Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Anscheinend mit Trojaner von Facebook infiziert (https://www.trojaner-board.de/103982-anscheinend-trojaner-facebook-infiziert.html)

Telemann 08.10.2011 22:56
Anscheinend mit Trojaner von Facebook infiziert
 
Hallo liebes Trojaner-Board-Team,

nach vielen Jahren virenfreien Surfens hat es mich gestern erwischt: Ein Facebook-"Freund" schickte mir einen Link, auf den ich geklickt habe, in der Annahme, es sein ein Foto. Die Datei, die anschließend geladen wurde, hatte die Endung eines Bildschirmschoners. Bevor ich sie geöffnet habe, ließ ich AVIRA die Datei manuell überprüfen, doch es wurde nichts gefunden, so dass ich die Datei schließlich öffnete. Tja, es konnte dann leider kein Bild angezeigt werden.

Einige Minuten später schlug Avira Alarm. Kurz hintereinander wurden gefunden:

TR/Crypt.EPACK.Gen2
EXP/CVE-2010-4452.D
Win32/Unruy.H

Ich habe zwar jedesmal auf "Löschen" geklickt, aber anscheinend ging das Zeug nicht weg.
So ein Mist! Wozu hat man denn diese Antivirenprogramme???


Symptome:

Während ich jetzt hier dieses Forum durchstöberte, ist mein PC schon 2mal mit Bluescreen abgestürzt, und gerade kam die Avira-Meldung: "Zugriff auf die Datei \Device\HarddiskVolume1\Autorun.inf wurde blockiert". Was heißt das denn?

Außerdem hat sich gerade plötzlich die Bildschirmdarstellung verändert: Die kleinen Icons unten in der Startleiste sehen irgendwie schlichter / primitiver aus, und alle Fensterränder, die sonst halbtransparent sind, sind jetzt nicht mehr durchsichtig.

Dummerweise hab ich jetzt noch genau 1 Tag, um meine Steuererklärung auf dem PC zu machen, am 10.10. ist mein Abgabetermin. Wie soll ich das denn schaffen, wenn mein System nicht mehr stabil ist?


Was ich gerade unternommen habe:

1. Malwarebytes' Anti-Malware heruntergeladen und durchlaufen lassen, hat 28 infizierte Dateien gefunden (!). Log-File siehe unten.

2. Defogger heruntergeladen und gestartet.

3. OTL heruntergeladen und durchlaufen lassen (die Logfiles versuche ich gleich, hier anzufügen. Mal sehen, ob ich das schaffe).

4. GMER heruntergeladen und gestartet, stürzt aber jedesmal ab, kurz nachdem in der Statuszeile erscheint: "\Device\Harddisk\VolumeShadowCopy1".


So, bin fix und fertig. Was jetzt?

Schönen Dank schon mal an jeden, der sich meiner erbarmt und mir weiterhilft.


---------------------------------------------------------------------


Hier das Logfile von MBAM:



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7902

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

08.10.2011 20:43:49
mbam-log-2011-10-08 (20-43-49).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 187402
Laufzeit: 9 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 28

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher (Backdoor.IRCBot) -> Value: Adobe Reader Speed Launcher -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpywareTerminator (Backdoor.IRCBot) -> Value: SpywareTerminator -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched (Backdoor.IRCBot) -> Value: SunJavaUpdateSched -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QuickTime Task (Backdoor.IRCBot) -> Value: QuickTime Task -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\swg (Backdoor.IRCBot) -> Value: swg -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\program files\spyware terminator\spywareterminatorshield.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\program files\common files\Java\java update\jusched.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\program files\quicktime\QTTask.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\programdata\g0bl07OX.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\g0bl07ox.exe_ (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\EE64.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\3F.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\setup152207864.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\setup1825204252.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\setup2573413468.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\setup2915465244.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\setup3156182584.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\9B19.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\D3C3.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\D597.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\DAB5.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\setup3315757760.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\setup3878025976.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\setup881034076.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Local\Temp\setup975314012.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\setA6E9.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\setB349.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\setB9A1.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\setBC60.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\setE192.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Michael\Desktop\PCenter.lnk (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.

cosinus 10.10.2011 13:48
Zitat:
Einige Minuten später schlug Avira Alarm. Kurz hintereinander wurden gefunden:

TR/Crypt.EPACK.Gen2
EXP/CVE-2010-4452.D
Win32/Unruy.H
Sowas reicht nicht, bitte alle Logs von AntIVir nachreichen

Telemann 10.10.2011 21:11
Gut, hier sind drei Log-Dateien von AntiVir.

Falls es interessiert, ich habe inzwischen auch ESET laufen lassen (ohne zu reparieren, nur scannen), weil ich das hier im Forum schon des öfteren las; das Log-File hänge ich auch gleich hier dran.

Gruß,
Telemann

cosinus 11.10.2011 09:53
Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Telemann 11.10.2011 20:47
Hallo Arne,

wie gewünscht habe ich gerade einen Vollscan mit malwarebytes gemacht, aber komischerweise wurde nichts gefunden! :confused:

Kommt mir sehr seltsam vor, denn gestern ist der PC mit Bluescreen abgestürzt, heute kam von AntiVir die Meldung, dass ein Virus gefunden wurde. Also ganz weg kann die Verseuchung wohl nicht sein oder?

Oder kann es vielleicht sein, dass die umfangreichen Windows-Updates, die mein PC seit gestern automatisch installiert, zur Bereinigung geführt haben???

Im Anhang die aktuellen Log-Dateien von AntiVir und malwarebytes (ältere habe ich nicht).

Gruß,
Telemann


Code:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Dienstag, 11. Oktober 2011  17:02

Es wird nach 3380976 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows Vista
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : MICHAEL-PC

Versionsinformationen:
BUILD.DAT      : 10.2.0.703    35935 Bytes  29.08.2011 16:10:00
AVSCAN.EXE    : 10.3.0.7      484008 Bytes  29.06.2011 08:16:22
AVSCAN.DLL    : 10.0.5.0      57192 Bytes  29.06.2011 08:16:21
LUKE.DLL      : 10.3.0.5      45416 Bytes  29.06.2011 08:16:22
LUKERES.DLL    : 10.0.0.0      13672 Bytes  14.01.2010 09:59:47
AVSCPLR.DLL    : 10.3.0.7      119656 Bytes  29.06.2011 08:16:22
AVREG.DLL      : 10.3.0.9      88833 Bytes  13.07.2011 07:53:00
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 08:48:25
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 09:06:24
VBASE002.VDF  : 7.11.3.0    1950720 Bytes  09.02.2011 08:28:15
VBASE003.VDF  : 7.11.5.225  1980416 Bytes  07.04.2011 07:54:38
VBASE004.VDF  : 7.11.8.178  2354176 Bytes  31.05.2011 21:38:56
VBASE005.VDF  : 7.11.10.251  1788416 Bytes  07.07.2011 08:01:45
VBASE006.VDF  : 7.11.13.60  6411776 Bytes  16.08.2011 09:23:45
VBASE007.VDF  : 7.11.15.106  2389504 Bytes  05.10.2011 17:33:13
VBASE008.VDF  : 7.11.15.107    2048 Bytes  05.10.2011 17:33:13
VBASE009.VDF  : 7.11.15.108    2048 Bytes  05.10.2011 17:33:13
VBASE010.VDF  : 7.11.15.109    2048 Bytes  05.10.2011 17:33:13
VBASE011.VDF  : 7.11.15.110    2048 Bytes  05.10.2011 17:33:14
VBASE012.VDF  : 7.11.15.111    2048 Bytes  05.10.2011 17:33:14
VBASE013.VDF  : 7.11.15.144  161792 Bytes  07.10.2011 17:33:14
VBASE014.VDF  : 7.11.15.177  130048 Bytes  10.10.2011 19:47:36
VBASE015.VDF  : 7.11.15.178    2048 Bytes  10.10.2011 19:47:36
VBASE016.VDF  : 7.11.15.179    2048 Bytes  10.10.2011 19:47:36
VBASE017.VDF  : 7.11.15.180    2048 Bytes  10.10.2011 19:47:37
VBASE018.VDF  : 7.11.15.181    2048 Bytes  10.10.2011 19:47:37
VBASE019.VDF  : 7.11.15.182    2048 Bytes  10.10.2011 19:47:37
VBASE020.VDF  : 7.11.15.183    2048 Bytes  10.10.2011 19:47:37
VBASE021.VDF  : 7.11.15.184    2048 Bytes  10.10.2011 19:47:37
VBASE022.VDF  : 7.11.15.185    2048 Bytes  10.10.2011 19:47:37
VBASE023.VDF  : 7.11.15.186    2048 Bytes  10.10.2011 19:47:37
VBASE024.VDF  : 7.11.15.187    2048 Bytes  10.10.2011 19:47:37
VBASE025.VDF  : 7.11.15.188    2048 Bytes  10.10.2011 19:47:38
VBASE026.VDF  : 7.11.15.189    2048 Bytes  10.10.2011 19:47:38
VBASE027.VDF  : 7.11.15.190    2048 Bytes  10.10.2011 19:47:38
VBASE028.VDF  : 7.11.15.191    2048 Bytes  10.10.2011 19:47:38
VBASE029.VDF  : 7.11.15.192    2048 Bytes  10.10.2011 19:47:38
VBASE030.VDF  : 7.11.15.193    2048 Bytes  10.10.2011 19:47:38
VBASE031.VDF  : 7.11.15.204    75776 Bytes  10.10.2011 19:47:38
Engineversion  : 8.2.6.80 
AEVDF.DLL      : 8.1.2.1      106868 Bytes  30.07.2010 18:14:54
AESCRIPT.DLL  : 8.1.3.81      467322 Bytes  05.10.2011 06:55:45
AESCN.DLL      : 8.1.7.2      127349 Bytes  23.11.2010 08:35:38
AESBX.DLL      : 8.2.1.34      323957 Bytes  02.06.2011 09:23:47
AERDL.DLL      : 8.1.9.15      639348 Bytes  09.09.2011 08:57:48
AEPACK.DLL    : 8.2.10.11    684408 Bytes  24.09.2011 10:12:32
AEOFFICE.DLL  : 8.1.2.15      201083 Bytes  17.09.2011 09:24:17
AEHEUR.DLL    : 8.1.2.177    3744120 Bytes  08.10.2011 17:33:20
AEHELP.DLL    : 8.1.17.7      254327 Bytes  29.07.2011 08:09:02
AEGEN.DLL      : 8.1.5.9      401780 Bytes  26.08.2011 11:03:20
AEEMU.DLL      : 8.1.3.0      393589 Bytes  23.11.2010 08:35:33
AECORE.DLL    : 8.1.23.0      196983 Bytes  26.08.2011 11:03:14
AEBB.DLL      : 8.1.1.0        53618 Bytes  26.04.2010 11:00:33
AVWINLL.DLL    : 10.0.0.0      19304 Bytes  14.01.2010 09:59:10
AVPREF.DLL    : 10.0.3.2      44904 Bytes  29.06.2011 08:16:21
AVREP.DLL      : 10.0.0.10    174120 Bytes  18.05.2011 08:01:02
AVARKT.DLL    : 10.0.26.1    255336 Bytes  29.06.2011 08:16:21
AVEVTLOG.DLL  : 10.0.0.9      203112 Bytes  29.06.2011 08:16:21
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28.01.2010 10:57:53
AVSMTP.DLL    : 10.0.0.17      63848 Bytes  16.03.2010 13:38:54
NETNT.DLL      : 10.0.0.0      11624 Bytes  19.02.2010 12:40:55
RCIMAGE.DLL    : 10.0.0.35    2589544 Bytes  29.06.2011 08:16:21
RCTEXT.DLL    : 10.0.64.0      98664 Bytes  29.06.2011 08:16:21

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f727d87\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: aus
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Dienstag, 11. Oktober 2011  17:02

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Acrobat.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FNPLicensingService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HookManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'espmain.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpywareTerminatorUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpywareTerminatorShield.Exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LxUpdateManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dthtml.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzFw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'stacsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sp_rsser.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dtsrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'a2service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Michael\AppData\Local\Mozilla\Firefox\Profiles\fhybklfo.default\Cache\2\DE\C90B5d01'
C:\Users\Michael\AppData\Local\Mozilla\Firefox\Profiles\fhybklfo.default\Cache\2\DE\C90B5d01
  [0] Archivtyp: PDF
  --> pdf_form_3.avp
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Pidief.hdi
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d53f14b.qua' verschoben!


Ende des Suchlaufs: Dienstag, 11. Oktober 2011  17:02
Benötigte Zeit: 00:27 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    681 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    679 Dateien ohne Befall
      1 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise

cosinus 11.10.2011 20:49
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Telemann 11.10.2011 23:33
Hi, hier der log.txt von ESET, Scan-Durchlauf gerade beendet:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=7f6ac70eaba0fc40abd879fe3d5b1d2f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-08 11:39:53
# local_time=2011-10-09 01:39:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 14556 93011496 0 0
# compatibility_mode=5892 16776573 100 100 14542 155647660 0 0
# compatibility_mode=7937 16777213 100 75 15503 27478776 0 0
# compatibility_mode=8192 67108863 100 0 198 198 0 0
# scanned=44942
# found=0
# cleaned=0
# scan_time=2261
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=7f6ac70eaba0fc40abd879fe3d5b1d2f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-09 11:37:13
# local_time=2011-10-09 01:37:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 52220 93049160 50136 0
# compatibility_mode=5892 16776573 100 100 1620 155685324 0 0
# compatibility_mode=7937 16777213 100 100 247 27516440 0 0
# compatibility_mode=8192 67108863 100 0 37862 37862 0 0
# scanned=216330
# found=12
# cleaned=0
# scan_time=7636
C:\Users\Michael\AppData\Local\Temp\00313.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\1022145.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\1827324.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\41936.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\57823.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\7419518.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\75087.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\83508.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\94545.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\M-1-52-5782-8752-5245\winsvc .exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\IMG04506864689.JPG.scr        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\704dc34-2c70dc1c        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=7f6ac70eaba0fc40abd879fe3d5b1d2f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-11 10:09:59
# local_time=2011-10-12 12:09:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 262788 93259728 79873 0
# compatibility_mode=5892 16776573 100 100 45219 155895892 0 0
# compatibility_mode=7937 16777213 100 100 210815 27727008 0 0
# compatibility_mode=8192 67108863 100 0 248430 248430 0 0
# scanned=222310
# found=20
# cleaned=0
# scan_time=7835
C:\Users\Michael\AppData\Local\Temp\00313.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\1022145.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\1827324.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\41936.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\57823.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\7419518.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\75087.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\83508.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\94545.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7709867e-7413ff1e        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\M-1-52-5782-8752-5245\winsvc .exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\IMG04506864689.JPG.scr        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JWQF0E6V\soft_be_tc[1].htm        HTML/Iframe.B.Gen virus (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VON5QKS5\ni[1].htm        HTML/Iframe.B.Gen virus (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5371c350-5fa0ae37        Java/Agent.DU trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\321af3d6-339ec4f1        Java/Agent.DU trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\704dc34-2c70dc1c        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\630bdaf9-25073e04        Java/Agent.DU trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Temp\AcrBE4.tmp        JS/Exploit.Pdfka.PEN trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Temp\jar_cache6805097543519546117.tmp        Java/Agent.DU trojan (unable to clean)        00000000000000000000000000000000        I

Und alle diese 20 ungebetenen Gäste wurden von Malwarebytes nicht entdeckt? Seltsam...

Gruß,
Telemann

cosinus 12.10.2011 16:38
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
PRC - [2010.04.05 10:41:38 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
SRV - [2010.04.05 10:41:38 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10718b5e-b75e-11e0-b711-001a8024a2fa}\Shell - "" = AutoRun
O33 - MountPoints2\{10718b5e-b75e-11e0-b711-001a8024a2fa}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
[2011.10.07 09:25:51 | 000,000,000 | RHSD | C] -- C:\Users\Michael\M-1-52-5782-8752-5245
[2011.10.07 10:06:36 | 000,000,001 | ---- | M] () -- C:\ProgramData\g0bl07OX.exe.d
[2011.10.07 09:53:26 | 000,000,001 | ---- | M] () -- C:\ProgramData\g0bl07OX.exe.b
[2011.10.07 09:53:24 | 000,000,000 | -H-- | M] () -- C:\Users\Michael\AppData\Roaming\Efd1tdJgf06I
[2011.10.07 09:39:56 | 000,000,112 | ---- | M] () -- C:\ProgramData\BmkBbUbLh.dat
[2011.10.07 09:38:08 | 000,000,001 | ---- | M] () -- C:\Windows\System32\58A5T.com.b
[2011.10.07 09:23:38 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IMG04506864689.JPG.scr
:Files
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Michael\AppData\Local\Temp\*.exe
C:\Users\Michael\AppData\Local\Temp\*.tmp
C:\Users\Michael\M-1-52-5782-8752-5245
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Telemann 12.10.2011 20:26
Hi, hab den OTL Fix gemacht, das Logfile befindet sich im Anhang.

Ist es von Interesse, dass heute schon drei Warnungen von AntiVir kamen? Ich hänge die Logs mal hier an.
(Während des OTL-Fixes hatte ich AntiVir deaktiviert).

Viele Grüße

cosinus 14.10.2011 00:30
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Telemann 14.10.2011 20:31
Hi Arne,

ich habe das Kasperski-Tool ausgeführt, es wurden 2 verdächtige und 1 schädliches Objekt gefunden. Ich wurde gefragt, was damit geschehen soll. Nachdem ich auf "Cure" geklickt habe, wurde ein Neustart gemacht.

Jetzt weiß ich nicht, wie ich an das Log gelangen soll, weil sich das Kasperski-Fenster nach dem Neustart nicht automatisch öffnete, wie ich es erwartete. Hätte ich vielleicht vor dem Neustart den "Report"-Button anklicken müssen?

Gruß,
Telemann

Telemann 14.10.2011 20:44
Ergänzung:

Habe inzwischen herausgefunden, dass die Log-Datei auf C:\ bereit liegt, und habe sie hier angehängt.

Gruß
Telemann

cosinus 16.10.2011 13:06
Mach bitte ein neues Log mit dem TDSS-Killer

Telemann 16.10.2011 17:29
Hi, neues Log mit TDSS-Killer erstellt.

Diesmal habe ich bei den verdächtigen Objekten keine Aktion durchführen lassen, sondern auf "Skip" gedrückt.

Code:
18:20:52.0188 6016        TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
18:20:52.0204 6016        ============================================================
18:20:52.0204 6016        Current date / time: 2011/10/16 18:20:52.0204
18:20:52.0204 6016        SystemInfo:
18:20:52.0204 6016       
18:20:52.0204 6016        OS Version: 6.0.6002 ServicePack: 2.0
18:20:52.0204 6016        Product type: Workstation
18:20:52.0204 6016        ComputerName: MICHAEL-PC
18:20:52.0204 6016        UserName: Michael
18:20:52.0204 6016        Windows directory: C:\Windows
18:20:52.0204 6016        System windows directory: C:\Windows
18:20:52.0204 6016        Processor architecture: Intel x86
18:20:52.0204 6016        Number of processors: 2
18:20:52.0204 6016        Page size: 0x1000
18:20:52.0204 6016        Boot type: Normal boot
18:20:52.0204 6016        ============================================================
18:21:09.0223 6016        Initialize success
18:21:27.0194 4212        ============================================================
18:21:27.0194 4212        Scan started
18:21:27.0194 4212        Mode: Manual; SigCheck; TDLFS;
18:21:27.0194 4212        ============================================================
18:21:29.0534 4212        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:21:29.0628 4212        ACPI - ok
18:21:29.0768 4212        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:21:29.0784 4212        adp94xx - ok
18:21:29.0846 4212        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:21:29.0862 4212        adpahci - ok
18:21:29.0987 4212        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:21:30.0002 4212        adpu160m - ok
18:21:30.0127 4212        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:21:30.0143 4212        adpu320 - ok
18:21:30.0361 4212        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:21:30.0424 4212        AFD - ok
18:21:30.0626 4212        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:21:30.0642 4212        agp440 - ok
18:21:30.0704 4212        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:21:30.0720 4212        aic78xx - ok
18:21:30.0798 4212        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:21:30.0798 4212        aliide - ok
18:21:30.0892 4212        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:21:30.0907 4212        amdagp - ok
18:21:31.0001 4212        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:21:31.0016 4212        amdide - ok
18:21:31.0235 4212        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:21:31.0313 4212        AmdK7 - ok
18:21:31.0406 4212        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:21:31.0500 4212        AmdK8 - ok
18:21:31.0609 4212        ApfiltrService  (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:21:31.0640 4212        ApfiltrService - ok
18:21:31.0765 4212        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:21:31.0781 4212        arc - ok
18:21:31.0859 4212        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:21:31.0874 4212        arcsas - ok
18:21:31.0984 4212        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:21:32.0030 4212        AsyncMac - ok
18:21:32.0249 4212        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:21:32.0264 4212        atapi - ok
18:21:32.0342 4212        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:21:32.0342 4212        avgio - ok
18:21:32.0483 4212        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
18:21:32.0514 4212        avgntflt - ok
18:21:32.0592 4212        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
18:21:32.0608 4212        avipbb - ok
18:21:32.0701 4212        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:21:32.0779 4212        Beep - ok
18:21:32.0920 4212        blbdrive - ok
18:21:32.0998 4212        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:21:33.0044 4212        bowser - ok
18:21:33.0122 4212        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:21:33.0154 4212        BrFiltLo - ok
18:21:33.0325 4212        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:21:33.0372 4212        BrFiltUp - ok
18:21:33.0528 4212        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:21:33.0590 4212        Brserid - ok
18:21:33.0653 4212        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:21:33.0715 4212        BrSerWdm - ok
18:21:33.0840 4212        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:21:33.0887 4212        BrUsbMdm - ok
18:21:33.0934 4212        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:21:33.0996 4212        BrUsbSer - ok
18:21:34.0074 4212        BthEnum        (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
18:21:34.0105 4212        BthEnum - ok
18:21:34.0214 4212        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:21:34.0277 4212        BTHMODEM - ok
18:21:34.0511 4212        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
18:21:34.0558 4212        BthPan - ok
18:21:34.0636 4212        BTHPORT        (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
18:21:34.0698 4212        BTHPORT - ok
18:21:34.0823 4212        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
18:21:34.0838 4212        BTHUSB - ok
18:21:34.0916 4212        btwaudio        (6ca69fa57cf251e890105923ad215b99) C:\Windows\system32\drivers\btwaudio.sys
18:21:34.0932 4212        btwaudio - ok
18:21:34.0994 4212        btwavdt        (12b4a9afa82bfe5a7d8819bf7ae20601) C:\Windows\system32\drivers\btwavdt.sys
18:21:35.0010 4212        btwavdt - ok
18:21:35.0135 4212        btwl2cap        (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:21:35.0150 4212        btwl2cap - ok
18:21:35.0712 4212        btwrchid        (d5e554f6c1a3baeb79daf9e1684f8102) C:\Windows\system32\DRIVERS\btwrchid.sys
18:21:35.0728 4212        btwrchid - ok
18:21:35.0884 4212        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:21:35.0930 4212        cdfs - ok
18:21:36.0008 4212        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:21:36.0071 4212        cdrom - ok
18:21:36.0149 4212        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:21:36.0211 4212        circlass - ok
18:21:36.0336 4212        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:21:36.0352 4212        CLFS - ok
18:21:36.0461 4212        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:21:36.0523 4212        CmBatt - ok
18:21:36.0601 4212        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:21:36.0632 4212        cmdide - ok
18:21:36.0742 4212        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:21:36.0773 4212        Compbatt - ok
18:21:36.0851 4212        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:21:36.0866 4212        crcdisk - ok
18:21:36.0944 4212        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:21:36.0991 4212        Crusoe - ok
18:21:37.0132 4212        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:21:37.0147 4212        DfsC - ok
18:21:37.0272 4212        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:21:37.0288 4212        disk - ok
18:21:37.0428 4212        DMICall        (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
18:21:37.0428 4212        DMICall - ok
18:21:37.0553 4212        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:21:37.0584 4212        drmkaud - ok
18:21:37.0678 4212        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:21:37.0709 4212        DXGKrnl - ok
18:21:37.0927 4212        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:21:37.0974 4212        E1G60 - ok
18:21:38.0083 4212        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:21:38.0099 4212        Ecache - ok
18:21:38.0192 4212        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:21:38.0208 4212        elxstor - ok
18:21:38.0333 4212        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:21:38.0364 4212        exfat - ok
18:21:38.0442 4212        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:21:38.0473 4212        fastfat - ok
18:21:38.0582 4212        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:21:38.0660 4212        fdc - ok
18:21:38.0785 4212        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:21:38.0801 4212        FileInfo - ok
18:21:38.0957 4212        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:21:38.0988 4212        Filetrace - ok
18:21:39.0113 4212        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:21:39.0175 4212        flpydisk - ok
18:21:39.0253 4212        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:21:39.0269 4212        FltMgr - ok
18:21:39.0362 4212        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:21:39.0409 4212        Fs_Rec - ok
18:21:39.0518 4212        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:21:39.0534 4212        gagp30kx - ok
18:21:39.0596 4212        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:21:39.0612 4212        GEARAspiWDM - ok
18:21:39.0752 4212        ggflt          (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
18:21:39.0768 4212        ggflt - ok
18:21:39.0877 4212        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
18:21:39.0893 4212        ggsemc - ok
18:21:40.0002 4212        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:21:40.0064 4212        HdAudAddService - ok
18:21:40.0158 4212        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:21:40.0220 4212        HDAudBus - ok
18:21:40.0330 4212        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:21:40.0392 4212        HidBth - ok
18:21:40.0470 4212        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:21:40.0517 4212        HidIr - ok
18:21:40.0610 4212        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:21:40.0673 4212        HidUsb - ok
18:21:41.0000 4212        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:21:41.0000 4212        HpCISSs - ok
18:21:41.0141 4212        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:21:41.0172 4212        HSFHWAZL - ok
18:21:41.0234 4212        HSF_DPV        (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:21:41.0359 4212        HSF_DPV - ok
18:21:41.0453 4212        HSXHWAZL        (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:21:41.0484 4212        HSXHWAZL - ok
18:21:41.0593 4212        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:21:41.0671 4212        HTTP - ok
18:21:41.0765 4212        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:21:41.0780 4212        i2omp - ok
18:21:42.0014 4212        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:21:42.0046 4212        i8042prt - ok
18:21:42.0139 4212        iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
18:21:42.0155 4212        iaStor - ok
18:21:42.0217 4212        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:21:42.0233 4212        iaStorV - ok
18:21:42.0342 4212        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:21:42.0342 4212        iirsp - ok
18:21:42.0451 4212        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:21:42.0467 4212        intelide - ok
18:21:42.0529 4212        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:21:42.0560 4212        intelppm - ok
18:21:42.0685 4212        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:21:42.0732 4212        IpFilterDriver - ok
18:21:42.0826 4212        IpInIp - ok
18:21:42.0888 4212        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:21:42.0966 4212        IPMIDRV - ok
18:21:43.0091 4212        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:21:43.0122 4212        IPNAT - ok
18:21:43.0231 4212        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:21:43.0294 4212        IRENUM - ok
18:21:43.0356 4212        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:21:43.0372 4212        isapnp - ok
18:21:43.0481 4212        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:21:43.0496 4212        iScsiPrt - ok
18:21:43.0543 4212        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:21:43.0559 4212        iteatapi - ok
18:21:43.0637 4212        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:21:43.0652 4212        iteraid - ok
18:21:43.0777 4212        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:21:43.0793 4212        kbdclass - ok
18:21:43.0980 4212        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:21:44.0011 4212        kbdhid - ok
18:21:44.0074 4212        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:21:44.0105 4212        KSecDD - ok
18:21:44.0198 4212        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:21:44.0245 4212        lltdio - ok
18:21:44.0386 4212        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:21:44.0401 4212        LSI_FC - ok
18:21:44.0464 4212        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:21:44.0479 4212        LSI_SAS - ok
18:21:44.0542 4212        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:21:44.0557 4212        LSI_SCSI - ok
18:21:44.0635 4212        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:21:44.0682 4212        luafv - ok
18:21:44.0838 4212        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:21:44.0869 4212        mdmxsdk - ok
18:21:44.0947 4212        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:21:44.0963 4212        megasas - ok
18:21:45.0088 4212        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:21:45.0134 4212        Modem - ok
18:21:45.0259 4212        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:21:45.0306 4212        monitor - ok
18:21:45.0384 4212        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:21:45.0384 4212        mouclass - ok
18:21:45.0446 4212        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:21:45.0478 4212        mouhid - ok
18:21:45.0556 4212        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:21:45.0571 4212        MountMgr - ok
18:21:45.0649 4212        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:21:45.0665 4212        mpio - ok
18:21:45.0758 4212        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:21:45.0805 4212        mpsdrv - ok
18:21:45.0899 4212        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:21:45.0899 4212        Mraid35x - ok
18:21:46.0024 4212        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:21:46.0055 4212        MRxDAV - ok
18:21:46.0133 4212        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:21:46.0164 4212        mrxsmb - ok
18:21:46.0242 4212        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:21:46.0273 4212        mrxsmb10 - ok
18:21:46.0382 4212        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:21:46.0414 4212        mrxsmb20 - ok
18:21:46.0492 4212        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:21:46.0492 4212        msahci - ok
18:21:46.0570 4212        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:21:46.0585 4212        msdsm - ok
18:21:46.0741 4212        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:21:46.0804 4212        Msfs - ok
18:21:46.0960 4212        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:21:46.0975 4212        msisadrv - ok
18:21:47.0038 4212        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:21:47.0084 4212        MSKSSRV - ok
18:21:47.0147 4212        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:21:47.0194 4212        MSPCLOCK - ok
18:21:47.0240 4212        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:21:47.0287 4212        MSPQM - ok
18:21:47.0381 4212        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:21:47.0396 4212        MsRPC - ok
18:21:47.0521 4212        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:21:47.0521 4212        mssmbios - ok
18:21:47.0584 4212        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:21:47.0630 4212        MSTEE - ok
18:21:47.0677 4212        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:21:47.0693 4212        Mup - ok
18:21:47.0818 4212        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:21:47.0864 4212        NativeWifiP - ok
18:21:48.0036 4212        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:21:48.0067 4212        NDIS - ok
18:21:48.0176 4212        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:21:48.0208 4212        NdisTapi - ok
18:21:48.0317 4212        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:21:48.0348 4212        Ndisuio - ok
18:21:48.0410 4212        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:21:48.0426 4212        NdisWan - ok
18:21:48.0488 4212        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:21:48.0520 4212        NDProxy - ok
18:21:48.0598 4212        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:21:48.0644 4212        NetBIOS - ok
18:21:48.0785 4212        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:21:48.0816 4212        netbt - ok
18:21:49.0097 4212        NETw4v32        (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
18:21:49.0331 4212        NETw4v32 - ok
18:21:49.0456 4212        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:21:49.0471 4212        nfrd960 - ok
18:21:49.0534 4212        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:21:49.0549 4212        Npfs - ok
18:21:49.0643 4212        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:21:49.0674 4212        nsiproxy - ok
18:21:49.0752 4212        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:21:49.0861 4212        Ntfs - ok
18:21:50.0048 4212        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:21:50.0111 4212        ntrigdigi - ok
18:21:50.0204 4212        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:21:50.0236 4212        Null - ok
18:21:50.0704 4212        nvlddmkm        (39d8f5a92427c57309355199592ead9f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:21:51.0421 4212        nvlddmkm - ok
18:21:51.0562 4212        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:21:51.0562 4212        nvraid - ok
18:21:51.0640 4212        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:21:51.0640 4212        nvstor - ok
18:21:51.0702 4212        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:21:51.0718 4212        nv_agp - ok
18:21:51.0952 4212        NwlnkFlt - ok
18:21:51.0983 4212        NwlnkFwd - ok
18:21:52.0076 4212        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:21:52.0108 4212        ohci1394 - ok
18:21:52.0248 4212        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:21:52.0326 4212        Parport - ok
18:21:52.0404 4212        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:21:52.0404 4212        partmgr - ok
18:21:52.0466 4212        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:21:52.0513 4212        Parvdm - ok
18:21:52.0591 4212        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:21:52.0607 4212        pci - ok
18:21:52.0732 4212        pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
18:21:52.0732 4212        pciide - ok
18:21:52.0841 4212        pcmcia          (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
18:21:52.0872 4212        pcmcia - ok
18:21:53.0028 4212        PdiPorts        (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys
18:21:53.0059 4212        PdiPorts - ok
18:21:53.0184 4212        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:21:53.0278 4212        PEAUTH - ok
18:21:53.0434 4212        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:21:53.0465 4212        PptpMiniport - ok
18:21:53.0512 4212        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:21:53.0574 4212        Processor - ok
18:21:53.0683 4212        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:21:53.0714 4212        PSched - ok
18:21:53.0824 4212        PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
18:21:53.0839 4212        PxHelp20 - ok
18:21:54.0026 4212        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:21:54.0104 4212        ql2300 - ok
18:21:54.0260 4212        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:21:54.0276 4212        ql40xx - ok
18:21:54.0354 4212        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:21:54.0416 4212        QWAVEdrv - ok
18:21:54.0541 4212        R5U870FLx86    (9ac8ac6cd00100443ea6afd0a4ade8f7) C:\Windows\system32\Drivers\R5U870FLx86.sys
18:21:54.0588 4212        R5U870FLx86 - ok
18:21:54.0619 4212        R5U870FUx86    (1ae358affffd13bf6ec7dc72dccfac12) C:\Windows\system32\Drivers\R5U870FUx86.sys
18:21:54.0650 4212        R5U870FUx86 - ok
18:21:54.0791 4212        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:21:54.0838 4212        RasAcd - ok
18:21:54.0947 4212        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:21:54.0978 4212        Rasl2tp - ok
18:21:55.0134 4212        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:21:55.0165 4212        RasPppoe - ok
18:21:55.0228 4212        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:21:55.0243 4212        RasSstp - ok
18:21:55.0368 4212        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:21:55.0399 4212        rdbss - ok
18:21:55.0477 4212        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:21:55.0524 4212        RDPCDD - ok
18:21:55.0680 4212        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:21:55.0727 4212        rdpdr - ok
18:21:55.0820 4212        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:21:55.0867 4212        RDPENCDD - ok
18:21:56.0054 4212        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:21:56.0070 4212        RDPWD - ok
18:21:56.0195 4212        regi            (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
18:21:56.0195 4212        regi - ok
18:21:56.0351 4212        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
18:21:56.0398 4212        RFCOMM - ok
18:21:56.0522 4212        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:21:56.0569 4212        rspndr - ok
18:21:56.0647 4212        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:21:56.0663 4212        sbp2port - ok
18:21:56.0741 4212        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:21:56.0788 4212        secdrv - ok
18:21:56.0928 4212        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:21:56.0990 4212        Serenum - ok
18:21:57.0037 4212        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:21:57.0084 4212        Serial - ok
18:21:57.0146 4212        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:21:57.0178 4212        sermouse - ok
18:21:57.0256 4212        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
18:21:57.0318 4212        sffdisk - ok
18:21:57.0427 4212        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:21:57.0490 4212        sffp_mmc - ok
18:21:57.0521 4212        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
18:21:57.0583 4212        sffp_sd - ok
18:21:57.0802 4212        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
18:21:57.0848 4212        sfloppy - ok
18:21:57.0973 4212        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:21:57.0973 4212        sisagp - ok
18:21:58.0067 4212        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:21:58.0082 4212        SiSRaid2 - ok
18:21:58.0160 4212        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:21:58.0160 4212        SiSRaid4 - ok
18:21:58.0238 4212        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:21:58.0270 4212        Smb - ok
18:21:58.0332 4212        SNC            (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
18:21:58.0348 4212        SNC - ok
18:21:58.0535 4212        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:21:58.0550 4212        spldr - ok
18:21:58.0613 4212        sp_rsdrv2      (8831252bcf05fcfb5abd116a22e552d8) C:\Windows\system32\drivers\sp_rsdrv2.sys
18:21:58.0644 4212        sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
18:21:58.0644 4212        sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
18:21:58.0784 4212        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:21:58.0816 4212        srv - ok
18:21:59.0018 4212        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:21:59.0065 4212        srv2 - ok
18:21:59.0143 4212        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:21:59.0174 4212        srvnet - ok
18:21:59.0268 4212        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:21:59.0284 4212        ssmdrv - ok
18:21:59.0362 4212        STHDA          (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
18:21:59.0408 4212        STHDA - ok
18:21:59.0564 4212        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:21:59.0580 4212        swenum - ok
18:21:59.0627 4212        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:21:59.0642 4212        Symc8xx - ok
18:21:59.0705 4212        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:21:59.0720 4212        Sym_hi - ok
18:21:59.0767 4212        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:21:59.0783 4212        Sym_u3 - ok
18:22:00.0048 4212        Tcpip          (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
18:22:00.0142 4212        Tcpip - ok
18:22:00.0469 4212        Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
18:22:00.0500 4212        Tcpip6 - ok
18:22:00.0625 4212        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:22:00.0672 4212        tcpipreg - ok
18:22:00.0734 4212        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:22:00.0781 4212        TDPIPE - ok
18:22:00.0828 4212        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:22:00.0859 4212        TDTCP - ok
18:22:01.0000 4212        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:22:01.0031 4212        tdx - ok
18:22:01.0093 4212        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:22:01.0109 4212        TermDD - ok
18:22:01.0296 4212        ti21sony        (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
18:22:01.0374 4212        ti21sony - ok
18:22:01.0514 4212        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:01.0561 4212        tssecsrv - ok
18:22:01.0733 4212        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:22:01.0795 4212        tunmp - ok
18:22:01.0920 4212        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:22:01.0951 4212        tunnel - ok
18:22:02.0029 4212        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:22:02.0029 4212        uagp35 - ok
18:22:02.0107 4212        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:22:02.0123 4212        udfs - ok
18:22:02.0404 4212        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:22:02.0419 4212        uliagpkx - ok
18:22:02.0482 4212        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:22:02.0497 4212        uliahci - ok
18:22:02.0622 4212        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:22:02.0638 4212        UlSata - ok
18:22:02.0684 4212        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:22:02.0700 4212        ulsata2 - ok
18:22:02.0778 4212        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:22:02.0809 4212        umbus - ok
18:22:02.0887 4212        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:02.0934 4212        usbccgp - ok
18:22:03.0106 4212        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:22:03.0168 4212        usbcir - ok
18:22:03.0293 4212        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:22:03.0324 4212        usbehci - ok
18:22:03.0386 4212        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:22:03.0449 4212        usbhub - ok
18:22:03.0589 4212        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:22:03.0667 4212        usbohci - ok
18:22:03.0761 4212        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:22:03.0792 4212        usbprint - ok
18:22:03.0854 4212        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:22:03.0901 4212        usbscan - ok
18:22:04.0010 4212        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:04.0042 4212        USBSTOR - ok
18:22:04.0104 4212        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:22:04.0135 4212        usbuhci - ok
18:22:04.0229 4212        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:22:04.0244 4212        usbvideo - ok
18:22:04.0478 4212        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:04.0556 4212        vga - ok
18:22:04.0634 4212        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:22:04.0681 4212        VgaSave - ok
18:22:04.0837 4212        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:22:04.0837 4212        viaagp - ok
18:22:04.0915 4212        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:22:04.0978 4212        ViaC7 - ok
18:22:05.0056 4212        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:22:05.0071 4212        viaide - ok
18:22:05.0134 4212        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:22:05.0149 4212        volmgr - ok
18:22:05.0274 4212        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:22:05.0290 4212        volmgrx - ok
18:22:05.0352 4212        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:22:05.0368 4212        volsnap - ok
18:22:05.0461 4212        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:22:05.0477 4212        vsmraid - ok
18:22:05.0820 4212        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:22:05.0882 4212        WacomPen - ok
18:22:05.0976 4212        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:06.0007 4212        Wanarp - ok
18:22:06.0038 4212        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:06.0054 4212        Wanarpv6 - ok
18:22:06.0116 4212        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:22:06.0132 4212        Wd - ok
18:22:06.0272 4212        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:22:06.0304 4212        Wdf01000 - ok
18:22:06.0413 4212        WimFltr        (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
18:22:06.0428 4212        WimFltr - ok
18:22:06.0647 4212        winachsf        (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:22:06.0662 4212        winachsf - ok
18:22:06.0818 4212        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:22:06.0865 4212        WmiAcpi - ok
18:22:06.0959 4212        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:22:07.0006 4212        WpdUsb - ok
18:22:07.0084 4212        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:22:07.0130 4212        ws2ifsl - ok
18:22:07.0286 4212        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:22:07.0318 4212        WUDFRd - ok
18:22:07.0349 4212        XAudio          (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
18:22:07.0380 4212        XAudio - ok
18:22:07.0458 4212        yukonwlh        (7927e830ecde6db3682cc319bad26984) C:\Windows\system32\DRIVERS\yk60x86.sys
18:22:07.0505 4212        yukonwlh - ok
18:22:07.0536 4212        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:22:07.0583 4212        \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:22:07.0583 4212        \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:22:07.0583 4212        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
18:22:07.0723 4212        \Device\Harddisk2\DR2 - ok
18:22:07.0723 4212        Boot (0x1200)  (3615683225c78d54b0482cf5c756d7e8) \Device\Harddisk0\DR0\Partition0
18:22:07.0739 4212        \Device\Harddisk0\DR0\Partition0 - ok
18:22:07.0739 4212        Boot (0x1200)  (8a8466a3915d7c971aba7cdcd4f4eb1b) \Device\Harddisk2\DR2\Partition0
18:22:07.0739 4212        \Device\Harddisk2\DR2\Partition0 - ok
18:22:07.0739 4212        ============================================================
18:22:07.0739 4212        Scan finished
18:22:07.0739 4212        ============================================================
18:22:07.0754 5428        Detected object count: 2
18:22:07.0754 5428        Actual detected object count: 2
18:22:40.0733 5428        sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:40.0733 5428        sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:40.0733 5428        \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:22:40.0733 5428        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Gruß,
Telemann

cosinus 16.10.2011 17:36
Zitat:
18:22:40.0733 5428 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:22:40.0733 5428 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Diese EInträge bitte mit dem TDSS-Killer entfernen.

Telemann 16.10.2011 17:46
OK, habe das Objekt entfernen lassen, anschließend neuen Scan gemacht, hier das Log:

Code:
18:38:38.0908 5024        TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
18:38:39.0174 5024        ============================================================
18:38:39.0174 5024        Current date / time: 2011/10/16 18:38:39.0174
18:38:39.0174 5024        SystemInfo:
18:38:39.0174 5024       
18:38:39.0174 5024        OS Version: 6.0.6002 ServicePack: 2.0
18:38:39.0174 5024        Product type: Workstation
18:38:39.0174 5024        ComputerName: MICHAEL-PC
18:38:39.0174 5024        UserName: Michael
18:38:39.0174 5024        Windows directory: C:\Windows
18:38:39.0174 5024        System windows directory: C:\Windows
18:38:39.0174 5024        Processor architecture: Intel x86
18:38:39.0174 5024        Number of processors: 2
18:38:39.0174 5024        Page size: 0x1000
18:38:39.0174 5024        Boot type: Normal boot
18:38:39.0174 5024        ============================================================
18:38:39.0954 5024        Initialize success
18:38:50.0842 5032        ============================================================
18:38:50.0842 5032        Scan started
18:38:50.0842 5032        Mode: Manual; SigCheck; TDLFS;
18:38:50.0842 5032        ============================================================
18:38:51.0669 5032        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:38:51.0763 5032        ACPI - ok
18:38:51.0856 5032        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:38:51.0872 5032        adp94xx - ok
18:38:51.0950 5032        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:38:51.0966 5032        adpahci - ok
18:38:52.0106 5032        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:38:52.0122 5032        adpu160m - ok
18:38:52.0246 5032        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:38:52.0246 5032        adpu320 - ok
18:38:52.0449 5032        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:38:52.0480 5032        AFD - ok
18:38:52.0574 5032        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:38:52.0590 5032        agp440 - ok
18:38:52.0652 5032        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:38:52.0668 5032        aic78xx - ok
18:38:52.0777 5032        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:38:52.0777 5032        aliide - ok
18:38:52.0839 5032        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:38:52.0855 5032        amdagp - ok
18:38:52.0995 5032        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:38:52.0995 5032        amdide - ok
18:38:53.0136 5032        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:38:53.0182 5032        AmdK7 - ok
18:38:53.0229 5032        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:38:53.0276 5032        AmdK8 - ok
18:38:53.0385 5032        ApfiltrService  (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:38:53.0401 5032        ApfiltrService - ok
18:38:53.0494 5032        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:38:53.0510 5032        arc - ok
18:38:53.0650 5032        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:38:53.0650 5032        arcsas - ok
18:38:53.0760 5032        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:38:53.0775 5032        AsyncMac - ok
18:38:53.0838 5032        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:38:53.0838 5032        atapi - ok
18:38:53.0994 5032        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:38:53.0994 5032        avgio - ok
18:38:54.0181 5032        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
18:38:54.0399 5032        avgntflt - ok
18:38:54.0493 5032        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
18:38:54.0508 5032        avipbb - ok
18:38:54.0633 5032        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:38:54.0664 5032        Beep - ok
18:38:54.0727 5032        blbdrive - ok
18:38:54.0820 5032        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:38:54.0820 5032        bowser - ok
18:38:54.0914 5032        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:38:54.0930 5032        BrFiltLo - ok
18:38:54.0992 5032        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:38:55.0008 5032        BrFiltUp - ok
18:38:55.0101 5032        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:38:55.0148 5032        Brserid - ok
18:38:55.0273 5032        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:38:55.0304 5032        BrSerWdm - ok
18:38:55.0413 5032        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:38:55.0460 5032        BrUsbMdm - ok
18:38:55.0522 5032        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:38:55.0569 5032        BrUsbSer - ok
18:38:55.0788 5032        BthEnum        (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
18:38:55.0803 5032        BthEnum - ok
18:38:55.0928 5032        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:38:55.0959 5032        BTHMODEM - ok
18:38:56.0053 5032        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
18:38:56.0084 5032        BthPan - ok
18:38:56.0178 5032        BTHPORT        (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
18:38:56.0209 5032        BTHPORT - ok
18:38:56.0318 5032        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
18:38:56.0334 5032        BTHUSB - ok
18:38:56.0458 5032        btwaudio        (6ca69fa57cf251e890105923ad215b99) C:\Windows\system32\drivers\btwaudio.sys
18:38:56.0458 5032        btwaudio - ok
18:38:56.0568 5032        btwavdt        (12b4a9afa82bfe5a7d8819bf7ae20601) C:\Windows\system32\drivers\btwavdt.sys
18:38:56.0568 5032        btwavdt - ok
18:38:56.0677 5032        btwl2cap        (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:38:56.0692 5032        btwl2cap - ok
18:38:56.0755 5032        btwrchid        (d5e554f6c1a3baeb79daf9e1684f8102) C:\Windows\system32\DRIVERS\btwrchid.sys
18:38:56.0770 5032        btwrchid - ok
18:38:56.0864 5032        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:38:56.0880 5032        cdfs - ok
18:38:56.0989 5032        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:38:57.0004 5032        cdrom - ok
18:38:57.0160 5032        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:38:57.0207 5032        circlass - ok
18:38:57.0363 5032        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:38:57.0379 5032        CLFS - ok
18:38:57.0628 5032        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:38:57.0644 5032        CmBatt - ok
18:38:57.0738 5032        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:38:57.0738 5032        cmdide - ok
18:38:57.0831 5032        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:38:57.0847 5032        Compbatt - ok
18:38:57.0878 5032        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:38:57.0894 5032        crcdisk - ok
18:38:58.0003 5032        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:38:58.0050 5032        Crusoe - ok
18:38:58.0159 5032        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:38:58.0159 5032        DfsC - ok
18:38:58.0330 5032        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:38:58.0346 5032        disk - ok
18:38:58.0518 5032        DMICall        (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
18:38:58.0533 5032        DMICall - ok
18:38:58.0720 5032        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:38:58.0736 5032        drmkaud - ok
18:38:58.0908 5032        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:38:58.0939 5032        DXGKrnl - ok
18:38:59.0048 5032        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:38:59.0095 5032        E1G60 - ok
18:38:59.0220 5032        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:38:59.0235 5032        Ecache - ok
18:38:59.0313 5032        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:38:59.0329 5032        elxstor - ok
18:38:59.0469 5032        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:38:59.0500 5032        exfat - ok
18:38:59.0610 5032        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:38:59.0625 5032        fastfat - ok
18:38:59.0734 5032        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:38:59.0766 5032        fdc - ok
18:38:59.0890 5032        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:38:59.0906 5032        FileInfo - ok
18:39:00.0062 5032        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:39:00.0093 5032        Filetrace - ok
18:39:00.0202 5032        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:39:00.0234 5032        flpydisk - ok
18:39:00.0327 5032        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:39:00.0343 5032        FltMgr - ok
18:39:00.0452 5032        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:39:00.0468 5032        Fs_Rec - ok
18:39:00.0561 5032        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:39:00.0561 5032        gagp30kx - ok
18:39:00.0670 5032        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:39:00.0686 5032        GEARAspiWDM - ok
18:39:00.0811 5032        ggflt          (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
18:39:00.0811 5032        ggflt - ok
18:39:01.0014 5032        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
18:39:01.0014 5032        ggsemc - ok
18:39:01.0310 5032        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:39:01.0341 5032        HdAudAddService - ok
18:39:01.0482 5032        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:39:01.0497 5032        HDAudBus - ok
18:39:01.0591 5032        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:39:01.0622 5032        HidBth - ok
18:39:01.0700 5032        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:39:01.0731 5032        HidIr - ok
18:39:01.0825 5032        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:39:01.0856 5032        HidUsb - ok
18:39:01.0965 5032        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:39:01.0981 5032        HpCISSs - ok
18:39:02.0137 5032        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:39:02.0168 5032        HSFHWAZL - ok
18:39:02.0262 5032        HSF_DPV        (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:39:02.0293 5032        HSF_DPV - ok
18:39:02.0371 5032        HSXHWAZL        (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:39:02.0371 5032        HSXHWAZL - ok
18:39:02.0480 5032        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:39:02.0496 5032        HTTP - ok
18:39:02.0589 5032        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:39:02.0589 5032        i2omp - ok
18:39:02.0683 5032        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:39:02.0698 5032        i8042prt - ok
18:39:02.0808 5032        iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
18:39:02.0823 5032        iaStor - ok
18:39:02.0886 5032        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:39:02.0901 5032        iaStorV - ok
18:39:03.0026 5032        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:39:03.0042 5032        iirsp - ok
18:39:03.0198 5032        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:39:03.0213 5032        intelide - ok
18:39:03.0338 5032        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:39:03.0369 5032        intelppm - ok
18:39:03.0525 5032        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:39:03.0541 5032        IpFilterDriver - ok
18:39:03.0588 5032        IpInIp - ok
18:39:03.0650 5032        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:39:03.0697 5032        IPMIDRV - ok
18:39:03.0806 5032        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:39:03.0837 5032        IPNAT - ok
18:39:03.0978 5032        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:39:03.0993 5032        IRENUM - ok
18:39:04.0102 5032        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:39:04.0118 5032        isapnp - ok
18:39:04.0227 5032        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:39:04.0243 5032        iScsiPrt - ok
18:39:04.0336 5032        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:39:04.0352 5032        iteatapi - ok
18:39:04.0446 5032        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:39:04.0446 5032        iteraid - ok
18:39:04.0570 5032        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:39:04.0586 5032        kbdclass - ok
18:39:04.0664 5032        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:39:04.0680 5032        kbdhid - ok
18:39:04.0789 5032        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:39:04.0804 5032        KSecDD - ok
18:39:04.0898 5032        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:39:04.0929 5032        lltdio - ok
18:39:05.0038 5032        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:39:05.0054 5032        LSI_FC - ok
18:39:05.0179 5032        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:39:05.0194 5032        LSI_SAS - ok
18:39:05.0335 5032        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:39:05.0382 5032        LSI_SCSI - ok
18:39:05.0631 5032        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:39:05.0662 5032        luafv - ok
18:39:05.0725 5032        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:39:05.0725 5032        mdmxsdk - ok
18:39:05.0803 5032        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:39:05.0803 5032        megasas - ok
18:39:05.0943 5032        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:39:05.0974 5032        Modem - ok
18:39:06.0052 5032        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:39:06.0068 5032        monitor - ok
18:39:06.0162 5032        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:39:06.0162 5032        mouclass - ok
18:39:06.0208 5032        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:39:06.0224 5032        mouhid - ok
18:39:06.0333 5032        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:39:06.0333 5032        MountMgr - ok
18:39:06.0489 5032        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:39:06.0489 5032        mpio - ok
18:39:06.0583 5032        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:39:06.0598 5032        mpsdrv - ok
18:39:06.0676 5032        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:39:06.0676 5032        Mraid35x - ok
18:39:06.0786 5032        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:39:06.0801 5032        MRxDAV - ok
18:39:06.0864 5032        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:39:06.0879 5032        mrxsmb - ok
18:39:06.0957 5032        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:39:06.0973 5032        mrxsmb10 - ok
18:39:07.0035 5032        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:39:07.0051 5032        mrxsmb20 - ok
18:39:07.0144 5032        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:39:07.0160 5032        msahci - ok
18:39:07.0238 5032        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:39:07.0254 5032        msdsm - ok
18:39:07.0332 5032        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:39:07.0347 5032        Msfs - ok
18:39:07.0534 5032        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:39:07.0550 5032        msisadrv - ok
18:39:07.0644 5032        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:39:07.0659 5032        MSKSSRV - ok
18:39:07.0737 5032        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:39:07.0753 5032        MSPCLOCK - ok
18:39:07.0831 5032        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:39:07.0862 5032        MSPQM - ok
18:39:07.0971 5032        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:39:07.0987 5032        MsRPC - ok
18:39:08.0096 5032        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:39:08.0096 5032        mssmbios - ok
18:39:08.0174 5032        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:39:08.0190 5032        MSTEE - ok
18:39:08.0283 5032        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:39:08.0299 5032        Mup - ok
18:39:08.0392 5032        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:39:08.0408 5032        NativeWifiP - ok
18:39:08.0533 5032        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:39:08.0564 5032        NDIS - ok
18:39:08.0673 5032        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:39:08.0689 5032        NdisTapi - ok
18:39:08.0767 5032        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:39:08.0798 5032        Ndisuio - ok
18:39:08.0860 5032        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:39:08.0892 5032        NdisWan - ok
18:39:08.0985 5032        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:39:09.0001 5032        NDProxy - ok
18:39:09.0094 5032        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:39:09.0126 5032        NetBIOS - ok
18:39:09.0188 5032        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:39:09.0219 5032        netbt - ok
18:39:09.0391 5032        NETw4v32        (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
18:39:09.0484 5032        NETw4v32 - ok
18:39:09.0640 5032        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:39:09.0640 5032        nfrd960 - ok
18:39:09.0750 5032        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:39:09.0765 5032        Npfs - ok
18:39:09.0859 5032        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:39:09.0890 5032        nsiproxy - ok
18:39:10.0015 5032        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:39:10.0077 5032        Ntfs - ok
18:39:10.0218 5032        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:39:10.0264 5032        ntrigdigi - ok
18:39:10.0374 5032        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:39:10.0389 5032        Null - ok
18:39:10.0654 5032        nvlddmkm        (39d8f5a92427c57309355199592ead9f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:39:11.0216 5032        nvlddmkm - ok
18:39:11.0372 5032        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:39:11.0388 5032        nvraid - ok
18:39:11.0450 5032        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:39:11.0466 5032        nvstor - ok
18:39:11.0512 5032        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:39:11.0528 5032        nv_agp - ok
18:39:11.0559 5032        NwlnkFlt - ok
18:39:11.0590 5032        NwlnkFwd - ok
18:39:11.0746 5032        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:39:11.0762 5032        ohci1394 - ok
18:39:11.0887 5032        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:39:11.0934 5032        Parport - ok
18:39:11.0980 5032        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:39:11.0996 5032        partmgr - ok
18:39:12.0183 5032        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:39:12.0230 5032        Parvdm - ok
18:39:12.0355 5032        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:39:12.0355 5032        pci - ok
18:39:12.0417 5032        pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
18:39:12.0433 5032        pciide - ok
18:39:12.0558 5032        pcmcia          (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
18:39:12.0573 5032        pcmcia - ok
18:39:12.0636 5032        PdiPorts        (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys
18:39:12.0651 5032        PdiPorts - ok
18:39:12.0729 5032        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:39:12.0792 5032        PEAUTH - ok
18:39:12.0979 5032        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:39:12.0994 5032        PptpMiniport - ok
18:39:13.0057 5032        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:39:13.0088 5032        Processor - ok
18:39:13.0166 5032        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:39:13.0197 5032        PSched - ok
18:39:13.0244 5032        PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
18:39:13.0260 5032        PxHelp20 - ok
18:39:13.0431 5032        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:39:13.0494 5032        ql2300 - ok
18:39:13.0556 5032        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:39:13.0572 5032        ql40xx - ok
18:39:13.0650 5032        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:39:13.0665 5032        QWAVEdrv - ok
18:39:13.0774 5032        R5U870FLx86    (9ac8ac6cd00100443ea6afd0a4ade8f7) C:\Windows\system32\Drivers\R5U870FLx86.sys
18:39:13.0790 5032        R5U870FLx86 - ok
18:39:13.0837 5032        R5U870FUx86    (1ae358affffd13bf6ec7dc72dccfac12) C:\Windows\system32\Drivers\R5U870FUx86.sys
18:39:13.0852 5032        R5U870FUx86 - ok
18:39:13.0930 5032        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:39:13.0946 5032        RasAcd - ok
18:39:14.0024 5032        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:39:14.0055 5032        Rasl2tp - ok
18:39:14.0118 5032        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:39:14.0133 5032        RasPppoe - ok
18:39:14.0242 5032        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:39:14.0258 5032        RasSstp - ok
18:39:14.0352 5032        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:39:14.0367 5032        rdbss - ok
18:39:14.0445 5032        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:39:14.0461 5032        RDPCDD - ok
18:39:14.0523 5032        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:39:14.0570 5032        rdpdr - ok
18:39:14.0648 5032        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:39:14.0679 5032        RDPENCDD - ok
18:39:14.0757 5032        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:39:14.0788 5032        RDPWD - ok
18:39:14.0851 5032        regi            (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
18:39:14.0866 5032        regi - ok
18:39:14.0991 5032        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
18:39:15.0007 5032        RFCOMM - ok
18:39:15.0100 5032        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:39:15.0132 5032        rspndr - ok
18:39:15.0194 5032        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:39:15.0210 5032        sbp2port - ok
18:39:15.0272 5032        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:39:15.0303 5032        secdrv - ok
18:39:15.0490 5032        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:39:15.0537 5032        Serenum - ok
18:39:15.0615 5032        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:39:15.0662 5032        Serial - ok
18:39:15.0849 5032        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:39:15.0896 5032        sermouse - ok
18:39:16.0052 5032        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
18:39:16.0083 5032        sffdisk - ok
18:39:16.0146 5032        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:39:16.0192 5032        sffp_mmc - ok
18:39:16.0302 5032        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
18:39:16.0348 5032        sffp_sd - ok
18:39:16.0395 5032        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
18:39:16.0426 5032        sfloppy - ok
18:39:16.0567 5032        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:39:16.0582 5032        sisagp - ok
18:39:16.0645 5032        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:39:16.0660 5032        SiSRaid2 - ok
18:39:16.0723 5032        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:39:16.0738 5032        SiSRaid4 - ok
18:39:16.0816 5032        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:39:16.0832 5032        Smb - ok
18:39:16.0988 5032        SNC            (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
18:39:16.0988 5032        SNC - ok
18:39:17.0113 5032        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:39:17.0113 5032        spldr - ok
18:39:17.0316 5032        sp_rsdrv2      (8831252bcf05fcfb5abd116a22e552d8) C:\Windows\system32\drivers\sp_rsdrv2.sys
18:39:17.0316 5032        sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
18:39:17.0316 5032        sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
18:39:17.0394 5032        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:39:17.0409 5032        srv - ok
18:39:17.0550 5032        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:39:17.0565 5032        srv2 - ok
18:39:17.0643 5032        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:39:17.0659 5032        srvnet - ok
18:39:17.0706 5032        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:39:17.0721 5032        ssmdrv - ok
18:39:17.0799 5032        STHDA          (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
18:39:17.0815 5032        STHDA - ok
18:39:17.0986 5032        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:39:18.0002 5032        swenum - ok
18:39:18.0064 5032        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:39:18.0064 5032        Symc8xx - ok
18:39:18.0142 5032        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:39:18.0142 5032        Sym_hi - ok
18:39:18.0205 5032        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:39:18.0205 5032        Sym_u3 - ok
18:39:18.0454 5032        Tcpip          (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
18:39:18.0486 5032        Tcpip - ok
18:39:18.0548 5032        Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
18:39:18.0579 5032        Tcpip6 - ok
18:39:18.0704 5032        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:39:18.0720 5032        tcpipreg - ok
18:39:18.0782 5032        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:39:18.0813 5032        TDPIPE - ok
18:39:18.0860 5032        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:39:18.0891 5032        TDTCP - ok
18:39:18.0985 5032        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:39:19.0016 5032        tdx - ok
18:39:19.0063 5032        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:39:19.0078 5032        TermDD - ok
18:39:19.0219 5032        ti21sony        (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
18:39:19.0281 5032        ti21sony - ok
18:39:19.0422 5032        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:39:19.0437 5032        tssecsrv - ok
18:39:19.0593 5032        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:39:19.0609 5032        tunmp - ok
18:39:19.0718 5032        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:39:19.0718 5032        tunnel - ok
18:39:19.0780 5032        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:39:19.0796 5032        uagp35 - ok
18:39:19.0890 5032        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:39:19.0905 5032        udfs - ok
18:39:20.0046 5032        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:39:20.0046 5032        uliagpkx - ok
18:39:20.0108 5032        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:39:20.0124 5032        uliahci - ok
18:39:20.0202 5032        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:39:20.0217 5032        UlSata - ok
18:39:20.0295 5032        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:39:20.0311 5032        ulsata2 - ok
18:39:20.0436 5032        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:39:20.0451 5032        umbus - ok
18:39:20.0529 5032        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:39:20.0560 5032        usbccgp - ok
18:39:20.0623 5032        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:39:20.0654 5032        usbcir - ok
18:39:20.0732 5032        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:39:20.0763 5032        usbehci - ok
18:39:20.0872 5032        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:39:20.0904 5032        usbhub - ok
18:39:20.0950 5032        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:39:20.0997 5032        usbohci - ok
18:39:21.0106 5032        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:39:21.0122 5032        usbprint - ok
18:39:21.0294 5032        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:39:21.0309 5032        usbscan - ok
18:39:21.0372 5032        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:39:21.0403 5032        USBSTOR - ok
18:39:21.0465 5032        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:39:21.0481 5032        usbuhci - ok
18:39:21.0637 5032        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:39:21.0652 5032        usbvideo - ok
18:39:21.0808 5032        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:39:21.0840 5032        vga - ok
18:39:21.0918 5032        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:39:21.0949 5032        VgaSave - ok
18:39:22.0058 5032        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:39:22.0074 5032        viaagp - ok
18:39:22.0152 5032        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:39:22.0183 5032        ViaC7 - ok
18:39:22.0245 5032        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:39:22.0261 5032        viaide - ok
18:39:22.0401 5032        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:39:22.0417 5032        volmgr - ok
18:39:22.0542 5032        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:39:22.0557 5032        volmgrx - ok
18:39:22.0635 5032        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:39:22.0635 5032        volsnap - ok
18:39:22.0776 5032        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:39:22.0776 5032        vsmraid - ok
18:39:22.0869 5032        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:39:22.0900 5032        WacomPen - ok
18:39:22.0978 5032        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:22.0994 5032        Wanarp - ok
18:39:23.0010 5032        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:23.0041 5032        Wanarpv6 - ok
18:39:23.0134 5032        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:39:23.0166 5032        Wd - ok
18:39:23.0306 5032        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:39:23.0322 5032        Wdf01000 - ok
18:39:23.0431 5032        WimFltr        (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
18:39:23.0431 5032        WimFltr - ok
18:39:23.0556 5032        winachsf        (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:39:23.0587 5032        winachsf - ok
18:39:23.0680 5032        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:39:23.0712 5032        WmiAcpi - ok
18:39:23.0821 5032        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:39:23.0821 5032        WpdUsb - ok
18:39:23.0930 5032        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:39:23.0961 5032        ws2ifsl - ok
18:39:24.0180 5032        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:39:24.0195 5032        WUDFRd - ok
18:39:24.0289 5032        XAudio          (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
18:39:24.0304 5032        XAudio - ok
18:39:24.0414 5032        yukonwlh        (7927e830ecde6db3682cc319bad26984) C:\Windows\system32\DRIVERS\yk60x86.sys
18:39:24.0429 5032        yukonwlh - ok
18:39:24.0585 5032        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:39:24.0632 5032        \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:39:24.0632 5032        \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:39:24.0648 5032        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
18:39:24.0788 5032        \Device\Harddisk2\DR2 - ok
18:39:24.0788 5032        Boot (0x1200)  (3615683225c78d54b0482cf5c756d7e8) \Device\Harddisk0\DR0\Partition0
18:39:24.0788 5032        \Device\Harddisk0\DR0\Partition0 - ok
18:39:24.0804 5032        Boot (0x1200)  (8a8466a3915d7c971aba7cdcd4f4eb1b) \Device\Harddisk2\DR2\Partition0
18:39:24.0804 5032        \Device\Harddisk2\DR2\Partition0 - ok
18:39:24.0804 5032        ============================================================
18:39:24.0804 5032        Scan finished
18:39:24.0804 5032        ============================================================
18:39:24.0804 5324        Detected object count: 2
18:39:24.0804 5324        Actual detected object count: 2
18:40:23.0959 5324        sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:23.0959 5324        sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:23.0974 5324        \Device\Harddisk0\DR0\TDLFS - deleted
18:40:23.0974 5324        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
18:41:32.0115 3984        ============================================================
18:41:32.0115 3984        Scan started
18:41:32.0115 3984        Mode: Manual; SigCheck; TDLFS;
18:41:32.0115 3984        ============================================================
18:41:32.0630 3984        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:41:32.0646 3984        ACPI - ok
18:41:32.0724 3984        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:41:32.0739 3984        adp94xx - ok
18:41:32.0802 3984        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:41:32.0817 3984        adpahci - ok
18:41:32.0864 3984        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:41:32.0880 3984        adpu160m - ok
18:41:33.0020 3984        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:41:33.0020 3984        adpu320 - ok
18:41:33.0114 3984        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:41:33.0129 3984        AFD - ok
18:41:33.0160 3984        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:41:33.0176 3984        agp440 - ok
18:41:33.0270 3984        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:41:33.0285 3984        aic78xx - ok
18:41:33.0488 3984        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:41:33.0488 3984        aliide - ok
18:41:33.0550 3984        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:41:33.0550 3984        amdagp - ok
18:41:33.0628 3984        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:41:33.0628 3984        amdide - ok
18:41:33.0691 3984        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:41:33.0722 3984        AmdK7 - ok
18:41:33.0800 3984        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:41:33.0831 3984        AmdK8 - ok
18:41:33.0940 3984        ApfiltrService  (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:41:33.0940 3984        ApfiltrService - ok
18:41:34.0018 3984        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:41:34.0034 3984        arc - ok
18:41:34.0112 3984        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:41:34.0112 3984        arcsas - ok
18:41:34.0221 3984        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:41:34.0237 3984        AsyncMac - ok
18:41:34.0346 3984        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:41:34.0346 3984        atapi - ok
18:41:34.0424 3984        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:41:34.0424 3984        avgio - ok
18:41:34.0518 3984        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
18:41:34.0518 3984        avgntflt - ok
18:41:34.0596 3984        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
18:41:34.0596 3984        avipbb - ok
18:41:34.0705 3984        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:41:34.0736 3984        Beep - ok
18:41:34.0767 3984        blbdrive - ok
18:41:34.0861 3984        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:41:34.0861 3984        bowser - ok
18:41:34.0939 3984        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:41:34.0954 3984        BrFiltLo - ok
18:41:35.0017 3984        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:41:35.0032 3984        BrFiltUp - ok
18:41:35.0188 3984        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:41:35.0235 3984        Brserid - ok
18:41:35.0376 3984        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:41:35.0407 3984        BrSerWdm - ok
18:41:35.0469 3984        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:41:35.0500 3984        BrUsbMdm - ok
18:41:35.0563 3984        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:41:35.0610 3984        BrUsbSer - ok
18:41:35.0734 3984        BthEnum        (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
18:41:35.0750 3984        BthEnum - ok
18:41:35.0844 3984        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:41:35.0890 3984        BTHMODEM - ok
18:41:35.0968 3984        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
18:41:35.0984 3984        BthPan - ok
18:41:36.0109 3984        BTHPORT        (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
18:41:36.0140 3984        BTHPORT - ok
18:41:36.0327 3984        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
18:41:36.0343 3984        BTHUSB - ok
18:41:36.0405 3984        btwaudio        (6ca69fa57cf251e890105923ad215b99) C:\Windows\system32\drivers\btwaudio.sys
18:41:36.0405 3984        btwaudio - ok
18:41:36.0452 3984        btwavdt        (12b4a9afa82bfe5a7d8819bf7ae20601) C:\Windows\system32\drivers\btwavdt.sys
18:41:36.0452 3984        btwavdt - ok
18:41:36.0483 3984        btwl2cap        (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:41:36.0499 3984        btwl2cap - ok
18:41:36.0608 3984        btwrchid        (d5e554f6c1a3baeb79daf9e1684f8102) C:\Windows\system32\DRIVERS\btwrchid.sys
18:41:36.0608 3984        btwrchid - ok
18:41:36.0686 3984        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:41:36.0702 3984        cdfs - ok
18:41:36.0764 3984        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:41:36.0780 3984        cdrom - ok
18:41:36.0842 3984        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:41:36.0889 3984        circlass - ok
18:41:36.0998 3984        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:41:37.0014 3984        CLFS - ok
18:41:37.0107 3984        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:41:37.0138 3984        CmBatt - ok
18:41:37.0185 3984        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:41:37.0185 3984        cmdide - ok
18:41:37.0248 3984        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:41:37.0248 3984        Compbatt - ok
18:41:37.0310 3984        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:41:37.0310 3984        crcdisk - ok
18:41:37.0372 3984        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:41:37.0419 3984        Crusoe - ok
18:41:37.0544 3984        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:41:37.0560 3984        DfsC - ok
18:41:37.0638 3984        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:41:37.0653 3984        disk - ok
18:41:37.0794 3984        DMICall        (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
18:41:37.0794 3984        DMICall - ok
18:41:38.0137 3984        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:41:38.0168 3984        drmkaud - ok
18:41:38.0230 3984        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:41:38.0262 3984        DXGKrnl - ok
18:41:38.0386 3984        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:41:38.0418 3984        E1G60 - ok
18:41:38.0511 3984        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:41:38.0527 3984        Ecache - ok
18:41:38.0605 3984        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:41:38.0605 3984        elxstor - ok
18:41:38.0698 3984        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:41:38.0714 3984        exfat - ok
18:41:38.0839 3984        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:41:38.0854 3984        fastfat - ok
18:41:38.0948 3984        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:41:38.0979 3984        fdc - ok
18:41:39.0088 3984        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:41:39.0088 3984        FileInfo - ok
18:41:39.0166 3984        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:41:39.0182 3984        Filetrace - ok
18:41:39.0322 3984        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:41:39.0354 3984        flpydisk - ok
18:41:39.0463 3984        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:41:39.0478 3984        FltMgr - ok
18:41:39.0525 3984        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:41:39.0541 3984        Fs_Rec - ok
18:41:39.0603 3984        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:41:39.0619 3984        gagp30kx - ok
18:41:39.0712 3984        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:41:39.0712 3984        GEARAspiWDM - ok
18:41:39.0806 3984        ggflt          (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
18:41:39.0806 3984        ggflt - ok
18:41:39.0868 3984        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
18:41:39.0884 3984        ggsemc - ok
18:41:39.0978 3984        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:41:40.0024 3984        HdAudAddService - ok
18:41:40.0180 3984        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:41:40.0212 3984        HDAudBus - ok
18:41:40.0305 3984        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:41:40.0352 3984        HidBth - ok
18:41:40.0414 3984        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:41:40.0446 3984        HidIr - ok
18:41:40.0524 3984        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:41:40.0539 3984        HidUsb - ok
18:41:40.0726 3984        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:41:40.0742 3984        HpCISSs - ok
18:41:40.0836 3984        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:41:40.0867 3984        HSFHWAZL - ok
18:41:40.0945 3984        HSF_DPV        (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:41:40.0960 3984        HSF_DPV - ok
18:41:41.0101 3984        HSXHWAZL        (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:41:41.0101 3984        HSXHWAZL - ok
18:41:41.0179 3984        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:41:41.0194 3984        HTTP - ok
18:41:41.0288 3984        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:41:41.0304 3984        i2omp - ok
18:41:41.0397 3984        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:41:41.0413 3984        i8042prt - ok
18:41:41.0694 3984        iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
18:41:41.0709 3984        iaStor - ok
18:41:41.0787 3984        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:41:41.0803 3984        iaStorV - ok
18:41:41.0850 3984        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:41:41.0865 3984        iirsp - ok
18:41:41.0928 3984        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:41:41.0943 3984        intelide - ok
18:41:42.0021 3984        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:41:42.0052 3984        intelppm - ok
18:41:42.0115 3984        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:41:42.0146 3984        IpFilterDriver - ok
18:41:42.0193 3984        IpInIp - ok
18:41:42.0255 3984        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:41:42.0286 3984        IPMIDRV - ok
18:41:42.0380 3984        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:41:42.0411 3984        IPNAT - ok
18:41:42.0567 3984        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:41:42.0583 3984        IRENUM - ok
18:41:42.0645 3984        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:41:42.0645 3984        isapnp - ok
18:41:42.0739 3984        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:41:42.0754 3984        iScsiPrt - ok
18:41:42.0832 3984        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:41:42.0832 3984        iteatapi - ok
18:41:42.0942 3984        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:41:42.0942 3984        iteraid - ok
18:41:43.0035 3984        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:41:43.0051 3984        kbdclass - ok
18:41:43.0129 3984        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:41:43.0144 3984        kbdhid - ok
18:41:43.0269 3984        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:41:43.0300 3984        KSecDD - ok
18:41:43.0472 3984        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:41:43.0488 3984        lltdio - ok
18:41:43.0566 3984        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:41:43.0581 3984        LSI_FC - ok
18:41:43.0675 3984        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:41:43.0675 3984        LSI_SAS - ok
18:41:43.0737 3984        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:41:43.0753 3984        LSI_SCSI - ok
18:41:43.0831 3984        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:41:43.0862 3984        luafv - ok
18:41:43.0956 3984        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:41:43.0971 3984        mdmxsdk - ok
18:41:44.0049 3984        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:41:44.0065 3984        megasas - ok
18:41:44.0143 3984        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:41:44.0158 3984        Modem - ok
18:41:44.0236 3984        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:41:44.0252 3984        monitor - ok
18:41:44.0424 3984        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:41:44.0439 3984        mouclass - ok
18:41:44.0470 3984        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:41:44.0502 3984        mouhid - ok
18:41:44.0564 3984        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:41:44.0580 3984        MountMgr - ok
18:41:44.0642 3984        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:41:44.0642 3984        mpio - ok
18:41:44.0782 3984        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:41:44.0798 3984        mpsdrv - ok
18:41:44.0845 3984        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:41:44.0860 3984        Mraid35x - ok
18:41:44.0938 3984        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:41:44.0938 3984        MRxDAV - ok
18:41:45.0001 3984        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:41:45.0016 3984        mrxsmb - ok
18:41:45.0157 3984        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:41:45.0172 3984        mrxsmb10 - ok
18:41:45.0204 3984        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:41:45.0219 3984        mrxsmb20 - ok
18:41:45.0282 3984        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:41:45.0297 3984        msahci - ok
18:41:45.0360 3984        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:41:45.0360 3984        msdsm - ok
18:41:45.0500 3984        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:41:45.0516 3984        Msfs - ok
18:41:45.0562 3984        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:41:45.0578 3984        msisadrv - ok
18:41:45.0656 3984        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:41:45.0687 3984        MSKSSRV - ok
18:41:45.0750 3984        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:41:45.0781 3984        MSPCLOCK - ok
18:41:45.0984 3984        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:41:45.0999 3984        MSPQM - ok
18:41:46.0108 3984        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:41:46.0124 3984        MsRPC - ok
18:41:46.0202 3984        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:41:46.0202 3984        mssmbios - ok
18:41:46.0327 3984        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:41:46.0358 3984        MSTEE - ok
18:41:46.0436 3984        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:41:46.0452 3984        Mup - ok
18:41:46.0530 3984        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:41:46.0545 3984        NativeWifiP - ok
18:41:46.0686 3984        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:41:46.0717 3984        NDIS - ok
18:41:46.0935 3984        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:41:46.0951 3984        NdisTapi - ok
18:41:47.0029 3984        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:41:47.0044 3984        Ndisuio - ok
18:41:47.0107 3984        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:41:47.0122 3984        NdisWan - ok
18:41:47.0247 3984        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:41:47.0263 3984        NDProxy - ok
18:41:47.0325 3984        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:41:47.0341 3984        NetBIOS - ok
18:41:47.0403 3984        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:41:47.0419 3984        netbt - ok
18:41:47.0606 3984        NETw4v32        (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
18:41:47.0715 3984        NETw4v32 - ok
18:41:47.0887 3984        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:41:47.0902 3984        nfrd960 - ok
18:41:47.0965 3984        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:41:47.0980 3984        Npfs - ok
18:41:48.0058 3984        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:41:48.0090 3984        nsiproxy - ok
18:41:48.0168 3984        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:41:48.0230 3984        Ntfs - ok
18:41:48.0339 3984        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:41:48.0386 3984        ntrigdigi - ok
18:41:48.0495 3984        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:41:48.0511 3984        Null - ok
18:41:48.0823 3984        nvlddmkm        (39d8f5a92427c57309355199592ead9f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:41:49.0088 3984        nvlddmkm - ok
18:41:49.0150 3984        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:41:49.0166 3984        nvraid - ok
18:41:49.0291 3984        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:41:49.0306 3984        nvstor - ok
18:41:49.0353 3984        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:41:49.0353 3984        nv_agp - ok
18:41:49.0384 3984        NwlnkFlt - ok
18:41:49.0431 3984        NwlnkFwd - ok
18:41:49.0556 3984        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:41:49.0572 3984        ohci1394 - ok
18:41:49.0696 3984        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:41:49.0743 3984        Parport - ok
18:41:49.0821 3984        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:41:49.0837 3984        partmgr - ok
18:41:49.0884 3984        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:41:49.0930 3984        Parvdm - ok
18:41:50.0008 3984        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:41:50.0024 3984        pci - ok
18:41:50.0071 3984        pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
18:41:50.0086 3984        pciide - ok
18:41:50.0242 3984        pcmcia          (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
18:41:50.0258 3984        pcmcia - ok
18:41:50.0320 3984        PdiPorts        (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys
18:41:50.0336 3984        PdiPorts - ok
18:41:50.0476 3984        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:41:50.0523 3984        PEAUTH - ok
18:41:50.0710 3984        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:41:50.0742 3984        PptpMiniport - ok
18:41:50.0788 3984        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:41:50.0835 3984        Processor - ok
18:41:50.0913 3984        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:41:50.0929 3984        PSched - ok
18:41:50.0991 3984        PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
18:41:50.0991 3984        PxHelp20 - ok
18:41:51.0132 3984        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:41:51.0163 3984        ql2300 - ok
18:41:51.0241 3984        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:41:51.0256 3984        ql40xx - ok
18:41:51.0334 3984        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:41:51.0350 3984        QWAVEdrv - ok
18:41:51.0412 3984        R5U870FLx86    (9ac8ac6cd00100443ea6afd0a4ade8f7) C:\Windows\system32\Drivers\R5U870FLx86.sys
18:41:51.0412 3984        R5U870FLx86 - ok
18:41:51.0522 3984        R5U870FUx86    (1ae358affffd13bf6ec7dc72dccfac12) C:\Windows\system32\Drivers\R5U870FUx86.sys
18:41:51.0522 3984        R5U870FUx86 - ok
18:41:51.0600 3984        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:41:51.0631 3984        RasAcd - ok
18:41:51.0693 3984        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:41:51.0724 3984        Rasl2tp - ok
18:41:51.0787 3984        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:41:51.0802 3984        RasPppoe - ok
18:41:51.0943 3984        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:41:51.0958 3984        RasSstp - ok
18:41:52.0068 3984        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:41:52.0099 3984        rdbss - ok
18:41:52.0208 3984        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:41:52.0239 3984        RDPCDD - ok
18:41:52.0411 3984        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:41:52.0458 3984        rdpdr - ok
18:41:52.0520 3984        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:41:52.0536 3984        RDPENCDD - ok
18:41:52.0598 3984        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:41:52.0614 3984        RDPWD - ok
18:41:52.0676 3984        regi            (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
18:41:52.0692 3984        regi - ok
18:41:52.0832 3984        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
18:41:52.0848 3984        RFCOMM - ok
18:41:52.0926 3984        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:41:52.0941 3984        rspndr - ok
18:41:53.0004 3984        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:41:53.0019 3984        sbp2port - ok
18:41:53.0082 3984        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:41:53.0128 3984        secdrv - ok
18:41:53.0269 3984        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:41:53.0300 3984        Serenum - ok
18:41:53.0362 3984        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:41:53.0409 3984        Serial - ok
18:41:53.0472 3984        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:41:53.0503 3984        sermouse - ok
18:41:53.0581 3984        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
18:41:53.0612 3984        sffdisk - ok
18:41:53.0674 3984        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:41:53.0706 3984        sffp_mmc - ok
18:41:53.0815 3984        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
18:41:53.0862 3984        sffp_sd - ok
18:41:53.0908 3984        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
18:41:53.0955 3984        sfloppy - ok
18:41:54.0018 3984        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:41:54.0018 3984        sisagp - ok
18:41:54.0111 3984        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:41:54.0127 3984        SiSRaid2 - ok
18:41:54.0205 3984        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:41:54.0220 3984        SiSRaid4 - ok
18:41:54.0330 3984        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:41:54.0345 3984        Smb - ok
18:41:54.0408 3984        SNC            (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
18:41:54.0408 3984        SNC - ok
18:41:54.0501 3984        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:41:54.0517 3984        spldr - ok
18:41:54.0642 3984        sp_rsdrv2      (8831252bcf05fcfb5abd116a22e552d8) C:\Windows\system32\drivers\sp_rsdrv2.sys
18:41:54.0642 3984        sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
18:41:54.0642 3984        sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
18:41:54.0782 3984        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:41:54.0798 3984        srv - ok
18:41:54.0985 3984        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:41:55.0000 3984        srv2 - ok
18:41:55.0047 3984        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:41:55.0063 3984        srvnet - ok
18:41:55.0125 3984        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:41:55.0125 3984        ssmdrv - ok
18:41:55.0188 3984        STHDA          (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
18:41:55.0203 3984        STHDA - ok
18:41:55.0328 3984        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:41:55.0344 3984        swenum - ok
18:41:55.0406 3984        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:41:55.0406 3984        Symc8xx - ok
18:41:55.0484 3984        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:41:55.0500 3984        Sym_hi - ok
18:41:55.0562 3984        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:41:55.0562 3984        Sym_u3 - ok
18:41:55.0671 3984        Tcpip          (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
18:41:55.0718 3984        Tcpip - ok
18:41:55.0843 3984        Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
18:41:55.0874 3984        Tcpip6 - ok
18:41:55.0952 3984        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:41:55.0968 3984        tcpipreg - ok
18:41:56.0108 3984        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:41:56.0124 3984        TDPIPE - ok
18:41:56.0202 3984        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:41:56.0233 3984        TDTCP - ok
18:41:56.0295 3984        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:41:56.0311 3984        tdx - ok
18:41:56.0404 3984        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:41:56.0420 3984        TermDD - ok
18:41:56.0560 3984        ti21sony        (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
18:41:56.0576 3984        ti21sony - ok
18:41:56.0935 3984        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:41:56.0950 3984        tssecsrv - ok
18:41:57.0060 3984        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:41:57.0060 3984        tunmp - ok
18:41:57.0122 3984        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:41:57.0138 3984        tunnel - ok
18:41:57.0200 3984        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:41:57.0216 3984        uagp35 - ok
18:41:57.0340 3984        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:41:57.0356 3984        udfs - ok
18:41:57.0434 3984        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:41:57.0434 3984        uliagpkx - ok
18:41:57.0512 3984        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:41:57.0528 3984        uliahci - ok
18:41:57.0590 3984        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:41:57.0590 3984        UlSata - ok
18:41:57.0699 3984        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:41:57.0715 3984        ulsata2 - ok
18:41:57.0793 3984        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:41:57.0808 3984        umbus - ok
18:41:57.0902 3984        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:41:57.0918 3984        usbccgp - ok
18:41:57.0980 3984        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:41:58.0027 3984        usbcir - ok
18:41:58.0136 3984        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:41:58.0152 3984        usbehci - ok
18:41:58.0214 3984        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:41:58.0245 3984        usbhub - ok
18:41:58.0370 3984        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:41:58.0401 3984        usbohci - ok
18:41:58.0573 3984        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:41:58.0604 3984        usbprint - ok
18:41:58.0666 3984        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:41:58.0682 3984        usbscan - ok
18:41:58.0776 3984        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:41:58.0791 3984        USBSTOR - ok
18:41:58.0900 3984        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:41:58.0932 3984        usbuhci - ok
18:41:59.0010 3984        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:41:59.0041 3984        usbvideo - ok
18:41:59.0197 3984        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:41:59.0259 3984        vga - ok
18:41:59.0368 3984        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:41:59.0400 3984        VgaSave - ok
18:41:59.0462 3984        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:41:59.0462 3984        viaagp - ok
18:41:59.0524 3984        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:41:59.0556 3984        ViaC7 - ok
18:41:59.0618 3984        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:41:59.0634 3984        viaide - ok
18:41:59.0712 3984        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:41:59.0727 3984        volmgr - ok
18:41:59.0836 3984        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:41:59.0852 3984        volmgrx - ok
18:41:59.0930 3984        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:41:59.0946 3984        volsnap - ok
18:42:00.0008 3984        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:42:00.0008 3984        vsmraid - ok
18:42:00.0133 3984        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:42:00.0180 3984        WacomPen - ok
18:42:00.0351 3984        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:00.0367 3984        Wanarp - ok
18:42:00.0367 3984        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:00.0398 3984        Wanarpv6 - ok
18:42:00.0460 3984        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:42:00.0476 3984        Wd - ok
18:42:00.0585 3984        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:42:00.0601 3984        Wdf01000 - ok
18:42:00.0757 3984        WimFltr        (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
18:42:00.0757 3984        WimFltr - ok
18:42:00.0819 3984        winachsf        (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:42:00.0850 3984        winachsf - ok
18:42:00.0944 3984        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:42:00.0975 3984        WmiAcpi - ok
18:42:01.0162 3984        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:42:01.0178 3984        WpdUsb - ok
18:42:01.0272 3984        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:42:01.0287 3984        ws2ifsl - ok
18:42:01.0381 3984        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:42:01.0412 3984        WUDFRd - ok
18:42:01.0490 3984        XAudio          (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
18:42:01.0506 3984        XAudio - ok
18:42:01.0630 3984        yukonwlh        (7927e830ecde6db3682cc319bad26984) C:\Windows\system32\DRIVERS\yk60x86.sys
18:42:01.0646 3984        yukonwlh - ok
18:42:01.0677 3984        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:42:01.0802 3984        \Device\Harddisk0\DR0 - ok
18:42:01.0818 3984        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
18:42:01.0958 3984        \Device\Harddisk2\DR2 - ok
18:42:01.0958 3984        Boot (0x1200)  (3615683225c78d54b0482cf5c756d7e8) \Device\Harddisk0\DR0\Partition0
18:42:01.0958 3984        \Device\Harddisk0\DR0\Partition0 - ok
18:42:01.0974 3984        Boot (0x1200)  (8a8466a3915d7c971aba7cdcd4f4eb1b) \Device\Harddisk2\DR2\Partition0
18:42:01.0974 3984        \Device\Harddisk2\DR2\Partition0 - ok
18:42:01.0974 3984        ============================================================
18:42:01.0974 3984        Scan finished
18:42:01.0974 3984        ============================================================
18:42:01.0974 5748        Detected object count: 1
18:42:01.0974 5748        Actual detected object count: 1
18:42:15.0873 5748        sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:42:15.0873 5748        sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 16.10.2011 17:59
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Telemann 16.10.2011 18:40
ComboFix ist durch, hier das Log:

Code:
ComboFix 11-10-15.04 - Michael 16.10.2011  19:16:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2046.1111 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-09-16 bis 2011-10-16  ))))))))))))))))))))))))))))))
.
.
2011-10-16 16:02 . 2011-10-16 16:02        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD312A81-F20E-467E-8821-83F429A4A379}\offreg.dll
2011-10-14 18:13 . 2011-09-12 23:14        7269712        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD312A81-F20E-467E-8821-83F429A4A379}\mpengine.dll
2011-10-12 18:49 . 2011-10-12 18:49        --------        d-----w-        C:\_OTL
2011-10-12 11:17 . 2011-07-29 16:01        293376        ----a-w-        c:\windows\system32\psisdecd.dll
2011-10-12 11:17 . 2011-07-29 16:01        217088        ----a-w-        c:\windows\system32\psisrndr.ax
2011-10-12 11:17 . 2011-07-29 16:00        57856        ----a-w-        c:\windows\system32\MSDvbNP.ax
2011-10-12 11:17 . 2011-07-29 16:00        69632        ----a-w-        c:\windows\system32\Mpeg2Data.ax
2011-10-12 11:16 . 2011-09-06 13:30        2043392        ----a-w-        c:\windows\system32\win32k.sys
2011-10-12 11:16 . 2011-09-14 10:51        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 11:16 . 2011-08-25 16:15        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2011-10-12 11:16 . 2011-08-25 16:14        238080        ----a-w-        c:\windows\system32\oleacc.dll
2011-10-12 11:16 . 2011-08-25 16:14        563712        ----a-w-        c:\windows\system32\oleaut32.dll
2011-10-12 11:16 . 2011-08-25 13:31        4096        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-10-10 20:41 . 2011-10-10 20:41        --------        d-----w-        C:\ebf847f73aca53fefe6baa74
2011-10-10 08:14 . 2011-03-03 15:40        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-10-10 08:14 . 2011-03-03 13:35        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-10-10 07:35 . 2011-10-10 07:35        --------        d-----w-        c:\program files\Windows Portable Devices
2011-10-09 18:01 . 2009-09-10 02:00        92672        ----a-w-        c:\windows\system32\UIAnimation.dll
2011-10-09 18:01 . 2009-09-10 02:01        3023360        ----a-w-        c:\windows\system32\UIRibbon.dll
2011-10-09 18:01 . 2009-09-10 02:00        1164800        ----a-w-        c:\windows\system32\UIRibbonRes.dll
2011-10-09 17:55 . 2009-10-09 21:56        2048        ----a-w-        c:\windows\system32\winrsmgr.dll
2011-10-09 15:49 . 2009-09-10 14:58        1418752        ----a-w-        c:\program files\Windows Media Player\setup_wm.exe
2011-10-09 15:49 . 2009-09-10 14:58        310784        ----a-w-        c:\windows\system32\unregmp2.exe
2011-10-08 22:58 . 2011-10-08 22:58        --------        d-----w-        c:\program files\ESET
2011-10-08 18:27 . 2011-10-08 18:27        --------        d-----w-        c:\users\Michael\AppData\Roaming\Malwarebytes
2011-10-08 18:27 . 2011-10-08 18:27        --------        d-----w-        c:\programdata\Malwarebytes
2011-10-08 18:27 . 2011-08-31 15:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-10-08 18:27 . 2011-10-08 18:27        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-10-07 07:41 . 2011-10-07 07:41        --------        d-----w-        c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 09:31 . 2011-06-12 08:45        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-09 11:04 . 2011-08-09 11:04        25512        ----a-w-        c:\windows\system32\drivers\ggsemc.sys
2011-08-09 11:04 . 2011-08-09 11:04        1112288        ----a-w-        c:\windows\system32\WdfCoInstaller01007.dll
2011-08-09 11:04 . 2011-08-09 11:04        13224        ----a-w-        c:\windows\system32\drivers\ggflt.sys
2010-03-31 08:09 . 2010-03-31 08:09        10437264        ----a-w-        c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 10:36 . 2010-04-08 10:36        107760        ----a-w-        c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-10-03 21:34 . 2011-05-09 07:31        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-31 11:39 . 2008-09-25 18:12        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06        163328        --sh--r-        c:\windows\System32\flvDX.dll
2007-02-21 11:47        31232        --sh--r-        c:\windows\System32\msfDX.dll
2007-12-17 13:43        27648        --sh--w-        c:\windows\System32\Smab0.dll
.

       
Code:

       
<pre>
c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\Apoint\Apoint .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Portrait Displays\Pivot Software\wpctrl .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\Real\RealPlayer\Update\realsched .exe
c:\program files\Sony\ISB Utility\ISBMgr .exe
c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion .exe
c:\program files\Spyware Terminator\SpywareTerminatorShield .exe
c:\program files\Spyware Terminator\SpywareTerminatorUpdate .exe
</pre>

.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-05-27 624056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [N/A]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-1-10 295606]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-6-22 739880]
EPSON SMART PANEL for Scanner.lnk - c:\program files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe [2008-1-15 180224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-12 06:33        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-07-03 28464]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-08-09 13224]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 135664]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-06-18 142592]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe [2006-10-21 508824]
S3 R5U870FLx86;R5U870 UVC Lower Filter  ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-06-28 75008]
S3 R5U870FUx86;R5U870 UVC Upper Filter  ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-06-28 43904]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 27222469
*NewlyCreated* - 84786546
*Deregistered* - 27222469
*Deregistered* - 84786546
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 17:04]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 17:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.club-vaio.com
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fhybklfo.default\
FF - prefs.js: browser.startup.homepage - www.arcor.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-SMART PANEL for Scanner - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-10-16 19:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&3c26589&1&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&3c26589&1&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&3c26589&1&UID273\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&3c26589&1&UID273\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GSM9D30\5&3c26589&1&UID273\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GSM9D30\5&3c26589&1&UID273\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\5&3c26589&1&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\5&3c26589&1&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A9\5&3c26589&1&UID273\Device Parameters\MODES]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A9\5&3c26589&1&UID273\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A9\5&3c26589&1&UID273\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\NVD0600\5&3c26589&1&UID272\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\NVD0600\5&3c26589&1&UID272\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2060)
c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2011-10-16  19:29:03
ComboFix-quarantined-files.txt  2011-10-16 17:29
.
Vor Suchlauf: 14 Verzeichnis(se), 84.567.945.216 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 84.499.587.072 Bytes frei
.
- - End Of File - - 83E4A2A66CF6E633AC926DD7C56C3756
Zwischendurch mal ein ganz dickes DANKESCHÖN fürs Helfen am Sonntag!

Viele Grüße,
Telemann

cosinus 16.10.2011 19:26
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Telemann 17.10.2011 19:10
Hi,

Gmer ist wieder abgestürzt, auch im abgesicherten Modus.

Daher hier nur die Log-Datei von OSAM:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:30:30 on 17.10.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 7.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Michael\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Portrait Displays low level device driver" (PdiPorts) - "Portrait Displays, Inc." - C:\Windows\System32\Drivers\PdiPorts.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys
"Spyware Terminator Driver 2" (sp_rsdrv2) - ? - C:\Windows\system32\drivers\sp_rsdrv2.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{A155339D-CCCD-4714-85EB-3754B804C9DF} "a-squared Free Shell Extension" - "Emsi Software GmbH" - C:\Program Files\a-squared Free\a2freecontmenu.dll
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{654D0431-C930-43C4-B8DA-9AA01BA5B486} "PDI GUI Engine COM Obj" - "Portrait Displays, Inc" - C:\Program Files\Common Files\Portrait Displays\Shared\HtmlEngine.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - "Crawler.com" - C:\Program Files\Spyware Terminator\sptcontmenu.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"EPSON SMART PANEL for Scanner.lnk" - "NewSoft" - C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpywareTerminatorUpdate" - ? - "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"  (File not found)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DT HPW" - "Portrait Displays, Inc" - C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
"LexwareInfoService" - "Lexware GmbH & Co. KG" - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"SpywareTerminator" - ? - "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"  (File not found)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Dell Enhanced TCP/IP Port" - " " - C:\Windows\system32\dkablmpm.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Active File Monitor V5" (AdobeActiveFileMonitor5.0) - ? - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"dkab_device" (dkab_device) - " " - C:\Windows\system32\DKabcoms.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PACSPTISVR" (PACSPTISVR) - ? - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
"Portrait Displays Display Tune Service" (DTSRVC) - ? - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe  (File found, but it contains no detailed information)
"Sony Ericsson PCCompanion" (Sony Ericsson PCCompanion) - "Avanquest Software" - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
"Spyware Terminator Realtime Shield Service" (sp_rssrv) - "Crawler.com" - C:\Program Files\Spyware Terminator\sp_rsser.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
"VAIO Content Metadata XML Interface" (VcmXmlIfHelper) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
"VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
"VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
"VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
"VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
"VAIO Media Content Collection" (VAIOMediaPlatform-UCLS-AppServer) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
"VAIO Media Content Collection (HTTP)" (VAIOMediaPlatform-UCLS-HTTP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
"VAIO Media Content Collection (UPnP)" (VAIOMediaPlatform-UCLS-UPnP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
"VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
"VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
"VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
"VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
...und hier die aswMBR.txt:

Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-17 19:35:42
-----------------------------
19:35:42.491    OS Version: Windows 6.0.6002 Service Pack 2
19:35:42.491    Number of processors: 2 586 0xF0D
19:35:42.491    ComputerName: MICHAEL-PC  UserName: Michael
19:35:43.771    Initialize success
19:37:05.319    AVAST engine defs: 11101700
19:37:37.361    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:37:37.361    Disk 0 Vendor: FUJITSU_ 0000 Size: 190782MB BusType: 3
19:37:37.361    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000060
19:37:37.377    Disk 1 Vendor: (  Size: 190782MB BusType: 0
19:37:37.377    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000061
19:37:37.377    Disk 2 Vendor: (  Size: 3787MB BusType: 0
19:37:37.392    Disk 0 MBR read successfully
19:37:37.392    Disk 0 MBR scan
19:37:37.408    Disk 0 Windows VISTA default MBR code
19:37:37.408    Disk 0 scanning sectors +390719920
19:37:37.502    Disk 0 scanning C:\Windows\system32\drivers
19:37:49.233    Service scanning
19:37:50.730    Modules scanning
19:37:59.295    Disk 0 trace - called modules:
19:37:59.310    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
19:37:59.310    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859218f0]
19:37:59.326    3 CLASSPNP.SYS[885ab8b3] -> nt!IofCallDriver -> [0x844851d8]
19:37:59.326    5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84e16030]
19:38:00.543    AVAST engine scan C:\Windows
19:38:05.784    AVAST engine scan C:\Windows\system32
19:40:34.486    AVAST engine scan C:\Windows\system32\drivers
19:40:48.713    AVAST engine scan C:\Users\Michael
19:48:21.581    AVAST engine scan C:\ProgramData
19:55:36.930    Scan finished successfully
20:02:33.869    Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
20:02:33.869    The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
Gruß,
Telemann

cosinus 18.10.2011 18:21
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Telemann 19.10.2011 22:05
Hi, also zuerst das Log von Malwarebytes:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7974

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

18.10.2011 23:18:45
mbam-log-2011-10-18 (23-18-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 372985
Laufzeit: 1 Stunde(n), 23 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Jetzt SASW:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/19/2011 at 12:18 PM

Application Version : 5.0.1134

Core Rules Database Version : 7815
Trace Rules Database Version: 5627

Scan type      : Complete Scan
Total Scan Time : 02:09:08

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 730
Memory threats detected  : 0
Registry items scanned    : 38636
Registry threats detected : 0
File items scanned        : 193127
File threats detected    : 230

Adware.Tracking Cookie
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@AD.ZANOX[2].TXT [ /AD.ZANOX ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@2O7[1].TXT [ /2O7 ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@WWW.ZANOX-AFFILIATE[2].TXT [ /WWW.ZANOX-AFFILIATE ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@PERF.OVERTURE[1].TXT [ /PERF.OVERTURE ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@KOMTRACK[2].TXT [ /KOMTRACK ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@TRIBALFUSION[2].TXT [ /TRIBALFUSION ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@APMEBF[1].TXT [ /APMEBF ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@ZANOX[1].TXT [ /ZANOX ]
        .vodafonegroup.122.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        adserver.konradin.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .wlw.122.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .parship.122.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .conrad.122.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .dealtime.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .perf.overture.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .rewetouristik.112.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .comvelgmbh.112.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .clickandbuy.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .clickandbuy.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .revenue.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        stattrack.0catch.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .olympiaverlag.122.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .cdn.complexmedianetwork.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .stats.complex.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adcentriconline.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        stats.grolltroll.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .trackmatics.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .twittercounter.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        track.yellostrom.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        adsrv1.admediate.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .siemens.112.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .bshg.122.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        www.elitepartner.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        gotacha.rotator.hadj7.adjuggler.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        gotacha.rotator.hadj7.adjuggler.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        bmmg.panda-media.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .bubblestat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .bubblestat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .bubblestat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .bubblestat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .bubblestat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .bubblestat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.biz [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .meet-teens.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .meet-teens.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .meet-teens.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .meet-teens.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        www.meet-teens.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .aim4media.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adserver.adtechus.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .sevenoneintermedia.112.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adinterax.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adinterax.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .azjmp.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .audiag.112.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .viewablemedia.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .snapfish.112.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .hotlog.ru [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        nbi6.ads2.odn.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        nbi6.ads2.odn.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        dc.tremormedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .secmedia.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .burstnet.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .bizrate.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .paypal.112.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .countomat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .teenproblem.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .teenproblem.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        www.mediamarkt.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .mediamarkt-fotoservice.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .mediamarkt-fotoservice.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .123handydiscount.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .123handydiscount.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .cnetaustralia.122.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .thomascookag.122.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        tracking.oe24.at [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .ehg-artnetworldwide.hitbox.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .hitbox.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        stat.onestat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        stat.onestat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        stat.aldi.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        stat.onestat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wblywodzmgp.stats.esomniture.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfl4omcjseq.stats.esomniture.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .prepaid-discounter.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .prepaid-discounter.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .openstat.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .spylog.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .getclicky.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .static.getclicky.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        s4.trafficmaxx.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .loyaltypartner.122.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .sexytimeusa.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .sexytimeusa.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        stats.linx.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .autoscout24.112.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .toplist.cz [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        www.der-schaumstoffdiscounter.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        www.der-schaumstoffdiscounter.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        stats.computecmedia.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        www.blogcounter.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        logging.ourstats.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        stat.dealtime.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .clickandbuy.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHYBKLFO.DEFAULT\COOKIES.SQLITE ]
        h2porn.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G6QKZHE3 ]
        media.mtvu.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G6QKZHE3 ]
        pk.webcamsex.nl [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G6QKZHE3 ]
        secure-us.imrworldwide.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G6QKZHE3 ]
Und nun noch ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=7f6ac70eaba0fc40abd879fe3d5b1d2f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-08 11:39:53
# local_time=2011-10-09 01:39:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 14556 93011496 0 0
# compatibility_mode=5892 16776573 100 100 14542 155647660 0 0
# compatibility_mode=7937 16777213 100 75 15503 27478776 0 0
# compatibility_mode=8192 67108863 100 0 198 198 0 0
# scanned=44942
# found=0
# cleaned=0
# scan_time=2261
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=7f6ac70eaba0fc40abd879fe3d5b1d2f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-09 11:37:13
# local_time=2011-10-09 01:37:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 52220 93049160 50136 0
# compatibility_mode=5892 16776573 100 100 1620 155685324 0 0
# compatibility_mode=7937 16777213 100 100 247 27516440 0 0
# compatibility_mode=8192 67108863 100 0 37862 37862 0 0
# scanned=216330
# found=12
# cleaned=0
# scan_time=7636
C:\Users\Michael\AppData\Local\Temp\00313.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\1022145.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\1827324.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\41936.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\57823.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\7419518.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\75087.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\83508.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\94545.exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\M-1-52-5782-8752-5245\winsvc .exe        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\IMG04506864689.JPG.scr        probably a variant of Win32/AutoRun.Injector.AE worm (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\704dc34-2c70dc1c        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=7f6ac70eaba0fc40abd879fe3d5b1d2f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-11 10:09:59
# local_time=2011-10-12 12:09:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 262788 93259728 79873 0
# compatibility_mode=5892 16776573 100 100 45219 155895892 0 0
# compatibility_mode=7937 16777213 100 100 210815 27727008 0 0
# compatibility_mode=8192 67108863 100 0 248430 248430 0 0
# scanned=222310
# found=20
# cleaned=0
# scan_time=7835
C:\Users\Michael\AppData\Local\Temp\00313.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\1022145.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\1827324.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\41936.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\57823.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\7419518.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\75087.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\83508.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\Local\Temp\94545.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7709867e-7413ff1e        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\M-1-52-5782-8752-5245\winsvc .exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\IMG04506864689.JPG.scr        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JWQF0E6V\soft_be_tc[1].htm        HTML/Iframe.B.Gen virus (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VON5QKS5\ni[1].htm        HTML/Iframe.B.Gen virus (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5371c350-5fa0ae37        Java/Agent.DU trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\321af3d6-339ec4f1        Java/Agent.DU trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\704dc34-2c70dc1c        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\630bdaf9-25073e04        Java/Agent.DU trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Temp\AcrBE4.tmp        JS/Exploit.Pdfka.PEN trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Temp\jar_cache6805097543519546117.tmp        Java/Agent.DU trojan (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=7f6ac70eaba0fc40abd879fe3d5b1d2f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-19 10:31:37
# local_time=2011-10-19 12:31:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 239292 93916824 231870 0
# compatibility_mode=5892 16776573 100 100 9535 156552988 0 0
# compatibility_mode=7937 16777213 100 75 234363 28384104 0 0
# compatibility_mode=8192 67108863 100 0 905526 905526 0 0
# scanned=716
# found=0
# cleaned=0
# scan_time=36
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=7f6ac70eaba0fc40abd879fe3d5b1d2f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-19 08:33:16
# local_time=2011-10-19 10:33:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 268356 93945888 260934 0
# compatibility_mode=5892 16776573 100 100 463 156582052 0 0
# compatibility_mode=7937 16777213 100 75 263427 28413168 0 0
# compatibility_mode=8192 67108863 100 0 934590 934590 0 0
# scanned=195986
# found=13
# cleaned=0
# scan_time=7072
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5371c350-5fa0ae37        Java/Agent.DU trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\10122011_204919\C_Users\Michael\AppData\Local\Temp\00313.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\10122011_204919\C_Users\Michael\AppData\Local\Temp\1022145.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\10122011_204919\C_Users\Michael\AppData\Local\Temp\1827324.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\10122011_204919\C_Users\Michael\AppData\Local\Temp\41936.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\10122011_204919\C_Users\Michael\AppData\Local\Temp\57823.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\10122011_204919\C_Users\Michael\AppData\Local\Temp\7419518.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\10122011_204919\C_Users\Michael\AppData\Local\Temp\75087.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\10122011_204919\C_Users\Michael\AppData\Local\Temp\83508.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\10122011_204919\C_Users\Michael\AppData\Local\Temp\94545.exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\10122011_204919\C_Users\Michael\M-1-52-5782-8752-5245\winsvc .exe        a variant of Win32/AutoRun.Injector.AF worm (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\10122011_204919\C_Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2RQBDGA\28b82[1].pdf        JS/Exploit.Pdfka.PES trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\10122011_204919\C_Windows\temp\AcrCF7F.tmp        JS/Exploit.Pdfka.PES trojan (unable to clean)        00000000000000000000000000000000        I
Ich weiß nicht, ob du die Logs lieber als Anhang haben möchtest, z.B. in einer Zip-Datei. Falls ja, schicke ich sie gerne noch mal.

Viele Grüße,
Telemann

cosinus 20.10.2011 12:52
Nur Cookies und (isolierte) Überreste. Können soweit weg.
Rechner soweit wieder ok oder noch andere Probleme und/oder Funde?

Telemann 20.10.2011 21:25
Hi,

ja, der Rechner scheint wieder das zu tun, was er soll. Ganz herzlichen Dank für deine kompetente Hilfe!

Nur immer wenn der Lüfter seine Drehzahl erhöht, was irgendwie öfter als früher zu sein scheint (kann mich auch irren), krieg ich nen Schreck und denke, jetzt verschickt vielleicht grad ein Schadprogramm tausende von Spam-Mails, oder was auch immer die so tun... Stimmt wahrscheinlich nicht, aber ich bin jetzt empfindlicher geworden.

Zwei Fragen fallen mir ein:

1. Seit einigen Tagen bekomme ich immer die Meldung "Einige Autostartprogramme wurden geblockt". Das scheint Malwarebytes zu sein, das da geblockt wird. Was bedeutet das?

2. Wie bekomme ich jetzt das Objekt weg, das beim letzten ESET-Scan (Zitat siehe unten) noch entdeckt wurde?
Code:
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5371c350-5fa0ae37        Java/Agent.DU trojan (unable to clean)
Schöne Grüße,
Telemann

cosinus 21.10.2011 13:07
Zitat:
1. Seit einigen Tagen bekomme ich immer die Meldung "Einige Autostartprogramme wurden geblockt". Das scheint Malwarebytes zu sein, das da geblockt wird. Was bedeutet das?
Müsste die Meldung sein, dass Programme im Autostart liegen, diese aber nicht automatisch gestartet werden. Ich kenn diese meldung bei Vista und 7 nur, wenn man mit msconfig Autostarteinträge deaktiviert hat. Schau mal mit msconfig nach. Aber diese Meldung ist weder schädlich noch besorgniserregend, es ist einfach nur eine Info.

Zitat:
2. Wie bekomme ich jetzt das Objekt weg, das beim letzten ESET-Scan (Zitat siehe unten) noch entdeckt wurde?
Lösch doch einfach mal manuell diesen Ordner => C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0


Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Telemann 24.10.2011 20:19
Hi,

habe 1. im Autostart sauber gemacht und 2. das verdächtige Verzeichnis gelöscht, wie empfohlen.
Habe außerdem JavaRa angewendet.

Ich werde jetzt ca. zwei Wochen nicht dazu kommen, andere Ratschläge in die Tat umzusetzen, danach melde ich mich wieder. Das mit dem Ubuntu interessiert mich evtl.

Nochmal vielen, vielen Dank fürs Helfen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131