Antivir hat mehrer Funde/ EXP/10-0840.CM.1

cosinus · 04.08.2012, 13:11

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2602013592-1073687263-3334664861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-2602013592-1073687263-3334664861-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2602013592-1073687263-3334664861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2602013592-1073687263-3334664861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=46.252.244.178:3128
O4 - HKU\S-1-5-21-2602013592-1073687263-3334664861-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2602013592-1073687263-3334664861-1010..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2602013592-1073687263-3334664861-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2602013592-1073687263-3334664861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2602013592-1073687263-3334664861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2602013592-1073687263-3334664861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2602013592-1073687263-3334664861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2602013592-1073687263-3334664861-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
:Files
C:\Program Files (x86)\PDFCreator\Toolbar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

AC9 · 04.08.2012, 13:43

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-2602013592-1073687263-3334664861-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-2602013592-1073687263-3334664861-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-2602013592-1073687263-3334664861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2602013592-1073687263-3334664861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2602013592-1073687263-3334664861-1010\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2602013592-1073687263-3334664861-1010\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2602013592-1073687263-3334664861-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2602013592-1073687263-3334664861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2602013592-1073687263-3334664861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2602013592-1073687263-3334664861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2602013592-1073687263-3334664861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2602013592-1073687263-3334664861-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\PDFCreator\Toolbar not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Michael Schmitt
->Temp folder emptied: 40180416 bytes
->Temporary Internet Files folder emptied: 21281449 bytes
->Java cache emptied: 1395966 bytes
->FireFox cache emptied: 56274711 bytes
->Google Chrome cache emptied: 356015761 bytes
->Flash cache emptied: 9048 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 4435467 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3199231 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 2846185112 bytes
 
Total Files Cleaned = 3.175,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Michael Schmitt
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.1 log created on 08042012_143838

Files\Folders moved on Reboot...
C:\Users\Michael Schmitt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Michael Schmitt\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Michael Schmitt\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Michael Schmitt\AppData\Local\Temp\MMDUtl.log not found!
[2012.08.04 14:39:59 | 000,847,400 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5
[2012.08.04 14:39:59 | 001,013,611 | ---- | M] () C:\Windows\temp\LMutilps32.log : Unable to obtain MD5

Registry entries deleted on Reboot...

cosinus · 04.08.2012, 18:13

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

AC9 · 04.08.2012, 18:50

Code:

ATTFilter

19:47:38.0436 4440	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:47:38.0530 4440	============================================================
19:47:38.0530 4440	Current date / time: 2012/08/04 19:47:38.0530
19:47:38.0530 4440	SystemInfo:
19:47:38.0530 4440	
19:47:38.0530 4440	OS Version: 6.1.7601 ServicePack: 1.0
19:47:38.0530 4440	Product type: Workstation
19:47:38.0530 4440	ComputerName: XYZ
19:47:38.0530 4440	UserName: Michael Schmitt
19:47:38.0530 4440	Windows directory: C:\Windows
19:47:38.0530 4440	System windows directory: C:\Windows
19:47:38.0530 4440	Running under WOW64
19:47:38.0530 4440	Processor architecture: Intel x64
19:47:38.0530 4440	Number of processors: 4
19:47:38.0530 4440	Page size: 0x1000
19:47:38.0530 4440	Boot type: Normal boot
19:47:38.0530 4440	============================================================
19:47:39.0123 4440	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:47:39.0123 4440	============================================================
19:47:39.0123 4440	\Device\Harddisk0\DR0:
19:47:39.0123 4440	MBR partitions:
19:47:39.0123 4440	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
19:47:39.0123 4440	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x37F53000
19:47:39.0123 4440	============================================================
19:47:39.0154 4440	C: <-> \Device\Harddisk0\DR0\Partition1
19:47:39.0154 4440	============================================================
19:47:39.0154 4440	Initialize success
19:47:39.0154 4440	============================================================
19:48:28.0881 4308	============================================================
19:48:28.0881 4308	Scan started
19:48:28.0881 4308	Mode: Manual; SigCheck; TDLFS; 
19:48:28.0881 4308	============================================================
19:48:29.0096 4308	!SASCORE        (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:48:29.0154 4308	!SASCORE - ok
19:48:29.0296 4308	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:48:29.0389 4308	1394ohci - ok
19:48:29.0436 4308	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:48:29.0467 4308	ACPI - ok
19:48:29.0498 4308	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:48:29.0592 4308	AcpiPmi - ok
19:48:29.0764 4308	AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:48:29.0795 4308	AdobeFlashPlayerUpdateSvc - ok
19:48:29.0873 4308	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:48:29.0935 4308	adp94xx - ok
19:48:29.0998 4308	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:48:30.0013 4308	adpahci - ok
19:48:30.0044 4308	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:48:30.0044 4308	adpu320 - ok
19:48:30.0091 4308	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:48:30.0247 4308	AeLookupSvc - ok
19:48:30.0325 4308	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:48:30.0419 4308	AFD - ok
19:48:30.0450 4308	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:48:30.0466 4308	agp440 - ok
19:48:30.0528 4308	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:48:30.0590 4308	ALG - ok
19:48:30.0637 4308	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:48:30.0653 4308	aliide - ok
19:48:30.0668 4308	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:48:30.0684 4308	amdide - ok
19:48:30.0700 4308	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:48:30.0793 4308	AmdK8 - ok
19:48:30.0824 4308	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:48:30.0902 4308	AmdPPM - ok
19:48:30.0949 4308	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:48:30.0965 4308	amdsata - ok
19:48:31.0012 4308	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:48:31.0027 4308	amdsbs - ok
19:48:31.0058 4308	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:48:31.0074 4308	amdxata - ok
19:48:31.0199 4308	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:48:31.0246 4308	AntiVirSchedulerService - ok
19:48:31.0308 4308	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:48:31.0324 4308	AntiVirService - ok
19:48:31.0386 4308	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:48:31.0589 4308	AppID - ok
19:48:31.0604 4308	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:48:31.0682 4308	AppIDSvc - ok
19:48:31.0714 4308	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:48:31.0745 4308	Appinfo - ok
19:48:31.0823 4308	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:48:31.0823 4308	arc - ok
19:48:31.0854 4308	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:48:31.0854 4308	arcsas - ok
19:48:31.0948 4308	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:48:31.0979 4308	aspnet_state - ok
19:48:32.0010 4308	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:48:32.0088 4308	AsyncMac - ok
19:48:32.0166 4308	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:48:32.0197 4308	atapi - ok
19:48:32.0244 4308	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:48:32.0338 4308	AudioEndpointBuilder - ok
19:48:32.0353 4308	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:48:32.0369 4308	AudioSrv - ok
19:48:32.0447 4308	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
19:48:32.0743 4308	avgntflt - ok
19:48:32.0837 4308	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
19:48:32.0852 4308	avipbb - ok
19:48:32.0884 4308	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:48:32.0915 4308	avkmgr - ok
19:48:32.0946 4308	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:48:32.0993 4308	AxInstSV - ok
19:48:33.0055 4308	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:48:33.0118 4308	b06bdrv - ok
19:48:33.0149 4308	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:48:33.0196 4308	b57nd60a - ok
19:48:33.0242 4308	b57xdbd         (a424cb46a145e5aabf15621550976df2) C:\Windows\system32\DRIVERS\b57xdbd.sys
19:48:33.0258 4308	b57xdbd - ok
19:48:33.0274 4308	b57xdmp         (be4e6fd5a898812b85d5817ad9754a9f) C:\Windows\system32\DRIVERS\b57xdmp.sys
19:48:33.0274 4308	b57xdmp - ok
19:48:33.0523 4308	BCM43XX         (11f844b46b631337395651abe9c4167b) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:48:33.0570 4308	BCM43XX - ok
19:48:33.0679 4308	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:48:33.0726 4308	BDESVC - ok
19:48:33.0773 4308	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:48:33.0866 4308	Beep - ok
19:48:33.0944 4308	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:48:34.0038 4308	BFE - ok
19:48:34.0116 4308	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:48:34.0210 4308	BITS - ok
19:48:34.0272 4308	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:48:34.0319 4308	blbdrive - ok
19:48:34.0350 4308	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:48:34.0412 4308	bowser - ok
19:48:34.0444 4308	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:48:34.0490 4308	BrFiltLo - ok
19:48:34.0506 4308	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:48:34.0537 4308	BrFiltUp - ok
19:48:34.0584 4308	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:48:34.0646 4308	BridgeMP - ok
19:48:34.0693 4308	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:48:34.0771 4308	Browser - ok
19:48:34.0802 4308	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:48:34.0849 4308	Brserid - ok
19:48:34.0865 4308	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:48:34.0880 4308	BrSerWdm - ok
19:48:34.0896 4308	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:48:34.0912 4308	BrUsbMdm - ok
19:48:34.0958 4308	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:48:35.0005 4308	BrUsbSer - ok
19:48:35.0036 4308	bScsiMSa        (0970d8b7151e9113bf8d44ce2e954df7) C:\Windows\system32\DRIVERS\bScsiMSa.sys
19:48:35.0052 4308	bScsiMSa - ok
19:48:35.0083 4308	bScsiSDa        (0c1eee5af32402d306874b110de237ec) C:\Windows\system32\DRIVERS\bScsiSDa.sys
19:48:35.0099 4308	bScsiSDa - ok
19:48:35.0130 4308	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:48:35.0161 4308	BTHMODEM - ok
19:48:35.0208 4308	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:48:35.0270 4308	bthserv - ok
19:48:35.0317 4308	catchme - ok
19:48:35.0364 4308	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:48:35.0442 4308	cdfs - ok
19:48:35.0489 4308	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:48:35.0504 4308	cdrom - ok
19:48:35.0567 4308	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:48:35.0660 4308	CertPropSvc - ok
19:48:35.0707 4308	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:48:35.0738 4308	circlass - ok
19:48:35.0785 4308	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:48:35.0816 4308	CLFS - ok
19:48:35.0894 4308	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:48:35.0926 4308	clr_optimization_v2.0.50727_32 - ok
19:48:35.0957 4308	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:48:35.0972 4308	clr_optimization_v2.0.50727_64 - ok
19:48:36.0050 4308	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:48:36.0082 4308	clr_optimization_v4.0.30319_32 - ok
19:48:36.0144 4308	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:48:36.0175 4308	clr_optimization_v4.0.30319_64 - ok
19:48:36.0206 4308	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:48:36.0238 4308	CmBatt - ok
19:48:36.0253 4308	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:48:36.0269 4308	cmdide - ok
19:48:36.0347 4308	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:48:36.0409 4308	CNG - ok
19:48:36.0456 4308	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:48:36.0472 4308	Compbatt - ok
19:48:36.0518 4308	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:48:36.0565 4308	CompositeBus - ok
19:48:36.0581 4308	COMSysApp - ok
19:48:36.0628 4308	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:48:36.0643 4308	crcdisk - ok
19:48:36.0690 4308	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:48:36.0737 4308	CryptSvc - ok
19:48:36.0768 4308	CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
19:48:36.0784 4308	CVirtA - ok
19:48:36.0940 4308	CVPND           (98c413e1a2fb6e5a4c101c25b3d0b275) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
19:48:37.0018 4308	CVPND - ok
19:48:37.0142 4308	CVPNDRVA        (79af0e203d089af442a3f70ed00a37fb) C:\Windows\system32\Drivers\CVPNDRVA.sys
19:48:37.0174 4308	CVPNDRVA - ok
19:48:37.0236 4308	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:48:37.0330 4308	DcomLaunch - ok
19:48:37.0392 4308	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:48:37.0454 4308	defragsvc - ok
19:48:37.0486 4308	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:48:37.0517 4308	DfsC - ok
19:48:37.0579 4308	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:48:37.0673 4308	Dhcp - ok
19:48:37.0735 4308	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:48:37.0813 4308	discache - ok
19:48:37.0891 4308	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:48:37.0922 4308	Disk - ok
19:48:37.0969 4308	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
19:48:37.0985 4308	DNE - ok
19:48:38.0016 4308	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:48:38.0078 4308	Dnscache - ok
19:48:38.0125 4308	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:48:38.0203 4308	dot3svc - ok
19:48:38.0234 4308	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:48:38.0281 4308	DPS - ok
19:48:38.0312 4308	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:48:38.0359 4308	drmkaud - ok
19:48:38.0468 4308	DsiWMIService   (9dd3a22f804697606c2b7ff9e912ff6b) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:48:38.0500 4308	DsiWMIService - ok
19:48:38.0531 4308	dtsoftbus01     (8aae70d76436e4695455aa9ca634a9f4) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:48:38.0546 4308	dtsoftbus01 - ok
19:48:38.0624 4308	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:48:38.0671 4308	DXGKrnl - ok
19:48:38.0702 4308	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:48:38.0749 4308	EapHost - ok
19:48:38.0905 4308	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:48:39.0030 4308	ebdrv - ok
19:48:39.0139 4308	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:48:39.0202 4308	EFS - ok
19:48:39.0311 4308	EgisTec Ticket Service (18dd872dd46acb24e106dc2c9c270466) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
19:48:39.0342 4308	EgisTec Ticket Service - ok
19:48:39.0436 4308	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:48:39.0529 4308	ehRecvr - ok
19:48:39.0560 4308	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:48:39.0592 4308	ehSched - ok
19:48:39.0685 4308	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:48:39.0763 4308	elxstor - ok
19:48:39.0888 4308	ePowerSvc       (ac5c64f828c0a6a1350971501ac2a0c7) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
19:48:39.0935 4308	ePowerSvc - ok
19:48:40.0044 4308	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:48:40.0091 4308	ErrDev - ok
19:48:40.0169 4308	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:48:40.0278 4308	EventSystem - ok
19:48:40.0294 4308	ewusbmbb - ok
19:48:40.0309 4308	ew_hwusbdev - ok
19:48:40.0387 4308	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:48:40.0465 4308	exfat - ok
19:48:40.0481 4308	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:48:40.0543 4308	fastfat - ok
19:48:40.0652 4308	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:48:40.0730 4308	Fax - ok
19:48:40.0777 4308	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:48:40.0824 4308	fdc - ok
19:48:40.0871 4308	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:48:40.0933 4308	fdPHost - ok
19:48:40.0964 4308	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:48:40.0980 4308	FDResPub - ok
19:48:41.0011 4308	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:48:41.0011 4308	FileInfo - ok
19:48:41.0042 4308	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:48:41.0074 4308	Filetrace - ok
19:48:41.0198 4308	FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:48:41.0261 4308	FLEXnet Licensing Service - ok
19:48:41.0308 4308	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:48:41.0308 4308	flpydisk - ok
19:48:41.0370 4308	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:48:41.0386 4308	FltMgr - ok
19:48:41.0464 4308	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:48:41.0573 4308	FontCache - ok
19:48:41.0651 4308	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:48:41.0682 4308	FontCache3.0.0.0 - ok
19:48:41.0713 4308	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:48:41.0729 4308	FsDepends - ok
19:48:41.0776 4308	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:48:41.0791 4308	Fs_Rec - ok
19:48:41.0838 4308	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:48:41.0854 4308	fvevol - ok
19:48:41.0869 4308	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:48:41.0885 4308	gagp30kx - ok
19:48:42.0010 4308	GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:48:42.0056 4308	GamesAppService - ok
19:48:42.0088 4308	GDPkIcpt        (a7dbc5e8767e70dbf59114f826d4b1b6) C:\Windows\system32\drivers\PktIcpt.sys
19:48:42.0103 4308	GDPkIcpt - ok
19:48:42.0181 4308	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:48:42.0244 4308	gpsvc - ok
19:48:42.0306 4308	GREGService     (84e58fea8b1a7537696a20c59cb9b0c9) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
19:48:42.0306 4308	GREGService ( UnsignedFile.Multi.Generic ) - warning
19:48:42.0322 4308	GREGService - detected UnsignedFile.Multi.Generic (1)
19:48:42.0415 4308	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:48:42.0431 4308	gupdate - ok
19:48:42.0446 4308	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:48:42.0462 4308	gupdatem - ok
19:48:42.0493 4308	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:48:42.0540 4308	hcw85cir - ok
19:48:42.0587 4308	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:48:42.0649 4308	HdAudAddService - ok
19:48:42.0696 4308	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:48:42.0758 4308	HDAudBus - ok
19:48:42.0790 4308	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:48:42.0821 4308	HidBatt - ok
19:48:42.0836 4308	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:48:42.0868 4308	HidBth - ok
19:48:42.0914 4308	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:48:42.0946 4308	HidIr - ok
19:48:42.0977 4308	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:48:43.0024 4308	hidserv - ok
19:48:43.0070 4308	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:48:43.0086 4308	HidUsb - ok
19:48:43.0117 4308	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:48:43.0180 4308	hkmsvc - ok
19:48:43.0226 4308	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:48:43.0304 4308	HomeGroupListener - ok
19:48:43.0351 4308	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:48:43.0398 4308	HomeGroupProvider - ok
19:48:43.0445 4308	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:48:43.0476 4308	HpSAMD - ok
19:48:43.0523 4308	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:48:43.0601 4308	HTTP - ok
19:48:43.0601 4308	huawei_enumerator - ok
19:48:43.0632 4308	hwdatacard - ok
19:48:43.0632 4308	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:48:43.0648 4308	hwpolicy - ok
19:48:43.0679 4308	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:48:43.0694 4308	i8042prt - ok
19:48:43.0726 4308	iaStor          (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys
19:48:43.0757 4308	iaStor - ok
19:48:43.0850 4308	IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:48:43.0866 4308	IAStorDataMgrSvc - ok
19:48:43.0913 4308	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:48:43.0960 4308	iaStorV - ok
19:48:44.0069 4308	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:48:44.0131 4308	idsvc - ok
19:48:44.0646 4308	igfx            (9937600a1584ff00565d5379eb4c9edb) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:48:45.0036 4308	igfx - ok
19:48:45.0145 4308	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:48:45.0176 4308	iirsp - ok
19:48:45.0239 4308	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:48:45.0332 4308	IKEEXT - ok
19:48:45.0504 4308	IntcAzAudAddService (1ce438b31551746ab450d8ffa403bdb5) C:\Windows\system32\drivers\RTKVHD64.sys
19:48:45.0551 4308	IntcAzAudAddService - ok
19:48:45.0722 4308	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:48:45.0785 4308	IntcDAud - ok
19:48:45.0816 4308	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:48:45.0832 4308	intelide - ok
19:48:45.0863 4308	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:48:45.0894 4308	intelppm - ok
19:48:45.0941 4308	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:48:45.0988 4308	IPBusEnum - ok
19:48:46.0019 4308	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:48:46.0034 4308	IpFilterDriver - ok
19:48:46.0097 4308	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:48:46.0206 4308	iphlpsvc - ok
19:48:46.0206 4308	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:48:46.0222 4308	IPMIDRV - ok
19:48:46.0237 4308	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:48:46.0253 4308	IPNAT - ok
19:48:46.0315 4308	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:48:46.0362 4308	IRENUM - ok
19:48:46.0362 4308	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:48:46.0378 4308	isapnp - ok
19:48:46.0409 4308	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:48:46.0456 4308	iScsiPrt - ok
19:48:46.0502 4308	k57nd60a        (455b75c19bf3f1f2ee3ac10e1169826c) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:48:46.0534 4308	k57nd60a - ok
19:48:46.0549 4308	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:48:46.0565 4308	kbdclass - ok
19:48:46.0596 4308	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:48:46.0612 4308	kbdhid - ok
19:48:46.0658 4308	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:48:46.0690 4308	KeyIso - ok
19:48:46.0705 4308	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:48:46.0721 4308	KSecDD - ok
19:48:46.0752 4308	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:48:46.0752 4308	KSecPkg - ok
19:48:46.0799 4308	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:48:46.0846 4308	ksthunk - ok
19:48:46.0877 4308	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:48:46.0939 4308	KtmRm - ok
19:48:46.0986 4308	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:48:47.0095 4308	LanmanServer - ok
19:48:47.0126 4308	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:48:47.0173 4308	LanmanWorkstation - ok
19:48:47.0329 4308	Live Updater Service (93b73ded2bc688f140c6ae2fbad45789) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
19:48:47.0360 4308	Live Updater Service - ok
19:48:47.0407 4308	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:48:47.0470 4308	lltdio - ok
19:48:47.0501 4308	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:48:47.0563 4308	lltdsvc - ok
19:48:47.0579 4308	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:48:47.0626 4308	lmhosts - ok
19:48:47.0750 4308	LMS             (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:48:47.0782 4308	LMS - ok
19:48:47.0813 4308	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:48:47.0828 4308	LSI_FC - ok
19:48:47.0860 4308	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:48:47.0860 4308	LSI_SAS - ok
19:48:47.0875 4308	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:48:47.0891 4308	LSI_SAS2 - ok
19:48:47.0906 4308	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:48:47.0922 4308	LSI_SCSI - ok
19:48:47.0953 4308	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:48:48.0016 4308	luafv - ok
19:48:48.0078 4308	MBAMProtector   (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
19:48:48.0109 4308	MBAMProtector - ok
19:48:48.0187 4308	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:48:48.0218 4308	MBAMService - ok
19:48:48.0265 4308	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:48:48.0296 4308	Mcx2Svc - ok
19:48:48.0328 4308	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:48:48.0343 4308	megasas - ok
19:48:48.0390 4308	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:48:48.0421 4308	MegaSR - ok
19:48:48.0484 4308	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:48:48.0499 4308	MEIx64 - ok
19:48:48.0593 4308	Microsoft SharePoint Workspace Audit Service - ok
19:48:48.0640 4308	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:48:48.0718 4308	MMCSS - ok
19:48:48.0749 4308	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:48:48.0796 4308	Modem - ok
19:48:48.0811 4308	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:48:48.0842 4308	monitor - ok
19:48:48.0889 4308	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:48:48.0889 4308	mouclass - ok
19:48:48.0905 4308	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:48:48.0952 4308	mouhid - ok
19:48:48.0983 4308	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:48:48.0998 4308	mountmgr - ok
19:48:49.0092 4308	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:48:49.0123 4308	MozillaMaintenance - ok
19:48:49.0139 4308	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:48:49.0170 4308	mpio - ok
19:48:49.0201 4308	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:48:49.0248 4308	mpsdrv - ok
19:48:49.0326 4308	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:48:49.0420 4308	MpsSvc - ok
19:48:49.0435 4308	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:48:49.0466 4308	MRxDAV - ok
19:48:49.0498 4308	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:48:49.0560 4308	mrxsmb - ok
19:48:49.0607 4308	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:48:49.0654 4308	mrxsmb10 - ok
19:48:49.0685 4308	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:48:49.0700 4308	mrxsmb20 - ok
19:48:49.0732 4308	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:48:49.0747 4308	msahci - ok
19:48:49.0763 4308	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:48:49.0794 4308	msdsm - ok
19:48:49.0825 4308	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:48:49.0856 4308	MSDTC - ok
19:48:49.0888 4308	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:48:49.0903 4308	Msfs - ok
19:48:49.0934 4308	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:48:49.0966 4308	mshidkmdf - ok
19:48:49.0981 4308	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:48:49.0997 4308	msisadrv - ok
19:48:50.0028 4308	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:48:50.0059 4308	MSiSCSI - ok
19:48:50.0059 4308	msiserver - ok
19:48:50.0106 4308	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:48:50.0200 4308	MSKSSRV - ok
19:48:50.0231 4308	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:48:50.0278 4308	MSPCLOCK - ok
19:48:50.0293 4308	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:48:50.0356 4308	MSPQM - ok
19:48:50.0418 4308	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:48:50.0465 4308	MsRPC - ok
19:48:50.0480 4308	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:48:50.0496 4308	mssmbios - ok
19:48:50.0512 4308	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:48:50.0543 4308	MSTEE - ok
19:48:50.0543 4308	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:48:50.0558 4308	MTConfig - ok
19:48:50.0574 4308	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:48:50.0590 4308	Mup - ok
19:48:50.0605 4308	mwlPSDFilter    (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
19:48:50.0605 4308	mwlPSDFilter - ok
19:48:50.0636 4308	mwlPSDNServ     (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
19:48:50.0636 4308	mwlPSDNServ - ok
19:48:50.0652 4308	mwlPSDVDisk     (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
19:48:50.0652 4308	mwlPSDVDisk - ok
19:48:50.0699 4308	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:48:50.0761 4308	napagent - ok
19:48:50.0824 4308	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:48:50.0871 4308	NativeWifiP - ok
19:48:50.0949 4308	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
19:48:51.0011 4308	NDIS - ok
19:48:51.0042 4308	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:48:51.0073 4308	NdisCap - ok
19:48:51.0105 4308	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:48:51.0136 4308	NdisTapi - ok
19:48:51.0167 4308	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:48:51.0214 4308	Ndisuio - ok
19:48:51.0229 4308	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:48:51.0276 4308	NdisWan - ok
19:48:51.0292 4308	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:48:51.0323 4308	NDProxy - ok
19:48:51.0354 4308	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:48:51.0401 4308	NetBIOS - ok
19:48:51.0417 4308	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:48:51.0448 4308	NetBT - ok
19:48:51.0495 4308	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:48:51.0526 4308	Netlogon - ok
19:48:51.0557 4308	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:48:51.0635 4308	Netman - ok
19:48:51.0744 4308	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:48:51.0760 4308	NetMsmqActivator - ok
19:48:51.0760 4308	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:48:51.0775 4308	NetPipeActivator - ok
19:48:51.0838 4308	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:48:51.0931 4308	netprofm - ok
19:48:51.0978 4308	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:48:51.0994 4308	NetTcpActivator - ok
19:48:52.0009 4308	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:48:52.0025 4308	NetTcpPortSharing - ok
19:48:52.0087 4308	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:48:52.0119 4308	nfrd960 - ok
19:48:52.0165 4308	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:48:52.0243 4308	NlaSvc - ok
19:48:52.0290 4308	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:48:52.0306 4308	Npfs - ok
19:48:52.0321 4308	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:48:52.0353 4308	nsi - ok
19:48:52.0368 4308	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:48:52.0384 4308	nsiproxy - ok
19:48:52.0493 4308	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:48:52.0571 4308	Ntfs - ok
19:48:52.0649 4308	NTI IScheduleSvc (1873214666f6f0a883742df91fbc48c9) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
19:48:52.0680 4308	NTI IScheduleSvc - ok
19:48:52.0789 4308	NTIDrvr         (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
19:48:52.0805 4308	NTIDrvr - ok
19:48:52.0821 4308	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:48:52.0852 4308	Null - ok
19:48:53.0460 4308	nvlddmkm        (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:48:53.0616 4308	nvlddmkm - ok
19:48:53.0741 4308	nvpciflt        (715d45ed30003fc70cfa0d9c6dd0b538) C:\Windows\system32\DRIVERS\nvpciflt.sys
19:48:53.0757 4308	nvpciflt - ok
19:48:53.0803 4308	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:48:53.0835 4308	nvraid - ok
19:48:53.0866 4308	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:48:53.0866 4308	nvstor - ok
19:48:53.0975 4308	nvsvc           (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
19:48:54.0022 4308	nvsvc - ok
19:48:54.0193 4308	nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:48:54.0287 4308	nvUpdatusService - ok
19:48:54.0396 4308	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:48:54.0427 4308	nv_agp - ok
19:48:54.0459 4308	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:48:54.0490 4308	ohci1394 - ok
19:48:54.0583 4308	ose64           (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:48:54.0615 4308	ose64 - ok
19:48:54.0880 4308	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:48:55.0083 4308	osppsvc - ok
19:48:55.0192 4308	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:48:55.0254 4308	p2pimsvc - ok
19:48:55.0301 4308	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:48:55.0348 4308	p2psvc - ok
19:48:55.0410 4308	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:48:55.0426 4308	Parport - ok
19:48:55.0457 4308	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:48:55.0473 4308	partmgr - ok
19:48:55.0504 4308	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:48:55.0535 4308	PcaSvc - ok
19:48:55.0566 4308	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:48:55.0582 4308	pci - ok
19:48:55.0613 4308	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:48:55.0644 4308	pciide - ok
19:48:55.0675 4308	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:48:55.0707 4308	pcmcia - ok
19:48:55.0722 4308	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:48:55.0738 4308	pcw - ok
19:48:55.0769 4308	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:48:55.0863 4308	PEAUTH - ok
19:48:55.0956 4308	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:48:56.0003 4308	PerfHost - ok
19:48:56.0175 4308	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:48:56.0237 4308	pla - ok
19:48:56.0299 4308	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:48:56.0377 4308	PlugPlay - ok
19:48:56.0424 4308	PnkBstrA - ok
19:48:56.0455 4308	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:48:56.0487 4308	PNRPAutoReg - ok
19:48:56.0533 4308	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:48:56.0549 4308	PNRPsvc - ok
19:48:56.0596 4308	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:48:56.0674 4308	PolicyAgent - ok
19:48:56.0705 4308	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:48:56.0752 4308	Power - ok
19:48:56.0814 4308	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:48:56.0892 4308	PptpMiniport - ok
19:48:56.0908 4308	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:48:56.0939 4308	Processor - ok
19:48:57.0001 4308	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:48:57.0064 4308	ProfSvc - ok
19:48:57.0095 4308	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:48:57.0111 4308	ProtectedStorage - ok
19:48:57.0157 4308	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:48:57.0220 4308	Psched - ok
19:48:57.0329 4308	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:48:57.0438 4308	ql2300 - ok
19:48:57.0563 4308	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:48:57.0594 4308	ql40xx - ok
19:48:57.0625 4308	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:48:57.0657 4308	QWAVE - ok
19:48:57.0688 4308	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:48:57.0703 4308	QWAVEdrv - ok
19:48:57.0703 4308	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:48:57.0735 4308	RasAcd - ok
19:48:57.0766 4308	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:48:57.0797 4308	RasAgileVpn - ok
19:48:57.0828 4308	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:48:57.0906 4308	RasAuto - ok
19:48:57.0953 4308	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:48:58.0000 4308	Rasl2tp - ok
19:48:58.0031 4308	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:48:58.0062 4308	RasMan - ok
19:48:58.0093 4308	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:48:58.0171 4308	RasPppoe - ok
19:48:58.0203 4308	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:48:58.0249 4308	RasSstp - ok
19:48:58.0281 4308	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:48:58.0359 4308	rdbss - ok
19:48:58.0374 4308	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:48:58.0390 4308	rdpbus - ok
19:48:58.0437 4308	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:48:58.0452 4308	RDPCDD - ok
19:48:58.0468 4308	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:48:58.0515 4308	RDPENCDD - ok
19:48:58.0546 4308	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:48:58.0577 4308	RDPREFMP - ok
19:48:58.0624 4308	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:48:58.0686 4308	RDPWD - ok
19:48:58.0733 4308	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:48:58.0764 4308	rdyboost - ok
19:48:58.0795 4308	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:48:58.0858 4308	RemoteAccess - ok
19:48:58.0889 4308	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:48:58.0936 4308	RemoteRegistry - ok
19:48:58.0951 4308	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:48:59.0014 4308	RpcEptMapper - ok
19:48:59.0045 4308	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:48:59.0061 4308	RpcLocator - ok
19:48:59.0107 4308	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:48:59.0139 4308	RpcSs - ok
19:48:59.0185 4308	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:48:59.0217 4308	rspndr - ok
19:48:59.0248 4308	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:48:59.0263 4308	SamSs - ok
19:48:59.0326 4308	SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:48:59.0357 4308	SASDIFSV - ok
19:48:59.0357 4308	SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:48:59.0373 4308	SASKUTIL - ok
19:48:59.0388 4308	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:48:59.0404 4308	sbp2port - ok
19:48:59.0451 4308	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:48:59.0513 4308	SCardSvr - ok
19:48:59.0529 4308	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:48:59.0575 4308	scfilter - ok
19:48:59.0653 4308	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:48:59.0747 4308	Schedule - ok
19:48:59.0778 4308	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:48:59.0809 4308	SCPolicySvc - ok
19:48:59.0841 4308	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
19:48:59.0903 4308	sdbus - ok
19:48:59.0950 4308	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:49:00.0012 4308	SDRSVC - ok
19:49:00.0028 4308	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:49:00.0106 4308	secdrv - ok
19:49:00.0121 4308	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:49:00.0153 4308	seclogon - ok
19:49:00.0168 4308	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:49:00.0199 4308	SENS - ok
19:49:00.0231 4308	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:49:00.0293 4308	SensrSvc - ok
19:49:00.0340 4308	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:49:00.0371 4308	Serenum - ok
19:49:00.0402 4308	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:49:00.0433 4308	Serial - ok
19:49:00.0511 4308	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:49:00.0574 4308	sermouse - ok
19:49:00.0621 4308	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:49:00.0683 4308	SessionEnv - ok
19:49:00.0699 4308	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:49:00.0699 4308	sffdisk - ok
19:49:00.0714 4308	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:49:00.0714 4308	sffp_mmc - ok
19:49:00.0730 4308	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:49:00.0745 4308	sffp_sd - ok
19:49:00.0761 4308	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:49:00.0792 4308	sfloppy - ok
19:49:00.0839 4308	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:49:00.0901 4308	SharedAccess - ok
19:49:00.0948 4308	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:49:00.0979 4308	ShellHWDetection - ok
19:49:01.0026 4308	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:49:01.0042 4308	SiSRaid2 - ok
19:49:01.0073 4308	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:49:01.0089 4308	SiSRaid4 - ok
19:49:01.0198 4308	SkypeUpdate     (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:49:01.0213 4308	SkypeUpdate - ok
19:49:01.0276 4308	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:49:01.0369 4308	Smb - ok
19:49:01.0416 4308	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:49:01.0447 4308	SNMPTRAP - ok
19:49:01.0479 4308	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:49:01.0494 4308	spldr - ok
19:49:01.0541 4308	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:49:01.0588 4308	Spooler - ok
19:49:01.0744 4308	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:49:01.0869 4308	sppsvc - ok
19:49:01.0962 4308	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:49:02.0025 4308	sppuinotify - ok
19:49:02.0087 4308	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:49:02.0149 4308	srv - ok
19:49:02.0196 4308	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:49:02.0274 4308	srv2 - ok
19:49:02.0321 4308	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:49:02.0383 4308	srvnet - ok
19:49:02.0446 4308	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:49:02.0539 4308	SSDPSRV - ok
19:49:02.0555 4308	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:49:02.0571 4308	SstpSvc - ok
19:49:02.0602 4308	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:49:02.0602 4308	stexstor - ok
19:49:02.0664 4308	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:49:02.0758 4308	stisvc - ok
19:49:02.0773 4308	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:49:02.0789 4308	swenum - ok
19:49:02.0836 4308	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:49:02.0914 4308	swprv - ok
19:49:03.0023 4308	SynTP           (ef51b22706db03f0857fade127c804ec) C:\Windows\system32\DRIVERS\SynTP.sys
19:49:03.0070 4308	SynTP - ok
19:49:03.0241 4308	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:49:03.0319 4308	SysMain - ok
19:49:03.0382 4308	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:49:03.0413 4308	TabletInputService - ok
19:49:03.0444 4308	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:49:03.0491 4308	TapiSrv - ok
19:49:03.0522 4308	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:49:03.0538 4308	TBS - ok
19:49:03.0709 4308	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:49:03.0803 4308	Tcpip - ok
19:49:03.0959 4308	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:49:03.0990 4308	TCPIP6 - ok
19:49:04.0068 4308	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:49:04.0162 4308	tcpipreg - ok
19:49:04.0177 4308	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:49:04.0209 4308	TDPIPE - ok
19:49:04.0240 4308	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:49:04.0255 4308	TDTCP - ok
19:49:04.0287 4308	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:49:04.0349 4308	tdx - ok
19:49:04.0365 4308	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:49:04.0380 4308	TermDD - ok
19:49:04.0427 4308	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:49:04.0521 4308	TermService - ok
19:49:04.0536 4308	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:49:04.0552 4308	Themes - ok
19:49:04.0599 4308	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:49:04.0661 4308	THREADORDER - ok
19:49:04.0692 4308	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:49:04.0739 4308	TrkWks - ok
19:49:04.0786 4308	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:49:04.0864 4308	TrustedInstaller - ok
19:49:04.0895 4308	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:49:04.0926 4308	tssecsrv - ok
19:49:04.0957 4308	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:49:05.0004 4308	TsUsbFlt - ok
19:49:05.0020 4308	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:49:05.0035 4308	TsUsbGD - ok
19:49:05.0051 4308	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:49:05.0129 4308	tunnel - ok
19:49:05.0160 4308	TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
19:49:05.0160 4308	TurboB - ok
19:49:05.0223 4308	TurboBoost      (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:49:05.0223 4308	TurboBoost - ok
19:49:05.0254 4308	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:49:05.0269 4308	uagp35 - ok
19:49:05.0285 4308	UBHelper        (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
19:49:05.0285 4308	UBHelper - ok
19:49:05.0316 4308	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:49:05.0394 4308	udfs - ok
19:49:05.0425 4308	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:49:05.0441 4308	UI0Detect - ok
19:49:05.0457 4308	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:49:05.0472 4308	uliagpkx - ok
19:49:05.0503 4308	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:49:05.0519 4308	umbus - ok
19:49:05.0535 4308	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:49:05.0566 4308	UmPass - ok
19:49:05.0831 4308	UNS             (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:49:05.0925 4308	UNS - ok
19:49:06.0034 4308	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:49:06.0143 4308	upnphost - ok
19:49:06.0190 4308	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:49:06.0221 4308	usbccgp - ok
19:49:06.0252 4308	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:49:06.0283 4308	usbcir - ok
19:49:06.0299 4308	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:49:06.0330 4308	usbehci - ok
19:49:06.0361 4308	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
19:49:06.0424 4308	usbhub - ok
19:49:06.0439 4308	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:49:06.0471 4308	usbohci - ok
19:49:06.0517 4308	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:49:06.0580 4308	usbprint - ok
19:49:06.0611 4308	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:49:06.0658 4308	USBSTOR - ok
19:49:06.0658 4308	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:49:06.0689 4308	usbuhci - ok
19:49:06.0751 4308	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:49:06.0798 4308	usbvideo - ok
19:49:06.0829 4308	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:49:06.0876 4308	UxSms - ok
19:49:06.0907 4308	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:49:06.0923 4308	VaultSvc - ok
19:49:06.0954 4308	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:49:06.0970 4308	vdrvroot - ok
19:49:07.0017 4308	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:49:07.0095 4308	vds - ok
19:49:07.0126 4308	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:49:07.0173 4308	vga - ok
19:49:07.0173 4308	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:49:07.0235 4308	VgaSave - ok
19:49:07.0251 4308	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:49:07.0282 4308	vhdmp - ok
19:49:07.0297 4308	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:49:07.0297 4308	viaide - ok
19:49:07.0313 4308	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:49:07.0329 4308	volmgr - ok
19:49:07.0360 4308	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:49:07.0375 4308	volmgrx - ok
19:49:07.0407 4308	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:49:07.0438 4308	volsnap - ok
19:49:07.0469 4308	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:49:07.0485 4308	vsmraid - ok
19:49:07.0578 4308	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:49:07.0703 4308	VSS - ok
19:49:07.0797 4308	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:49:07.0843 4308	vwifibus - ok
19:49:07.0875 4308	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:49:07.0921 4308	vwififlt - ok
19:49:07.0953 4308	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:49:07.0968 4308	vwifimp - ok
19:49:08.0015 4308	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:49:08.0077 4308	W32Time - ok
19:49:08.0093 4308	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:49:08.0124 4308	WacomPen - ok
19:49:08.0171 4308	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:49:08.0233 4308	WANARP - ok
19:49:08.0233 4308	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:49:08.0265 4308	Wanarpv6 - ok
19:49:08.0358 4308	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:49:08.0421 4308	wbengine - ok
19:49:08.0514 4308	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:49:08.0577 4308	WbioSrvc - ok
19:49:08.0608 4308	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:49:08.0670 4308	wcncsvc - ok
19:49:08.0686 4308	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:49:08.0717 4308	WcsPlugInService - ok
19:49:08.0764 4308	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:49:08.0795 4308	Wd - ok
19:49:08.0826 4308	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:49:08.0889 4308	Wdf01000 - ok
19:49:08.0920 4308	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:49:09.0029 4308	WdiServiceHost - ok
19:49:09.0029 4308	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:49:09.0060 4308	WdiSystemHost - ok
19:49:09.0076 4308	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:49:09.0138 4308	WebClient - ok
19:49:09.0169 4308	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:49:09.0247 4308	Wecsvc - ok
19:49:09.0279 4308	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:49:09.0294 4308	wercplsupport - ok
19:49:09.0325 4308	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:49:09.0357 4308	WerSvc - ok
19:49:09.0419 4308	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:49:09.0481 4308	WfpLwf - ok
19:49:09.0497 4308	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:49:09.0513 4308	WIMMount - ok
19:49:09.0575 4308	WinDefend - ok
19:49:09.0591 4308	WinHttpAutoProxySvc - ok
19:49:09.0669 4308	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:49:09.0731 4308	Winmgmt - ok
19:49:09.0856 4308	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:49:09.0981 4308	WinRM - ok
19:49:10.0137 4308	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:49:10.0199 4308	Wlansvc - ok
19:49:10.0277 4308	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:49:10.0308 4308	wlcrasvc - ok
19:49:10.0464 4308	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:49:10.0573 4308	wlidsvc - ok
19:49:10.0698 4308	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:49:10.0745 4308	WmiAcpi - ok
19:49:10.0823 4308	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:49:10.0870 4308	wmiApSrv - ok
19:49:10.0948 4308	WMPNetworkSvc - ok
19:49:10.0979 4308	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:49:11.0026 4308	WPCSvc - ok
19:49:11.0041 4308	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:49:11.0057 4308	WPDBusEnum - ok
19:49:11.0088 4308	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:49:11.0119 4308	ws2ifsl - ok
19:49:11.0135 4308	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:49:11.0166 4308	wscsvc - ok
19:49:11.0166 4308	WSearch - ok
19:49:11.0322 4308	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:49:11.0416 4308	wuauserv - ok
19:49:11.0525 4308	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:49:11.0603 4308	WudfPf - ok
19:49:11.0650 4308	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:49:11.0728 4308	WUDFRd - ok
19:49:11.0759 4308	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:49:11.0790 4308	wudfsvc - ok
19:49:11.0806 4308	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:49:11.0853 4308	WwanSvc - ok
19:49:11.0915 4308	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:49:12.0321 4308	\Device\Harddisk0\DR0 - ok
19:49:12.0321 4308	Boot (0x1200)   (e33efed45444c0a3b6cae56d584f7988) \Device\Harddisk0\DR0\Partition0
19:49:12.0321 4308	\Device\Harddisk0\DR0\Partition0 - ok
19:49:12.0367 4308	Boot (0x1200)   (e290fc1132f8f54f6d7f5138122cd0ac) \Device\Harddisk0\DR0\Partition1
19:49:12.0367 4308	\Device\Harddisk0\DR0\Partition1 - ok
19:49:12.0367 4308	============================================================
19:49:12.0367 4308	Scan finished
19:49:12.0367 4308	============================================================
19:49:12.0383 4132	Detected object count: 1
19:49:12.0383 4132	Actual detected object count: 1
19:49:22.0648 4132	GREGService ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:22.0648 4132	GREGService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:49:30.0042 3900	Deinitialize success

cosinus · 04.08.2012, 19:15

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

AC9 · 04.08.2012, 23:05

Code:

ATTFilter

ComboFix 12-08-04.02 - Michael Schmitt 04.08.2012  23:39:54.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8044.6388 [GMT 2:00]
ausgeführt von:: c:\users\Michael Schmitt\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\SysWow64\~.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-04 bis 2012-08-04  ))))))))))))))))))))))))))))))
.
.
2012-08-04 21:44 . 2012-08-04 21:44	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-08-04 21:44 . 2012-08-04 21:44	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-08-04 21:44 . 2012-08-04 21:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-03 17:24 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F1F970E-CF17-4A4C-B22B-31C715588507}\mpengine.dll
2012-07-27 00:24 . 2012-07-30 18:07	268952	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-07-27 00:12 . 2012-07-30 18:07	268952	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-07-27 00:12 . 2012-07-30 16:20	268952	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-07-27 00:12 . 2012-07-27 00:16	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-07-27 00:12 . 2012-07-27 00:12	682280	----a-w-	c:\windows\SysWow64\pbsvc.exe
2012-07-27 00:11 . 2012-07-27 00:11	--------	d-----w-	c:\users\Michael Schmitt\AppData\Local\Punkbuster
2012-07-27 00:11 . 2012-07-27 00:22	--------	d-----w-	c:\program files (x86)\Wolfenstein - Enemy Territory
2012-07-26 16:55 . 2012-07-26 16:55	955888	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-07-26 16:55 . 2012-07-26 16:55	268784	----a-w-	c:\windows\system32\javaws.exe
2012-07-26 16:55 . 2012-07-26 16:55	189424	----a-w-	c:\windows\system32\javaw.exe
2012-07-26 16:55 . 2012-07-26 16:55	188912	----a-w-	c:\windows\system32\java.exe
2012-07-26 16:55 . 2012-07-26 16:55	--------	d-----w-	c:\program files\Java
2012-07-26 16:51 . 2012-07-26 16:51	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-07-26 16:51 . 2012-07-26 16:51	--------	d-----w-	c:\program files (x86)\Oracle
2012-07-11 15:31 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 12:37 . 2012-07-11 12:37	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-07-10 08:25 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 17:37 . 2012-03-30 12:27	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 17:37 . 2012-02-29 23:01	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-26 16:55 . 2011-12-04 17:59	839152	----a-w-	c:\windows\system32\deployJava1.dll
2012-07-11 15:27 . 2011-10-15 00:58	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-07-05 20:06 . 2011-11-26 17:34	687544	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2011-12-01 22:14	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-24 16:38 . 2012-06-24 16:38	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-06-23 23:46 . 2012-06-23 23:46	1700352	----a-w-	c:\windows\SysWow64\gdiplus.dll
2012-06-02 22:19 . 2012-06-19 07:26	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 07:26	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 07:26	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 07:26	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 07:26	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 07:26	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 07:26	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 07:26	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 07:26	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-05-15 10:48 . 2012-06-28 14:01	68928	----a-w-	c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-06-28 14:01	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-06-28 13:56	949056	----a-w-	c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-06-28 13:56	818496	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-06-28 13:56	8139072	----a-w-	c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-06-28 13:56	8105280	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-06-28 13:56	5982528	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-06-28 13:56	364352	----a-w-	c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-28 13:56	301376	----a-w-	c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-28 13:56	28992	----a-w-	c:\windows\system32\drivers\nvpciflt.sys
2012-05-15 10:48 . 2012-06-28 13:56	2881856	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-28 13:56	2741568	----a-w-	c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-06-28 13:56	2681664	----a-w-	c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-06-28 13:56	25743168	----a-w-	c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-06-28 13:56	2524992	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-06-28 13:56	25248064	----a-w-	c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-06-28 13:56	246592	----a-w-	c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-06-28 13:56	2445120	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-28 13:56	2368832	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-06-28 13:56	202048	----a-w-	c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-06-28 13:56	19607872	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-06-28 13:56	18044224	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-06-28 13:56	17551680	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-06-28 13:56	1738048	----a-w-	c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-06-28 13:56	15322432	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-06-28 13:56	1468224	----a-w-	c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-06-28 13:56	14298944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-06-28 13:56	10194752	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2012-06-28 14:01	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-06-28 14:01	858944	----a-w-	c:\windows\system32\nv3dappshext.dll
2012-05-15 09:29 . 2012-06-28 14:01	63296	----a-w-	c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-06-28 14:01	55616	----a-w-	c:\windows\system32\nv3dappshextr.dll
2012-05-15 09:29 . 2012-06-28 14:01	2561856	----a-w-	c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2012-06-28 14:01	118080	----a-w-	c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-06-28 14:01	2621723	----a-w-	c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2012-06-28 14:01	3149632	----a-w-	c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-06-28 14:01	6151488	----a-w-	c:\windows\system32\nvcpl.dll
2012-05-08 15:09 . 2011-12-29 00:11	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 15:09 . 2011-12-29 00:11	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Michael Schmitt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Michael Schmitt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Michael Schmitt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-12-28 59256]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-16 256576]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-22 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-22 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-22 62776]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-23 2656280]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:37]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 16:23]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 16:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Michael Schmitt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Michael Schmitt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Michael Schmitt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Michael Schmitt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Michael Schmitt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Michael Schmitt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Michael Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\g5bgou94.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2602013592-1073687263-3334664861-1001\Software\SecuROM\License information*]
"datasecu"=hex:1c,76,15,1d,4f,12,14,39,18,af,cd,3f,a9,32,d8,a1,3d,ed,e6,b7,1c,
   bd,c6,5f,13,2b,0f,87,06,6e,a1,c2,3a,4d,05,f5,3e,14,71,45,99,20,26,d7,a1,11,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-04  23:55:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-04 21:55
ComboFix2.txt  2012-02-27 22:18
.
Vor Suchlauf: 15 Verzeichnis(se), 368.638.963.712 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 368.303.984.640 Bytes frei
.
- - End Of File - - 78C2265B5F42E5FF172E68FB8D06F4F4

cosinus · 05.08.2012, 14:28

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

AC9 · 05.08.2012, 23:26

GMER:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-06 00:24:53
Windows 6.1.7601 Service Pack 1 
Running: 0wnm3zl2.exe


---- Files - GMER 1.0.15 ----

File  C:\Users\Michael Schmitt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3WHSMWWY\www.chilloutzone.de.\1201                                    0 bytes
File  C:\Users\Michael Schmitt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3WHSMWWY\www.chilloutzone.de.\1201\factory-balls-4.swf                0 bytes
File  C:\Users\Michael Schmitt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3WHSMWWY\www.chilloutzone.de.\1201\factory-balls-4.swf\fb4shared.sol  41 bytes
File  C:\Users\Michael Schmitt\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.chilloutzone.de.\settings.sol            90 bytes

---- EOF - GMER 1.0.15 ----

OSAM

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:31:14 on 06.08.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Google Inc. Google Chrome 21.0.1180.60

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - ? - C:\Windows\system32\Drivers\CVPNDRVA.sys  (File found, but it contains no detailed information)
"GDPkIcpt" (GDPkIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\PktIcpt.sys
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys  (File not found)
"Huawei MobileBroadband USB PNP Device" (ew_hwusbdev) - ? - C:\Windows\System32\DRIVERS\ew_hwusbdev.sys  (File not found)
"HUAWEI USB-WWAN miniport" (ewusbmbb) - ? - C:\Windows\System32\DRIVERS\ewusbwwan.sys  (File not found)
"huawei_enumerator" (huawei_enumerator) - ? - C:\Windows\System32\DRIVERS\ew_jubusenum.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"NTIDrvr" (NTIDrvr) - "NTI Corporation" - C:\Windows\system32\drivers\NTIDrvr.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
"UBHelper" (UBHelper) - "NTI Corporation" - C:\Windows\system32\drivers\UBHelper.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products (Canada) Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "ms-help" - ? -   (File not found | COM-object registry key not found)
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Microsoft Outlook Custom Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products (Canada) Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products (Canada) Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products (Canada) Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products (Canada) Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} "SysInfo Class" - "Husdawg, LLC" - C:\Program Files (x86)\SystemRequirementsLab\srldetect_intel_4.5.5.0.dll / hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Michael Schmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"Dolby Advanced Audio v2" - "Dolby Laboratories Inc." - "C:\Dolby PCEE4\pcee4.exe" -autostart
"EgisTecPMMUpdate" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"EgisUpdate" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
"LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SuiteTray" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
"Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
"EgisTec Ticket Service" (EgisTec Ticket Service) - "Egis Technology Inc. " - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GREGService" (GREGService) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"Intel(R) Turbo Boost Technology Monitor 2.0" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
"Live Updater Service" (Live Updater Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NTI Corporation" - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Office 64 Source Engine" (ose64) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File not found)
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR.exe

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-06 01:11:32
-----------------------------
01:11:32.900    OS Version: Windows x64 6.1.7601 Service Pack 1
01:11:32.900    Number of processors: 4 586 0x2A07
01:11:32.900    ComputerName: XYZ  UserName: 
01:11:33.820    Initialize success
01:11:37.424    AVAST engine defs: 12080501
01:11:43.211    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:11:43.227    Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
01:11:43.274    Disk 0 MBR read successfully
01:11:43.274    Disk 0 MBR scan
01:11:43.289    Disk 0 Windows 7 default MBR code
01:11:43.305    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        18432 MB offset 2048
01:11:43.336    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 37750784
01:11:43.352    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       458406 MB offset 37955584
01:11:43.399    Disk 0 scanning C:\Windows\system32\drivers
01:11:56.612    Service scanning
01:12:28.732    Modules scanning
01:12:28.748    Disk 0 trace - called modules:
01:12:28.763    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
01:12:28.763    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a625060]
01:12:28.779    3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007df9050]
01:12:28.779    Scan finished successfully
01:16:20.658    Disk 0 MBR has been saved successfully to "C:\Users\Michael Schmitt\Desktop\MBR.dat"
01:16:20.658    The log file has been saved successfully to "C:\Users\Michael Schmitt\Desktop\aswMBR.txt"

cosinus · 06.08.2012, 15:06

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

AC9 · 06.08.2012, 18:36

Ok, sieht beides sauber aus; aber jetzt zum Abschluss noch ne Frage: was genau hat sich da bei mir eingenistet?

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/06/2012 at 07:32 PM

Application Version : 5.5.1012

Core Rules Database Version : 9014
Trace Rules Database Version: 6826

Scan type       : Complete Scan
Total Scan Time : 01:39:44

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 571
Memory threats detected   : 0
Registry items scanned    : 71906
Registry threats detected : 0
File items scanned        : 149846
File threats detected     : 17

Adware.Tracking Cookie
	C:\Users\Michael Schmitt\AppData\Roaming\Microsoft\Windows\Cookies\4UANS80V.txt [ /www.zanox-affiliate.de ]
	C:\Users\Michael Schmitt\AppData\Roaming\Microsoft\Windows\Cookies\I9JGUMQQ.txt [ /mediaplex.com ]
	C:\Users\Michael Schmitt\AppData\Roaming\Microsoft\Windows\Cookies\T2656JP8.txt [ /fastclick.net ]
	C:\Users\Michael Schmitt\AppData\Roaming\Microsoft\Windows\Cookies\4RW0NDI0.txt [ /zanox.com ]
	C:\Users\Michael Schmitt\AppData\Roaming\Microsoft\Windows\Cookies\VHOH4UCY.txt [ /ad.zanox.com ]
	C:\Users\Michael Schmitt\AppData\Roaming\Microsoft\Windows\Cookies\J2VMUCPI.txt [ /zanox-affiliate.de ]
	C:\Users\Michael Schmitt\AppData\Roaming\Microsoft\Windows\Cookies\ZYZ22L0B.txt [ /imrworldwide.com ]
	C:\Users\Michael Schmitt\AppData\Roaming\Microsoft\Windows\Cookies\3VPMRJ1H.txt [ /ad.dyntracker.de ]
	C:\Users\Michael Schmitt\AppData\Roaming\Microsoft\Windows\Cookies\7AY30GN2.txt [ /apmebf.com ]
	C:\USERS\MICHAEL SCHMITT\Cookies\4UANS80V.txt [ Cookie:michael schmitt@www.zanox-affiliate.de/ ]
	C:\USERS\MICHAEL SCHMITT\Cookies\I9JGUMQQ.txt [ Cookie:michael schmitt@mediaplex.com/ ]
	C:\USERS\MICHAEL SCHMITT\Cookies\T2656JP8.txt [ Cookie:michael schmitt@fastclick.net/ ]
	C:\USERS\MICHAEL SCHMITT\Cookies\4RW0NDI0.txt [ Cookie:michael schmitt@zanox.com/ ]
	C:\USERS\MICHAEL SCHMITT\Cookies\VHOH4UCY.txt [ Cookie:michael schmitt@ad.zanox.com/ ]
	C:\USERS\MICHAEL SCHMITT\Cookies\ZYZ22L0B.txt [ Cookie:michael schmitt@imrworldwide.com/cgi-bin ]
	C:\USERS\MICHAEL SCHMITT\Cookies\3VPMRJ1H.txt [ Cookie:michael schmitt@ad.dyntracker.de/ ]
	C:\USERS\MICHAEL SCHMITT\Cookies\7AY30GN2.txt [ Cookie:michael schmitt@apmebf.com/ ]

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.06.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael Schmitt :: XYZ [Administrator]

06.08.2012 16:49:24
mbam-log-2012-08-06 (16-49-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 353714
Laufzeit: 49 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 07.08.2012, 12:24

Code:

ATTFilter

UAC On - Limited User

Wie hast du SUPERAntiSpyware geöffnet? Einfach per Doppelklick?!

AC9 · 07.08.2012, 14:05

Könnte evtl. sein, dass ich ihn nicht per Administrator ausführen geöffnet habe

Bin aber admin hier aufm rechner ( und einzige Benutzer)

cosinus · 08.08.2012, 15:32

Ob Admin oder nicht, du solltest es per Rechtsklick als Administrator ausfürehn ,das ist bei manchen Tools von Bedeutung!

06.08.2012, 15:06	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Antivir hat mehrer Funde/ EXP/10-0840.CM.1 Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

07.08.2012, 12:24	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Antivir hat mehrer Funde/ EXP/10-0840.CM.1 Code: ATTFilter UAC On - Limited User Wie hast du SUPERAntiSpyware geöffnet? Einfach per Doppelklick?! __________________ Logfiles bitte immer in CODE-Tags posten

08.08.2012, 15:32	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Antivir hat mehrer Funde/ EXP/10-0840.CM.1 Ob Admin oder nicht, du solltest es per Rechtsklick als Administrator ausfürehn ,das ist bei manchen Tools von Bedeutung! __________________ Logfiles bitte immer in CODE-Tags posten

Antivir hat mehrer Funde/ EXP/10-0840.CM.1

Plagegeister aller Art und deren Bekämpfung: Antivir hat mehrer Funde/ EXP/10-0840.CM.1