Trojaner-Board - Avira findet Trojaner der nicht existiert?

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Avira findet Trojaner der nicht existiert? (https://www.trojaner-board.de/115788-avira-findet-trojaner-existiert.html)

Avira findet Trojaner der nicht existiert?

Ich wunder mich gerade über mein Avira. Seit etwa einer Woche findet es immerzu diese zwei Viren im gleichen Ordner (C:\WINDOWS\assembly), kann aber die Quelldatei nicht finden und ich auch nicht (hab alle Ordner sichtbar gemacht, versteckte und geschützte, habs sogar mit der Konsole probiert, diese Desktop.ini's sind wirklich nicht da!). Ich frage mich jetzt ob ich mir Sorgen machen soll oder nicht? Sonst heißt es immerzu das es nichts weiteres gibt. Nur diese 2 unfindbare Dateien :confused: und der Rechner läuft im Grunde einwandfrei ohne irgendwelche Probleme.

Muss ich mir jetzt Gedanken machen oder ist das vielleicht ein Fehler von Avira selbst?

Hier einmal das Logfile von Avira wenn ich nur diesen Ordner scanne:

Code:



Avira Free Antivirus

Erstellungsdatum der Reportdatei: Samstag, 26. Mai 2012  12:49
 

Es wird nach 3750486 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 7 Home Premium

Windowsversion : (Service Pack 1)  [6.1.7601]

Boot Modus     : Normal gebootet

Benutzername   : John

Computername   : JOHN-PC
 

Versionsinformationen:

BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00

AVSCAN.EXE     : 12.3.0.15     466896 Bytes  09.05.2012 16:29:27

AVSCAN.DLL     : 12.3.0.15      66256 Bytes  09.05.2012 16:29:27

LUKE.DLL       : 12.3.0.15      68304 Bytes  09.05.2012 16:29:28

AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  09.05.2012 16:29:28

AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 16:28:49

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 17:48:04

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 15:10:00

VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 16:59:13

VBASE005.VDF   : 7.11.29.136  2166272 Bytes  10.05.2012 16:28:40

VBASE006.VDF   : 7.11.29.137     2048 Bytes  10.05.2012 16:28:41

VBASE007.VDF   : 7.11.29.138     2048 Bytes  10.05.2012 16:28:41

VBASE008.VDF   : 7.11.29.139     2048 Bytes  10.05.2012 16:28:41

VBASE009.VDF   : 7.11.29.140     2048 Bytes  10.05.2012 16:28:41

VBASE010.VDF   : 7.11.29.141     2048 Bytes  10.05.2012 16:28:41

VBASE011.VDF   : 7.11.29.142     2048 Bytes  10.05.2012 16:28:41

VBASE012.VDF   : 7.11.29.143     2048 Bytes  10.05.2012 16:28:41

VBASE013.VDF   : 7.11.29.144     2048 Bytes  10.05.2012 16:28:42

VBASE014.VDF   : 7.11.30.3     198144 Bytes  14.05.2012 16:28:55

VBASE015.VDF   : 7.11.30.69    186368 Bytes  17.05.2012 16:29:47

VBASE016.VDF   : 7.11.30.143   223744 Bytes  21.05.2012 16:41:06

VBASE017.VDF   : 7.11.30.207   287744 Bytes  23.05.2012 16:40:20

VBASE018.VDF   : 7.11.30.208     2048 Bytes  23.05.2012 16:40:20

VBASE019.VDF   : 7.11.30.209     2048 Bytes  23.05.2012 16:40:20

VBASE020.VDF   : 7.11.30.210     2048 Bytes  23.05.2012 16:40:20

VBASE021.VDF   : 7.11.30.211     2048 Bytes  23.05.2012 16:40:20

VBASE022.VDF   : 7.11.30.212     2048 Bytes  23.05.2012 16:40:20

VBASE023.VDF   : 7.11.30.213     2048 Bytes  23.05.2012 16:40:20

VBASE024.VDF   : 7.11.30.214     2048 Bytes  23.05.2012 16:40:21

VBASE025.VDF   : 7.11.30.215     2048 Bytes  23.05.2012 16:40:21

VBASE026.VDF   : 7.11.30.216     2048 Bytes  23.05.2012 16:40:21

VBASE027.VDF   : 7.11.30.217     2048 Bytes  23.05.2012 16:40:21

VBASE028.VDF   : 7.11.30.218     2048 Bytes  23.05.2012 16:40:21

VBASE029.VDF   : 7.11.30.219     2048 Bytes  23.05.2012 16:40:21

VBASE030.VDF   : 7.11.30.220     2048 Bytes  23.05.2012 16:40:21

VBASE031.VDF   : 7.11.31.32    118272 Bytes  26.05.2012 10:40:31

Engineversion  : 8.2.10.68 

AEVDF.DLL      : 8.1.2.2       106868 Bytes  25.10.2011 17:10:45

AESCRIPT.DLL   : 8.1.4.19      455034 Bytes  11.05.2012 16:28:47

AESCN.DLL      : 8.1.8.2       131444 Bytes  27.01.2012 18:14:02

AESBX.DLL      : 8.2.5.5       606579 Bytes  12.03.2012 15:57:58

AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06

AEPACK.DLL     : 8.2.16.13     807287 Bytes  11.05.2012 16:28:46

AEOFFICE.DLL   : 8.1.2.28      201082 Bytes  27.04.2012 14:27:59

AEHEUR.DLL     : 8.1.4.28     4800886 Bytes  17.05.2012 16:30:56

AEHELP.DLL     : 8.1.21.0      254326 Bytes  11.05.2012 16:28:43

AEGEN.DLL      : 8.1.5.28      422260 Bytes  27.04.2012 14:26:56

AEEXP.DLL      : 8.1.0.40       82292 Bytes  17.05.2012 16:31:28

AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01

AECORE.DLL     : 8.1.25.6      201078 Bytes  15.03.2012 15:54:32

AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01

AVWINLL.DLL    : 12.3.0.15      27344 Bytes  09.05.2012 16:29:27

AVPREF.DLL     : 12.3.0.15      51920 Bytes  09.05.2012 16:29:27

AVREP.DLL      : 12.3.0.15     179208 Bytes  09.05.2012 16:29:28

AVARKT.DLL     : 12.3.0.15     211408 Bytes  09.05.2012 16:29:27

AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  09.05.2012 16:29:27

SQLITE3.DLL    : 3.7.0.1       398288 Bytes  09.05.2012 16:29:28

AVSMTP.DLL     : 12.3.0.15      63440 Bytes  09.05.2012 16:29:27

NETNT.DLL      : 12.3.0.15      17104 Bytes  09.05.2012 16:29:28

RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  09.05.2012 16:29:27

RCTEXT.DLL     : 12.3.0.15      98512 Bytes  09.05.2012 16:29:27
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: ShlExt

Konfigurationsdatei...................: C:\Users\John\AppData\Local\Temp\ba0e5872.avp

Protokollierung.......................: standard

Primäre Aktion........................: reparieren

Sekundäre Aktion......................: löschen

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: ein

Bootsektoren..........................: C:, 

Durchsuche aktive Programme...........: aus

Durchsuche Registrierung..............: aus

Suche nach Rootkits...................: aus

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: aus

Archiv Smart Extensions...............: ein

Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660, 

Makrovirenheuristik...................: ein

Dateiheuristik........................: vollständig

Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
 

Beginn des Suchlaufs: Samstag, 26. Mai 2012  12:49
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\Windows\assembly'

C:\Windows\assembly\GAC_32\Desktop.ini

  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2

  [WARNUNG]   Die Datei konnte nicht ins Quarantäneverzeichnis kopiert werden.

  [WARNUNG]   Die Quelldatei konnte nicht gefunden werden.

  [HINWEIS]   Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.

  [WARNUNG]   Die Datei konnte nicht ins Quarantäneverzeichnis kopiert werden.

  [WARNUNG]   Systemfehler [0]: Der Vorgang wurde erfolgreich beendet.

  [WARNUNG]   Die Datei wurde ignoriert.

C:\Windows\assembly\GAC_64\Desktop.ini

  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2

  [WARNUNG]   Die Datei konnte nicht ins Quarantäneverzeichnis kopiert werden.

  [WARNUNG]   Die Quelldatei konnte nicht gefunden werden.

  [HINWEIS]   Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.

  [WARNUNG]   Die Datei konnte nicht ins Quarantäneverzeichnis kopiert werden.

  [WARNUNG]   Systemfehler [0]: Der Vorgang wurde erfolgreich beendet.

  [WARNUNG]   Die Datei wurde ignoriert.
 
 

Ende des Suchlaufs: Samstag, 26. Mai 2012  12:54

Benötigte Zeit: 04:41 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

   3218 Verzeichnisse wurden überprüft

   2146 Dateien wurden geprüft

      2 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      0 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

   2144 Dateien ohne Befall

      0 Archive wurden durchsucht

      2 Warnungen

      2 Hinweise

Ich habe es gerade wieder selbst mit der Konsole probiert und anscheinend existieren diese Dateien doch, aber ich habe kein Zugriff auf diese.

Siehe Kommandozeile:

Code:

Microsoft Windows [Version 6.1.7601]

Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten.
 

C:\Users\John>if exist "C:\Windows\assembly\GAC_64\Desktop.ini" echo JA

JA
 

C:\Users\John>if NOT exist "C:\Windows\assembly\GAC_64\Desktop.ini" echo JA
 

C:\Users\John>attrib -r -s -h "C:\Windows\assembly\GAC_64\Desktop.ini"

Zugriff verweigert - C:\Windows\assembly\GAC_64\Desktop.ini
 

C:\Users\John>del /S /F /Q "C:\Windows\assembly\GAC_64\Desktop.ini"

C:\Windows\assembly\GAC_64\Desktop.ini konnte nicht gefunden werden
 

C:\Users\John>

Ich mache mal jetzt nochmals vollständige Scans mit Malwarebytes und Avira und poste dann diese Logfiles!

Problem gelöst dank einem Freund der sich bei sowas gut auskennt. Danke trotzdem :) Thread kann geschlossen werden - Cheers

Hallo jojo95,

Zitat:

[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2

Ich hoffe, dein Freund kennt sich wirklich gut aus - du hast nämlich das ZeroAccess-Rootkit auf dem Rechner und das ist auch der Grund, warum du an diese Dateien nicht rankommst...:pfeiff:

Jedenfalls gab es bei einer Vollständigen Systemprüfung mit Avira und Malwarebytes keine Funde mehr. Diese Dateien gibt es jetzt auch nach der Konsole nicht mehr und werden auch nicht mehr von Avira gefunden. Soll ich Logfiles mit HijackThis oder anderen Programmen machen? Wenn du sagst es ist ein Rootkit soll ich mir GMER holen oder was soll ich deiner Meinung nach zur Sicherheit nochmal machen?

:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren) - wenn du die anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!
Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. Erschwert mir nämlich das Auswerten.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1: defogger

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.

Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Schritt 2: DDS

Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.scr dds.pif

Schließe alle laufenden Programme.
Starte DDS mit Doppelklick.
Es wird 2 Logfiles erstellen.
- dds.txt
- attach.txt
Speichere beide Logfiles auf deinem Desktop
Poste beide Logfiles hier.

DDS.txt
[CODE].DDS Logfile:

Code:

DDS (Ver_2011-08-26.01) - NTFSAMD64 

Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_26

Run by John at 12:37:22 on 2012-05-27

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.4094.2329 [GMT 2:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\3DataManager\WTGService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

D:\John\worker\worker.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Trillian\trillian.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://www.msn.com

uInternet Settings,ProxyServer = 127.0.0.1:8118

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

BHO: {1580277A-4F5E-61BA-30D0-5C805A834D61} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIC30F~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIC30F~1\Office14\URLREDIR.DLL

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [AUTOWorker] "D:\John\worker\worker.exe" /auto

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: An OneNote s&enden - C:\PROGRA~2\MIC30F~1\Office14\ONBttnIE.dll/105

IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MIC30F~1\Office14\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{3BBAEAA6-A760-4FEA-9D8C-C8FAAF90CBEC} : DhcpNameServer = 192.168.178.1

TCP: Interfaces\{3BBAEAA6-A760-4FEA-9D8C-C8FAAF90CBEC}\75C414E413 : DhcpNameServer = 192.168.100.251

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIC30F~1\Office14\GROOVEEX.DLL

BHO-X64: {1580277A-4F5E-61BA-30D0-5C805A834D61} - No File

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{326E768D-4182-46FD-9C16-1449A49795F4}

{53707962-6F74-2D53-2644-206D7942484F}

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [AUTOWorker] "D:\John\worker\worker.exe" /auto

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\29pcln6y.default\

FF - plugin: C:\PROGRA~2\MIC30F~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIC30F~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\John\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll

FF - plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-23 913752]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-16 86224]

R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-16 110032]

R2 AntiVirWebService;Avira Browser Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-10-16 465360]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-6-13 821592]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-22 654408]

R2 WTGService;WTGService;C:\Program Files (x86)\3DataManager\WTGService.exe [2011-8-4 333264]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-5-14 21384]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-5-14 33184]

R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-5-14 21872]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 257696]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

S3 e2eVAWdm;e2eSoft VAudio;C:\Windows\system32\DRIVERS\VAud_WDM.sys --> C:\Windows\system32\DRIVERS\VAud_WDM.sys [?]

S3 massfilter;Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 129976]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-12-16 155344]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);C:\Windows\system32\drivers\vasdDev.sys --> C:\Windows\system32\drivers\vasdDev.sys [?]

S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-05-27 10:36:04        69000        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2097FEE-C836-4DC7-AD43-391F37D145E8}\offreg.dll

2012-05-26 20:04:06        43        ----a-w-        C:\analyse.bat

2012-05-26 19:42:34        --------        d-----w-        C:\Windows\NitroX

2012-05-26 12:22:35        --------        d-sh--w-        C:\$RECYCLE.BIN

2012-05-26 12:05:30        98816        ----a-w-        C:\Windows\sed.exe

2012-05-26 12:05:30        518144        ----a-w-        C:\Windows\SWREG.exe

2012-05-26 12:05:30        256000        ----a-w-        C:\Windows\PEV.exe

2012-05-26 12:05:30        208896        ----a-w-        C:\Windows\MBR.exe

2012-05-26 12:00:00        61440        ----a-w-        C:\Windows\SysWow64\drivers\ukmzyzk.sys

2012-05-26 11:48:12        61440        ----a-w-        C:\Windows\SysWow64\drivers\aaxblh.sys

2012-05-25 15:34:32        --------        d-----w-        C:\Users\John\AppData\Local\MooExt

2012-05-25 14:15:43        --------        d-----w-        C:\Program Files (x86)\Common Files\Blizzard Entertainment

2012-05-25 11:44:53        8955792        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2097FEE-C836-4DC7-AD43-391F37D145E8}\mpengine.dll

2012-05-22 14:33:45        8955792        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-05-20 17:37:23        279656        ------w-        C:\Windows\System32\MpSigStub.exe

2012-05-18 16:41:07        --------        d-----w-        C:\Users\John\.yawcam

2012-05-11 18:31:34        --------        d-----w-        C:\Users\John\AppData\Local\SplitMediaLabs

2012-05-10 18:54:04        --------        d-sh--w-        C:\Windows\SysWow64\%APPDATA%

2012-05-10 16:33:20        1544704        ----a-w-        C:\Windows\System32\DWrite.dll

2012-05-10 16:33:20        1077248        ----a-w-        C:\Windows\SysWow64\DWrite.dll

2012-05-10 16:33:14        5559664        ----a-w-        C:\Windows\System32\ntoskrnl.exe

2012-05-10 16:33:13        3146240        ----a-w-        C:\Windows\System32\win32k.sys

2012-05-10 16:33:12        3968368        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-10 16:33:12        3913072        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe

2012-05-10 16:32:28        75120        ----a-w-        C:\Windows\System32\drivers\partmgr.sys

2012-05-10 16:32:11        1918320        ----a-w-        C:\Windows\System32\drivers\tcpip.sys

2012-05-10 16:32:04        1732096        ----a-w-        C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-10 16:32:03        936960        ----a-w-        C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 16:32:03        1402880        ----a-w-        C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-10 16:32:03        1393664        ----a-w-        C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-10 16:32:03        1367552        ----a-w-        C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-02 17:05:45        --------        d-----w-        C:\Program Files (x86)\Mozilla Maintenance Service

2012-05-02 17:05:37        157352        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-02 17:05:37        129976        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

.

==================== Find3M  ====================

.

2012-05-09 16:29:28        98848        ----a-w-        C:\Windows\System32\drivers\avgntflt.sys

2012-05-05 17:04:17        70304        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 17:04:17        419488        ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-05 17:04:09        8744608        ----a-w-        C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-24 14:29:35        111928        ----a-w-        C:\Windows\SysWow64\PnkBstrB.exe

2012-04-04 13:56:40        24904        ----a-w-        C:\Windows\System32\drivers\mbam.sys

2012-03-21 12:30:58        525544        ----a-w-        C:\Windows\System32\deployJava1.dll

2012-03-13 17:51:58        9216        ----a-w-        C:\Windows\System32\rdrmemptylst.exe

2012-03-13 17:51:58        77312        ----a-w-        C:\Windows\System32\rdpwsx.dll

2012-03-13 17:51:58        149504        ----a-w-        C:\Windows\System32\rdpcorekmts.dll

2012-03-13 17:50:52        826880        ----a-w-        C:\Windows\SysWow64\rdpcore.dll

2012-03-13 17:50:52        23552        ----a-w-        C:\Windows\System32\drivers\tdtcp.sys

2012-03-13 17:50:52        210944        ----a-w-        C:\Windows\System32\drivers\rdpwd.sys

2012-03-13 17:50:52        1031680        ----a-w-        C:\Windows\System32\rdpcore.dll

2012-03-01 06:46:16        23408        ----a-w-        C:\Windows\System32\drivers\fs_rec.sys

2012-03-01 06:38:27        220672        ----a-w-        C:\Windows\System32\wintrust.dll

2012-03-01 06:33:50        81408        ----a-w-        C:\Windows\System32\imagehlp.dll

2012-03-01 06:28:47        5120        ----a-w-        C:\Windows\System32\wmi.dll

2012-03-01 05:37:41        172544        ----a-w-        C:\Windows\SysWow64\wintrust.dll

2012-03-01 05:33:23        159232        ----a-w-        C:\Windows\SysWow64\imagehlp.dll

2012-03-01 05:29:16        5120        ----a-w-        C:\Windows\SysWow64\wmi.dll

2012-02-28 06:56:48        2311168        ----a-w-        C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56        1390080        ----a-w-        C:\Windows\System32\wininet.dll

2012-02-28 06:48:57        1493504        ----a-w-        C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55        2382848        ----a-w-        C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55        1799168        ----a-w-        C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21        1427456        ----a-w-        C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07        1127424        ----a-w-        C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16        2382848        ----a-w-        C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 12:38:55,63 ===============

--- --- ---

attach.txt

Code:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume2

Install Date: 29.03.2011 22:10:00

System Uptime: 27.05.2012 11:41:07 (1 hours ago)

.

Motherboard: ASUSTeK Computer Inc.         |  | K52Dr

Processor: AMD Phenom(tm) II P920 Quad-Core Processor | CPU 1 | 1600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 71,678 GiB free.

D: is FIXED (NTFS) - 428 GiB total, 180,384 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: sptd

Device ID: ROOT\LEGACY_SPTD\0000

Manufacturer: 

Name: sptd

PNP Device ID: ROOT\LEGACY_SPTD\0000

Service: sptd

.

==== System Restore Points ===================

.

RP233: 22.05.2012 16:32:52 - Windows Update

RP234: 23.05.2012 17:34:35 - Configured Microsoft Office Professional Plus 2010

RP235: 26.05.2012 14:05:35 - ComboFix created restore point

RP236: 26.05.2012 21:33:52 - NitroX Cleaner Backup

RP237: 26.05.2012 21:51:44 - NitroX Cleaner Backup

.

==== Installed Programs ======================

.

3DataManager

Acoustica MP3 Audio Mixer

Adobe After Effects CS5.5

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Community Help

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Download Assistant

Adobe Dreamweaver CS3

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash Media Live Encoder 3.2

Adobe Help Viewer CS3

Adobe Media Player

Adobe PDF Library Files

Adobe Photoshop CS5

Adobe Reader X (10.1.3) - Deutsch

Adobe Setup

Adobe Shockwave Player 11.6

Adobe Story

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Advanced SystemCare 5

Akamai NetSession Interface

Akamai NetSession Interface Service

Amnesia - The Dark Descent 

Apple Application Support

Apple Software Update

Ask Toolbar

µTorrent

Audacity 1.3.13 (Unicode)

Avira Free Antivirus

Battlecraft 1942

Battlefield 1942

Battlefield 1942 Multiplayer Demo

Battlefield 1942: Secret Weapons of WWII

Battlefield 1942: The Road To Rome

Battlefield Mod Development Toolkit 2.0 Beta

Bot's Factory 2.3 MP

Brother MFL-Pro Suite DCP-165C

Call of Duty

Call of Duty - United Offensive

Camtasia Studio 7

Command & Conquer™ Alarmstufe Rot 3 Der Aufstand

Compatibility Pack für 2007 Office System

Crysis(R)

Crysis® 2

D3DX10

DAEMON Tools Lite

Dead Space™

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DivX-Setup

Download Updater (AOL LLC)

ESN Sonar

Facebook Messenger 2.1.4520.0

Facebook Video Calling 1.2.0.159

FileZilla Client 3.5.3

Fraps

Free PDF to Word Doc Converter v1.1

GeoGebra

GPL Ghostscript 9.01

Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973)

Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2565057)

Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2635973)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)

HyperCam 2

IObit Malware Fighter

Java Auto Updater

Java(TM) 6 Update 22

Java(TM) 6 Update 26

JMicron Ethernet Adapter NDIS Driver

JMicron Flash Media Controller Driver

LAME v3.98.3 for Audacity

Macromedia Dreamweaver 8

Macromedia Extension Manager

MAGIX Screenshare

MAGIX Speed burnR (MSI)

Malwarebytes Anti-Malware Version 1.61.0.1400

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (German) 2010

Microsoft Office Excel MUI (German) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (German) 2010

Microsoft Office InfoPath MUI (German) 2010

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (German) 2010

Microsoft Office Outlook MUI (German) 2010

Microsoft Office PowerPoint MUI (German) 2010

Microsoft Office Professional Edition 2003

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proof (Italian) 2010

Microsoft Office Proofing (German) 2010

Microsoft Office Publisher MUI (German) 2010

Microsoft Office Shared MUI (German) 2010

Microsoft Office Word MUI (German) 2010

Microsoft Speech Recognition Engine 4.0 (English)

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Compact 3.5 SP2 DEU

Microsoft SQL Server System CLR Types

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft Visual Basic 2010 Express - DEU

Microsoft Visual C++  Compilers 2010 Standard - enu - x86

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219

Microsoft Visual C++ 2010 Express - DEU

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Service Pack 1

Microsoft XNA Framework Redistributable 4.0 Refresh

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 12.0 (x86 de)

Mozilla Maintenance Service

Mozilla Thunderbird (3.1.9)

MSVCRT

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

NVIDIA PhysX

OJOsoft Total Video Converter

OpenOffice.org 3.3

PDF Settings CS5

PHPTriad Module: Phorum

Polipo 1.0.4.1

PunkBuster für Battlefield 1942

PunkBuster Services

PxMergeModule

QuickTime

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Skype Click to Call

Skype™ 5.9

Smart Defrag 2

SmartSound Common Data

SmartSound Quicktracks 5

Sony Ericsson PC Companion 2.02.002

SplitCam

Spybot - Search & Destroy

TeamViewer 7

Tor 0.2.1.30

Trillian

UPC Konfigurator

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

Vidalia 0.2.10

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU

VLC media player 2.0.1

Windows 7 Codec Pack 3.3.0

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotogalerie

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Encoder 9 Series

Windows Movie Maker 2.6

WinFlash

XSplit

Yahoo! Messenger

.

==== End Of File ===========================

Ckscan

Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.

Doppelklick auf die CKScanner.exe und klicke auf Search For Files.
Danach klick auf Save List To File.
Es wird eine Box aufpoppen was dir mitteilt das die Datei gespeichert wurde (file saved)
Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.

CKFiles.txt (habe ich was falsch gemacht??)

Code:

CKScanner - Additional Security Risks - These are not necessarily bad

scanner sequence 3.RP.11.PMNAXT

 ----- EOF -----

Schritt 1: aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 2: Scan mit TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

TDSS-Killer:

Code:

13:07:30.0622 2432        TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30

13:07:30.0991 2432        ============================================================

13:07:30.0991 2432        Current date / time: 2012/05/27 13:07:30.0991

13:07:30.0991 2432        SystemInfo:

13:07:30.0991 2432        

13:07:30.0991 2432        OS Version: 6.1.7601 ServicePack: 1.0

13:07:30.0991 2432        Product type: Workstation

13:07:30.0991 2432        ComputerName: JOHN-PC

13:07:30.0991 2432        UserName: John

13:07:30.0991 2432        Windows directory: C:\Windows

13:07:30.0991 2432        System windows directory: C:\Windows

13:07:30.0991 2432        Running under WOW64

13:07:30.0991 2432        Processor architecture: Intel x64

13:07:30.0991 2432        Number of processors: 4

13:07:30.0991 2432        Page size: 0x1000

13:07:30.0991 2432        Boot type: Normal boot

13:07:30.0991 2432        ============================================================

13:07:33.0459 2432        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:07:33.0470 2432        ============================================================

13:07:33.0471 2432        \Device\Harddisk0\DR0:

13:07:33.0471 2432        MBR partitions:

13:07:33.0471 2432        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x12A14A08

13:07:33.0486 2432        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15127000, BlocksNum 0x35730800

13:07:33.0486 2432        ============================================================

13:07:33.0556 2432        C: <-> \Device\Harddisk0\DR0\Partition0

13:07:33.0597 2432        D: <-> \Device\Harddisk0\DR0\Partition1

13:07:33.0597 2432        ============================================================

13:07:33.0597 2432        Initialize success

13:07:33.0597 2432        ============================================================

13:07:48.0396 3596        ============================================================

13:07:48.0396 3596        Scan started

13:07:48.0396 3596        Mode: Manual; TDLFS; 

13:07:48.0396 3596        ============================================================

13:07:49.0559 3596        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

13:07:49.0565 3596        1394ohci - ok

13:07:49.0611 3596        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

13:07:49.0615 3596        ACPI - ok

13:07:49.0635 3596        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

13:07:49.0636 3596        AcpiPmi - ok

13:07:49.0801 3596        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:07:49.0810 3596        AdobeARMservice - ok

13:07:49.0995 3596        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

13:07:49.0997 3596        AdobeFlashPlayerUpdateSvc - ok

13:07:50.0062 3596        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:07:50.0076 3596        adp94xx - ok

13:07:50.0132 3596        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:07:50.0143 3596        adpahci - ok

13:07:50.0180 3596        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:07:50.0188 3596        adpu320 - ok

13:07:50.0396 3596        AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

13:07:50.0423 3596        AdvancedSystemCareService5 - ok

13:07:50.0466 3596        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:07:50.0467 3596        AeLookupSvc - ok

13:07:50.0533 3596        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

13:07:50.0538 3596        AFD - ok

13:07:50.0571 3596        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

13:07:50.0573 3596        agp440 - ok

13:07:50.0920 3596        Akamai          (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll

13:07:50.0920 3596        Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7

13:07:50.0928 3596        Akamai ( HiddenFile.Multi.Generic ) - warning

13:07:50.0928 3596        Akamai - detected HiddenFile.Multi.Generic (1)

13:07:51.0060 3596        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:07:51.0061 3596        ALG - ok

13:07:51.0126 3596        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

13:07:51.0127 3596        aliide - ok

13:07:51.0178 3596        AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe

13:07:51.0180 3596        AMD External Events Utility - ok

13:07:51.0247 3596        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

13:07:51.0268 3596        amdide - ok

13:07:51.0306 3596        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:07:51.0307 3596        AmdK8 - ok

13:07:51.0847 3596        amdkmdag        (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys

13:07:51.0971 3596        amdkmdag - ok

13:07:52.0159 3596        amdkmdap        (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys

13:07:52.0169 3596        amdkmdap - ok

13:07:52.0225 3596        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:07:52.0226 3596        AmdPPM - ok

13:07:52.0257 3596        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

13:07:52.0259 3596        amdsata - ok

13:07:52.0294 3596        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:07:52.0303 3596        amdsbs - ok

13:07:52.0315 3596        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

13:07:52.0317 3596        amdxata - ok

13:07:52.0444 3596        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

13:07:52.0455 3596        AntiVirSchedulerService - ok

13:07:52.0488 3596        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

13:07:52.0501 3596        AntiVirService - ok

13:07:52.0575 3596        AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

13:07:52.0604 3596        AntiVirWebService - ok

13:07:52.0632 3596        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

13:07:52.0634 3596        AppID - ok

13:07:52.0701 3596        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:07:52.0703 3596        AppIDSvc - ok

13:07:52.0742 3596        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

13:07:52.0743 3596        Appinfo - ok

13:07:52.0802 3596        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:07:52.0803 3596        arc - ok

13:07:52.0822 3596        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:07:52.0823 3596        arcsas - ok

13:07:52.0946 3596        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

13:07:52.0954 3596        aspnet_state - ok

13:07:52.0974 3596        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:07:52.0976 3596        AsyncMac - ok

13:07:53.0009 3596        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

13:07:53.0010 3596        atapi - ok

13:07:53.0272 3596        athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys

13:07:53.0335 3596        athr - ok

13:07:53.0505 3596        AtiHDAudioService (cbe5f8b3e54198f5dfe403a55a95de08) C:\Windows\system32\drivers\AtihdW76.sys

13:07:53.0507 3596        AtiHDAudioService - ok

13:07:53.0550 3596        AtiHdmiService  (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys

13:07:53.0551 3596        AtiHdmiService - ok

13:07:53.0632 3596        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:07:53.0639 3596        AudioEndpointBuilder - ok

13:07:53.0648 3596        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:07:53.0654 3596        AudioSrv - ok

13:07:53.0698 3596        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys

13:07:53.0699 3596        avgntflt - ok

13:07:53.0747 3596        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys

13:07:53.0748 3596        avipbb - ok

13:07:53.0772 3596        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

13:07:53.0773 3596        avkmgr - ok

13:07:53.0813 3596        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

13:07:53.0815 3596        AxInstSV - ok

13:07:53.0902 3596        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:07:53.0916 3596        b06bdrv - ok

13:07:53.0965 3596        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:07:53.0980 3596        b57nd60a - ok

13:07:54.0015 3596        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:07:54.0017 3596        BDESVC - ok

13:07:54.0035 3596        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:07:54.0036 3596        Beep - ok

13:07:54.0163 3596        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

13:07:54.0171 3596        BFE - ok

13:07:54.0265 3596        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

13:07:54.0277 3596        BITS - ok

13:07:54.0448 3596        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:07:54.0449 3596        blbdrive - ok

13:07:54.0511 3596        Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

13:07:54.0531 3596        Bonjour Service - ok

13:07:54.0565 3596        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

13:07:54.0566 3596        bowser - ok

13:07:54.0585 3596        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:07:54.0587 3596        BrFiltLo - ok

13:07:54.0605 3596        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:07:54.0607 3596        BrFiltUp - ok

13:07:54.0651 3596        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

13:07:54.0653 3596        BridgeMP - ok

13:07:54.0695 3596        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

13:07:54.0697 3596        Browser - ok

13:07:54.0733 3596        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:07:54.0746 3596        Brserid - ok

13:07:54.0762 3596        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:07:54.0764 3596        BrSerWdm - ok

13:07:54.0782 3596        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:07:54.0784 3596        BrUsbMdm - ok

13:07:54.0789 3596        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:07:54.0790 3596        BrUsbSer - ok

13:07:54.0808 3596        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:07:54.0810 3596        BTHMODEM - ok

13:07:54.0850 3596        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:07:54.0851 3596        bthserv - ok

13:07:54.0864 3596        catchme - ok

13:07:54.0904 3596        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:07:54.0906 3596        cdfs - ok

13:07:54.0948 3596        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

13:07:54.0950 3596        cdrom - ok

13:07:54.0984 3596        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:07:54.0986 3596        CertPropSvc - ok

13:07:55.0012 3596        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:07:55.0013 3596        circlass - ok

13:07:55.0073 3596        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:07:55.0077 3596        CLFS - ok

13:07:55.0199 3596        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:07:55.0209 3596        clr_optimization_v2.0.50727_32 - ok

13:07:55.0283 3596        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:07:55.0292 3596        clr_optimization_v2.0.50727_64 - ok

13:07:55.0368 3596        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:07:55.0379 3596        clr_optimization_v4.0.30319_32 - ok

13:07:55.0471 3596        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:07:55.0482 3596        clr_optimization_v4.0.30319_64 - ok

13:07:55.0556 3596        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:07:55.0557 3596        CmBatt - ok

13:07:55.0576 3596        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

13:07:55.0578 3596        cmdide - ok

13:07:55.0643 3596        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

13:07:55.0656 3596        CNG - ok

13:07:55.0691 3596        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:07:55.0692 3596        Compbatt - ok

13:07:55.0726 3596        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

13:07:55.0727 3596        CompositeBus - ok

13:07:55.0731 3596        COMSysApp - ok

13:07:55.0745 3596        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:07:55.0747 3596        crcdisk - ok

13:07:55.0787 3596        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

13:07:55.0789 3596        CryptSvc - ok

13:07:55.0865 3596        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:07:55.0873 3596        DcomLaunch - ok

13:07:55.0931 3596        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:07:55.0945 3596        defragsvc - ok

13:07:55.0977 3596        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

13:07:55.0979 3596        DfsC - ok

13:07:56.0014 3596        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

13:07:56.0028 3596        Dhcp - ok

13:07:56.0057 3596        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:07:56.0058 3596        discache - ok

13:07:56.0079 3596        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:07:56.0080 3596        Disk - ok

13:07:56.0132 3596        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

13:07:56.0140 3596        Dnscache - ok

13:07:56.0190 3596        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

13:07:56.0206 3596        dot3svc - ok

13:07:56.0268 3596        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

13:07:56.0278 3596        DPS - ok

13:07:56.0331 3596        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:07:56.0334 3596        drmkaud - ok

13:07:56.0386 3596        dtsoftbus01     (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

13:07:56.0401 3596        dtsoftbus01 - ok

13:07:56.0525 3596        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

13:07:56.0545 3596        DXGKrnl - ok

13:07:56.0585 3596        e2eVAWdm        (fec2c525df6838f3589529b549ab0a8e) C:\Windows\system32\DRIVERS\VAud_WDM.sys

13:07:56.0587 3596        e2eVAWdm - ok

13:07:56.0627 3596        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:07:56.0630 3596        EapHost - ok

13:07:56.0880 3596        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:07:56.0947 3596        ebdrv - ok

13:07:57.0080 3596        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

13:07:57.0082 3596        EFS - ok

13:07:57.0198 3596        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

13:07:57.0233 3596        ehRecvr - ok

13:07:57.0277 3596        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:07:57.0287 3596        ehSched - ok

13:07:57.0401 3596        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:07:57.0410 3596        elxstor - ok

13:07:57.0437 3596        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

13:07:57.0438 3596        ErrDev - ok

13:07:57.0526 3596        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:07:57.0531 3596        EventSystem - ok

13:07:57.0558 3596        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:07:57.0566 3596        exfat - ok

13:07:57.0594 3596        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:07:57.0602 3596        fastfat - ok

13:07:57.0694 3596        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

13:07:57.0714 3596        Fax - ok

13:07:57.0749 3596        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:07:57.0750 3596        fdc - ok

13:07:57.0771 3596        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:07:57.0773 3596        fdPHost - ok

13:07:57.0788 3596        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:07:57.0790 3596        FDResPub - ok

13:07:57.0814 3596        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:07:57.0816 3596        FileInfo - ok

13:07:58.0073 3596        FileMonitor     (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys

13:07:58.0079 3596        FileMonitor - ok

13:07:58.0098 3596        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:07:58.0099 3596        Filetrace - ok

13:07:58.0217 3596        FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

13:07:58.0237 3596        FLEXnet Licensing Service - ok

13:07:58.0285 3596        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:07:58.0286 3596        flpydisk - ok

13:07:58.0338 3596        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

13:07:58.0350 3596        FltMgr - ok

13:07:58.0462 3596        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

13:07:58.0477 3596        FontCache - ok

13:07:58.0605 3596        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:07:58.0613 3596        FontCache3.0.0.0 - ok

13:07:58.0660 3596        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:07:58.0661 3596        FsDepends - ok

13:07:58.0682 3596        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

13:07:58.0682 3596        Fs_Rec - ok

13:07:58.0730 3596        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:07:58.0733 3596        fvevol - ok

13:07:58.0750 3596        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:07:58.0751 3596        gagp30kx - ok

13:07:58.0844 3596        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

13:07:58.0864 3596        gpsvc - ok

13:07:58.0898 3596        hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

13:07:58.0899 3596        hamachi - ok

13:07:58.0939 3596        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:07:58.0940 3596        hcw85cir - ok

13:07:58.0999 3596        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

13:07:59.0034 3596        HdAudAddService - ok

13:07:59.0081 3596        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

13:07:59.0083 3596        HDAudBus - ok

13:07:59.0088 3596        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:07:59.0090 3596        HidBatt - ok

13:07:59.0101 3596        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:07:59.0102 3596        HidBth - ok

13:07:59.0126 3596        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:07:59.0128 3596        HidIr - ok

13:07:59.0156 3596        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

13:07:59.0158 3596        hidserv - ok

13:07:59.0195 3596        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

13:07:59.0196 3596        HidUsb - ok

13:07:59.0274 3596        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

13:07:59.0277 3596        hkmsvc - ok

13:07:59.0331 3596        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

13:07:59.0370 3596        HomeGroupListener - ok

13:07:59.0431 3596        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

13:07:59.0439 3596        HomeGroupProvider - ok

13:07:59.0472 3596        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

13:07:59.0474 3596        HpSAMD - ok

13:07:59.0553 3596        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

13:07:59.0562 3596        HTTP - ok

13:07:59.0581 3596        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

13:07:59.0582 3596        hwpolicy - ok

13:07:59.0615 3596        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

13:07:59.0617 3596        i8042prt - ok

13:07:59.0674 3596        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

13:07:59.0692 3596        iaStorV - ok

13:07:59.0930 3596        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:07:59.0969 3596        idsvc - ok

13:08:00.0006 3596        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:08:00.0007 3596        iirsp - ok

13:08:00.0094 3596        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

13:08:00.0116 3596        IKEEXT - ok

13:08:00.0305 3596        IMFservice      (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

13:08:00.0328 3596        IMFservice - ok

13:08:00.0689 3596        IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys

13:08:00.0777 3596        IntcAzAudAddService - ok

13:08:00.0914 3596        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

13:08:00.0915 3596        intelide - ok

13:08:00.0953 3596        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:08:00.0955 3596        intelppm - ok

13:08:01.0008 3596        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

13:08:01.0010 3596        IPBusEnum - ok

13:08:01.0044 3596        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:08:01.0045 3596        IpFilterDriver - ok

13:08:01.0151 3596        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

13:08:01.0194 3596        iphlpsvc - ok

13:08:01.0234 3596        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

13:08:01.0235 3596        IPMIDRV - ok

13:08:01.0273 3596        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:08:01.0285 3596        IPNAT - ok

13:08:01.0326 3596        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:08:01.0327 3596        IRENUM - ok

13:08:01.0371 3596        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

13:08:01.0372 3596        isapnp - ok

13:08:01.0426 3596        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

13:08:01.0440 3596        iScsiPrt - ok

13:08:01.0514 3596        JMCR            (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys

13:08:01.0516 3596        JMCR - ok

13:08:01.0557 3596        JME             (8adaafcd2b8c259debf6c8dfd9727889) C:\Windows\system32\DRIVERS\JME.sys

13:08:01.0559 3596        JME - ok

13:08:01.0611 3596        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

13:08:01.0612 3596        kbdclass - ok

13:08:01.0646 3596        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

13:08:01.0647 3596        kbdhid - ok

13:08:01.0679 3596        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:08:01.0681 3596        KeyIso - ok

13:08:01.0702 3596        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

13:08:01.0704 3596        KSecDD - ok

13:08:01.0729 3596        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

13:08:01.0739 3596        KSecPkg - ok

13:08:01.0766 3596        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:08:01.0767 3596        ksthunk - ok

13:08:01.0827 3596        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:08:01.0833 3596        KtmRm - ok

13:08:01.0895 3596        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

13:08:01.0911 3596        LanmanServer - ok

13:08:01.0958 3596        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

13:08:01.0962 3596        LanmanWorkstation - ok

13:08:01.0990 3596        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:08:01.0992 3596        lltdio - ok

13:08:02.0054 3596        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

13:08:02.0068 3596        lltdsvc - ok

13:08:02.0084 3596        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

13:08:02.0086 3596        lmhosts - ok

13:08:02.0109 3596        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:08:02.0111 3596        LSI_FC - ok

13:08:02.0140 3596        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:08:02.0141 3596        LSI_SAS - ok

13:08:02.0150 3596        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:08:02.0152 3596        LSI_SAS2 - ok

13:08:02.0165 3596        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:08:02.0167 3596        LSI_SCSI - ok

13:08:02.0192 3596        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:08:02.0194 3596        luafv - ok

13:08:02.0222 3596        massfilter      (1b4dbcaa0321bbb76255983148051f09) C:\Windows\system32\drivers\massfilter.sys

13:08:02.0223 3596        massfilter - ok

13:08:02.0270 3596        MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

13:08:02.0271 3596        MBAMProtector - ok

13:08:02.0419 3596        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:08:02.0448 3596        MBAMService - ok

13:08:02.0499 3596        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

13:08:02.0502 3596        Mcx2Svc - ok

13:08:02.0607 3596        MDM             (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

13:08:02.0621 3596        MDM - ok

13:08:02.0658 3596        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:08:02.0660 3596        megasas - ok

13:08:02.0685 3596        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:08:02.0689 3596        MegaSR - ok

13:08:02.0742 3596        Microsoft SharePoint Workspace Audit Service - ok

13:08:02.0776 3596        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:08:02.0778 3596        MMCSS - ok

13:08:02.0797 3596        mmfo - ok

13:08:02.0833 3596        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:08:02.0834 3596        Modem - ok

13:08:02.0855 3596        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:08:02.0856 3596        monitor - ok

13:08:02.0943 3596        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:08:02.0944 3596        mouclass - ok

13:08:02.0975 3596        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:08:02.0976 3596        mouhid - ok

13:08:03.0008 3596        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

13:08:03.0010 3596        mountmgr - ok

13:08:03.0078 3596        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

13:08:03.0090 3596        MozillaMaintenance - ok

13:08:03.0132 3596        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

13:08:03.0142 3596        mpio - ok

13:08:03.0176 3596        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:08:03.0179 3596        mpsdrv - ok

13:08:03.0334 3596        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

13:08:03.0387 3596        MpsSvc - ok

13:08:03.0431 3596        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

13:08:03.0433 3596        MRxDAV - ok

13:08:03.0484 3596        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:08:03.0493 3596        mrxsmb - ok

13:08:03.0538 3596        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:08:03.0550 3596        mrxsmb10 - ok

13:08:03.0579 3596        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:08:03.0581 3596        mrxsmb20 - ok

13:08:03.0611 3596        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

13:08:03.0613 3596        msahci - ok

13:08:03.0658 3596        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

13:08:03.0660 3596        msdsm - ok

13:08:03.0737 3596        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

13:08:03.0740 3596        MSDTC - ok

13:08:03.0783 3596        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:08:03.0784 3596        Msfs - ok

13:08:03.0804 3596        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:08:03.0805 3596        mshidkmdf - ok

13:08:03.0832 3596        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

13:08:03.0833 3596        msisadrv - ok

13:08:03.0876 3596        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

13:08:03.0886 3596        MSiSCSI - ok

13:08:03.0890 3596        msiserver - ok

13:08:03.0905 3596        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:08:03.0906 3596        MSKSSRV - ok

13:08:03.0911 3596        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:08:03.0912 3596        MSPCLOCK - ok

13:08:03.0917 3596        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:08:03.0918 3596        MSPQM - ok

13:08:03.0983 3596        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

13:08:03.0992 3596        MsRPC - ok

13:08:04.0020 3596        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

13:08:04.0022 3596        mssmbios - ok

13:08:04.0059 3596        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:08:04.0060 3596        MSTEE - ok

13:08:04.0065 3596        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:08:04.0067 3596        MTConfig - ok

13:08:04.0107 3596        MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys

13:08:04.0108 3596        MTsensor - ok

13:08:04.0132 3596        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:08:04.0134 3596        Mup - ok

13:08:04.0241 3596        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

13:08:04.0251 3596        napagent - ok

13:08:04.0305 3596        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:08:04.0317 3596        NativeWifiP - ok

13:08:04.0417 3596        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

13:08:04.0428 3596        NDIS - ok

13:08:04.0458 3596        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:08:04.0460 3596        NdisCap - ok

13:08:04.0470 3596        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:08:04.0471 3596        NdisTapi - ok

13:08:04.0494 3596        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

13:08:04.0495 3596        Ndisuio - ok

13:08:04.0529 3596        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

13:08:04.0538 3596        NdisWan - ok

13:08:04.0565 3596        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

13:08:04.0566 3596        NDProxy - ok

13:08:04.0587 3596        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:08:04.0588 3596        NetBIOS - ok

13:08:04.0657 3596        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

13:08:04.0661 3596        NetBT - ok

13:08:04.0690 3596        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:08:04.0692 3596        Netlogon - ok

13:08:04.0746 3596        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

13:08:04.0752 3596        Netman - ok

13:08:04.0862 3596        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:08:04.0875 3596        NetMsmqActivator - ok

13:08:04.0879 3596        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:08:04.0881 3596        NetPipeActivator - ok

13:08:04.0956 3596        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

13:08:04.0970 3596        netprofm - ok

13:08:04.0987 3596        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:08:04.0989 3596        NetTcpActivator - ok

13:08:04.0994 3596        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:08:04.0995 3596        NetTcpPortSharing - ok

13:08:05.0044 3596        nfccu - ok

13:08:05.0088 3596        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:08:05.0089 3596        nfrd960 - ok

13:08:05.0162 3596        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

13:08:05.0198 3596        NlaSvc - ok

13:08:05.0282 3596        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:08:05.0284 3596        Npfs - ok

13:08:05.0321 3596        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

13:08:05.0324 3596        nsi - ok

13:08:05.0357 3596        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:08:05.0357 3596        nsiproxy - ok

13:08:05.0555 3596        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

13:08:05.0598 3596        Ntfs - ok

13:08:05.0767 3596        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:08:05.0769 3596        Null - ok

13:08:05.0812 3596        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

13:08:05.0814 3596        nvraid - ok

13:08:05.0862 3596        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

13:08:05.0871 3596        nvstor - ok

13:08:05.0935 3596        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

13:08:05.0937 3596        nv_agp - ok

13:08:05.0973 3596        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

13:08:05.0974 3596        ohci1394 - ok

13:08:06.0076 3596        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:08:06.0086 3596        ose - ok

13:08:06.0565 3596        osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

13:08:06.0831 3596        osppsvc - ok

13:08:06.0982 3596        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:08:06.0994 3596        p2pimsvc - ok

13:08:07.0042 3596        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

13:08:07.0056 3596        p2psvc - ok

13:08:07.0148 3596        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:08:07.0150 3596        Parport - ok

13:08:07.0183 3596        partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

13:08:07.0184 3596        partmgr - ok

13:08:07.0223 3596        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

13:08:07.0227 3596        PcaSvc - ok

13:08:07.0275 3596        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

13:08:07.0277 3596        pci - ok

13:08:07.0318 3596        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

13:08:07.0319 3596        pciide - ok

13:08:07.0390 3596        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:08:07.0429 3596        pcmcia - ok

13:08:07.0467 3596        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:08:07.0469 3596        pcw - ok

13:08:07.0534 3596        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:08:07.0580 3596        PEAUTH - ok

13:08:07.0758 3596        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

13:08:07.0765 3596        PerfHost - ok

13:08:08.0019 3596        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

13:08:08.0049 3596        pla - ok

13:08:08.0123 3596        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

13:08:08.0140 3596        PlugPlay - ok

13:08:08.0145 3596        PnkBstrA - ok

13:08:08.0182 3596        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

13:08:08.0185 3596        PNRPAutoReg - ok

13:08:08.0228 3596        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:08:08.0232 3596        PNRPsvc - ok

13:08:08.0301 3596        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

13:08:08.0324 3596        PolicyAgent - ok

13:08:08.0372 3596        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

13:08:08.0381 3596        Power - ok

13:08:08.0460 3596        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

13:08:08.0462 3596        PptpMiniport - ok

13:08:08.0492 3596        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:08:08.0493 3596        Processor - ok

13:08:08.0546 3596        ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

13:08:08.0553 3596        ProfSvc - ok

13:08:08.0580 3596        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:08:08.0582 3596        ProtectedStorage - ok

13:08:08.0612 3596        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

13:08:08.0613 3596        Psched - ok

13:08:08.0638 3596        PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

13:08:08.0640 3596        PxHlpa64 - ok

13:08:08.0775 3596        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:08:08.0813 3596        ql2300 - ok

13:08:09.0074 3596        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:08:09.0076 3596        ql40xx - ok

13:08:09.0133 3596        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

13:08:09.0173 3596        QWAVE - ok

13:08:09.0221 3596        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:08:09.0222 3596        QWAVEdrv - ok

13:08:09.0244 3596        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:08:09.0246 3596        RasAcd - ok

13:08:09.0284 3596        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:08:09.0285 3596        RasAgileVpn - ok

13:08:09.0315 3596        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

13:08:09.0319 3596        RasAuto - ok

13:08:09.0358 3596        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:08:09.0360 3596        Rasl2tp - ok

13:08:09.0405 3596        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

13:08:09.0416 3596        RasMan - ok

13:08:09.0467 3596        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:08:09.0469 3596        RasPppoe - ok

13:08:09.0505 3596        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:08:09.0507 3596        RasSstp - ok

13:08:09.0556 3596        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

13:08:09.0567 3596        rdbss - ok

13:08:09.0579 3596        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:08:09.0581 3596        rdpbus - ok

13:08:09.0594 3596        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:08:09.0596 3596        RDPCDD - ok

13:08:09.0618 3596        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:08:09.0619 3596        RDPENCDD - ok

13:08:09.0632 3596        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:08:09.0634 3596        RDPREFMP - ok

13:08:09.0683 3596        RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

13:08:09.0686 3596        RDPWD - ok

13:08:09.0740 3596        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

13:08:09.0745 3596        rdyboost - ok

13:08:09.0897 3596        RegFilter       (c3b79061634fbc3ba3379f557ad952c7) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys

13:08:09.0898 3596        RegFilter - ok

13:08:09.0967 3596        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

13:08:09.0970 3596        RemoteAccess - ok

13:08:10.0011 3596        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

13:08:10.0015 3596        RemoteRegistry - ok

13:08:10.0042 3596        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

13:08:10.0045 3596        RpcEptMapper - ok

13:08:10.0076 3596        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

13:08:10.0078 3596        RpcLocator - ok

13:08:10.0151 3596        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:08:10.0157 3596        RpcSs - ok

13:08:10.0196 3596        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:08:10.0197 3596        rspndr - ok

13:08:10.0224 3596        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:08:10.0226 3596        SamSs - ok

13:08:10.0267 3596        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

13:08:10.0269 3596        sbp2port - ok

13:08:10.0321 3596        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

13:08:10.0328 3596        SCardSvr - ok

13:08:10.0370 3596        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

13:08:10.0372 3596        scfilter - ok

13:08:10.0494 3596        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

13:08:10.0507 3596        Schedule - ok

13:08:10.0529 3596        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:08:10.0530 3596        SCPolicySvc - ok

13:08:10.0567 3596        sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

13:08:10.0569 3596        sdbus - ok

13:08:10.0610 3596        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

13:08:10.0620 3596        SDRSVC - ok

13:08:10.0671 3596        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:08:10.0672 3596        secdrv - ok

13:08:10.0721 3596        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

13:08:10.0724 3596        seclogon - ok

13:08:10.0763 3596        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

13:08:10.0766 3596        SENS - ok

13:08:10.0790 3596        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

13:08:10.0793 3596        SensrSvc - ok

13:08:10.0812 3596        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:08:10.0814 3596        Serenum - ok

13:08:10.0851 3596        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:08:10.0853 3596        Serial - ok

13:08:10.0880 3596        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:08:10.0881 3596        sermouse - ok

13:08:10.0918 3596        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

13:08:10.0922 3596        SessionEnv - ok

13:08:10.0962 3596        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

13:08:10.0963 3596        sffdisk - ok

13:08:10.0996 3596        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

13:08:10.0997 3596        sffp_mmc - ok

13:08:11.0008 3596        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

13:08:11.0010 3596        sffp_sd - ok

13:08:11.0040 3596        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:08:11.0041 3596        sfloppy - ok

13:08:11.0147 3596        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

13:08:11.0188 3596        SharedAccess - ok

13:08:11.0284 3596        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

13:08:11.0289 3596        ShellHWDetection - ok

13:08:11.0325 3596        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:08:11.0326 3596        SiSRaid2 - ok

13:08:11.0346 3596        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:08:11.0348 3596        SiSRaid4 - ok

13:08:11.0448 3596        SkypeUpdate     (9bac4f095b1e802268b33e4c8ba57256) C:\Program Files (x86)\Skype\Updater\Updater.exe

13:08:11.0521 3596        SkypeUpdate - ok

13:08:11.0588 3596        SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys

13:08:11.0590 3596        SmartDefragDriver - ok

13:08:11.0628 3596        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:08:11.0630 3596        Smb - ok

13:08:11.0674 3596        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

13:08:11.0677 3596        SNMPTRAP - ok

13:08:11.0839 3596        SNP2UVC         (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys

13:08:11.0877 3596        SNP2UVC - ok

13:08:12.0002 3596        Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

13:08:12.0025 3596        Sony Ericsson PCCompanion - ok

13:08:12.0182 3596        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:08:12.0183 3596        spldr - ok

13:08:12.0269 3596        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

13:08:12.0277 3596        Spooler - ok

13:08:12.0558 3596        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

13:08:12.0637 3596        sppsvc - ok

13:08:12.0769 3596        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

13:08:12.0772 3596        sppuinotify - ok

13:08:12.0788 3596        sptd - ok

13:08:12.0869 3596        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

13:08:12.0881 3596        srv - ok

13:08:12.0935 3596        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

13:08:12.0940 3596        srv2 - ok

13:08:12.0965 3596        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

13:08:12.0974 3596        srvnet - ok

13:08:13.0033 3596        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

13:08:13.0038 3596        SSDPSRV - ok

13:08:13.0062 3596        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

13:08:13.0066 3596        SstpSvc - ok

13:08:13.0088 3596        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:08:13.0088 3596        stexstor - ok

13:08:13.0169 3596        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

13:08:13.0195 3596        stisvc - ok

13:08:13.0222 3596        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

13:08:13.0223 3596        swenum - ok

13:08:13.0382 3596        SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

13:08:13.0401 3596        SwitchBoard - ok

13:08:13.0498 3596        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

13:08:13.0507 3596        swprv - ok

13:08:13.0678 3596        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

13:08:13.0711 3596        SysMain - ok

13:08:13.0842 3596        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

13:08:13.0845 3596        TabletInputService - ok

13:08:13.0921 3596        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

13:08:13.0926 3596        TapiSrv - ok

13:08:13.0969 3596        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

13:08:13.0972 3596        TBS - ok

13:08:14.0211 3596        Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

13:08:14.0248 3596        Tcpip - ok

13:08:14.0530 3596        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

13:08:14.0545 3596        TCPIP6 - ok

13:08:14.0662 3596        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

13:08:14.0664 3596        tcpipreg - ok

13:08:14.0704 3596        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:08:14.0705 3596        TDPIPE - ok

13:08:14.0744 3596        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

13:08:14.0745 3596        TDTCP - ok

13:08:14.0781 3596        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

13:08:14.0783 3596        tdx - ok

13:08:14.0817 3596        teamviewervpn   (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys

13:08:14.0818 3596        teamviewervpn - ok

13:08:14.0869 3596        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

13:08:14.0870 3596        TermDD - ok

13:08:14.0958 3596        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

13:08:14.0967 3596        TermService - ok

13:08:15.0003 3596        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

13:08:15.0006 3596        Themes - ok

13:08:15.0042 3596        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:08:15.0045 3596        THREADORDER - ok

13:08:15.0069 3596        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

13:08:15.0072 3596        TrkWks - ok

13:08:15.0143 3596        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

13:08:15.0158 3596        TrustedInstaller - ok

13:08:15.0233 3596        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:08:15.0235 3596        tssecsrv - ok

13:08:15.0256 3596        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

13:08:15.0258 3596        TsUsbFlt - ok

13:08:15.0302 3596        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

13:08:15.0304 3596        tunnel - ok

13:08:15.0344 3596        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:08:15.0345 3596        uagp35 - ok

13:08:15.0387 3596        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

13:08:15.0396 3596        udfs - ok

13:08:15.0445 3596        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

13:08:15.0448 3596        UI0Detect - ok

13:08:15.0486 3596        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

13:08:15.0488 3596        uliagpkx - ok

13:08:15.0504 3596        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

13:08:15.0506 3596        umbus - ok

13:08:15.0536 3596        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:08:15.0538 3596        UmPass - ok

13:08:15.0584 3596        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

13:08:15.0593 3596        upnphost - ok

13:08:15.0706 3596        UrlFilter       (401984715693b87fdf4f600fbbebd366) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys

13:08:15.0707 3596        UrlFilter - ok

13:08:15.0745 3596        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

13:08:15.0746 3596        usbccgp - ok

13:08:15.0802 3596        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

13:08:15.0804 3596        usbcir - ok

13:08:15.0832 3596        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

13:08:15.0833 3596        usbehci - ok

13:08:15.0896 3596        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

13:08:15.0906 3596        usbhub - ok

13:08:15.0935 3596        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

13:08:15.0936 3596        usbohci - ok

13:08:15.0969 3596        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:08:15.0970 3596        usbprint - ok

13:08:15.0997 3596        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

13:08:15.0998 3596        usbscan - ok

13:08:16.0021 3596        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:08:16.0022 3596        USBSTOR - ok

13:08:16.0054 3596        usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

13:08:16.0056 3596        usbuhci - ok

13:08:16.0100 3596        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

13:08:16.0103 3596        usbvideo - ok

13:08:16.0137 3596        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

13:08:16.0141 3596        UxSms - ok

13:08:16.0282 3596        VASDeviceDrm    (27542d7e24442eb79e459771ce256045) C:\Windows\system32\drivers\vasdDev.sys

13:08:16.0323 3596        VASDeviceDrm - ok

13:08:16.0446 3596        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:08:16.0447 3596        VaultSvc - ok

13:08:16.0517 3596        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

13:08:16.0519 3596        vdrvroot - ok

13:08:16.0603 3596        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

13:08:16.0622 3596        vds - ok

13:08:16.0685 3596        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:08:16.0686 3596        vga - ok

13:08:16.0703 3596        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:08:16.0704 3596        VgaSave - ok

13:08:16.0751 3596        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

13:08:16.0757 3596        vhdmp - ok

13:08:16.0791 3596        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

13:08:16.0813 3596        viaide - ok

13:08:16.0837 3596        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

13:08:16.0838 3596        volmgr - ok

13:08:16.0894 3596        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

13:08:16.0898 3596        volmgrx - ok

13:08:16.0937 3596        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

13:08:16.0949 3596        volsnap - ok

13:08:16.0991 3596        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:08:16.0993 3596        vsmraid - ok

13:08:17.0134 3596        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

13:08:17.0210 3596        VSS - ok

13:08:17.0392 3596        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

13:08:17.0393 3596        vwifibus - ok

13:08:17.0420 3596        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

13:08:17.0422 3596        vwififlt - ok

13:08:17.0438 3596        vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

13:08:17.0440 3596        vwifimp - ok

13:08:17.0503 3596        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

13:08:17.0521 3596        W32Time - ok

13:08:17.0538 3596        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:08:17.0539 3596        WacomPen - ok

13:08:17.0569 3596        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:08:17.0571 3596        WANARP - ok

13:08:17.0575 3596        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:08:17.0576 3596        Wanarpv6 - ok

13:08:17.0713 3596        WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

13:08:17.0797 3596        WatAdminSvc - ok

13:08:17.0957 3596        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

13:08:17.0994 3596        wbengine - ok

13:08:18.0122 3596        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

13:08:18.0127 3596        WbioSrvc - ok

13:08:18.0183 3596        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

13:08:18.0191 3596        wcncsvc - ok

13:08:18.0211 3596        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

13:08:18.0214 3596        WcsPlugInService - ok

13:08:18.0287 3596        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:08:18.0288 3596        Wd - ok

13:08:18.0351 3596        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:08:18.0375 3596        Wdf01000 - ok

13:08:18.0413 3596        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:08:18.0417 3596        WdiServiceHost - ok

13:08:18.0421 3596        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:08:18.0424 3596        WdiSystemHost - ok

13:08:18.0480 3596        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

13:08:18.0495 3596        WebClient - ok

13:08:18.0550 3596        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

13:08:18.0567 3596        Wecsvc - ok

13:08:18.0595 3596        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

13:08:18.0599 3596        wercplsupport - ok

13:08:18.0625 3596        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

13:08:18.0628 3596        WerSvc - ok

13:08:18.0786 3596        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:08:18.0787 3596        WfpLwf - ok

13:08:18.0803 3596        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:08:18.0804 3596        WIMMount - ok

13:08:18.0850 3596        WinDefend - ok

13:08:18.0862 3596        WinHttpAutoProxySvc - ok

13:08:18.0945 3596        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

13:08:18.0955 3596        Winmgmt - ok

13:08:19.0142 3596        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

13:08:19.0212 3596        WinRM - ok

13:08:19.0364 3596        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

13:08:19.0366 3596        WinUsb - ok

13:08:19.0464 3596        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

13:08:19.0482 3596        Wlansvc - ok

13:08:19.0861 3596        wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:08:19.0938 3596        wlidsvc - ok

13:08:20.0087 3596        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

13:08:20.0088 3596        WmiAcpi - ok

13:08:20.0175 3596        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

13:08:20.0190 3596        wmiApSrv - ok

13:08:20.0224 3596        WMPNetworkSvc - ok

13:08:20.0289 3596        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

13:08:20.0292 3596        WPCSvc - ok

13:08:20.0327 3596        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

13:08:20.0331 3596        WPDBusEnum - ok

13:08:20.0355 3596        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:08:20.0357 3596        ws2ifsl - ok

13:08:20.0409 3596        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

13:08:20.0413 3596        wscsvc - ok

13:08:20.0419 3596        WSearch - ok

13:08:20.0508 3596        WTGService      (86293b6785260309606b0b0b46e42252) C:\Program Files (x86)\3DataManager\WTGService.exe

13:08:20.0544 3596        WTGService - ok

13:08:20.0742 3596        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

13:08:20.0795 3596        wuauserv - ok

13:08:20.0956 3596        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

13:08:20.0958 3596        WudfPf - ok

13:08:20.0991 3596        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:08:20.0999 3596        WUDFRd - ok

13:08:21.0018 3596        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

13:08:21.0022 3596        wudfsvc - ok

13:08:21.0086 3596        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

13:08:21.0104 3596        WwanSvc - ok

13:08:21.0147 3596        ZTEusbmdm6k     (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys

13:08:21.0149 3596        ZTEusbmdm6k - ok

13:08:21.0192 3596        ZTEusbnmea      (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys

13:08:21.0194 3596        ZTEusbnmea - ok

13:08:21.0244 3596        ZTEusbser6k     (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys

13:08:21.0246 3596        ZTEusbser6k - ok

13:08:21.0268 3596        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:08:21.0739 3596        \Device\Harddisk0\DR0 - ok

13:08:21.0776 3596        Boot (0x1200)   (44fec4c97a8c695271e41986e9ca1921) \Device\Harddisk0\DR0\Partition0

13:08:21.0778 3596        \Device\Harddisk0\DR0\Partition0 - ok

13:08:21.0799 3596        Boot (0x1200)   (2b41c8864f2a7a3dd0b7076f1c6f3244) \Device\Harddisk0\DR0\Partition1

13:08:21.0801 3596        \Device\Harddisk0\DR0\Partition1 - ok

13:08:21.0802 3596        ============================================================

13:08:21.0802 3596        Scan finished

13:08:21.0802 3596        ============================================================

13:08:21.0814 3988        Detected object count: 1

13:08:21.0814 3988        Actual detected object count: 1

13:08:38.0139 3988        Akamai ( HiddenFile.Multi.Generic ) - skipped by user

13:08:38.0139 3988        Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

Was ist Akamai überhaupt :confused:

Jedenfalls aswMBR hat sich bei mir aufgehängt, hab es nochmals versucht und es hat sich wieder aufgehängt (während dem Scannen). Ich probiere es jetzt nochmal.

Nein es hat sich wieder aufgehängt. Ich kann damit nicht fertig scannen, was jetzt?

Verneine bei Programmstart den Scan mit avas!-Signaturen und scanne erneut

Es wird gar nicht mehr danach gefragt.
Es war nur beim ersten Start des Programms wo er gefragt hat ob ich mir die neuesten Avast-Signaturen herunterladen möchte und da hab ich akzeptiert. Jetzt aber egal wann ich es jetzt mehr aufmache, fragt er nicht mehr nach sondern schreibt sofort das die Signaturen geladen sind...

// Habe jetzt mit Crap Cleaner gecleant und es nochmal versucht. Diesmal hat er gefragt und ich hab auf Nein gedrückt. Jetzt scannt er ... mal schauen ob er sich diesmal aufhängt.

aswMBR.txt

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-05-27 13:47:28

-----------------------------

13:47:28.987    OS Version: Windows x64 6.1.7601 Service Pack 1

13:47:28.987    Number of processors: 4 586 0x503

13:47:28.988    ComputerName: JOHN-PC  UserName: John

13:47:34.836    Initialize success

13:48:38.764    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

13:48:38.766    Disk 0 Vendor: WDC_WD6400BEVT-80A0RT0 01.01A01 Size: 610480MB BusType: 11

13:48:38.848    Disk 0 MBR read successfully

13:48:38.849    Disk 0 MBR scan

13:48:38.852    Disk 0 Windows 7 default MBR code

13:48:38.855    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    20002 MB offset 63

13:48:38.874    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       152617 MB offset 40965750

13:48:38.876    Disk 0 Partition - 00     0F Extended LBA            437858 MB offset 353527808

13:48:38.908    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       437857 MB offset 353529856

13:48:38.992    Disk 0 scanning C:\Windows\system32\drivers

13:48:50.812    Service scanning

13:49:27.659    Modules scanning

13:49:27.659    Disk 0 trace - called modules:

13:49:27.687    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 

13:49:27.687    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fec060]

13:49:27.687    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004dad060]

13:49:27.688    Scan finished successfully

13:54:03.186    Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"

13:54:03.190    The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"

Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Lieber Marius,
du hast meine Frage vorhin nicht beantwortet. Hat das mit CKScanner bereits gepasst?

Jedenfalls ist hier mal das ComboFix-Log und ich würde gerne wissen wie es denn mit all diesen Logfiles ausschaut? Sind die alle clean oder konntest du noch irgendwas finden? Was ist mit diesem Akamai? Ist das unbedenklich oder soll ich das löschen? Bitte um ein paar Antworten ... wir könnten den ganzen Tag nur Logdateien erstellen und diverse Programme ausprobieren, aber wie sieht es denn jetzt aus?!

Code:

ComboFix 12-05-27.01 - John 27.05.2012  15:14:38.3.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.4094.2388 [GMT 2:00]

ausgeführt von:: c:\users\John\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-04-27 bis 2012-05-27  ))))))))))))))))))))))))))))))

.

.

2012-05-27 13:22 . 2012-05-27 13:22        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-05-27 10:36 . 2012-05-27 10:36        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2097FEE-C836-4DC7-AD43-391F37D145E8}\offreg.dll

2012-05-26 12:00 . 2012-05-26 12:00        61440        ----a-w-        c:\windows\SysWow64\drivers\ukmzyzk.sys

2012-05-26 11:48 . 2012-05-26 11:48        61440        ----a-w-        c:\windows\SysWow64\drivers\aaxblh.sys

2012-05-25 11:44 . 2012-05-14 23:41        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2097FEE-C836-4DC7-AD43-391F37D145E8}\mpengine.dll

2012-05-20 17:37 . 2012-02-23 08:18        279656        ------w-        c:\windows\system32\MpSigStub.exe

2012-05-19 19:36 . 2012-05-19 19:36        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2012-05-18 16:41 . 2012-05-18 16:47        --------        d-----w-        c:\users\John\.yawcam

2012-05-11 18:31 . 2012-05-11 18:31        --------        d-----w-        c:\users\John\AppData\Local\SplitMediaLabs

2012-05-10 18:54 . 2012-05-10 18:54        --------        d-sh--w-        c:\windows\SysWow64\%APPDATA%

2012-05-10 16:33 . 2012-03-03 06:35        1544704        ----a-w-        c:\windows\system32\DWrite.dll

2012-05-10 16:33 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll

2012-05-10 16:33 . 2012-03-31 06:05        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-05-10 16:33 . 2012-03-31 03:10        3146240        ----a-w-        c:\windows\system32\win32k.sys

2012-05-10 16:33 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-05-10 16:33 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-05-10 16:32 . 2012-03-17 07:58        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys

2012-05-10 16:32 . 2012-03-30 11:35        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-05-10 16:32 . 2012-03-31 05:42        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL

2012-05-10 16:32 . 2012-03-31 05:40        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll

2012-05-10 16:32 . 2012-03-31 05:40        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 16:32 . 2012-03-31 05:40        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll

2012-05-10 16:32 . 2012-03-31 04:29        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-02 17:05 . 2012-05-02 17:05        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service

2012-05-02 17:05 . 2012-05-02 17:05        157352        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-02 17:05 . 2012-05-02 17:05        129976        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-09 16:29 . 2011-10-16 17:07        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-05-09 16:29 . 2011-10-16 17:07        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-05-05 17:04 . 2012-04-02 10:34        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 17:04 . 2011-05-29 11:38        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 17:04 . 2012-04-02 11:04        8744608        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-24 14:29 . 2011-07-17 12:51        111928        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2012-04-04 13:56 . 2011-06-11 18:02        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-25 09:14 . 2012-03-25 09:13        937506065        ----a-w-        C:\FTP-Backup_AllSites_15.03.2012.zip

2012-03-21 12:30 . 2012-03-21 12:31        525544        ----a-w-        c:\windows\system32\deployJava1.dll

2012-03-13 17:51 . 2012-03-13 17:51        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe

2012-03-13 17:51 . 2012-03-13 17:51        77312        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-03-13 17:51 . 2012-03-13 17:51        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-03-13 17:50 . 2012-03-13 17:50        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll

2012-03-13 17:50 . 2012-03-13 17:50        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys

2012-03-13 17:50 . 2012-03-13 17:50        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-03-13 17:50 . 2012-03-13 17:50        1031680        ----a-w-        c:\windows\system32\rdpcore.dll

2012-03-01 06:46 . 2012-04-12 17:11        23408        ----a-w-        c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-12 17:11        220672        ----a-w-        c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-12 17:11        81408        ----a-w-        c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-12 17:11        5120        ----a-w-        c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-12 17:11        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-12 17:11        159232        ----a-w-        c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-12 17:11        5120        ----a-w-        c:\windows\SysWow64\wmi.dll

2012-02-28 06:56 . 2012-04-12 17:20        2311168        ----a-w-        c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-12 17:20        1390080        ----a-w-        c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-12 17:20        1493504        ----a-w-        c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-12 17:20        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-12 17:20        1799168        ----a-w-        c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-12 17:20        1427456        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 17:20        1127424        ----a-w-        c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-12 17:20        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]

"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-04-24 4711744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"AUTOWorker"="d:\john\worker\worker.exe" [2012-05-19 1988096]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0SmartDefragBootTime.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

R3 e2eVAWdm;e2eSoft VAudio;c:\windows\system32\DRIVERS\VAud_WDM.sys [x]

R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]

S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-09 465360]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 WTGService;WTGService;c:\program files (x86)\3DataManager\WTGService.exe [2010-07-08 333264]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184]

S3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-04-28 21872]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 80206027

*NewlyCreated* - 95898358

*NewlyCreated* - ASWMBR

*Deregistered* - 80206027

*Deregistered* - 95898358

*Deregistered* - aswMBR

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

Inhalt des "geplante Tasks" Ordners

.

2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:04]

.

2012-05-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001Core.job

- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 13:42]

.

2012-05-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001UA.job

- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 13:42]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = 127.0.0.1:8118

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

IE: An OneNote s&enden - c:\progra~2\MIC30F~1\Office14\ONBttnIE.dll/105

IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIC30F~1\Office14\EXCEL.EXE/3000

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\29pcln6y.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{1580277A-4F5E-61BA-30D0-5C805A834D61} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-PHPTriad Module: Phorum - c:\windows\system32\GKSUI18.EXE

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,

   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:42,a4,2a,4b,e6,f9,cb,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,b5,78,bf,ca,f7,8b,44,b3,9f,69,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,b5,78,bf,ca,f7,8b,44,b3,9f,69,\

.

[HKEY_USERS\S-1-5-21-2662835983-198996045-1991720036-1001\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:16,d7,e1,2a,5d,7e,27,67,ef,2c,39,d5,0e,91,13,94,49,0a,15,43,45,

   90,97,4f,8b,79,12,64,da,3b,ad,84,c7,af,67,df,fe,e3,67,4a,03,f8,c2,1b,37,cd,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:16,d7,e1,2a,5d,7e,27,67,ef,2c,39,d5,0e,91,13,94,49,0a,15,43,45,

   90,97,4f,8b,79,12,64,da,3b,ad,84,c7,af,67,df,fe,e3,67,4a,03,f8,c2,1b,37,cd,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-05-27  15:26:00

ComboFix-quarantined-files.txt  2012-05-27 13:25

ComboFix2.txt  2012-05-26 12:30

.

Vor Suchlauf: 10 Verzeichnis(se), 76.922.966.016 Bytes frei

Nach Suchlauf: 11 Verzeichnis(se), 76.845.314.048 Bytes frei

.

- - End Of File - - 0CEBC36C65C3E179E05DB09646937C4B

Ckscan war in Ordnung. :)

Und eines kann ich bisher mit Sicherheit sagen: In Ordnung ist das System nicht!
Um genaues sagen zu können, müssen wir noch etwas weitermachen...

Virustotal-Prüfung

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Durchsuchen
Kopiere nun folgendes in die Suchleiste.

Code:

c:\windows\SysWow64\drivers\aaxblh.sys
und klicke auf Öffnen.
Klicke auf Send File.

Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.

Zitat:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

klicke auf Reanalyse. Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. Wiederhole die selben Schritte mit folgenden Dateien.

Code:

c:\windows\SysWow64\drivers\ukmzyzk.sys