Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan.Banker

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 08.06.2012, 11:24   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Banker - Standard

Trojan.Banker



Nein das sagt nichts aus. Du musst OTL pre Rechtsklick als Admin ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.06.2012, 12:09   #17
Boludo
 
Trojan.Banker - Standard

Trojan.Banker



soll ich dein script nocmal ausführen?
__________________


Alt 08.06.2012, 13:10   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Banker - Standard

Trojan.Banker



Ja was denn sonst?
__________________
__________________

Alt 08.06.2012, 14:22   #19
Boludo
 
Trojan.Banker - Standard

Trojan.Banker



...hätte nicht ausgeschlossen, dass ich dadurch noch mehr Schaden anrichte...

Hier das OTL-Logfile nach dem Neustart:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_USERS\S-1-5-21-2555909198-2805718332-2460936450-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
Registry value HKEY_USERS\S-1-5-21-2555909198-2805718332-2460936450-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Unable to delete ADS C:\ProgramData\TEMP:FB1B13D8 .
========== FILES ==========
File\Folder C:\Users\Boludo\AppData\Roaming\12011 not found.
File\Folder C:\Users\Boludo\AppData\Roaming\xmldm not found.
File\Folder C:\Users\Boludo\AppData\Roaming\kock not found.
File\Folder C:\Users\Boludo\AppData\Roaming\UAs not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Boludo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1250898 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43871398 bytes
->Flash cache emptied: 470 bytes
 
User: Catja Mobil
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3886 bytes
RecycleBin emptied: 141312 bytes
 
Total Files Cleaned = 43,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Boludo
->Flash cache emptied: 0 bytes
 
User: Catja Mobil
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.45.0 log created on 06082012_150720

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Gruß
Boludo

Alt 08.06.2012, 18:06   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Banker - Standard

Trojan.Banker



Mach bitte zur Kontrolle ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.06.2012, 20:37   #21
Boludo
 
Trojan.Banker - Standard

Trojan.Banker



gesagt, getan:

Code:
ATTFilter
OTL logfile created on: 08.06.2012 20:27:48 - Run 3
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\Boludo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,57% Memory free
6,19 Gb Paging File | 5,04 Gb Available in Paging File | 81,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 5,31 Gb Free Space | 4,76% Space Free | Partition Type: NTFS
Drive D: | 107,90 Gb Total Space | 16,95 Gb Free Space | 15,71% Space Free | Partition Type: NTFS
 
Computer Name: BOLUDO-PC | User Name: Boludo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.02 20:03:25 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe
PRC - [2012.05.23 08:24:17 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.23 08:24:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.23 08:24:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.23 08:24:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011.08.24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009.11.20 09:33:01 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Boludo\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.03.11 20:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.03.11 11:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.07 04:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007.10.11 08:46:14 | 000,121,344 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2007.10.11 08:45:52 | 000,031,232 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.04.24 19:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.24 18:06:37 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll
MOD - [2012.05.24 18:06:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.24 18:01:05 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.24 17:59:42 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012.05.24 17:59:21 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012.05.24 17:57:36 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.24 17:57:21 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.09.23 15:58:24 | 000,008,960 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.03.29 04:48:02 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3005.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.03.29 04:48:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3005.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.03.29 04:48:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3005.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.03.11 10:14:34 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2007.04.24 19:44:26 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.04.24 19:32:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.07 07:34:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.23 08:24:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.23 08:24:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.08.24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.11.20 23:23:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.18 20:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.12.12 09:31:10 | 000,537,896 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:25:11 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2008.01.21 04:24:20 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008.01.21 04:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.23 08:24:17 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.23 08:24:17 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.11.01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.08 20:42:26 | 000,100,376 | ---- | M] (VisionWorks Solutions, Inc) [File_System | System | Running] -- C:\Windows\System32\drivers\FAMv4.sys -- (FAMv4)
DRV - [2009.08.05 07:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2009.04.11 06:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2008.11.17 08:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.03.13 10:23:06 | 000,080,912 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.07 19:55:00 | 007,480,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.15 10:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:23 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2008.01.21 04:23:20 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008.01.21 04:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008.01.21 04:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008.01.21 04:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2008.01.21 04:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008.01.21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2008.01.21 04:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008.01.21 04:23:00 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008.01.21 04:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2008.01.21 04:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008.01.21 04:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2008.01.21 04:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.21 04:23:00 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2008.01.21 04:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2008.01.08 21:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.12.18 18:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006.11.02 10:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006.11.02 10:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.acer.com/worldwide/selection.html [binary data]
IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://foxtab/content/homepage.html"
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_10.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_10.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.07 07:34:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.23 19:51:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.11 21:59:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Boludo\AppData\Roaming\12011
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.07 07:34:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.23 19:51:51 | 000,000,000 | ---D | M]
 
[2009.11.20 12:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boludo\AppData\Roaming\mozilla\Extensions
[2012.05.26 19:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions
[2010.04.28 19:29:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.07 21:08:08 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions\maps@ovi.com
[2011.07.31 18:52:02 | 000,005,310 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\searchplugins\footiefox.xml
[2012.03.18 21:31:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.26 19:21:38 | 000,222,562 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2012.05.23 19:03:31 | 000,355,956 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\{9FB7D178-155A-4318-9173-1A8EAAEA7FE4}.XPI
[2012.02.07 18:29:57 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2011.10.04 03:16:24 | 000,006,850 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\JL@LEIMBACH-IT.DE.XPI
[2012.06.07 07:34:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.22 17:25:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.01 22:00:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.01 22:00:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.01 22:00:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 22:00:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 22:00:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 22:00:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.08 15:07:27 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8621F01D-1B82-4981-BC90-637664DB07CE}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {90FFD292-B369-BBA7-7F56-9E0BC1A6A21A} - 
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EEEDD2C9-6689-C1EB-5092-CBF54D40AE8C} - Themes Setup
ActiveX: {F1F28391-FC74-32D3-9484-A1B13F2122E1} - Internet Explorer
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.08 06:56:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.06 07:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.02 20:03:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe
[2012.06.02 11:04:39 | 000,000,000 | ---D | C] -- C:\Users\Boludo\AppData\Roaming\Malwarebytes
[2012.06.02 11:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.02 11:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.02 11:04:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.02 11:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.23 19:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.05.23 19:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[1 C:\Users\Boludo\AppData\Roaming\*.tmp files -> C:\Users\Boludo\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.08 20:26:17 | 000,084,934 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.06.08 20:16:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.08 15:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.06.08 15:10:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.08 15:10:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.08 15:10:10 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.08 15:07:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.08 15:07:27 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.06.03 17:50:16 | 000,000,680 | ---- | M] () -- C:\Users\Boludo\AppData\Local\d3d9caps.dat
[2012.06.02 20:03:25 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe
[2012.06.02 20:02:10 | 000,000,000 | ---- | M] () -- C:\Users\Boludo\defogger_reenable
[2012.06.02 11:04:13 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.01 09:31:43 | 000,000,008 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\urhtps.dat
[2012.05.25 20:57:47 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.25 20:57:47 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.25 20:57:47 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.25 20:57:47 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.24 21:14:07 | 000,873,149 | ---- | M] () -- C:\Users\Boludo\Desktop\Foto-5.jpg
[2012.05.24 21:13:10 | 000,905,479 | ---- | M] () -- C:\Users\Boludo\Desktop\Foto-4.jpg
[2012.05.24 21:09:01 | 000,785,606 | ---- | M] () -- C:\Users\Boludo\Desktop\Foto-3.jpg
[2012.05.24 21:08:22 | 000,926,920 | ---- | M] () -- C:\Users\Boludo\Desktop\Foto-2.jpg
[2012.05.24 21:07:28 | 000,807,777 | ---- | M] () -- C:\Users\Boludo\Desktop\Foto-1.jpg
[2012.05.24 17:55:39 | 000,348,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.23 19:51:25 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.05.23 08:24:17 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.23 08:24:17 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Users\Boludo\AppData\Roaming\*.tmp files -> C:\Users\Boludo\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.02 20:02:10 | 000,000,000 | ---- | C] () -- C:\Users\Boludo\defogger_reenable
[2012.06.02 11:04:13 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.01 09:31:43 | 000,000,008 | ---- | C] () -- C:\Users\Boludo\AppData\Roaming\urhtps.dat
[2012.05.31 21:32:45 | 005,515,785 | ---- | C] () -- C:\Users\Boludo\Desktop\046.JPG
[2012.05.24 21:14:06 | 000,873,149 | ---- | C] () -- C:\Users\Boludo\Desktop\Foto-5.jpg
[2012.05.24 21:13:08 | 000,905,479 | ---- | C] () -- C:\Users\Boludo\Desktop\Foto-4.jpg
[2012.05.24 21:08:59 | 000,785,606 | ---- | C] () -- C:\Users\Boludo\Desktop\Foto-3.jpg
[2012.05.24 21:08:20 | 000,926,920 | ---- | C] () -- C:\Users\Boludo\Desktop\Foto-2.jpg
[2012.05.24 21:07:26 | 000,807,777 | ---- | C] () -- C:\Users\Boludo\Desktop\Foto-1.jpg
[2012.05.23 19:51:25 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.06.11 19:02:43 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe
[2011.03.15 23:41:32 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.02.20 15:09:34 | 000,000,699 | ---- | C] () -- C:\Windows\wiso.ini
[2011.01.04 17:07:44 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010.11.05 20:03:33 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.07.26 20:19:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
 
========== LOP Check ==========
 
[2009.11.20 09:55:21 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Acer
[2008.03.29 05:06:10 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Acer GameZone Console
[2009.12.24 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\AnvSoft
[2011.02.20 15:11:25 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Buhl Data Service
[2009.12.29 22:00:24 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Canon
[2009.12.01 19:49:49 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\FreeFLVConverter
[2011.12.30 21:05:34 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\GMX
[2010.05.26 22:18:47 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\IrfanView
[2009.11.20 23:09:08 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Leadertech
[2010.08.01 13:39:02 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\MusicBrainz
[2012.02.11 22:02:35 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia
[2010.05.09 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia Ovi Suite
[2012.02.12 10:06:05 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia Suite
[2009.11.21 11:47:44 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\OpenOffice.org
[2012.03.02 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\PC Suite
[2011.06.11 19:03:23 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\pics
[2010.02.07 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\StreamTorrent
[2009.11.20 09:35:43 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Validity
[2012.02.11 22:03:47 | 000,000,000 | ---D | M] -- C:\Users\Catja Mobil\AppData\Roaming\Nokia
[2011.12.08 22:00:03 | 000,000,000 | ---D | M] -- C:\Users\Catja Mobil\AppData\Roaming\Nokia Ovi Suite
[2011.12.09 22:27:03 | 000,000,000 | ---D | M] -- C:\Users\Catja Mobil\AppData\Roaming\Nokia Suite
[2011.12.08 22:18:45 | 000,000,000 | ---D | M] -- C:\Users\Catja Mobil\AppData\Roaming\PC Suite
[2012.06.08 15:07:41 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.11.20 09:55:21 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Acer
[2008.03.29 05:06:10 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Acer GameZone Console
[2012.06.08 12:38:45 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Adobe
[2009.12.24 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\AnvSoft
[2011.12.10 11:14:39 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Apple Computer
[2011.05.31 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\ArcSoft
[2012.02.21 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Avira
[2009.12.13 15:35:19 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Brother
[2011.02.20 15:11:25 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Buhl Data Service
[2009.12.29 22:00:24 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Canon
[2009.11.20 14:55:50 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\CyberLink
[2009.11.22 18:07:23 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\DivX
[2011.05.17 12:29:14 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\DVD Flick
[2012.04.01 10:23:48 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\dvdcss
[2009.12.01 19:49:49 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\FreeFLVConverter
[2011.12.30 21:05:34 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\GMX
[2009.11.20 09:32:27 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Identities
[2009.11.20 09:33:02 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\InstallShield
[2010.05.26 22:18:47 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\IrfanView
[2009.11.20 23:09:08 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Leadertech
[2009.11.20 09:56:16 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Macromedia
[2012.06.02 11:04:39 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Media Center Programs
[2011.01.10 23:21:00 | 000,000,000 | --SD | M] -- C:\Users\Boludo\AppData\Roaming\Microsoft
[2009.11.20 12:53:56 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Mozilla
[2010.08.01 13:39:02 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\MusicBrainz
[2009.11.20 23:30:21 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nero
[2012.02.11 22:02:35 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia
[2010.05.09 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia Ovi Suite
[2012.02.12 10:06:05 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia Suite
[2009.11.21 11:47:44 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\OpenOffice.org
[2012.03.02 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\PC Suite
[2011.06.11 19:03:23 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\pics
[2012.05.04 08:10:29 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Sony Corporation
[2010.02.07 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\StreamTorrent
[2009.11.20 09:35:43 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Validity
[2012.06.08 15:03:02 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\vlc
[2009.11.20 10:08:06 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Yahoo!
[2009.11.30 22:37:22 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2009.12.13 15:15:17 | 000,010,134 | R--- | M] () -- C:\Users\Boludo\AppData\Roaming\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
[2010.02.12 21:28:00 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Boludo\AppData\Roaming\Microsoft\Installer\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}\ARPPRODUCTICON.exe
[2010.07.09 10:42:45 | 069,222,840 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.12.27 23:24:08 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
Gruß
Boludo

Alt 08.06.2012, 20:59   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Banker - Standard

Trojan.Banker



Ist sehr unauffällig

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.06.2012, 07:02   #23
Boludo
 
Trojan.Banker - Standard

Trojan.Banker



Als Admin ausgeführt, Logfile anbei:

Code:
ATTFilter
07:56:21.0751 3744	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
07:56:22.0343 3744	============================================================
07:56:22.0343 3744	Current date / time: 2012/06/09 07:56:22.0343
07:56:22.0343 3744	SystemInfo:
07:56:22.0343 3744	
07:56:22.0343 3744	OS Version: 6.0.6002 ServicePack: 2.0
07:56:22.0343 3744	Product type: Workstation
07:56:22.0343 3744	ComputerName: BOLUDO-PC
07:56:22.0343 3744	UserName: Boludo
07:56:22.0343 3744	Windows directory: C:\Windows
07:56:22.0343 3744	System windows directory: C:\Windows
07:56:22.0343 3744	Processor architecture: Intel x86
07:56:22.0343 3744	Number of processors: 2
07:56:22.0343 3744	Page size: 0x1000
07:56:22.0343 3744	Boot type: Normal boot
07:56:22.0343 3744	============================================================
07:56:23.0295 3744	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:56:23.0295 3744	============================================================
07:56:23.0295 3744	\Device\Harddisk0\DR0:
07:56:23.0295 3744	MBR partitions:
07:56:23.0295 3744	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xDEE2000
07:56:23.0295 3744	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2E2800, BlocksNum 0xD7CC800
07:56:23.0295 3744	============================================================
07:56:23.0326 3744	C: <-> \Device\Harddisk0\DR0\Partition0
07:56:23.0404 3744	D: <-> \Device\Harddisk0\DR0\Partition1
07:56:23.0404 3744	============================================================
07:56:23.0404 3744	Initialize success
07:56:23.0404 3744	============================================================
07:56:38.0865 4968	============================================================
07:56:38.0865 4968	Scan started
07:56:38.0865 4968	Mode: Manual; SigCheck; TDLFS; 
07:56:38.0865 4968	============================================================
07:56:39.0192 4968	AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
07:56:39.0426 4968	AAV UpdateService - ok
07:56:39.0723 4968	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
07:56:39.0754 4968	ACPI - ok
07:56:39.0848 4968	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
07:56:39.0910 4968	adp94xx - ok
07:56:39.0972 4968	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
07:56:40.0004 4968	adpahci - ok
07:56:40.0035 4968	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
07:56:40.0066 4968	adpu160m - ok
07:56:40.0097 4968	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
07:56:40.0113 4968	adpu320 - ok
07:56:40.0175 4968	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
07:56:40.0316 4968	AeLookupSvc - ok
07:56:40.0394 4968	Afc             (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
07:56:40.0440 4968	Afc ( UnsignedFile.Multi.Generic ) - warning
07:56:40.0440 4968	Afc - detected UnsignedFile.Multi.Generic (1)
07:56:40.0503 4968	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
07:56:40.0596 4968	AFD - ok
07:56:40.0628 4968	AgereModemAudio (8ed60797908fd394eee0d6949f493224) C:\Windows\system32\agrsmsvc.exe
07:56:40.0690 4968	AgereModemAudio - ok
07:56:40.0908 4968	AgereSoftModem  (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
07:56:41.0019 4968	AgereSoftModem - ok
07:56:41.0518 4968	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
07:56:41.0549 4968	agp440 - ok
07:56:41.0627 4968	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
07:56:41.0658 4968	aic78xx - ok
07:56:41.0705 4968	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
07:56:41.0892 4968	ALG - ok
07:56:41.0939 4968	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
07:56:41.0940 4968	aliide - ok
07:56:41.0987 4968	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
07:56:42.0018 4968	amdagp - ok
07:56:42.0034 4968	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
07:56:42.0049 4968	amdide - ok
07:56:42.0127 4968	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
07:56:42.0205 4968	AmdK7 - ok
07:56:42.0221 4968	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
07:56:42.0330 4968	AmdK8 - ok
07:56:42.0377 4968	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
07:56:42.0439 4968	Appinfo - ok
07:56:42.0626 4968	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:56:42.0642 4968	Apple Mobile Device - ok
07:56:42.0689 4968	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
07:56:42.0720 4968	arc - ok
07:56:42.0751 4968	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
07:56:42.0782 4968	arcsas - ok
07:56:42.0845 4968	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
07:56:42.0907 4968	AsyncMac - ok
07:56:42.0970 4968	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
07:56:43.0001 4968	atapi - ok
07:56:43.0110 4968	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
07:56:43.0188 4968	AudioEndpointBuilder - ok
07:56:43.0188 4968	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
07:56:43.0235 4968	Audiosrv - ok
07:56:43.0297 4968	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
07:56:43.0360 4968	Beep - ok
07:56:43.0438 4968	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
07:56:43.0516 4968	BFE - ok
07:56:43.0625 4968	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
07:56:43.0734 4968	BITS - ok
07:56:43.0765 4968	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
07:56:43.0843 4968	blbdrive - ok
07:56:44.0015 4968	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
07:56:44.0062 4968	Bonjour Service - ok
07:56:44.0108 4968	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
07:56:44.0186 4968	bowser - ok
07:56:44.0233 4968	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
07:56:44.0280 4968	BrFiltLo - ok
07:56:44.0296 4968	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
07:56:44.0358 4968	BrFiltUp - ok
07:56:44.0405 4968	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
07:56:44.0483 4968	Browser - ok
07:56:44.0498 4968	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
07:56:44.0779 4968	Brserid - ok
07:56:44.0826 4968	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
07:56:44.0920 4968	BrSerWdm - ok
07:56:44.0935 4968	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
07:56:45.0060 4968	BrUsbMdm - ok
07:56:45.0076 4968	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
07:56:45.0263 4968	BrUsbSer - ok
07:56:45.0294 4968	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
07:56:45.0356 4968	BthEnum - ok
07:56:45.0388 4968	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
07:56:45.0497 4968	BTHMODEM - ok
07:56:45.0575 4968	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
07:56:45.0637 4968	BthPan - ok
07:56:45.0715 4968	BthPort         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
07:56:45.0793 4968	BthPort - ok
07:56:45.0856 4968	BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
07:56:45.0918 4968	BthServ - ok
07:56:45.0934 4968	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
07:56:45.0965 4968	BTHUSB - ok
07:56:46.0027 4968	btwaudio        (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
07:56:46.0121 4968	btwaudio - ok
07:56:46.0183 4968	btwavdt         (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
07:56:46.0199 4968	btwavdt - ok
07:56:46.0308 4968	BUNAgentSvc     (0569b7c9650d5caf67ffcfa8c2d75781) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
07:56:46.0324 4968	BUNAgentSvc - ok
07:56:46.0386 4968	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
07:56:46.0448 4968	cdfs - ok
07:56:46.0495 4968	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
07:56:46.0558 4968	cdrom - ok
07:56:46.0589 4968	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
07:56:46.0651 4968	CertPropSvc - ok
07:56:46.0698 4968	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
07:56:46.0760 4968	circlass - ok
07:56:46.0823 4968	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
07:56:46.0870 4968	CLFS - ok
07:56:47.0041 4968	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:56:47.0057 4968	clr_optimization_v2.0.50727_32 - ok
07:56:47.0150 4968	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:56:47.0182 4968	clr_optimization_v4.0.30319_32 - ok
07:56:47.0213 4968	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
07:56:47.0291 4968	CmBatt - ok
07:56:47.0322 4968	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
07:56:47.0338 4968	cmdide - ok
07:56:47.0400 4968	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
07:56:47.0431 4968	Compbatt - ok
07:56:47.0431 4968	COMSysApp - ok
07:56:47.0494 4968	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
07:56:47.0509 4968	crcdisk - ok
07:56:47.0525 4968	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
07:56:47.0603 4968	Crusoe - ok
07:56:47.0665 4968	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
07:56:47.0728 4968	CryptSvc - ok
07:56:47.0852 4968	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
07:56:47.0915 4968	DcomLaunch - ok
07:56:47.0946 4968	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
07:56:48.0008 4968	DfsC - ok
07:56:48.0274 4968	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
07:56:48.0430 4968	DFSR - ok
07:56:48.0664 4968	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
07:56:48.0742 4968	Dhcp - ok
07:56:48.0820 4968	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
07:56:48.0835 4968	disk - ok
07:56:48.0866 4968	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
07:56:48.0882 4968	DKbFltr - ok
07:56:48.0960 4968	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
07:56:49.0038 4968	Dnscache - ok
07:56:49.0100 4968	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
07:56:49.0163 4968	dot3svc - ok
07:56:49.0194 4968	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
07:56:49.0256 4968	DPS - ok
07:56:49.0319 4968	DritekPortIO    (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
07:56:49.0350 4968	DritekPortIO - ok
07:56:49.0381 4968	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
07:56:49.0444 4968	drmkaud - ok
07:56:49.0553 4968	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
07:56:49.0600 4968	DXGKrnl - ok
07:56:49.0615 4968	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
07:56:49.0678 4968	E1G60 - ok
07:56:49.0740 4968	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
07:56:49.0802 4968	EapHost - ok
07:56:49.0880 4968	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
07:56:49.0912 4968	Ecache - ok
07:56:50.0052 4968	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
07:56:50.0130 4968	ehRecvr - ok
07:56:50.0239 4968	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
07:56:50.0286 4968	ehSched - ok
07:56:50.0302 4968	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
07:56:50.0333 4968	ehstart - ok
07:56:50.0411 4968	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
07:56:50.0504 4968	elxstor - ok
07:56:50.0645 4968	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
07:56:50.0754 4968	EMDMgmt - ok
07:56:50.0785 4968	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
07:56:50.0863 4968	ErrDev - ok
07:56:50.0941 4968	ETService       (58d906d84cc2e303c754ac7314595d3c) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
07:56:50.0972 4968	ETService ( UnsignedFile.Multi.Generic ) - warning
07:56:50.0972 4968	ETService - detected UnsignedFile.Multi.Generic (1)
07:56:51.0050 4968	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
07:56:51.0113 4968	EventSystem - ok
07:56:51.0284 4968	EvtEng          (54b6e150bff4a47eb0d204119d262e46) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
07:56:51.0378 4968	EvtEng ( UnsignedFile.Multi.Generic ) - warning
07:56:51.0378 4968	EvtEng - detected UnsignedFile.Multi.Generic (1)
07:56:51.0456 4968	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
07:56:51.0550 4968	exfat - ok
07:56:51.0612 4968	FAMv4           (b557b048b17dca4d9b1bc325478dc3f7) C:\Windows\system32\DRIVERS\FAMv4.sys
07:56:51.0628 4968	FAMv4 - ok
07:56:51.0674 4968	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
07:56:51.0768 4968	fastfat - ok
07:56:51.0799 4968	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
07:56:51.0862 4968	fdc - ok
07:56:51.0940 4968	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
07:56:52.0002 4968	fdPHost - ok
07:56:52.0018 4968	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
07:56:52.0111 4968	FDResPub - ok
07:56:52.0189 4968	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
07:56:52.0220 4968	FileInfo - ok
07:56:52.0252 4968	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
07:56:52.0314 4968	Filetrace - ok
07:56:52.0439 4968	FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
07:56:52.0501 4968	FLEXnet Licensing Service - ok
07:56:52.0517 4968	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
07:56:52.0579 4968	flpydisk - ok
07:56:52.0657 4968	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
07:56:52.0688 4968	FltMgr - ok
07:56:52.0813 4968	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
07:56:52.0891 4968	FontCache - ok
07:56:53.0000 4968	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:56:53.0032 4968	FontCache3.0.0.0 - ok
07:56:53.0375 4968	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
07:56:53.0437 4968	Fs_Rec - ok
07:56:53.0468 4968	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
07:56:53.0500 4968	gagp30kx - ok
07:56:53.0546 4968	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:56:53.0562 4968	GEARAspiWDM - ok
07:56:53.0640 4968	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
07:56:53.0749 4968	gpsvc - ok
07:56:53.0796 4968	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
07:56:53.0905 4968	HdAudAddService - ok
07:56:54.0014 4968	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:56:54.0108 4968	HDAudBus - ok
07:56:54.0124 4968	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
07:56:54.0217 4968	HidBth - ok
07:56:54.0264 4968	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
07:56:54.0311 4968	HidIr - ok
07:56:54.0358 4968	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
07:56:54.0404 4968	hidserv - ok
07:56:54.0451 4968	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
07:56:54.0482 4968	HidUsb - ok
07:56:54.0623 4968	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
07:56:54.0685 4968	hkmsvc - ok
07:56:54.0716 4968	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
07:56:54.0732 4968	HpCISSs - ok
07:56:54.0810 4968	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
07:56:54.0888 4968	HTTP - ok
07:56:54.0904 4968	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
07:56:54.0935 4968	i2omp - ok
07:56:54.0982 4968	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
07:56:55.0028 4968	i8042prt - ok
07:56:55.0200 4968	IAANTMON        (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
07:56:55.0231 4968	IAANTMON - ok
07:56:55.0294 4968	iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
07:56:55.0309 4968	iaStor - ok
07:56:55.0356 4968	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
07:56:55.0418 4968	iaStorV - ok
07:56:55.0637 4968	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:56:55.0730 4968	idsvc - ok
07:56:55.0762 4968	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
07:56:55.0777 4968	iirsp - ok
07:56:55.0871 4968	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
07:56:55.0964 4968	IKEEXT - ok
07:56:55.0980 4968	int15           (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
07:56:56.0011 4968	int15 ( UnsignedFile.Multi.Generic ) - warning
07:56:56.0011 4968	int15 - detected UnsignedFile.Multi.Generic (1)
07:56:56.0292 4968	IntcAzAudAddService (92bcc487f16892cda495dbd8160272d9) C:\Windows\system32\drivers\RTKVHDA.sys
07:56:56.0417 4968	IntcAzAudAddService - ok
07:56:56.0791 4968	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
07:56:56.0822 4968	intelide - ok
07:56:56.0854 4968	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
07:56:56.0916 4968	intelppm - ok
07:56:56.0947 4968	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
07:56:57.0025 4968	IPBusEnum - ok
07:56:57.0041 4968	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:56:57.0166 4968	IpFilterDriver - ok
07:56:57.0212 4968	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
07:56:57.0306 4968	iphlpsvc - ok
07:56:57.0306 4968	IpInIp - ok
07:56:57.0353 4968	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
07:56:57.0400 4968	IPMIDRV - ok
07:56:57.0431 4968	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
07:56:57.0509 4968	IPNAT - ok
07:56:57.0712 4968	iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
07:56:57.0758 4968	iPod Service - ok
07:56:57.0774 4968	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
07:56:57.0821 4968	IRENUM - ok
07:56:57.0868 4968	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
07:56:57.0883 4968	isapnp - ok
07:56:57.0977 4968	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
07:56:58.0008 4968	iScsiPrt - ok
07:56:58.0039 4968	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
07:56:58.0055 4968	iteatapi - ok
07:56:58.0070 4968	itecir          (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
07:56:58.0117 4968	itecir - ok
07:56:58.0133 4968	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
07:56:58.0164 4968	iteraid - ok
07:56:58.0211 4968	JMCR            (8123f605779db22ffc67fa84b8381803) C:\Windows\system32\DRIVERS\jmcr.sys
07:56:58.0289 4968	JMCR - ok
07:56:58.0320 4968	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:56:58.0351 4968	kbdclass - ok
07:56:58.0398 4968	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
07:56:58.0476 4968	kbdhid - ok
07:56:58.0538 4968	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:56:58.0601 4968	KeyIso - ok
07:56:58.0663 4968	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
07:56:58.0710 4968	KSecDD - ok
07:56:58.0804 4968	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
07:56:58.0897 4968	KtmRm - ok
07:56:58.0944 4968	L1E             (24abddeb766c8459f9d562eb083b6cb8) C:\Windows\system32\DRIVERS\L1E60x86.sys
07:56:58.0991 4968	L1E - ok
07:56:59.0053 4968	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
07:56:59.0131 4968	LanmanServer - ok
07:56:59.0194 4968	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
07:56:59.0272 4968	LanmanWorkstation - ok
07:56:59.0318 4968	Lavasoft Kernexplorer - ok
07:56:59.0381 4968	LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:56:59.0396 4968	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
07:56:59.0396 4968	LightScribeService - detected UnsignedFile.Multi.Generic (1)
07:56:59.0552 4968	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
07:56:59.0615 4968	lltdio - ok
07:56:59.0646 4968	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
07:56:59.0724 4968	lltdsvc - ok
07:56:59.0771 4968	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
07:56:59.0849 4968	lmhosts - ok
07:56:59.0896 4968	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
07:56:59.0911 4968	LSI_FC - ok
07:56:59.0927 4968	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
07:56:59.0958 4968	LSI_SAS - ok
07:57:00.0005 4968	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
07:57:00.0036 4968	LSI_SCSI - ok
07:57:00.0052 4968	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
07:57:00.0114 4968	luafv - ok
07:57:00.0176 4968	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
07:57:00.0208 4968	MBAMProtector - ok
07:57:00.0473 4968	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:57:00.0520 4968	MBAMService - ok
07:57:00.0566 4968	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
07:57:00.0598 4968	Mcx2Svc - ok
07:57:00.0629 4968	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
07:57:00.0660 4968	megasas - ok
07:57:00.0738 4968	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
07:57:00.0785 4968	MegaSR - ok
07:57:00.0847 4968	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
07:57:00.0925 4968	MMCSS - ok
07:57:00.0956 4968	MobilityService - ok
07:57:00.0988 4968	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
07:57:01.0050 4968	Modem - ok
07:57:01.0066 4968	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
07:57:01.0128 4968	monitor - ok
07:57:01.0144 4968	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
07:57:01.0159 4968	mouclass - ok
07:57:01.0190 4968	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
07:57:01.0253 4968	mouhid - ok
07:57:01.0268 4968	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
07:57:01.0300 4968	MountMgr - ok
07:57:01.0393 4968	MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:57:01.0409 4968	MozillaMaintenance - ok
07:57:01.0471 4968	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
07:57:01.0502 4968	mpio - ok
07:57:01.0518 4968	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
07:57:01.0580 4968	mpsdrv - ok
07:57:01.0705 4968	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
07:57:01.0799 4968	MpsSvc - ok
07:57:01.0814 4968	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
07:57:01.0846 4968	Mraid35x - ok
07:57:01.0892 4968	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
07:57:01.0939 4968	MRxDAV - ok
07:57:01.0970 4968	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:57:02.0033 4968	mrxsmb - ok
07:57:02.0095 4968	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:57:02.0158 4968	mrxsmb10 - ok
07:57:02.0173 4968	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:57:02.0204 4968	mrxsmb20 - ok
07:57:02.0236 4968	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
07:57:02.0251 4968	msahci - ok
07:57:02.0282 4968	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
07:57:02.0314 4968	msdsm - ok
07:57:02.0360 4968	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
07:57:02.0438 4968	MSDTC - ok
07:57:02.0470 4968	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
07:57:02.0532 4968	Msfs - ok
07:57:02.0579 4968	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
07:57:02.0610 4968	msisadrv - ok
07:57:02.0657 4968	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
07:57:02.0719 4968	MSiSCSI - ok
07:57:02.0735 4968	msiserver - ok
07:57:02.0766 4968	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
07:57:02.0828 4968	MSKSSRV - ok
07:57:02.0860 4968	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
07:57:02.0922 4968	MSPCLOCK - ok
07:57:02.0938 4968	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
07:57:02.0984 4968	MSPQM - ok
07:57:03.0047 4968	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
07:57:03.0078 4968	MsRPC - ok
07:57:03.0094 4968	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
07:57:03.0125 4968	mssmbios - ok
07:57:03.0172 4968	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
07:57:03.0218 4968	MSTEE - ok
07:57:03.0296 4968	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
07:57:03.0328 4968	Mup - ok
07:57:03.0437 4968	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
07:57:03.0530 4968	napagent - ok
07:57:03.0608 4968	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
07:57:03.0655 4968	NativeWifiP - ok
07:57:03.0749 4968	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
07:57:03.0811 4968	NDIS - ok
07:57:03.0827 4968	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
07:57:03.0889 4968	NdisTapi - ok
07:57:03.0967 4968	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
07:57:04.0014 4968	Ndisuio - ok
07:57:04.0092 4968	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:57:04.0154 4968	NdisWan - ok
07:57:04.0170 4968	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
07:57:04.0217 4968	NDProxy - ok
07:57:04.0217 4968	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
07:57:04.0277 4968	NetBIOS - ok
07:57:04.0339 4968	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
07:57:04.0401 4968	netbt - ok
07:57:04.0433 4968	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:57:04.0464 4968	Netlogon - ok
07:57:04.0511 4968	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
07:57:04.0589 4968	Netman - ok
07:57:04.0635 4968	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
07:57:04.0713 4968	netprofm - ok
07:57:04.0885 4968	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:57:04.0916 4968	NetTcpPortSharing - ok
07:57:05.0213 4968	NETw4v32        (caaea35dae7f4c19db05481dac22c2ba) C:\Windows\system32\DRIVERS\NETw4v32.sys
07:57:05.0353 4968	NETw4v32 - ok
07:57:05.0946 4968	NETw5v32        (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
07:57:06.0258 4968	NETw5v32 - ok
07:57:06.0539 4968	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
07:57:06.0570 4968	nfrd960 - ok
07:57:06.0601 4968	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
07:57:06.0695 4968	NlaSvc - ok
07:57:06.0882 4968	NMIndexingService (62f68443d244024845b875b44d76a92f) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
07:57:06.0913 4968	NMIndexingService - ok
07:57:07.0007 4968	nmwcd           (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys
07:57:07.0100 4968	nmwcd - ok
07:57:07.0147 4968	nmwcdc          (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys
07:57:07.0241 4968	nmwcdc - ok
07:57:07.0303 4968	nmwcdnsu        (99b224f8026cb534724aa3c408561e45) C:\Windows\system32\drivers\nmwcdnsu.sys
07:57:07.0365 4968	nmwcdnsu - ok
07:57:07.0412 4968	nmwcdnsuc       (d23257682d349a5e2e4507ed33decc16) C:\Windows\system32\drivers\nmwcdnsuc.sys
07:57:07.0490 4968	nmwcdnsuc - ok
07:57:07.0646 4968	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
07:57:07.0709 4968	Npfs - ok
07:57:07.0740 4968	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
07:57:07.0818 4968	nsi - ok
07:57:07.0833 4968	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
07:57:07.0911 4968	nsiproxy - ok
07:57:08.0067 4968	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
07:57:08.0177 4968	Ntfs - ok
07:57:08.0317 4968	NTIBackupSvc    (0e0e12fff7292141db6865efd8590f5d) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
07:57:08.0348 4968	NTIBackupSvc - ok
07:57:08.0863 4968	NTIDrvr         (13e6d89060a3006f8b3acbe49110635e) C:\Windows\system32\Drivers\NTIDrvr.sys
07:57:08.0879 4968	NTIDrvr - ok
07:57:08.0910 4968	NTISchedulerSvc (b8cb534f8900e03dcd8965df78ade3c0) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
07:57:08.0941 4968	NTISchedulerSvc - ok
07:57:08.0972 4968	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
07:57:09.0066 4968	ntrigdigi - ok
07:57:09.0097 4968	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
07:57:09.0144 4968	Null - ok
07:57:10.0142 4968	nvlddmkm        (87a335a444551a432226720d18337ad9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:57:10.0657 4968	nvlddmkm - ok
07:57:10.0969 4968	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
07:57:11.0000 4968	nvraid - ok
07:57:11.0031 4968	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
07:57:11.0063 4968	nvstor - ok
07:57:11.0078 4968	nvsvc           (03bd4f5759e6630d521be0e123060a9b) C:\Windows\system32\nvvsvc.exe
07:57:11.0125 4968	nvsvc - ok
07:57:11.0141 4968	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
07:57:11.0172 4968	nv_agp - ok
07:57:11.0172 4968	NwlnkFlt - ok
07:57:11.0187 4968	NwlnkFwd - ok
07:57:11.0234 4968	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
07:57:11.0312 4968	ohci1394 - ok
07:57:11.0437 4968	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:57:11.0640 4968	p2pimsvc - ok
07:57:11.0655 4968	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:57:11.0702 4968	p2psvc - ok
07:57:11.0780 4968	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
07:57:11.0874 4968	Parport - ok
07:57:11.0967 4968	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
07:57:11.0999 4968	partmgr - ok
07:57:12.0030 4968	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
07:57:12.0123 4968	Parvdm - ok
07:57:12.0139 4968	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
07:57:12.0201 4968	PcaSvc - ok
07:57:12.0264 4968	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
07:57:12.0326 4968	pccsmcfd - ok
07:57:12.0389 4968	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
07:57:12.0420 4968	pci - ok
07:57:12.0467 4968	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
07:57:12.0482 4968	pciide - ok
07:57:12.0529 4968	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
07:57:12.0545 4968	pcmcia - ok
07:57:12.0654 4968	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
07:57:12.0779 4968	PEAUTH - ok
07:57:12.0966 4968	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
07:57:13.0091 4968	pla - ok
07:57:13.0512 4968	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
07:57:13.0605 4968	PlugPlay - ok
07:57:13.0839 4968	PMBDeviceInfoProvider (ae6c778717de2f6b0c0b5335036d3363) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
07:57:13.0886 4968	PMBDeviceInfoProvider - ok
07:57:13.0995 4968	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:57:14.0042 4968	PNRPAutoReg - ok
07:57:14.0058 4968	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:57:14.0105 4968	PNRPsvc - ok
07:57:14.0198 4968	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
07:57:14.0276 4968	PolicyAgent - ok
07:57:14.0354 4968	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
07:57:14.0432 4968	PptpMiniport - ok
07:57:14.0463 4968	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
07:57:14.0510 4968	Processor - ok
07:57:14.0557 4968	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
07:57:14.0822 4968	ProfSvc - ok
07:57:14.0869 4968	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:57:14.0900 4968	ProtectedStorage - ok
07:57:15.0306 4968	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
07:57:15.0353 4968	PSched - ok
07:57:15.0524 4968	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
07:57:15.0618 4968	ql2300 - ok
07:57:15.0649 4968	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
07:57:15.0680 4968	ql40xx - ok
07:57:15.0774 4968	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
07:57:15.0836 4968	QWAVE - ok
07:57:15.0867 4968	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
07:57:15.0883 4968	QWAVEdrv - ok
07:57:15.0930 4968	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
07:57:15.0992 4968	RasAcd - ok
07:57:16.0008 4968	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
07:57:16.0101 4968	RasAuto - ok
07:57:16.0101 4968	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:57:16.0164 4968	Rasl2tp - ok
07:57:16.0226 4968	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
07:57:16.0289 4968	RasMan - ok
07:57:16.0398 4968	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
07:57:16.0507 4968	RasPppoe - ok
07:57:16.0554 4968	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
07:57:16.0585 4968	RasSstp - ok
07:57:16.0663 4968	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
07:57:16.0725 4968	rdbss - ok
07:57:16.0757 4968	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:57:16.0819 4968	RDPCDD - ok
07:57:16.0866 4968	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
07:57:16.0913 4968	rdpdr - ok
07:57:16.0928 4968	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
07:57:17.0006 4968	RDPENCDD - ok
07:57:17.0053 4968	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
07:57:17.0162 4968	RDPWD - ok
07:57:17.0349 4968	RegSrvc         (3ff45b7f17d5837216abae652cc61540) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
07:57:17.0396 4968	RegSrvc ( UnsignedFile.Multi.Generic ) - warning
07:57:17.0396 4968	RegSrvc - detected UnsignedFile.Multi.Generic (1)
07:57:17.0443 4968	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
07:57:17.0505 4968	RemoteAccess - ok
07:57:17.0552 4968	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
07:57:17.0599 4968	RemoteRegistry - ok
07:57:17.0677 4968	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
07:57:17.0724 4968	RFCOMM - ok
07:57:17.0755 4968	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
07:57:17.0802 4968	RpcLocator - ok
07:57:17.0942 4968	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
07:57:18.0005 4968	RpcSs - ok
07:57:18.0036 4968	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
07:57:18.0114 4968	rspndr - ok
07:57:18.0270 4968	RS_Service      (73835c4f79adc404ef39c8a9e2d4183b) C:\Program Files\Acer\Acer VCM\RS_Service.exe
07:57:18.0301 4968	RS_Service ( UnsignedFile.Multi.Generic ) - warning
07:57:18.0301 4968	RS_Service - detected UnsignedFile.Multi.Generic (1)
07:57:18.0332 4968	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:57:18.0363 4968	SamSs - ok
07:57:18.0426 4968	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
07:57:18.0457 4968	sbp2port - ok
07:57:18.0582 4968	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
07:57:18.0644 4968	SCardSvr - ok
07:57:18.0753 4968	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
07:57:18.0816 4968	Schedule - ok
07:57:18.0925 4968	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
07:57:18.0987 4968	SCPolicySvc - ok
07:57:19.0019 4968	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
07:57:19.0065 4968	SDRSVC - ok
07:57:19.0112 4968	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:57:19.0206 4968	secdrv - ok
07:57:19.0221 4968	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
07:57:19.0284 4968	seclogon - ok
07:57:19.0299 4968	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
07:57:19.0377 4968	SENS - ok
07:57:19.0409 4968	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
07:57:19.0502 4968	Serenum - ok
07:57:19.0519 4968	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
07:57:19.0612 4968	Serial - ok
07:57:19.0644 4968	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
07:57:19.0690 4968	sermouse - ok
07:57:19.0846 4968	ServiceLayer    (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
07:57:19.0893 4968	ServiceLayer - ok
07:57:19.0940 4968	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
07:57:20.0002 4968	SessionEnv - ok
07:57:20.0034 4968	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
07:57:20.0080 4968	sffdisk - ok
07:57:20.0096 4968	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
07:57:20.0158 4968	sffp_mmc - ok
07:57:20.0205 4968	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
07:57:20.0268 4968	sffp_sd - ok
07:57:20.0268 4968	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
07:57:20.0361 4968	sfloppy - ok
07:57:20.0486 4968	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
07:57:20.0565 4968	SharedAccess - ok
07:57:20.0674 4968	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
07:57:20.0861 4968	ShellHWDetection - ok
07:57:20.0924 4968	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
07:57:20.0955 4968	sisagp - ok
07:57:20.0986 4968	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
07:57:21.0017 4968	SiSRaid2 - ok
07:57:21.0033 4968	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
07:57:21.0064 4968	SiSRaid4 - ok
07:57:21.0563 4968	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
07:57:21.0813 4968	slsvc - ok
07:57:22.0047 4968	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
07:57:22.0141 4968	SLUINotify - ok
07:57:22.0187 4968	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
07:57:22.0250 4968	Smb - ok
07:57:22.0312 4968	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
07:57:22.0375 4968	SNMPTRAP - ok
07:57:22.0406 4968	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
07:57:22.0437 4968	spldr - ok
07:57:22.0468 4968	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
07:57:22.0531 4968	Spooler - ok
07:57:22.0609 4968	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
07:57:22.0687 4968	srv - ok
07:57:22.0733 4968	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
07:57:22.0796 4968	srv2 - ok
07:57:22.0843 4968	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
07:57:22.0874 4968	srvnet - ok
07:57:22.0921 4968	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
07:57:22.0967 4968	SSDPSRV - ok
07:57:23.0030 4968	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
07:57:23.0061 4968	SstpSvc - ok
07:57:23.0139 4968	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
07:57:23.0201 4968	stisvc - ok
07:57:23.0233 4968	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
07:57:23.0248 4968	swenum - ok
07:57:23.0342 4968	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
07:57:23.0420 4968	swprv - ok
07:57:23.0482 4968	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
07:57:23.0498 4968	Symc8xx - ok
07:57:23.0529 4968	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
07:57:23.0545 4968	Sym_hi - ok
07:57:23.0560 4968	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
07:57:23.0576 4968	Sym_u3 - ok
07:57:23.0638 4968	SynTP           (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
07:57:23.0654 4968	SynTP - ok
07:57:23.0747 4968	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
07:57:23.0825 4968	SysMain - ok
07:57:23.0872 4968	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
07:57:23.0919 4968	TabletInputService - ok
07:57:23.0981 4968	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
07:57:24.0044 4968	TapiSrv - ok
07:57:24.0059 4968	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
07:57:24.0122 4968	TBS - ok
07:57:24.0278 4968	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
07:57:24.0356 4968	Tcpip - ok
07:57:24.0371 4968	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
07:57:24.0449 4968	Tcpip6 - ok
07:57:24.0512 4968	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
07:57:24.0559 4968	tcpipreg - ok
07:57:24.0590 4968	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
07:57:24.0637 4968	TDPIPE - ok
07:57:24.0668 4968	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
07:57:24.0715 4968	TDTCP - ok
07:57:24.0761 4968	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
07:57:24.0824 4968	tdx - ok
07:57:24.0871 4968	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
07:57:24.0886 4968	TermDD - ok
07:57:25.0042 4968	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
07:57:25.0136 4968	TermService - ok
07:57:25.0229 4968	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
07:57:25.0261 4968	Themes - ok
07:57:25.0292 4968	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
07:57:25.0354 4968	THREADORDER - ok
07:57:25.0401 4968	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
07:57:25.0448 4968	TrkWks - ok
07:57:25.0713 4968	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
07:57:25.0744 4968	TrustedInstaller - ok
07:57:25.0807 4968	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:57:25.0900 4968	tssecsrv - ok
07:57:25.0931 4968	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
07:57:25.0978 4968	tunmp - ok
07:57:26.0009 4968	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
07:57:26.0041 4968	tunnel - ok
07:57:26.0056 4968	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
07:57:26.0087 4968	uagp35 - ok
07:57:26.0228 4968	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
07:57:26.0290 4968	udfs - ok
07:57:26.0337 4968	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
07:57:26.0399 4968	UI0Detect - ok
07:57:26.0415 4968	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
07:57:26.0446 4968	uliagpkx - ok
07:57:26.0477 4968	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
07:57:26.0524 4968	uliahci - ok
07:57:26.0555 4968	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
07:57:26.0571 4968	UlSata - ok
07:57:26.0602 4968	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
07:57:26.0618 4968	ulsata2 - ok
07:57:26.0649 4968	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
07:57:26.0711 4968	umbus - ok
07:57:26.0743 4968	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
07:57:26.0821 4968	upnphost - ok
07:57:26.0883 4968	upperdev        (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
07:57:26.0961 4968	upperdev - ok
07:57:27.0023 4968	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
07:57:27.0070 4968	USBAAPL - ok
07:57:27.0117 4968	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
07:57:27.0179 4968	usbaudio - ok
07:57:27.0211 4968	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
07:57:27.0273 4968	usbccgp - ok
07:57:27.0304 4968	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
07:57:27.0413 4968	usbcir - ok
07:57:27.0445 4968	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
07:57:27.0491 4968	usbehci - ok
07:57:27.0554 4968	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
07:57:27.0601 4968	usbhub - ok
07:57:27.0616 4968	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
07:57:27.0710 4968	usbohci - ok
07:57:27.0772 4968	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
07:57:27.0819 4968	usbprint - ok
07:57:27.0866 4968	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
07:57:27.0913 4968	usbscan - ok
07:57:28.0006 4968	usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
07:57:28.0053 4968	usbser - ok
07:57:28.0115 4968	UsbserFilt      (e44f0d17be0908b58dcc99ccb99c6c32) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
07:57:28.0178 4968	UsbserFilt - ok
07:57:28.0209 4968	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:57:28.0271 4968	USBSTOR - ok
07:57:28.0287 4968	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
07:57:28.0334 4968	usbuhci - ok
07:57:28.0365 4968	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
07:57:28.0443 4968	usbvideo - ok
07:57:28.0474 4968	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
07:57:28.0537 4968	UxSms - ok
07:57:28.0615 4968	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
07:57:28.0724 4968	vds - ok
07:57:28.0755 4968	vfs101x         (4d45a93a7dd638ca2db0a86fbfbf42d1) C:\Windows\system32\drivers\vfs101x.sys
07:57:28.0786 4968	vfs101x - ok
07:57:28.0802 4968	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
07:57:28.0864 4968	vga - ok
07:57:28.0880 4968	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
07:57:28.0927 4968	VgaSave - ok
07:57:28.0958 4968	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
07:57:28.0989 4968	viaagp - ok
07:57:29.0005 4968	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
07:57:29.0067 4968	ViaC7 - ok
07:57:29.0083 4968	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
07:57:29.0098 4968	viaide - ok
07:57:29.0129 4968	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
07:57:29.0161 4968	volmgr - ok
07:57:29.0223 4968	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
07:57:29.0254 4968	volmgrx - ok
07:57:29.0317 4968	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
07:57:29.0348 4968	volsnap - ok
07:57:29.0395 4968	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
07:57:29.0426 4968	vsmraid - ok
07:57:29.0551 4968	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
07:57:29.0644 4968	VSS - ok
07:57:29.0769 4968	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
07:57:29.0816 4968	W32Time - ok
07:57:29.0878 4968	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
07:57:29.0972 4968	WacomPen - ok
07:57:29.0987 4968	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:57:30.0065 4968	Wanarp - ok
07:57:30.0065 4968	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:57:30.0112 4968	Wanarpv6 - ok
07:57:30.0190 4968	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
07:57:30.0237 4968	wcncsvc - ok
07:57:30.0268 4968	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
07:57:30.0315 4968	WcsPlugInService - ok
07:57:30.0331 4968	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
07:57:30.0346 4968	Wd - ok
07:57:30.0455 4968	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
07:57:30.0502 4968	Wdf01000 - ok
07:57:30.0518 4968	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
07:57:30.0596 4968	WdiServiceHost - ok
07:57:30.0596 4968	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
07:57:30.0658 4968	WdiSystemHost - ok
07:57:30.0783 4968	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
07:57:30.0845 4968	WebClient - ok
07:57:30.0939 4968	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
07:57:31.0001 4968	Wecsvc - ok
07:57:31.0048 4968	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
07:57:31.0095 4968	wercplsupport - ok
07:57:31.0173 4968	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
07:57:31.0220 4968	WerSvc - ok
07:57:31.0313 4968	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
07:57:31.0345 4968	WinDefend - ok
07:57:31.0360 4968	WinHttpAutoProxySvc - ok
07:57:31.0501 4968	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
07:57:31.0547 4968	Winmgmt - ok
07:57:31.0719 4968	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
07:57:31.0844 4968	WinRM - ok
07:57:31.0953 4968	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
07:57:32.0047 4968	Wlansvc - ok
07:57:32.0109 4968	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:57:32.0187 4968	WmiAcpi - ok
07:57:32.0343 4968	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
07:57:32.0390 4968	wmiApSrv - ok
07:57:32.0593 4968	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
07:57:32.0702 4968	WMPNetworkSvc - ok
07:57:32.0811 4968	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
07:57:32.0905 4968	WPCSvc - ok
07:57:32.0951 4968	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
07:57:33.0045 4968	WPDBusEnum - ok
07:57:33.0107 4968	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
07:57:33.0139 4968	WpdUsb - ok
07:57:33.0419 4968	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:57:33.0513 4968	WPFFontCache_v0400 - ok
07:57:33.0544 4968	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
07:57:33.0607 4968	ws2ifsl - ok
07:57:33.0669 4968	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
07:57:33.0934 4968	wscsvc - ok
07:57:33.0950 4968	WSearch - ok
07:57:34.0168 4968	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
07:57:34.0309 4968	wuauserv - ok
07:57:34.0589 4968	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
07:57:34.0667 4968	WudfPf - ok
07:57:34.0714 4968	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:57:34.0745 4968	WUDFRd - ok
07:57:34.0777 4968	wudfsvc         (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
07:57:34.0870 4968	wudfsvc - ok
07:57:34.0933 4968	MBR (0x1B8)     (bb9d3a6a13c5010348da7c900bb6af50) \Device\Harddisk0\DR0
07:57:36.0399 4968	\Device\Harddisk0\DR0 - ok
07:57:36.0415 4968	Boot (0x1200)   (82e711d545f91928641b5d30ab48097a) \Device\Harddisk0\DR0\Partition0
07:57:36.0430 4968	\Device\Harddisk0\DR0\Partition0 - ok
07:57:36.0446 4968	Boot (0x1200)   (e373e4cc2d31b5777adb772015864597) \Device\Harddisk0\DR0\Partition1
07:57:36.0446 4968	\Device\Harddisk0\DR0\Partition1 - ok
07:57:36.0446 4968	============================================================
07:57:36.0446 4968	Scan finished
07:57:36.0446 4968	============================================================
07:57:36.0477 4960	Detected object count: 7
07:57:36.0477 4960	Actual detected object count: 7
07:57:57.0709 4960	Afc ( UnsignedFile.Multi.Generic ) - skipped by user
07:57:57.0709 4960	Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:57:57.0709 4960	ETService ( UnsignedFile.Multi.Generic ) - skipped by user
07:57:57.0709 4960	ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:57:57.0709 4960	EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
07:57:57.0709 4960	EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:57:57.0724 4960	int15 ( UnsignedFile.Multi.Generic ) - skipped by user
07:57:57.0724 4960	int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:57:57.0724 4960	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
07:57:57.0724 4960	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:57:57.0724 4960	RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:57:57.0724 4960	RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:57:57.0724 4960	RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
07:57:57.0724 4960	RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Gruß, Boludo

Alt 09.06.2012, 23:09   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Banker - Standard

Trojan.Banker



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.06.2012, 20:55   #25
Boludo
 
Trojan.Banker - Standard

Trojan.Banker



Anbei das Logfile:

Code:
ATTFilter
ComboFix 12-06-10.01 - Boludo 10.06.2012  21:29:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1825 [GMT 2:00]
ausgeführt von:: c:\users\Boludo\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Boludo\AppData\Roaming\AcroIEHelpe.txt
c:\users\Boludo\AppData\Roaming\srvblck5.tmp
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-10 bis 2012-06-10  ))))))))))))))))))))))))))))))
.
.
2012-06-10 19:44 . 2012-06-10 19:44	--------	d-----w-	c:\users\Boludo\AppData\Local\temp
2012-06-10 19:44 . 2012-06-10 19:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-10 19:44 . 2012-06-10 19:44	--------	d-----w-	c:\users\Catja Mobil\AppData\Local\temp
2012-06-08 10:40 . 2012-05-08 16:40	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AED34D26-C047-48AD-82CB-5A48FAA5C75F}\mpengine.dll
2012-06-08 04:56 . 2012-06-08 04:56	--------	d-----w-	C:\_OTL
2012-06-07 05:34 . 2012-06-07 05:34	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-07 05:34 . 2012-06-07 05:34	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-07 05:30 . 2012-06-07 05:30	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-06 05:10 . 2012-06-06 05:10	--------	d-----w-	c:\program files\ESET
2012-06-02 09:04 . 2012-06-02 09:04	--------	d-----w-	c:\users\Boludo\AppData\Roaming\Malwarebytes
2012-06-02 09:04 . 2012-06-02 09:04	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-02 09:04 . 2012-06-02 09:04	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-02 09:04 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-23 06:35 . 2012-03-20 23:28	53120	----a-w-	c:\windows\system32\drivers\partmgr.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-07 05:30 . 2011-05-24 04:45	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\system32\QuickTime.qts
2012-06-07 05:34 . 2011-03-27 10:14	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-07 13527584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-07 92704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-03-13 805384]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2009-09-22 33024]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-11-20 1216512]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-29 110592]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2012\mshaktuell.exe [2012-2-7 1380464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
bthsvcs	REG_MULTI_SZ   	BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\
FF - prefs.js: browser.startup.homepage - chrome://foxtab/content/homepage.html
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-eRecoveryService - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Heroes III The Shadow of Death - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-10 21:44
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5416)
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
.
Zeit der Fertigstellung: 2012-06-10  21:48:44
ComboFix-quarantined-files.txt  2012-06-10 19:48
.
Vor Suchlauf: 5.390.258.176 Bytes frei
Nach Suchlauf: 6.582.837.248 Bytes frei
.
- - End Of File - - D3821D9BF68DAA057F89627E64041824
         
Gruß
Boludo

Alt 11.06.2012, 08:44   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Banker - Standard

Trojan.Banker



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.06.2012, 22:07   #27
Boludo
 
Trojan.Banker - Standard

Trojan.Banker



Puh!

GMER:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-11 22:21:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: e2lkz6t9.exe; Driver: C:\Users\Boludo\AppData\Local\Temp\pfriipog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                             section is writeable [0x8E20A340, 0x3D50E7, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73FB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [73FFB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [73FBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [73FAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [73FB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [73FAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73FE73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [73FBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [73FAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [73FAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [73FA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7403CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [73FDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [73FAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [73FA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [73FA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [73FB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec4348                          
Reg             HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\001f3aec4348 (not active ControlSet)      
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOPM02.00.00.01PRO                             D4A20DAD5868B6041F04324742A5C08A4AA057E0733C7E4C1DDFA45CC1C941D4674BF258D6B8800A9109D0A2DEC8CD5CDFEC54BDF821889B189644EF887B7147759D09E7C5D7030263D371F0AB431E839090CAB02DAF89AECE10BF7BBE58BC9CC5E410B933BB7857EF7015D65A9D3B06ED769747841FF8C2A53BEF16C06A24ECB3AD7E8AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452C038D530D6EB34529DB7CE019D40AA5C80ABBC8B1D9C3EF8987473BA6BA15654E4CBE3AEE6BAB6D9675FC46044E9E6C0A7A78D5E861D47FEF8887DA770D2876F1307FC96BFE0E9027914C65B44C0D801B65E65853D6ACB60613C009E07C77824F6A3F658A2B0DACF04A8CFC0FE770B689C1D72939D8CDB8AA433B50D8329D48868B2B85A768EF32204C195140FD5C2C19E3BD7441CCA3CCF6E12CC054C60FE1A174C1E2AB7A852404D874078A7687DB9D10FAAF53C326667B9826A3FDD9A0CB6830BF875F6EB4A5186A5EC370D7E68632577F4299A16856C57B1A316C4C9C6A1848C0B92580BE0E02A4CAD3D98ADE832D5D3350565887A5B6CD10408A7A5AB0343740D77937F5260862C869B37CC1701F8885D53DCE4DA9871998AB7BB28ECE5BCE82CC175028B24408070076BF8BB0C76FE528159C6EDE834C02BE

---- EOF - GMER 1.0.15 ----
         
OSAM:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:39:19 on 11.06.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 13.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\Boludo\AppData\Local\Temp\catchme.sys  (File not found)
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys
"FAMv4" (FAMv4) - "VisionWorks Solutions, Inc" - C:\Windows\System32\DRIVERS\FAMv4.sys
"int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{D821DC4A-0814-435E-9820-661C543A4679} "CRLDownloadWrapper Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\crlocx.ocx / hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Acer VCM.lnk" - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\AcerVCM.exe  (Shortcut exists | File exists)
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
"WISO Mein Steuer-Sparbuch heute.lnk" - "Buhl Tax Service, Hannover" - C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ArcSoft Connection Service" - "ArcSoft" - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"BkupTray" - ? - "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"eAudio" - "Acer Incorporated" - "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
"ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"PMBVolumeWatcher" - "Sony Corporation" - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
"PPort11reminder" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"GMX Fax Monitor" - "GMX GmbH" - C:\Windows\system32\UIGMXMON.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"NTI Backup Now 5 Agent Service" (BUNAgentSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"PMBDeviceInfoProvider" (PMBDeviceInfoProvider) - "Sony Corporation" - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 22:42:35
-----------------------------
22:42:35.075    OS Version: Windows 6.0.6002 Service Pack 2
22:42:35.075    Number of processors: 2 586 0xF0D
22:42:35.091    ComputerName: BOLUDO-PC  UserName: Boludo
22:43:38.616    Initialize success
22:46:12.316    AVAST engine defs: 12061100
22:46:20.335    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:46:20.335    Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
22:46:20.366    Disk 0 MBR read successfully
22:46:20.382    Disk 0 MBR scan
22:46:20.382    Disk 0 unknown MBR code
22:46:20.397    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
22:46:20.413    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       114116 MB offset 20973568
22:46:20.444    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       110489 MB offset 254683136
22:46:20.538    Disk 0 Partition 4 00     12  Compaq diag NTFS         3628 MB offset 480964608
22:46:20.553    Disk 0 scanning sectors +488394752
22:46:20.678    Disk 0 scanning C:\Windows\system32\drivers
22:46:34.484    Service scanning
22:47:02.548    Modules scanning
22:47:08.227    Disk 0 trace - called modules:
22:47:08.320    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
22:47:08.320    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864ac2e8]
22:47:08.336    3 CLASSPNP.SYS[8a9a08b3] -> nt!IofCallDriver -> [0x85955660]
22:47:08.336    5 acpi.sys[806916bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85959028]
22:47:10.302    AVAST engine scan C:\Windows
22:47:15.169    AVAST engine scan C:\Windows\system32
22:51:13.289    AVAST engine scan C:\Windows\system32\drivers
22:51:29.716    AVAST engine scan C:\Users\Boludo
22:54:36.651    AVAST engine scan C:\ProgramData
22:56:26.787    Scan finished successfully
23:03:53.337    Disk 0 MBR has been saved successfully to "C:\Users\Boludo\Desktop\MBR.dat"
23:03:53.352    The log file has been saved successfully to "C:\Users\Boludo\Desktop\aswMBR.txt"
         

Gruß
Boludo

Alt 12.06.2012, 09:35   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Banker - Standard

Trojan.Banker



Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.06.2012, 19:35   #29
Boludo
 
Trojan.Banker - Standard

Trojan.Banker



Alles gut gegangen.

Hier das Log zum Fix:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 18:41:21
-----------------------------
18:41:21.331    OS Version: Windows 6.0.6002 Service Pack 2
18:41:21.331    Number of processors: 2 586 0xF0D
18:41:21.331    ComputerName: BOLUDO-PC  UserName: Boludo
18:42:03.716    Initialize success
18:42:18.473    AVAST engine defs: 12061100
18:42:54.076    Verifying
18:43:04.091    Disk 0 Windows 600 MBR fixed successfully
18:43:24.745    Disk 0 MBR has been saved successfully to "C:\Users\Boludo\Desktop\MBR.dat"
18:43:24.745    The log file has been saved successfully to "C:\Users\Boludo\Desktop\aswMBR-2.txt"
         
Und das das Log nach Neustart und Scan:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 19:02:00
-----------------------------
19:02:00.206    OS Version: Windows 6.0.6002 Service Pack 2
19:02:00.206    Number of processors: 2 586 0xF0D
19:02:00.206    ComputerName: BOLUDO-PC  UserName: Boludo
19:02:23.418    Initialize success
19:02:32.825    AVAST engine defs: 12061100
19:02:47.099    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:02:47.115    Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
19:02:47.162    Disk 0 MBR read successfully
19:02:47.162    Disk 0 MBR scan
19:02:47.177    Disk 0 Windows VISTA default MBR code
19:02:47.193    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
19:02:47.208    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       114116 MB offset 20973568
19:02:47.240    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       110489 MB offset 254683136
19:02:47.271    Disk 0 Partition 4 00     12  Compaq diag NTFS         3628 MB offset 480964608
19:02:47.286    Disk 0 scanning sectors +488394752
19:02:47.349    Disk 0 scanning C:\Windows\system32\drivers
19:02:59.548    Service scanning
19:03:27.347    Modules scanning
19:03:32.230    Disk 0 trace - called modules:
19:03:32.261    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
19:03:32.261    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86909418]
19:03:32.277    3 CLASSPNP.SYS[8a9ab8b3] -> nt!IofCallDriver -> [0x8593b860]
19:03:32.292    5 acpi.sys[8068b6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8595c028]
19:03:33.806    AVAST engine scan C:\Windows
19:03:38.579    AVAST engine scan C:\Windows\system32
19:07:36.807    AVAST engine scan C:\Windows\system32\drivers
19:07:53.561    AVAST engine scan C:\Users\Boludo
19:11:02.540    AVAST engine scan C:\ProgramData
19:12:51.100    Scan finished successfully
20:33:21.377    Disk 0 MBR has been saved successfully to "C:\Users\Boludo\Desktop\MBR.dat"
20:33:21.377    The log file has been saved successfully to "C:\Users\Boludo\Desktop\aswMBR-3.txt"
         
Gruß
Boludo

Alt 12.06.2012, 22:05   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Banker - Standard

Trojan.Banker



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Trojan.Banker
ad-aware, administrator, alternate, autorun, avira, bacroiehelpe.dll, corp./icp, csrss.exe, dateisystem, desktop, explorer.exe, heuristiks/extra, heuristiks/shuriken, internet, launch, lsass.exe, mozilla, nvidia, nvstor.sys, plug-in, prozesse, realtek, rundll, rundll32.exe, searchscopes, services.exe, software, svchost.exe, version=1.0, vista, warnung, windows, winlogon.exe




Ähnliche Themen: Trojan.Banker


  1. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  2. WinXp Trojan.Agent/Gen-Reputation Stolen.Data Trojan.Agent/Gen-DunDun Win32/Spy.Banker.YPK trojan
    Log-Analyse und Auswertung - 29.10.2013 (7)
  3. Mehrere Trojaner (trojan.banker, trojan.agent), pup.funmoods
    Log-Analyse und Auswertung - 01.05.2013 (6)
  4. GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (18)
  5. Trojan.Downloader, Trojan.Agent.VGENX, Trojan.Agent, PUP.Pantsoff.PasswordFinder, TR/spy.banker.gen5
    Log-Analyse und Auswertung - 27.10.2012 (1)
  6. Trojan.Banker, Trojan.Agent, Stolen.Data, Malware.Trace, was nun?
    Log-Analyse und Auswertung - 07.10.2012 (1)
  7. Problem mit Trojan.BHO und Trojan.Banker
    Log-Analyse und Auswertung - 11.09.2012 (1)
  8. Trojan.Banker / Spy.Banker - weitere Vorgehensweise?
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (7)
  9. EXP/2008-5353.AO TR/Kazy.80527.3 Trojan.BT.Soft.Gen Trojan.Banker Trojan.Agent
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (5)
  10. Trojan.Agent,Trojan.Banker,PUP.Blabbers .
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (3)
  11. Trojan.Banker und Trojan.Agend oft mit Antivir gelöscht aber immer wieder gekommen.
    Log-Analyse und Auswertung - 11.07.2012 (2)
  12. 50 € Virus , trojan.Banker, Trojan.Ransom
    Log-Analyse und Auswertung - 14.02.2012 (1)
  13. Infiziert mit Trojan.Passwords und Trojan.Banker
    Log-Analyse und Auswertung - 13.01.2012 (9)
  14. Wie entferne ich Trojan.Banker, Trojan.FakeAlert? C ist (angeblich) leer
    Log-Analyse und Auswertung - 10.10.2011 (5)
  15. Trojan.Banker, Trojan.Agent u.a.
    Plagegeister aller Art und deren Bekämpfung - 16.07.2009 (18)
  16. Trojan.Spy.Banker.cmb
    Log-Analyse und Auswertung - 04.08.2007 (2)
  17. Trojan.Banker.VB.0D9D0998 und Trojan-Dropper.Win32.Agent.wd
    Log-Analyse und Auswertung - 04.10.2005 (2)

Zum Thema Trojan.Banker - Nein das sagt nichts aus. Du musst OTL pre Rechtsklick als Admin ausführen! - Trojan.Banker...
Archiv
Du betrachtest: Trojan.Banker auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.