.0725 5744  Rasl2tp - ok

18:55:38.0782 5744  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll

18:55:38.0892 5744  RasMan - ok

18:55:38.0943 5744  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

18:55:38.0983 5744  RasPppoe - ok

18:55:39.0024 5744  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

18:55:39.0065 5744  RasSstp - ok

18:55:39.0108 5744  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

18:55:39.0153 5744  rdbss - ok

18:55:39.0188 5744  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

18:55:39.0250 5744  RDPCDD - ok

18:55:39.0298 5744  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys

18:55:39.0353 5744  rdpdr - ok

18:55:39.0362 5744  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

18:55:39.0431 5744  RDPENCDD - ok

18:55:39.0499 5744  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

18:55:39.0535 5744  RDPWD - ok

18:55:39.0577 5744  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll

18:55:39.0607 5744  RemoteAccess - ok

18:55:39.0656 5744  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll

18:55:39.0686 5744  RemoteRegistry - ok

18:55:39.0868 5744  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe

18:55:39.0882 5744  RichVideo - ok

18:55:39.0936 5744  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe

18:55:40.0007 5744  RpcLocator - ok

18:55:40.0046 5744  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll

18:55:40.0081 5744  RpcSs - ok

18:55:40.0128 5744  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

18:55:40.0159 5744  rspndr - ok

18:55:40.0221 5744  [ B7E1C523E2F7787D700766FC78E01F77 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys

18:55:40.0273 5744  RTL8169 - ok

18:55:40.0332 5744  [ 0D1C1B0DE2819FE1EA25098183130B64 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS

18:55:40.0402 5744  RTSTOR - ok

18:55:40.0449 5744  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe

18:55:40.0483 5744  SamSs - ok

18:55:40.0541 5744  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

18:55:40.0555 5744  sbp2port - ok

18:55:40.0601 5744  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

18:55:40.0641 5744  SCardSvr - ok

18:55:40.0754 5744  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll

18:55:40.0832 5744  Schedule - ok

18:55:40.0973 5744  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll

18:55:40.0999 5744  SCPolicySvc - ok

18:55:41.0037 5744  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

18:55:41.0092 5744  SDRSVC - ok

18:55:41.0142 5744  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

18:55:41.0228 5744  secdrv - ok

18:55:41.0275 5744  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll

18:55:41.0319 5744  seclogon - ok

18:55:41.0342 5744  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll

18:55:41.0392 5744  SENS - ok

18:55:41.0476 5744  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys

18:55:41.0541 5744  Serenum - ok

18:55:41.0564 5744  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys

18:55:41.0634 5744  Serial - ok

18:55:41.0658 5744  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

18:55:41.0685 5744  sermouse - ok

18:55:41.0723 5744  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll

18:55:41.0753 5744  SessionEnv - ok

18:55:41.0776 5744  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

18:55:41.0796 5744  sffdisk - ok

18:55:41.0859 5744  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

18:55:41.0907 5744  sffp_mmc - ok

18:55:41.0929 5744  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

18:55:41.0964 5744  sffp_sd - ok

18:55:42.0145 5744  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

18:55:42.0189 5744  sfloppy - ok

18:55:42.0226 5744  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

18:55:42.0281 5744  SharedAccess - ok

18:55:42.0328 5744  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

18:55:42.0390 5744  ShellHWDetection - ok

18:55:42.0427 5744  [ 4346D5BBDDE7756D8614A3F193D60984 ] Si3531          C:\Windows\system32\DRIVERS\Si3531.sys

18:55:42.0442 5744  Si3531 - ok

18:55:42.0551 5744  [ E853C341BBF4AC0007A8DB0858DBB09D ] SiFilter        C:\Windows\system32\DRIVERS\SiWinAcc.sys

18:55:42.0562 5744  SiFilter - ok

18:55:42.0752 5744  [ D80E6F142EB4963E82A8537DD745F51B ] SiRemFil        C:\Windows\system32\DRIVERS\SiRemFil.sys

18:55:42.0762 5744  SiRemFil - ok

18:55:42.0804 5744  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys

18:55:42.0819 5744  sisagp - ok

18:55:42.0849 5744  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys

18:55:42.0864 5744  SiSRaid2 - ok

18:55:42.0893 5744  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

18:55:42.0908 5744  SiSRaid4 - ok

18:55:42.0970 5744  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe

18:55:42.0983 5744  SkypeUpdate - ok

18:55:43.0256 5744  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe

18:55:43.0641 5744  slsvc - ok

18:55:43.0742 5744  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll

18:55:43.0792 5744  SLUINotify - ok

18:55:43.0828 5744  [ 63A8BC2EF084BA9F1DE28DAC078DA7B3 ] SMARTMouseFilterx86 C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys

18:55:43.0838 5744  SMARTMouseFilterx86 - ok

18:55:43.0898 5744  [ D1BED532D69788E3EE646FCF20E66561 ] SMARTVHidMini2000x86 C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys

18:55:43.0908 5744  SMARTVHidMini2000x86 - ok

18:55:43.0927 5744  [ 2E8B61503AB9B4E29593A4BAEBA1BD81 ] SMARTVTabletPCx86 C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys

18:55:43.0937 5744  SMARTVTabletPCx86 - ok

18:55:44.0047 5744  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

18:55:44.0069 5744  Smb - ok

18:55:44.0119 5744  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

18:55:44.0152 5744  SNMPTRAP - ok

18:55:44.0249 5744  [ 913D2CE973ED904FE54DE9DB38FCEFF2 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys

18:55:44.0484 5744  SNP2UVC - ok

18:55:44.0628 5744  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe

18:55:44.0644 5744  Sony PC Companion - ok

18:55:44.0673 5744  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys

18:55:44.0693 5744  spldr - ok

18:55:44.0732 5744  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe

18:55:44.0817 5744  Spooler - ok

18:55:45.0043 5744  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys

18:55:45.0096 5744  srv - ok

18:55:45.0167 5744  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

18:55:45.0207 5744  srv2 - ok

18:55:45.0296 5744  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

18:55:45.0333 5744  srvnet - ok

18:55:45.0403 5744  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

18:55:45.0474 5744  SSDPSRV - ok

18:55:45.0512 5744  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys

18:55:45.0530 5744  ssmdrv - ok

18:55:45.0570 5744  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

18:55:45.0601 5744  SstpSvc - ok

18:55:45.0664 5744  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll

18:55:45.0736 5744  stisvc - ok

18:55:45.0768 5744  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

18:55:45.0792 5744  swenum - ok

18:55:45.0836 5744  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll

18:55:45.0901 5744  swprv - ok

18:55:45.0958 5744  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys

18:55:45.0982 5744  Symc8xx - ok

18:55:46.0028 5744  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys

18:55:46.0051 5744  Sym_hi - ok

18:55:46.0082 5744  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys

18:55:46.0106 5744  Sym_u3 - ok

18:55:46.0163 5744  [ 4C6DE67EBB6C487F7690A373FCFDE279 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys

18:55:46.0189 5744  SynTP - ok

18:55:46.0253 5744  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll

18:55:46.0345 5744  SysMain - ok

18:55:46.0385 5744  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

18:55:46.0418 5744  TabletInputService - ok

18:55:46.0523 5744  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll

18:55:46.0606 5744  TapiSrv - ok

18:55:46.0634 5744  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll

18:55:46.0688 5744  TBS - ok

18:55:46.0768 5744  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

18:55:46.0869 5744  Tcpip - ok

18:55:46.0961 5744  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys

18:55:47.0070 5744  Tcpip6 - ok

18:55:47.0221 5744  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

18:55:47.0307 5744  tcpipreg - ok

18:55:47.0347 5744  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

18:55:47.0397 5744  TDPIPE - ok

18:55:47.0454 5744  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

18:55:47.0504 5744  TDTCP - ok

18:55:47.0774 5744  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

18:55:47.0864 5744  tdx - ok

18:55:47.0898 5744  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

18:55:47.0925 5744  TermDD - ok

18:55:47.0967 5744  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll

18:55:48.0054 5744  TermService - ok

18:55:48.0087 5744  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll

18:55:48.0118 5744  Themes - ok

18:55:48.0145 5744  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll

18:55:48.0172 5744  THREADORDER - ok

18:55:48.0216 5744  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll

18:55:48.0279 5744  TrkWks - ok

18:55:48.0391 5744  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

18:55:48.0412 5744  TrustedInstaller - ok

18:55:48.0483 5744  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

18:55:48.0520 5744  tssecsrv - ok

18:55:48.0550 5744  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys

18:55:48.0586 5744  tunmp - ok

18:55:48.0634 5744  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

18:55:48.0650 5744  tunnel - ok

18:55:48.0677 5744  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys

18:55:48.0693 5744  uagp35 - ok

18:55:48.0748 5744  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

18:55:48.0774 5744  udfs - ok

18:55:49.0048 5744  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

18:55:49.0116 5744  UI0Detect - ok

18:55:49.0163 5744  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

18:55:49.0189 5744  uliagpkx - ok

18:55:49.0224 5744  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys

18:55:49.0259 5744  uliahci - ok

18:55:49.0299 5744  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys

18:55:49.0325 5744  UlSata - ok

18:55:49.0359 5744  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys

18:55:49.0386 5744  ulsata2 - ok

18:55:49.0412 5744  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

18:55:49.0495 5744  umbus - ok

18:55:49.0534 5744  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll

18:55:49.0599 5744  upnphost - ok

18:55:49.0644 5744  [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys

18:55:49.0678 5744  USBAAPL - ok

18:55:49.0712 5744  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

18:55:49.0734 5744  usbccgp - ok

18:55:49.0752 5744  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

18:55:49.0824 5744  usbcir - ok

18:55:49.0885 5744  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

18:55:49.0930 5744  usbehci - ok

18:55:49.0986 5744  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

18:55:50.0011 5744  usbhub - ok

18:55:50.0046 5744  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys

18:55:50.0098 5744  usbohci - ok

18:55:50.0124 5744  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

18:55:50.0155 5744  usbprint - ok

18:55:50.0214 5744  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

18:55:50.0285 5744  usbscan - ok

18:55:50.0318 5744  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:55:50.0359 5744  USBSTOR - ok

18:55:50.0388 5744  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

18:55:50.0425 5744  usbuhci - ok

18:55:50.0465 5744  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys

18:55:50.0520 5744  usbvideo - ok

18:55:50.0588 5744  [ 9D19B042A4FD5C02195071EA2FE0C821 ] usnjsvc         C:\Program Files\Windows Live\Messenger\usnsvc.exe

18:55:50.0604 5744  usnjsvc - ok

18:55:50.0646 5744  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll

18:55:50.0688 5744  UxSms - ok

18:55:50.0752 5744  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe

18:55:50.0795 5744  vds - ok

18:55:50.0838 5744  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

18:55:50.0875 5744  vga - ok

18:55:50.0901 5744  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys

18:55:50.0950 5744  VgaSave - ok

18:55:50.0972 5744  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys

18:55:50.0992 5744  viaagp - ok

18:55:51.0008 5744  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys

18:55:51.0060 5744  ViaC7 - ok

18:55:51.0090 5744  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys

18:55:51.0116 5744  viaide - ok

18:55:51.0137 5744  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

18:55:51.0163 5744  volmgr - ok

18:55:51.0219 5744  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

18:55:51.0254 5744  volmgrx - ok

18:55:51.0387 5744  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

18:55:51.0422 5744  volsnap - ok

18:55:51.0458 5744  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

18:55:51.0490 5744  vsmraid - ok

18:55:51.0601 5744  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe

18:55:51.0735 5744  VSS - ok

18:55:51.0811 5744  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll

18:55:51.0840 5744  W32Time - ok

18:55:51.0896 5744  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

18:55:52.0022 5744  WacomPen - ok

18:55:52.0051 5744  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys

18:55:52.0072 5744  Wanarp - ok

18:55:52.0105 5744  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

18:55:52.0126 5744  Wanarpv6 - ok

18:55:52.0190 5744  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll

18:55:52.0218 5744  wcncsvc - ok

18:55:52.0251 5744  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

18:55:52.0301 5744  WcsPlugInService - ok

18:55:52.0349 5744  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys

18:55:52.0364 5744  Wd - ok

18:55:52.0403 5744  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

18:55:52.0434 5744  Wdf01000 - ok

18:55:52.0470 5744  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

18:55:52.0543 5744  WdiServiceHost - ok

18:55:52.0549 5744  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

18:55:52.0591 5744  WdiSystemHost - ok

18:55:52.0766 5744  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll

18:55:52.0841 5744  WebClient - ok

18:55:52.0884 5744  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll

18:55:52.0970 5744  Wecsvc - ok

18:55:53.0006 5744  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

18:55:53.0082 5744  wercplsupport - ok

18:55:53.0189 5744  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll

18:55:53.0232 5744  WerSvc - ok

18:55:53.0300 5744  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

18:55:53.0333 5744  WinDefend - ok

18:55:53.0345 5744  WinHttpAutoProxySvc - ok

18:55:53.0433 5744  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

18:55:53.0474 5744  Winmgmt - ok

18:55:53.0560 5744  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll

18:55:53.0746 5744  WinRM - ok

18:55:53.0872 5744  [ F0FE933E27F1E2A83FF322A0693A4724 ] WisLMSvc        C:\Program Files\Launch Manager\WisLMSvc.exe

18:55:53.0881 5744  WisLMSvc ( UnsignedFile.Multi.Generic ) - warning

18:55:53.0881 5744  WisLMSvc - detected UnsignedFile.Multi.Generic (1)

18:55:53.0999 5744  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll

18:55:54.0085 5744  Wlansvc - ok

18:55:54.0175 5744  [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc      C:\Program Files\Windows Live\installer\WLSetupSvc.exe

18:55:54.0231 5744  WLSetupSvc - ok

18:55:54.0274 5744  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys

18:55:54.0314 5744  WmiAcpi - ok

18:55:54.0495 5744  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

18:55:54.0570 5744  wmiApSrv - ok

18:55:54.0762 5744  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

18:55:54.0940 5744  WMPNetworkSvc - ok

18:55:55.0006 5744  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll

18:55:55.0082 5744  WPCSvc - ok

18:55:55.0136 5744  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

18:55:55.0196 5744  WPDBusEnum - ok

18:55:55.0227 5744  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys

18:55:55.0253 5744  WpdUsb - ok

18:55:55.0495 5744  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

18:55:55.0541 5744  WPFFontCache_v0400 - ok

18:55:55.0579 5744  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

18:55:55.0701 5744  ws2ifsl - ok

18:55:55.0754 5744  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll

18:55:55.0806 5744  wscsvc - ok

18:55:55.0820 5744  WSearch - ok

18:55:55.0930 5744  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

18:55:56.0032 5744  wuauserv - ok

18:55:56.0083 5744  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

18:55:56.0145 5744  WUDFRd - ok

18:55:56.0240 5744  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

18:55:56.0274 5744  wudfsvc - ok

18:55:56.0312 5744  ================ Scan global ===============================

18:55:56.0341 5744  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

18:55:56.0414 5744  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

18:55:56.0436 5744  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

18:55:56.0512 5744  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

18:55:56.0517 5744  [Global] - ok

18:55:56.0517 5744  ================ Scan MBR ==================================

18:55:56.0558 5744  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

18:55:57.0245 5744  \Device\Harddisk0\DR0 - ok

18:55:57.0246 5744  ================ Scan VBR ==================================

18:55:57.0261 5744  [ 275336F7B51D0029EF0C93E1D29CF4C5 ] \Device\Harddisk0\DR0\Partition1

18:55:57.0262 5744  \Device\Harddisk0\DR0\Partition1 - ok

18:55:57.0267 5744  [ 0F66965CE083CE3A9D3720CF0CA37BFE ] \Device\Harddisk0\DR0\Partition2

18:55:57.0268 5744  \Device\Harddisk0\DR0\Partition2 - ok

18:55:57.0269 5744  ============================================================

18:55:57.0269 5744  Scan finished

18:55:57.0269 5744  ============================================================

18:55:57.0283 5952  Detected object count: 6

18:55:57.0283 5952  Actual detected object count: 6

18:56:21.0949 5952  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user

18:56:21.0949 5952  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:56:21.0953 5952  GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user

18:56:21.0954 5952  GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:56:21.0957 5952  Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user

18:56:21.0957 5952  Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:56:21.0959 5952  omniserv ( UnsignedFile.Multi.Generic ) - skipped by user

18:56:21.0959 5952  omniserv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:56:21.0965 5952  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user

18:56:21.0965 5952  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:56:21.0970 5952  WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user

18:56:21.0970 5952  WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

[code]
Combofix Logfile:

Code:

ComboFix 12-09-27.03 - Chrissi 27.09.2012  19:35:17.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1369 [GMT 2:00]

ausgeführt von:: c:\users\Chrissi\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Chrissi\Documents\~WRL1243.tmp

c:\users\Chrissi\epson373062eu.exe

c:\users\Chrissi\epson373282eu.exe

c:\users\Chrissi\setup_dm_Fotowelt.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_usnjsvc

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-08-27 bis 2012-09-27  ))))))))))))))))))))))))))))))

.

.

2012-09-26 13:00 . 2011-03-12 21:55        876032        ----a-w-        c:\windows\system32\XpsPrint.dll

2012-09-26 13:00 . 2012-03-01 14:46        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll

2012-09-26 13:00 . 2012-03-01 14:46        160768        ----a-w-        c:\windows\system32\d3d10_1.dll

2012-09-26 13:00 . 2012-02-29 14:08        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll

2012-09-26 13:00 . 2012-02-29 13:44        683008        ----a-w-        c:\windows\system32\d2d1.dll

2012-09-26 13:00 . 2012-02-29 13:41        1069056        ----a-w-        c:\windows\system32\DWrite.dll

2012-09-25 15:42 . 2012-09-25 15:42        --------        d-----w-        c:\program files\Windows Portable Devices

2012-09-25 15:11 . 2009-09-10 02:00        92672        ----a-w-        c:\windows\system32\UIAnimation.dll

2012-09-25 15:11 . 2009-09-10 02:01        3023360        ----a-w-        c:\windows\system32\UIRibbon.dll

2012-09-25 15:11 . 2009-09-10 02:00        1164800        ----a-w-        c:\windows\system32\UIRibbonRes.dll

2012-09-25 15:09 . 2009-10-01 01:02        30208        ----a-w-        c:\windows\system32\WPDShextAutoplay.exe

2012-09-25 15:09 . 2009-10-01 01:02        31232        ----a-w-        c:\windows\system32\BthMtpContextHandler.dll

2012-09-25 15:09 . 2009-10-01 01:01        81920        ----a-w-        c:\windows\system32\wpdbusenum.dll

2012-09-25 15:00 . 2012-02-29 15:11        5120        ----a-w-        c:\windows\system32\wmi.dll

2012-09-25 15:00 . 2012-02-29 15:11        172032        ----a-w-        c:\windows\system32\wintrust.dll

2012-09-25 15:00 . 2012-02-29 15:09        157696        ----a-w-        c:\windows\system32\imagehlp.dll

2012-09-25 15:00 . 2012-02-29 13:32        12800        ----a-w-        c:\windows\system32\drivers\fs_rec.sys

2012-09-25 14:51 . 2012-07-04 14:02        2047488        ----a-w-        c:\windows\system32\win32k.sys

2012-09-25 14:48 . 2012-09-25 14:48        98816        ----a-w-        c:\windows\system32\mfps.dll

2012-09-25 14:47 . 2012-09-25 14:47        974848        ----a-w-        c:\windows\system32\WindowsCodecs.dll

2012-09-25 14:47 . 2012-09-25 14:47        519680        ----a-w-        c:\windows\system32\d3d11.dll

2012-09-25 14:47 . 2012-09-25 14:47        369664        ----a-w-        c:\windows\system32\WMPhoto.dll

2012-09-25 14:47 . 2012-09-25 14:47        321024        ----a-w-        c:\windows\system32\PhotoMetadataHandler.dll

2012-09-25 14:47 . 2012-09-25 14:47        252928        ----a-w-        c:\windows\system32\dxdiag.exe

2012-09-25 14:47 . 2012-09-25 14:47        195584        ----a-w-        c:\windows\system32\dxdiagn.dll

2012-09-25 14:47 . 2012-09-25 14:47        189440        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll

2012-09-25 13:22 . 2012-09-25 13:22        --------        d-----w-        C:\_OTL

2012-09-25 13:07 . 2012-04-23 16:00        984064        ----a-w-        c:\windows\system32\crypt32.dll

2012-09-25 13:07 . 2012-04-23 16:00        98304        ----a-w-        c:\windows\system32\cryptnet.dll

2012-09-25 13:07 . 2012-04-23 16:00        133120        ----a-w-        c:\windows\system32\cryptsvc.dll

2012-09-25 13:07 . 2011-07-29 16:01        293376        ----a-w-        c:\windows\system32\psisdecd.dll

2012-09-25 13:07 . 2011-07-29 16:01        217088        ----a-w-        c:\windows\system32\psisrndr.ax

2012-09-25 13:07 . 2011-07-29 16:00        57856        ----a-w-        c:\windows\system32\MSDvbNP.ax

2012-09-25 13:07 . 2011-07-29 16:00        69632        ----a-w-        c:\windows\system32\Mpeg2Data.ax

2012-09-25 13:07 . 2011-10-14 16:03        189952        ----a-w-        c:\windows\system32\winmm.dll

2012-09-25 13:07 . 2011-10-14 16:00        23552        ----a-w-        c:\windows\system32\mciseq.dll

2012-09-25 13:07 . 2012-05-11 15:57        623616        ----a-w-        c:\windows\system32\localspl.dll

2012-09-25 13:07 . 2011-11-18 20:23        1205064        ----a-w-        c:\windows\system32\ntdll.dll

2012-09-25 13:05 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\system32\winhttp.dll

2012-09-25 13:00 . 2012-06-04 15:26        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-09-25 13:00 . 2012-06-02 00:04        278528        ----a-w-        c:\windows\system32\schannel.dll

2012-09-25 13:00 . 2011-11-16 16:21        1259008        ----a-w-        c:\windows\system32\lsasrv.dll

2012-09-25 12:59 . 2012-06-02 00:03        204288        ----a-w-        c:\windows\system32\ncrypt.dll

2012-09-25 12:59 . 2011-11-16 16:23        72704        ----a-w-        c:\windows\system32\secur32.dll

2012-09-25 12:59 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe

2012-09-25 12:55 . 2012-08-30 08:17        6980552        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{023BE9D9-C0CE-4F59-98F8-8A8EC8007338}\mpengine.dll

2012-09-25 12:51 . 2012-01-09 15:54        613376        ----a-w-        c:\windows\system32\rdpencom.dll

2012-09-25 12:37 . 2012-06-02 22:19        53784        ----a-w-        c:\windows\system32\wuauclt.exe

2012-09-25 12:37 . 2012-06-02 22:19        45080        ----a-w-        c:\windows\system32\wups2.dll

2012-09-25 12:37 . 2012-06-02 22:19        1933848        ----a-w-        c:\windows\system32\wuaueng.dll

2012-09-25 12:37 . 2012-06-02 22:12        2422272        ----a-w-        c:\windows\system32\wucltux.dll

2012-09-25 12:36 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\system32\wups.dll

2012-09-25 12:36 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\system32\wuapi.dll

2012-09-25 12:36 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\system32\wudriver.dll

2012-09-25 12:36 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\system32\wuwebv.dll

2012-09-25 12:36 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\system32\wuapp.exe

2012-09-24 05:22 . 2012-09-24 05:23        --------        d-----w-        c:\windows\system32\ca-ES

2012-09-24 05:22 . 2012-09-24 05:23        --------        d-----w-        c:\windows\system32\eu-ES

2012-09-24 05:22 . 2012-09-24 05:23        --------        d-----w-        c:\windows\system32\vi-VN

2012-09-23 12:14 . 2012-09-23 12:14        --------        d-----w-        c:\windows\system32\EventProviders

2012-09-22 16:51 . 2012-09-22 16:51        --------        d-----w-        c:\program files\ESET

2012-09-22 11:09 . 2012-09-22 11:09        --------        d-----w-        c:\users\Chrissi\AppData\Roaming\Malwarebytes

2012-09-22 11:09 . 2012-09-22 11:09        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-09-22 11:09 . 2012-09-22 11:09        --------        d-----w-        c:\programdata\Malwarebytes

2012-09-22 11:09 . 2012-09-07 15:04        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-09-22 07:14 . 2012-09-22 16:39        --------        d-----w-        c:\windows\Microsoft Antimalware

2012-09-14 04:26 . 2012-09-14 04:26        --------        d-----w-        c:\program files\Common Files\Skype

2012-09-14 04:26 . 2012-09-14 04:26        --------        d-----r-        c:\program files\Skype

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-25 14:47 . 2012-09-25 14:47        4096        ----a-w-        c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui

2012-09-25 14:47 . 2012-09-25 14:47        4096        ----a-w-        c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui

2012-09-20 19:01 . 2012-08-12 16:08        696240        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-09-20 19:01 . 2011-08-20 14:02        73136        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]

"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]

"Skytel"="Skytel.exe" [2008-06-25 1826816]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]

"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]

"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]

"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]

"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-25 220160]

"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-21 185872]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]

"SMART Board Service"="c:\program files\SMART Technologies\Education Software\SMARTBoardService.exe" [2011-07-13 1761136]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-12 348664]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

WiseUpdt.lnk - c:\program files\Schroedel\KlassenManager 3.0\WiseUpdt.exe [2011-8-17 194853]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 19:01]

.

2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 07:38]

.

2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 07:38]

.

2012-09-05 c:\windows\Tasks\Norton Security Scan for Chrissi.job

- c:\progra~1\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-06 00:45]

.

2012-09-26 c:\windows\Tasks\ReclaimerResumeInstall_Chrissi.job

- c:\users\Chrissi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-26 16:08]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.spiegel.de/

mStart Page = hxxp://www.netcologne.de

mWindow Title = Internet Explorer bereitgestellt von NetCologne

uInternet Settings,ProxyOverride = *.local

IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

IE: Free YouTube Download - c:\users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4

TCP: DhcpNameServer = 192.168.0.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-SjaPfXBKSlE.exe - c:\programdata\SjaPfXBKSlE.exe

HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe

HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe

HKLM-Run-PLFSetL - c:\windows\PLFSetL.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-09-27 20:12

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1541561756-3189364277-4046548892-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:36,2a,1f,a8,98,b3,13,53,b6,0b,c2,7b,ed,34,72,08,87,1c,66,18,18,49,e1,

   a8,11,ce,f7,99,3e,cb,3e,5a,24,7b,88,e1,2d,43,bc,df,b3,d9,6f,de,6b,54,99,81,\

"??"=hex:db,04,0e,52,89,49,8c,2b,47,79,02,ff,71,4f,c8,12

.

[HKEY_USERS\S-1-5-21-1541561756-3189364277-4046548892-1001\Software\SecuROM\License information*]

"datasecu"=hex:32,d2,8f,c1,4f,43,f4,46,bb,d1,08,35,e7,42,c7,ff,03,58,a9,a8,95,

   db,09,19,8b,bc,cd,f7,89,77,ee,e9,dc,4b,7f,09,c1,97,e5,e3,ae,56,5d,88,dc,85,\

"rkeysecu"=hex:be,88,e9,bb,d3,91,37,d0,d7,02,b1,3f,34,29,b9,f2

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(908)

c:\program files\Softex\OmniPass\SCUREDLL.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Softex\OmniPass\OmniServ.exe

c:\windows\system32\rundll32.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\Avira\AntiVir Desktop\sched.exe

c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\IoctlSvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\Softex\OmniPass\opvapp.exe

c:\windows\system32\conime.exe

c:\windows\RtHDVCpl.exe

c:\windows\System32\rundll32.exe

c:\program files\Launch Manager\WisLMSvc.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Sony\Sony PC Companion\PCCompanionInfo.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Synaptics\SynTP\SynTPEnh.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-09-27  20:17:31 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-09-27 18:17

.

Vor Suchlauf: 13 Verzeichnis(se), 174.625.062.912 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 174.487.957.504 Bytes frei

.

- - End Of File - - 0143C7A6157BB2018BF8BDA3F851626D

--- --- ---

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

GMER ging tatsächlich nicht, ist 2x abgestürzt.

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 15:32:49 on 28.09.2012
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[AppInit DLLs]

-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----

"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

"Norton Security Scan for Chrissi.job" - "Symantec Corporation" - C:\PROGRA~1\NORTON~2\Engine\351~1.8\Nss.exe

"ReclaimerResumeInstall_Chrissi.job" - "RealNetworks, Inc." - C:\Users\Chrissi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl

"ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

"SMARTBoardCPL" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\Education Software\SMARTBoardCPL.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"Bison Webcam" (Cam5607) - "Bison Electronics. Inc. " - C:\Windows\System32\Drivers\BisonC07.sys

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"fxliafod" (fxliafod) - ? - C:\Users\Chrissi\AppData\Local\Temp\fxliafod.sys  (Hidden registry entry, rootkit activity | File not found)

"Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL

{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\MLSHEXT.DLL

{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll

{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll

{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll

{CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? -   (File not found | COM-object registry key not found)

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll

{D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll

{6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} "Sprint.ExplorerIntegration.9" - "ABBYY" - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{02BCC737-B171-4746-94C9-0D8A0B2C0089} "Microsoft Office Template and Media Control" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\IEAWSDC.DLL / hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)

{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)

"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)

"WiseUpdt.lnk" - ? - C:\Program Files\Schroedel\KlassenManager 3.0\WiseUpdt.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

"Sony PC Companion" - "Sony" - "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background

"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"EEventManager" - "SEIKO EPSON CORPORATION" - "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"

"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"

"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"

"LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe"

"LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"

"NBKeyScan" - "Nero AG" - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

"OmniPass" - ? - C:\Program Files\Softex\OmniPass\scureapp.exe

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"SMART Board Service" - "SMART Technologies" - "C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe"

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

"toolbar_eula_launcher" - " " - C:\Program Files\GoogleEULA\EULALauncher.exe

"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0"

"Wbutton" - "Wistron" - "C:\Program Files\Launch Manager\Wbutton.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"doPDF 7 Monitor" - "Softland" - C:\Windows\system32\dopdfmn7.dll

"EpsonNet Print Port" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\enppmon.dll

"SMART Local Port" - "SMART Technologies ULC" - C:\Windows\system32\smrtlocalmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"ABBYY FineReader 9.0 Sprint Licensing Service" (ABBYY.Licensing.FineReader.Sprint.9.0) - "ABBYY" - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"EpsonBidirectionalService" (EpsonBidirectionalService) - "SEIKO EPSON CORPORATION" - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleDesktopManager" (GoogleDesktopManager) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe

"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe

"Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Program Files\Softex\OmniPass\OmniServ.exe

"Sony PC Companion" (Sony PC Companion) - "Avanquest Software" - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-09-28 16:01:16

-----------------------------

16:01:16.995    OS Version: Windows 6.0.6002 Service Pack 2

16:01:16.995    Number of processors: 2 586 0xF0D

16:01:16.995    ComputerName: CHRISSI-PC  UserName: Chrissi

16:01:43.700    Initialize success

16:01:58.598    AVAST engine defs: 12092800

16:03:14.599    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

16:03:14.599    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3

16:03:14.614    Disk 0 MBR read successfully

16:03:14.614    Disk 0 MBR scan

16:03:14.630    Disk 0 Windows VISTA default MBR code

16:03:14.630    Disk 0 Partition - 00     0F Extended LBA             23218 MB offset 577584945

16:03:14.630    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       282023 MB offset 63

16:03:14.661    Disk 0 Partition 2 00     0B        FAT32 MSWIN4.1    23218 MB offset 577585008

16:03:14.677    Disk 0 scanning sectors +625137345

16:03:14.739    Disk 0 scanning C:\Windows\system32\drivers

16:03:34.348    Service scanning

16:03:59.979    Modules scanning

16:04:12.459    Disk 0 trace - called modules:

16:04:12.475    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

16:04:12.490    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867bc8a8]

16:04:12.490    3 CLASSPNP.SYS[8ada28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8592f028]

16:04:12.490    Scan finished successfully

16:07:01.735    Disk 0 MBR has been saved successfully to "C:\Users\Chrissi\Desktop\MBR.dat"

16:07:01.750    The log file has been saved successfully to "C:\Users\Chrissi\Desktop\aswMBR.txt"

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!