Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   E-Mail Account verschickt (SPAM) Mails (https://www.trojaner-board.de/117314-e-mail-account-verschickt-spam-mails.html)

cosinus 19.06.2012 12:35
Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.

DA1985 19.06.2012 14:28
Im Abgesicherten Modus (mit Netzwerktreibern) bekomme ich ebenfalls einen Bluescreen, sobald ich auf "Fix" klicke.

cosinus 19.06.2012 21:46
Hm, das ist merkwürdig. Ok, dann versuch ich die nachher anders zu fixen

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

DA1985 20.06.2012 18:57
Das ist der Report vom TDSSKiller; habe bei allen Funden (wie auch als Standard angewählt war) "Skip" gemacht.

Code:
19:13:15.0794 1456        TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
19:13:16.0478 1456        ============================================================
19:13:16.0478 1456        Current date / time: 2012/06/20 19:13:16.0478
19:13:16.0478 1456        SystemInfo:
19:13:16.0478 1456       
19:13:16.0478 1456        OS Version: 6.0.6002 ServicePack: 2.0
19:13:16.0478 1456        Product type: Workstation
19:13:16.0478 1456        ComputerName: ***LAPTOP
19:13:16.0506 1456        UserName: ***
19:13:16.0506 1456        Windows directory: C:\Windows
19:13:16.0506 1456        System windows directory: C:\Windows
19:13:16.0506 1456        Processor architecture: Intel x86
19:13:16.0506 1456        Number of processors: 2
19:13:16.0506 1456        Page size: 0x1000
19:13:16.0506 1456        Boot type: Normal boot
19:13:16.0506 1456        ============================================================
19:13:30.0199 1456        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:13:30.0454 1456        ============================================================
19:13:30.0454 1456        \Device\Harddisk0\DR0:
19:13:30.0499 1456        MBR partitions:
19:13:30.0499 1456        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388B3B, BlocksNum 0xC80343F
19:13:30.0524 1456        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDB8BFBA, BlocksNum 0x2C7F8C87
19:13:30.0537 1456        ============================================================
19:13:30.0825 1456        C: <-> \Device\Harddisk0\DR0\Partition0
19:13:32.0737 1456        D: <-> \Device\Harddisk0\DR0\Partition1
19:13:33.0037 1456        ============================================================
19:13:33.0037 1456        Initialize success
19:13:33.0037 1456        ============================================================
19:15:49.0006 3496        ============================================================
19:15:49.0006 3496        Scan started
19:15:49.0006 3496        Mode: Manual; SigCheck; TDLFS;
19:15:49.0006 3496        ============================================================
19:15:57.0022 3496        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:15:57.0615 3496        ACPI - ok
19:15:59.0347 3496        AcronisOSSReinstallSvc (e2769e2699af88ca3c57289a8a32ed19) C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
19:16:00.0127 3496        AcronisOSSReinstallSvc - ok
19:16:00.0548 3496        AcrSch2Svc      (46a5cbb09b8f0c46f8cbe9210e5e3be2) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
19:16:00.0642 3496        AcrSch2Svc - ok
19:16:01.0281 3496        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:16:01.0375 3496        adp94xx - ok
19:16:01.0515 3496        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:16:01.0578 3496        adpahci - ok
19:16:01.0609 3496        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:16:01.0656 3496        adpu160m - ok
19:16:01.0780 3496        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:16:01.0827 3496        adpu320 - ok
19:16:02.0014 3496        ADSMService    (609a6f49b6af0f25837f8a0edddb0745) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
19:16:02.0217 3496        ADSMService ( UnsignedFile.Multi.Generic ) - warning
19:16:02.0217 3496        ADSMService - detected UnsignedFile.Multi.Generic (1)
19:16:02.0280 3496        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:16:03.0138 3496        AeLookupSvc - ok
19:16:03.0278 3496        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:16:03.0418 3496        AFD - ok
19:16:03.0528 3496        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:16:03.0543 3496        agp440 - ok
19:16:03.0652 3496        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:16:04.0417 3496        aic78xx - ok
19:16:04.0464 3496        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:16:04.0854 3496        ALG - ok
19:16:04.0885 3496        Alidevice      (2f17c06cda54bfbe13c4046b19055f7b) C:\Windows\system32\drivers\Alidevice.sys
19:16:04.0916 3496        Alidevice ( UnsignedFile.Multi.Generic ) - warning
19:16:04.0916 3496        Alidevice - detected UnsignedFile.Multi.Generic (1)
19:16:04.0916 3496        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:16:04.0932 3496        aliide - ok
19:16:04.0963 3496        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:16:04.0963 3496        amdagp - ok
19:16:04.0978 3496        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:16:04.0978 3496        amdide - ok
19:16:04.0994 3496        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:16:05.0025 3496        AmdK7 - ok
19:16:05.0056 3496        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:16:05.0103 3496        AmdK8 - ok
19:16:05.0212 3496        AmplusnetPrivacyTools (d1c3e4a79a819d3776d9ef56fc8c0cb9) C:\Windows\system32\AmplusnetPrivacyTools.exe
19:16:05.0337 3496        AmplusnetPrivacyTools ( UnsignedFile.Multi.Generic ) - warning
19:16:05.0337 3496        AmplusnetPrivacyTools - detected UnsignedFile.Multi.Generic (1)
19:16:05.0540 3496        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:16:05.0618 3496        AntiVirSchedulerService - ok
19:16:05.0665 3496        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:16:05.0680 3496        AntiVirService - ok
19:16:05.0712 3496        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:16:05.0805 3496        Appinfo - ok
19:16:05.0883 3496        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:16:05.0899 3496        arc - ok
19:16:05.0899 3496        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:16:05.0914 3496        arcsas - ok
19:16:05.0946 3496        AsDsm          (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
19:16:06.0102 3496        AsDsm - ok
19:16:06.0180 3496        ASLDRService    (eb1807795cd3eeaa3288b4a30de254e8) C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
19:16:06.0211 3496        ASLDRService - ok
19:16:06.0242 3496        ASMMAP          (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
19:16:06.0242 3496        ASMMAP - ok
19:16:06.0336 3496        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:16:06.0585 3496        aspnet_state - ok
19:16:06.0601 3496        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:16:06.0663 3496        AsyncMac - ok
19:16:06.0694 3496        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:16:06.0710 3496        atapi - ok
19:16:06.0726 3496        ATKGFNEXSrv    (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
19:16:06.0757 3496        ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
19:16:06.0757 3496        ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
19:16:06.0819 3496        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
19:16:06.0835 3496        atksgt - ok
19:16:06.0866 3496        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:16:06.0913 3496        AudioEndpointBuilder - ok
19:16:06.0913 3496        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:16:06.0944 3496        Audiosrv - ok
19:16:07.0006 3496        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
19:16:07.0022 3496        avgntflt - ok
19:16:07.0084 3496        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
19:16:07.0100 3496        avipbb - ok
19:16:07.0116 3496        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:16:07.0116 3496        avkmgr - ok
19:16:07.0147 3496        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:16:07.0178 3496        Beep - ok
19:16:07.0209 3496        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:16:07.0256 3496        BFE - ok
19:16:07.0318 3496        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:16:07.0490 3496        BITS - ok
19:16:07.0506 3496        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:16:07.0537 3496        blbdrive - ok
19:16:07.0646 3496        Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
19:16:07.0662 3496        Bonjour Service - ok
19:16:07.0693 3496        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:16:07.0755 3496        bowser - ok
19:16:07.0786 3496        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:16:07.0802 3496        BrFiltLo - ok
19:16:07.0802 3496        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:16:07.0833 3496        BrFiltUp - ok
19:16:07.0864 3496        Bridge          (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
19:16:07.0896 3496        Bridge - ok
19:16:07.0896 3496        BridgeMP        (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
19:16:07.0927 3496        BridgeMP - ok
19:16:07.0958 3496        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:16:08.0005 3496        Browser - ok
19:16:08.0036 3496        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:16:08.0192 3496        Brserid - ok
19:16:08.0223 3496        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:16:08.0286 3496        BrSerWdm - ok
19:16:08.0286 3496        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:16:08.0348 3496        BrUsbMdm - ok
19:16:08.0348 3496        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:16:08.0395 3496        BrUsbSer - ok
19:16:08.0426 3496        BthEnum        (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
19:16:08.0504 3496        BthEnum - ok
19:16:08.0535 3496        BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
19:16:08.0566 3496        BTHMODEM - ok
19:16:08.0598 3496        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
19:16:08.0629 3496        BthPan - ok
19:16:08.0691 3496        BTHPORT        (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
19:16:08.0800 3496        BTHPORT - ok
19:16:08.0832 3496        BthServ        (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
19:16:08.0894 3496        BthServ - ok
19:16:08.0925 3496        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
19:16:08.0941 3496        BTHUSB - ok
19:16:08.0972 3496        btwaudio        (463483285b2d2d345443aaee7b9391e7) C:\Windows\system32\drivers\btwaudio.sys
19:16:08.0988 3496        btwaudio - ok
19:16:09.0019 3496        btwavdt        (4f82b6173ef8637cb26cf4e73b90f172) C:\Windows\system32\drivers\btwavdt.sys
19:16:09.0019 3496        btwavdt - ok
19:16:09.0112 3496        btwdins        (b78d1aca1bbd0077848d9f87c8207ab1) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
19:16:09.0175 3496        btwdins - ok
19:16:09.0190 3496        btwl2cap        (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:16:09.0206 3496        btwl2cap - ok
19:16:09.0206 3496        btwrchid        (f771034f5b59a4a5054a2fa6f4e9f28b) C:\Windows\system32\DRIVERS\btwrchid.sys
19:16:09.0222 3496        btwrchid - ok
19:16:09.0253 3496        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:16:09.0315 3496        cdfs - ok
19:16:09.0346 3496        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:16:09.0378 3496        cdrom - ok
19:16:09.0409 3496        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:16:09.0456 3496        CertPropSvc - ok
19:16:09.0471 3496        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
19:16:09.0518 3496        circlass - ok
19:16:09.0565 3496        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:16:09.0580 3496        CLFS - ok
19:16:09.0643 3496        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:16:10.0376 3496        clr_optimization_v2.0.50727_32 - ok
19:16:10.0501 3496        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:16:10.0782 3496        clr_optimization_v4.0.30319_32 - ok
19:16:10.0797 3496        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:16:10.0828 3496        CmBatt - ok
19:16:10.0860 3496        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:16:10.0875 3496        cmdide - ok
19:16:10.0875 3496        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:16:10.0891 3496        Compbatt - ok
19:16:10.0891 3496        COMSysApp - ok
19:16:10.0891 3496        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:16:10.0906 3496        crcdisk - ok
19:16:10.0906 3496        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:16:10.0953 3496        Crusoe - ok
19:16:10.0984 3496        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:16:11.0016 3496        CryptSvc - ok
19:16:11.0031 3496        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
19:16:11.0094 3496        CVirtA - ok
19:16:11.0265 3496        CVPND          (5ce32922f8f74a0d2d6ecc30cdad01e0) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
19:16:11.0484 3496        CVPND - ok
19:16:11.0655 3496        CVPNDRVA        (d46b2e0eeaf349f2085f8b164e462156) C:\Windows\system32\Drivers\CVPNDRVA.sys
19:16:11.0686 3496        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
19:16:11.0686 3496        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
19:16:11.0733 3496        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:16:11.0842 3496        DcomLaunch - ok
19:16:11.0874 3496        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:16:11.0920 3496        DfsC - ok
19:16:12.0076 3496        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:16:12.0248 3496        DFSR - ok
19:16:12.0404 3496        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:16:12.0435 3496        Dhcp - ok
19:16:12.0482 3496        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:16:12.0498 3496        disk - ok
19:16:12.0544 3496        DNE            (694616f813fb627a32c9e32dec133078) C:\Windows\system32\DRIVERS\dne2000.sys
19:16:12.0544 3496        DNE - ok
19:16:12.0576 3496        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:16:12.0654 3496        Dnscache - ok
19:16:12.0685 3496        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:16:12.0732 3496        dot3svc - ok
19:16:12.0763 3496        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:16:12.0794 3496        DPS - ok
19:16:12.0825 3496        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:16:12.0841 3496        drmkaud - ok
19:16:12.0919 3496        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:16:12.0997 3496        DXGKrnl - ok
19:16:13.0044 3496        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:16:13.0106 3496        E1G60 - ok
19:16:13.0137 3496        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:16:13.0184 3496        EapHost - ok
19:16:13.0231 3496        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:16:13.0246 3496        Ecache - ok
19:16:13.0324 3496        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:16:13.0558 3496        ehRecvr - ok
19:16:13.0590 3496        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:16:13.0668 3496        ehSched - ok
19:16:13.0683 3496        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:16:13.0714 3496        ehstart - ok
19:16:13.0761 3496        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:16:13.0808 3496        elxstor - ok
19:16:13.0886 3496        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:16:14.0026 3496        EMDMgmt - ok
19:16:14.0042 3496        enodpl          (b4556f3d468c8dcb0b259d9d866cd4c4) C:\Windows\system32\drivers\enodpl.sys
19:16:14.0073 3496        enodpl ( UnsignedFile.Multi.Generic ) - warning
19:16:14.0073 3496        enodpl - detected UnsignedFile.Multi.Generic (1)
19:16:14.0104 3496        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:16:14.0136 3496        ErrDev - ok
19:16:14.0167 3496        EterlogicVirtualSerialDriver (320cf3c874e0a37cffd5649d61906154) C:\Windows\system32\drivers\VSPE.sys
19:16:14.0822 3496        EterlogicVirtualSerialDriver ( UnsignedFile.Multi.Generic ) - warning
19:16:14.0822 3496        EterlogicVirtualSerialDriver - detected UnsignedFile.Multi.Generic (1)
19:16:14.0869 3496        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:16:14.0931 3496        EventSystem - ok
19:16:14.0994 3496        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:16:15.0056 3496        exfat - ok
19:16:15.0087 3496        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:16:15.0118 3496        fastfat - ok
19:16:15.0150 3496        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:16:15.0181 3496        fdc - ok
19:16:15.0212 3496        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:16:15.0243 3496        fdPHost - ok
19:16:15.0259 3496        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:16:15.0321 3496        FDResPub - ok
19:16:15.0321 3496        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:16:15.0337 3496        FileInfo - ok
19:16:15.0352 3496        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:16:15.0368 3496        Filetrace - ok
19:16:15.0508 3496        FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:16:15.0571 3496        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:16:15.0571 3496        FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:16:15.0602 3496        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:16:15.0633 3496        flpydisk - ok
19:16:15.0680 3496        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:16:15.0696 3496        FltMgr - ok
19:16:15.0789 3496        FontCache      (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
19:16:15.0898 3496        FontCache - ok
19:16:15.0961 3496        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:16:16.0039 3496        FontCache3.0.0.0 - ok
19:16:16.0070 3496        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:16:16.0132 3496        Fs_Rec - ok
19:16:16.0179 3496        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:16:16.0195 3496        gagp30kx - ok
19:16:16.0288 3496        ghaio          (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
19:16:16.0304 3496        ghaio - ok
19:16:16.0366 3496        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:16:16.0444 3496        gpsvc - ok
19:16:16.0507 3496        gupdate1ca1514d26808b8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:16:16.0522 3496        gupdate1ca1514d26808b8 - ok
19:16:16.0522 3496        gupdatem        (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:16:16.0538 3496        gupdatem - ok
19:16:16.0569 3496        gusvc          (3fd5f79aa40b1c244c59de984e98dc37) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:16:16.0585 3496        gusvc - ok
19:16:16.0616 3496        hamachi        (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
19:16:16.0616 3496        hamachi - ok
19:16:16.0647 3496        hamachi_oem    (c25c70fd4d49391091d9eb8c747f19e6) C:\Windows\system32\DRIVERS\gan_adapter.sys
19:16:16.0663 3496        hamachi_oem ( UnsignedFile.Multi.Generic ) - warning
19:16:16.0663 3496        hamachi_oem - detected UnsignedFile.Multi.Generic (1)
19:16:16.0694 3496        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:16:16.0756 3496        HdAudAddService - ok
19:16:16.0803 3496        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:16:16.0912 3496        HDAudBus - ok
19:16:16.0944 3496        HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
19:16:16.0975 3496        HidBth - ok
19:16:17.0022 3496        HidIr          (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
19:16:17.0053 3496        HidIr - ok
19:16:17.0100 3496        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:16:17.0146 3496        hidserv - ok
19:16:17.0162 3496        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:16:17.0193 3496        HidUsb - ok
19:16:17.0224 3496        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:16:17.0287 3496        hkmsvc - ok
19:16:17.0334 3496        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:16:17.0334 3496        HpCISSs - ok
19:16:17.0396 3496        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:16:17.0458 3496        HTTP - ok
19:16:17.0490 3496        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:16:17.0505 3496        i2omp - ok
19:16:17.0521 3496        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:16:17.0568 3496        i8042prt - ok
19:16:17.0599 3496        iaStor          (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\DRIVERS\iaStor.sys
19:16:17.0614 3496        iaStor - ok
19:16:17.0646 3496        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:16:17.0661 3496        iaStorV - ok
19:16:17.0770 3496        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:16:17.0770 3496        IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:16:17.0770 3496        IDriverT - detected UnsignedFile.Multi.Generic (1)
19:16:17.0895 3496        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:16:18.0036 3496        idsvc - ok
19:16:18.0145 3496        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:16:18.0160 3496        iirsp - ok
19:16:18.0207 3496        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:16:18.0285 3496        IKEEXT - ok
19:16:18.0441 3496        IntcAzAudAddService (0557aaee4c86e2c333acd2baf42a7619) C:\Windows\system32\drivers\RTKVHDA.sys
19:16:18.0566 3496        IntcAzAudAddService - ok
19:16:18.0706 3496        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:16:18.0738 3496        intelide - ok
19:16:18.0738 3496        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:16:18.0784 3496        intelppm - ok
19:16:18.0816 3496        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:16:18.0862 3496        IPBusEnum - ok
19:16:18.0862 3496        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:16:18.0894 3496        IpFilterDriver - ok
19:16:18.0940 3496        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:16:19.0018 3496        iphlpsvc - ok
19:16:19.0034 3496        IpInIp - ok
19:16:19.0050 3496        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:16:19.0096 3496        IPMIDRV - ok
19:16:19.0096 3496        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:16:19.0143 3496        IPNAT - ok
19:16:19.0159 3496        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:16:19.0190 3496        IRENUM - ok
19:16:19.0206 3496        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:16:19.0221 3496        isapnp - ok
19:16:19.0268 3496        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:16:19.0284 3496        iScsiPrt - ok
19:16:19.0284 3496        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:16:19.0299 3496        iteatapi - ok
19:16:19.0330 3496        itecir          (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
19:16:19.0346 3496        itecir - ok
19:16:19.0362 3496        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:16:19.0377 3496        iteraid - ok
19:16:19.0393 3496        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:16:19.0424 3496        kbdclass - ok
19:16:19.0440 3496        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:16:19.0471 3496        kbdhid - ok
19:16:19.0486 3496        kbfiltr        (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
19:16:19.0502 3496        kbfiltr - ok
19:16:19.0533 3496        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:16:19.0611 3496        KeyIso - ok
19:16:19.0674 3496        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:16:19.0736 3496        KSecDD - ok
19:16:19.0798 3496        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:16:19.0892 3496        KtmRm - ok
19:16:19.0923 3496        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:16:20.0048 3496        LanmanServer - ok
19:16:20.0079 3496        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:16:20.0188 3496        LanmanWorkstation - ok
19:16:20.0220 3496        LHidFilt        (3fa98339e8d9e007726be62f231e2015) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:16:20.0235 3496        LHidFilt - ok
19:16:20.0313 3496        LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:16:20.0360 3496        LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:16:20.0360 3496        LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:16:20.0376 3496        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
19:16:20.0391 3496        lirsgt - ok
19:16:20.0422 3496        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:16:20.0469 3496        lltdio - ok
19:16:20.0516 3496        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:16:20.0578 3496        lltdsvc - ok
19:16:20.0578 3496        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:16:20.0656 3496        lmhosts - ok
19:16:20.0688 3496        LMouFilt        (f259f758e04d8fb8d48c6cdbe45223e8) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:16:20.0688 3496        LMouFilt - ok
19:16:20.0734 3496        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:16:20.0750 3496        LSI_FC - ok
19:16:20.0750 3496        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:16:20.0766 3496        LSI_SAS - ok
19:16:20.0781 3496        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:16:20.0797 3496        LSI_SCSI - ok
19:16:20.0797 3496        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:16:20.0844 3496        luafv - ok
19:16:20.0859 3496        lullaby        (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
19:16:20.0875 3496        lullaby - ok
19:16:20.0890 3496        LUsbFilt        (ca26e46ec8891058c9e10363df4e4650) C:\Windows\system32\Drivers\LUsbFilt.Sys
19:16:20.0906 3496        LUsbFilt - ok
19:16:20.0953 3496        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
19:16:20.0968 3496        MBAMProtector - ok
19:16:21.0062 3496        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:16:21.0140 3496        MBAMService - ok
19:16:21.0187 3496        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:16:21.0234 3496        Mcx2Svc - ok
19:16:21.0265 3496        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:16:21.0280 3496        megasas - ok
19:16:21.0312 3496        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:16:21.0327 3496        MegaSR - ok
19:16:21.0358 3496        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:16:21.0421 3496        MMCSS - ok
19:16:21.0421 3496        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:16:21.0452 3496        Modem - ok
19:16:21.0483 3496        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:16:21.0530 3496        monitor - ok
19:16:21.0530 3496        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:16:21.0546 3496        mouclass - ok
19:16:21.0561 3496        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:16:21.0592 3496        mouhid - ok
19:16:21.0608 3496        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:16:21.0624 3496        MountMgr - ok
19:16:21.0717 3496        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:16:21.0733 3496        MozillaMaintenance - ok
19:16:21.0764 3496        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:16:21.0780 3496        mpio - ok
19:16:21.0780 3496        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:16:21.0811 3496        mpsdrv - ok
19:16:21.0873 3496        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:16:21.0936 3496        MpsSvc - ok
19:16:21.0967 3496        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:16:21.0967 3496        Mraid35x - ok
19:16:22.0014 3496        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:16:22.0045 3496        MRxDAV - ok
19:16:22.0092 3496        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:16:22.0123 3496        mrxsmb - ok
19:16:22.0138 3496        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:16:22.0170 3496        mrxsmb10 - ok
19:16:22.0201 3496        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:16:22.0232 3496        mrxsmb20 - ok
19:16:22.0263 3496        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:16:22.0279 3496        msahci - ok
19:16:22.0279 3496        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:16:22.0310 3496        msdsm - ok
19:16:22.0341 3496        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:16:22.0419 3496        MSDTC - ok
19:16:22.0419 3496        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:16:22.0450 3496        Msfs - ok
19:16:22.0466 3496        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:16:22.0482 3496        msisadrv - ok
19:16:22.0513 3496        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:16:22.0575 3496        MSiSCSI - ok
19:16:22.0575 3496        msiserver - ok
19:16:22.0591 3496        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:16:22.0622 3496        MSKSSRV - ok
19:16:22.0638 3496        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:16:22.0653 3496        MSPCLOCK - ok
19:16:22.0669 3496        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:16:22.0700 3496        MSPQM - ok
19:16:22.0731 3496        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:16:22.0747 3496        MsRPC - ok
19:16:22.0747 3496        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:16:22.0762 3496        mssmbios - ok
19:16:22.0762 3496        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:16:22.0809 3496        MSTEE - ok
19:16:22.0825 3496        MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
19:16:22.0856 3496        MTsensor - ok
19:16:22.0872 3496        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:16:22.0887 3496        Mup - ok
19:16:22.0918 3496        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:16:23.0012 3496        napagent - ok
19:16:23.0043 3496        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:16:23.0090 3496        NativeWifiP - ok
19:16:23.0137 3496        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:16:23.0168 3496        NDIS - ok
19:16:23.0184 3496        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:16:23.0230 3496        NdisTapi - ok
19:16:23.0230 3496        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:16:23.0262 3496        Ndisuio - ok
19:16:23.0293 3496        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:16:23.0324 3496        NdisWan - ok
19:16:23.0324 3496        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:16:23.0355 3496        NDProxy - ok
19:16:23.0511 3496        Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
19:16:23.0823 3496        Nero BackItUp Scheduler 3 - ok
19:16:23.0839 3496        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:16:23.0886 3496        NetBIOS - ok
19:16:23.0917 3496        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:16:23.0948 3496        netbt - ok
19:16:23.0979 3496        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:16:24.0026 3496        Netlogon - ok
19:16:24.0057 3496        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:16:24.0135 3496        Netman - ok
19:16:24.0260 3496        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:16:24.0354 3496        NetMsmqActivator - ok
19:16:24.0369 3496        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:16:24.0385 3496        NetPipeActivator - ok
19:16:24.0416 3496        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:16:24.0510 3496        netprofm - ok
19:16:24.0510 3496        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:16:24.0525 3496        NetTcpActivator - ok
19:16:24.0525 3496        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:16:24.0541 3496        NetTcpPortSharing - ok
19:16:24.0775 3496        NETw5v32        (9ca26dccf0b84a6ff2b54fbb2a94520b) C:\Windows\system32\DRIVERS\NETw5v32.sys
19:16:24.0946 3496        NETw5v32 - ok
19:16:25.0071 3496        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:16:25.0071 3496        nfrd960 - ok
19:16:25.0118 3496        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:16:25.0196 3496        NlaSvc - ok
19:16:25.0321 3496        NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
19:16:25.0368 3496        NMIndexingService - ok
19:16:25.0414 3496        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:16:25.0446 3496        Npfs - ok
19:16:25.0477 3496        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:16:25.0539 3496        nsi - ok
19:16:25.0555 3496        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:16:25.0570 3496        nsiproxy - ok
19:16:25.0664 3496        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:16:25.0711 3496        Ntfs - ok
19:16:25.0726 3496        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:16:25.0789 3496        ntrigdigi - ok
19:16:25.0789 3496        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:16:25.0820 3496        Null - ok
19:16:25.0851 3496        NVHDA          (8be8be53f3a8151e04379db2d07c53a7) C:\Windows\system32\drivers\nvhda32v.sys
19:16:25.0882 3496        NVHDA - ok
19:16:26.0522 3496        nvlddmkm        (eee630ffc85b7f3f0dfad33c59967dd4) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:16:27.0021 3496        nvlddmkm - ok
19:16:27.0162 3496        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:16:27.0177 3496        nvraid - ok
19:16:27.0177 3496        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:16:27.0193 3496        nvstor - ok
19:16:27.0255 3496        nvsvc          (caa014ec9a95f3580437aa6d095bb4b3) C:\Windows\system32\nvvsvc.exe
19:16:27.0302 3496        nvsvc - ok
19:16:27.0318 3496        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:16:27.0333 3496        nv_agp - ok
19:16:27.0333 3496        NwlnkFlt - ok
19:16:27.0333 3496        NwlnkFwd - ok
19:16:27.0364 3496        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:16:27.0411 3496        ohci1394 - ok
19:16:27.0489 3496        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:16:27.0505 3496        ose - ok
19:16:27.0567 3496        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:16:27.0692 3496        p2pimsvc - ok
19:16:27.0708 3496        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:16:27.0770 3496        p2psvc - ok
19:16:27.0817 3496        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:16:27.0879 3496        Parport - ok
19:16:27.0910 3496        partmgr        (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:16:27.0926 3496        partmgr - ok
19:16:27.0926 3496        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:16:27.0988 3496        Parvdm - ok
19:16:28.0020 3496        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:16:28.0113 3496        PcaSvc - ok
19:16:28.0144 3496        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:16:28.0160 3496        pci - ok
19:16:28.0191 3496        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:16:28.0207 3496        pciide - ok
19:16:28.0222 3496        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:16:28.0238 3496        pcmcia - ok
19:16:28.0316 3496        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:16:28.0394 3496        PEAUTH - ok
19:16:28.0519 3496        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:16:28.0659 3496        pla - ok
19:16:28.0784 3496        PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
19:16:28.0800 3496        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
19:16:28.0800 3496        PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
19:16:28.0846 3496        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:16:28.0924 3496        PlugPlay - ok
19:16:29.0018 3496        PnkBstrA        (681da309716aeb98bc901d7a0458d931) C:\Windows\system32\PnkBstrA.exe
19:16:29.0080 3496        PnkBstrA - ok
19:16:29.0127 3496        PnkBstrB        (1602a3262fdfeedf527ff3f3e2a7dcc5) C:\Windows\system32\PnkBstrB.exe
19:16:29.0190 3496        PnkBstrB - ok
19:16:29.0268 3496        PnkBstrK        (2007b8fe6d9660b4cc52552ad225db76) C:\Windows\system32\drivers\PnkBstrK.sys
19:16:29.0283 3496        PnkBstrK - ok
19:16:29.0346 3496        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:16:29.0408 3496        PNRPAutoReg - ok
19:16:29.0424 3496        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:16:29.0502 3496        PNRPsvc - ok
19:16:29.0564 3496        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:16:29.0658 3496        PolicyAgent - ok
19:16:29.0704 3496        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:16:29.0751 3496        PptpMiniport - ok
19:16:29.0767 3496        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:16:29.0798 3496        Processor - ok
19:16:29.0845 3496        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:16:29.0907 3496        ProfSvc - ok
19:16:29.0938 3496        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:16:29.0985 3496        ProtectedStorage - ok
19:16:30.0001 3496        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:16:30.0048 3496        PSched - ok
19:16:30.0063 3496        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
19:16:30.0079 3496        PxHelp20 - ok
19:16:30.0172 3496        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:16:30.0219 3496        ql2300 - ok
19:16:30.0219 3496        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:16:30.0235 3496        ql40xx - ok
19:16:30.0297 3496        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:16:30.0360 3496        QWAVE - ok
19:16:30.0375 3496        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:16:30.0406 3496        QWAVEdrv - ok
19:16:30.0438 3496        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:16:30.0469 3496        RasAcd - ok
19:16:30.0516 3496        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:16:30.0594 3496        RasAuto - ok
19:16:30.0609 3496        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:16:30.0656 3496        Rasl2tp - ok
19:16:30.0703 3496        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:16:30.0765 3496        RasMan - ok
19:16:30.0781 3496        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:16:30.0828 3496        RasPppoe - ok
19:16:30.0859 3496        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:16:30.0890 3496        RasSstp - ok
19:16:30.0921 3496        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:16:30.0937 3496        rdbss - ok
19:16:30.0968 3496        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:16:31.0015 3496        RDPCDD - ok
19:16:31.0046 3496        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:16:31.0077 3496        rdpdr - ok
19:16:31.0077 3496        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:16:31.0124 3496        RDPENCDD - ok
19:16:31.0155 3496        RDPWD          (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
19:16:31.0218 3496        RDPWD - ok
19:16:31.0264 3496        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:16:31.0342 3496        RemoteAccess - ok
19:16:31.0374 3496        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:16:31.0452 3496        RemoteRegistry - ok
19:16:31.0483 3496        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
19:16:31.0514 3496        RFCOMM - ok
19:16:31.0545 3496        rimmptsk        (ded01a389926a89540b82373e4c550ee) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:16:31.0576 3496        rimmptsk - ok
19:16:31.0576 3496        rimsptsk        (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:16:31.0639 3496        rimsptsk - ok
19:16:31.0639 3496        rismxdp        (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:16:31.0670 3496        rismxdp - ok
19:16:31.0701 3496        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:16:31.0764 3496        RpcLocator - ok
19:16:31.0810 3496        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:16:31.0888 3496        RpcSs - ok
19:16:31.0920 3496        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:16:31.0966 3496        rspndr - ok
19:16:32.0013 3496        RTL8169        (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:16:32.0029 3496        RTL8169 - ok
19:16:32.0060 3496        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:16:32.0107 3496        SamSs - ok
19:16:32.0122 3496        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:16:32.0138 3496        sbp2port - ok
19:16:32.0356 3496        SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
19:16:32.0481 3496        SBSDWSCService - ok
19:16:32.0512 3496        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:16:32.0590 3496        SCardSvr - ok
19:16:32.0653 3496        SCDEmu          (23aa53256ce05b975398b78a33474265) C:\Windows\system32\drivers\SCDEmu.sys
19:16:32.0668 3496        SCDEmu ( UnsignedFile.Multi.Generic ) - warning
19:16:32.0668 3496        SCDEmu - detected UnsignedFile.Multi.Generic (1)
19:16:32.0746 3496        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:16:32.0856 3496        Schedule - ok
19:16:32.0918 3496        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:16:32.0934 3496        SCPolicySvc - ok
19:16:32.0980 3496        sdbus          (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
19:16:33.0012 3496        sdbus - ok
19:16:33.0058 3496        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:16:33.0199 3496        SDRSVC - ok
19:16:33.0214 3496        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:16:33.0277 3496        secdrv - ok
19:16:33.0292 3496        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:16:33.0370 3496        seclogon - ok
19:16:33.0386 3496        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:16:33.0448 3496        SENS - ok
19:16:33.0464 3496        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:16:33.0511 3496        Serenum - ok
19:16:33.0511 3496        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:16:33.0573 3496        Serial - ok
19:16:33.0573 3496        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:16:33.0604 3496        sermouse - ok
19:16:33.0636 3496        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:16:33.0714 3496        SessionEnv - ok
19:16:33.0729 3496        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
19:16:33.0745 3496        sffdisk - ok
19:16:33.0776 3496        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:16:33.0807 3496        sffp_mmc - ok
19:16:33.0838 3496        sffp_sd        (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:16:33.0854 3496        sffp_sd - ok
19:16:33.0870 3496        sfloppy        (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
19:16:33.0916 3496        sfloppy - ok
19:16:33.0979 3496        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:16:34.0041 3496        SharedAccess - ok
19:16:34.0104 3496        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:16:34.0197 3496        ShellHWDetection - ok
19:16:34.0213 3496        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:16:34.0228 3496        sisagp - ok
19:16:34.0244 3496        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:16:34.0260 3496        SiSRaid2 - ok
19:16:34.0260 3496        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:16:34.0275 3496        SiSRaid4 - ok
19:16:34.0494 3496        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:16:34.0728 3496        slsvc - ok
19:16:34.0837 3496        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:16:34.0915 3496        SLUINotify - ok
19:16:34.0946 3496        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:16:34.0977 3496        Smb - ok
19:16:35.0071 3496        smserial        (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
19:16:35.0149 3496        smserial - ok
19:16:35.0180 3496        snapman        (e78c98378a071ce4d48a7c514fa98fa1) C:\Windows\system32\DRIVERS\snapman.sys
19:16:35.0196 3496        snapman - ok
19:16:35.0227 3496        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:16:35.0305 3496        SNMPTRAP - ok
19:16:35.0430 3496        SNP2UVC        (8f6838aeebc79e8898c2065d969c47cc) C:\Windows\system32\DRIVERS\snp2uvc.sys
19:16:35.0508 3496        SNP2UVC - ok
19:16:35.0648 3496        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:16:35.0664 3496        spldr - ok
19:16:35.0757 3496        spmgr          (739db668dbd812285ecc553e64a5e212) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
19:16:35.0773 3496        spmgr - ok
19:16:35.0788 3496        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:16:35.0913 3496        Spooler - ok
19:16:35.0976 3496        sptd            (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
19:16:35.0991 3496        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
19:16:35.0991 3496        sptd ( LockedFile.Multi.Generic ) - warning
19:16:35.0991 3496        sptd - detected LockedFile.Multi.Generic (1)
19:16:36.0054 3496        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:16:36.0116 3496        srv - ok
19:16:36.0132 3496        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:16:36.0194 3496        srv2 - ok
19:16:36.0241 3496        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:16:36.0256 3496        srvnet - ok
19:16:36.0303 3496        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:16:36.0397 3496        SSDPSRV - ok
19:16:36.0428 3496        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:16:36.0459 3496        ssmdrv - ok
19:16:36.0459 3496        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:16:36.0537 3496        SstpSvc - ok
19:16:36.0600 3496        Steam Client Service - ok
19:16:36.0662 3496        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:16:36.0740 3496        stisvc - ok
19:16:36.0771 3496        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:16:36.0787 3496        swenum - ok
19:16:36.0834 3496        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:16:36.0912 3496        swprv - ok
19:16:36.0927 3496        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:16:36.0943 3496        Symc8xx - ok
19:16:36.0958 3496        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:16:36.0974 3496        Sym_hi - ok
19:16:36.0990 3496        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:16:37.0005 3496        Sym_u3 - ok
19:16:37.0021 3496        SynTP          (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
19:16:37.0036 3496        SynTP - ok
19:16:37.0114 3496        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:16:37.0208 3496        SysMain - ok
19:16:37.0239 3496        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:16:37.0348 3496        TabletInputService - ok
19:16:37.0364 3496        tandpl          (126d7b3b4c7b724491c604060e1f4e14) C:\Windows\system32\drivers\tandpl.sys
19:16:37.0395 3496        tandpl ( UnsignedFile.Multi.Generic ) - warning
19:16:37.0395 3496        tandpl - detected UnsignedFile.Multi.Generic (1)
19:16:37.0426 3496        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:16:37.0520 3496        TapiSrv - ok
19:16:37.0551 3496        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:16:37.0629 3496        TBS - ok
19:16:37.0723 3496        Tcpip          (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
19:16:37.0770 3496        Tcpip - ok
19:16:37.0785 3496        Tcpip6          (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
19:16:37.0816 3496        Tcpip6 - ok
19:16:37.0848 3496        tcpipreg        (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
19:16:37.0894 3496        tcpipreg - ok
19:16:37.0957 3496        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:16:37.0972 3496        TDPIPE - ok
19:16:37.0988 3496        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:16:38.0019 3496        TDTCP - ok
19:16:38.0050 3496        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:16:38.0082 3496        tdx - ok
19:16:38.0113 3496        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:16:38.0144 3496        TermDD - ok
19:16:38.0191 3496        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:16:38.0269 3496        TermService - ok
19:16:38.0331 3496        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:16:38.0394 3496        Themes - ok
19:16:38.0425 3496        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:16:38.0472 3496        THREADORDER - ok
19:16:38.0487 3496        tifsfilter      (b84b82c0cbeb1b0d7eb7a946bade5830) C:\Windows\system32\DRIVERS\tifsfilt.sys
19:16:38.0503 3496        tifsfilter ( UnsignedFile.Multi.Generic ) - warning
19:16:38.0503 3496        tifsfilter - detected UnsignedFile.Multi.Generic (1)
19:16:38.0550 3496        timounter      (74711884439bdf9ccf446c79cb05fac0) C:\Windows\system32\DRIVERS\timntr.sys
19:16:38.0565 3496        timounter ( UnsignedFile.Multi.Generic ) - warning
19:16:38.0565 3496        timounter - detected UnsignedFile.Multi.Generic (1)
19:16:38.0581 3496        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:16:38.0674 3496        TrkWks - ok
19:16:38.0721 3496        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:16:38.0768 3496        TrustedInstaller - ok
19:16:38.0799 3496        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:16:38.0830 3496        tssecsrv - ok
19:16:38.0846 3496        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:16:38.0908 3496        tunmp - ok
19:16:38.0924 3496        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:16:38.0955 3496        tunnel - ok
19:16:38.0971 3496        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:16:38.0986 3496        uagp35 - ok
19:16:39.0033 3496        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:16:39.0064 3496        udfs - ok
19:16:39.0096 3496        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:16:39.0205 3496        UI0Detect - ok
19:16:39.0236 3496        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:16:39.0252 3496        uliagpkx - ok
19:16:39.0267 3496        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:16:39.0298 3496        uliahci - ok
19:16:39.0298 3496        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:16:39.0314 3496        UlSata - ok
19:16:39.0330 3496        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:16:39.0345 3496        ulsata2 - ok
19:16:39.0361 3496        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:16:39.0376 3496        umbus - ok
19:16:39.0408 3496        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:16:39.0501 3496        upnphost - ok
19:16:39.0532 3496        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:16:39.0564 3496        usbaudio - ok
19:16:39.0579 3496        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:16:39.0626 3496        usbccgp - ok
19:16:39.0657 3496        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:16:39.0704 3496        usbcir - ok
19:16:39.0735 3496        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:16:39.0766 3496        usbehci - ok
19:16:39.0813 3496        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:16:39.0844 3496        usbhub - ok
19:16:39.0860 3496        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:16:39.0907 3496        usbohci - ok
19:16:39.0922 3496        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:16:39.0969 3496        usbprint - ok
19:16:40.0000 3496        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:16:40.0032 3496        usbscan - ok
19:16:40.0047 3496        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:16:40.0094 3496        USBSTOR - ok
19:16:40.0110 3496        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:16:40.0156 3496        usbuhci - ok
19:16:40.0188 3496        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:16:40.0234 3496        usbvideo - ok
19:16:40.0250 3496        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:16:40.0344 3496        UxSms - ok
19:16:40.0359 3496        VCSVADHWSer    (b2abab4ca46bad182e27763dc19c780f) C:\Windows\system32\DRIVERS\vcsvad.sys
19:16:40.0406 3496        VCSVADHWSer - ok
19:16:40.0453 3496        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:16:40.0546 3496        vds - ok
19:16:40.0578 3496        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:16:40.0609 3496        vga - ok
19:16:40.0609 3496        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:16:40.0656 3496        VgaSave - ok
19:16:40.0656 3496        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:16:40.0687 3496        viaagp - ok
19:16:40.0687 3496        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:16:40.0718 3496        ViaC7 - ok
19:16:40.0718 3496        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:16:40.0734 3496        viaide - ok
19:16:40.0749 3496        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:16:40.0765 3496        volmgr - ok
19:16:40.0796 3496        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:16:40.0812 3496        volmgrx - ok
19:16:40.0858 3496        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:16:40.0890 3496        volsnap - ok
19:16:40.0890 3496        vsdatant7 - ok
19:16:40.0905 3496        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:16:40.0936 3496        vsmraid - ok
19:16:41.0014 3496        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:16:41.0139 3496        VSS - ok
19:16:41.0217 3496        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:16:41.0311 3496        W32Time - ok
19:16:41.0358 3496        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:16:41.0404 3496        WacomPen - ok
19:16:41.0404 3496        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:16:41.0436 3496        Wanarp - ok
19:16:41.0436 3496        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:16:41.0451 3496        Wanarpv6 - ok
19:16:41.0498 3496        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:16:41.0592 3496        wcncsvc - ok
19:16:41.0638 3496        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:16:41.0716 3496        WcsPlugInService - ok
19:16:41.0732 3496        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:16:41.0748 3496        Wd - ok
19:16:41.0794 3496        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:16:41.0826 3496        Wdf01000 - ok
19:16:41.0841 3496        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:16:41.0935 3496        WdiServiceHost - ok
19:16:41.0935 3496        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:16:42.0028 3496        WdiSystemHost - ok
19:16:42.0060 3496        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:16:42.0153 3496        WebClient - ok
19:16:42.0200 3496        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:16:42.0356 3496        Wecsvc - ok
19:16:42.0387 3496        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:16:42.0465 3496        wercplsupport - ok
19:16:42.0496 3496        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:16:42.0574 3496        WerSvc - ok
19:16:42.0684 3496        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:16:42.0699 3496        WinDefend - ok
19:16:42.0715 3496        WinHttpAutoProxySvc - ok
19:16:42.0793 3496        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:16:43.0386 3496        Winmgmt - ok
19:16:43.0479 3496        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:16:43.0620 3496        WinRM - ok
19:16:43.0682 3496        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:16:43.0807 3496        Wlansvc - ok
19:16:44.0041 3496        wlidsvc        (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:16:44.0134 3496        wlidsvc - ok
19:16:44.0275 3496        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:16:44.0322 3496        WmiAcpi - ok
19:16:44.0384 3496        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:16:44.0415 3496        wmiApSrv - ok
19:16:44.0540 3496        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:16:44.0665 3496        WMPNetworkSvc - ok
19:16:44.0680 3496        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:16:44.0790 3496        WPCSvc - ok
19:16:44.0821 3496        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:16:44.0946 3496        WPDBusEnum - ok
19:16:44.0992 3496        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:16:45.0008 3496        WpdUsb - ok
19:16:45.0195 3496        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:16:45.0320 3496        WPFFontCache_v0400 - ok
19:16:45.0351 3496        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:16:45.0382 3496        ws2ifsl - ok
19:16:45.0398 3496        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
19:16:45.0476 3496        wscsvc - ok
19:16:45.0476 3496        WSearch - ok
19:16:45.0648 3496        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:16:45.0788 3496        wuauserv - ok
19:16:45.0944 3496        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:16:45.0960 3496        WUDFRd - ok
19:16:45.0991 3496        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:16:46.0100 3496        wudfsvc - ok
19:16:46.0162 3496        xnacc          (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
19:16:46.0209 3496        xnacc - ok
19:16:46.0240 3496        yukonwlh        (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
19:16:46.0303 3496        yukonwlh - ok
19:16:46.0318 3496        MBR (0x1B8)    (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
19:16:46.0818 3496        \Device\Harddisk0\DR0 - ok
19:16:46.0818 3496        Boot (0x1200)  (b48d57c52766fe1979209ef9a56733e9) \Device\Harddisk0\DR0\Partition0
19:16:46.0818 3496        \Device\Harddisk0\DR0\Partition0 - ok
19:16:46.0849 3496        Boot (0x1200)  (47cee93253431d7764e58cae3f5e0d13) \Device\Harddisk0\DR0\Partition1
19:16:46.0849 3496        \Device\Harddisk0\DR0\Partition1 - ok
19:16:46.0849 3496        ============================================================
19:16:46.0849 3496        Scan finished
19:16:46.0849 3496        ============================================================
19:16:46.0864 3580        Detected object count: 17
19:16:46.0864 3580        Actual detected object count: 17
19:50:16.0383 3580        ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0383 3580        ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0383 3580        Alidevice ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0383 3580        Alidevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        AmplusnetPrivacyTools ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        AmplusnetPrivacyTools ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        enodpl ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        enodpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        EterlogicVirtualSerialDriver ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        EterlogicVirtualSerialDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        hamachi_oem ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        hamachi_oem ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        sptd ( LockedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        tandpl ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        tandpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580        timounter ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580        timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 21.06.2012 10:09
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

DA1985 21.06.2012 14:26
Hier die Log-Datei von Combofix:
Code:
ComboFix 12-06-21.01 - *** 21.06.2012  12:48:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3070.1866 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Common Files\ASPG_icon.ico
c:\program files\Common Files\Tencent\Paycenter
c:\program files\Common Files\Tencent\Paycenter\qqcert.dll
c:\program files\Common Files\Tencent\Paycenter\qqedit.dll
c:\program files\TENCENT\SSPlus\SData.dat
c:\program files\TENCENT\SSPlus\SPlus.dll
c:\program files\TENCENT\SSPlus\stdtbh.dat
c:\users\***\AppData\Roaming\7za.exe
c:\users\***\AppData\Roaming\a.7z
c:\users\***\AppData\Roaming\Google\Update\1
c:\users\***\AppData\Roaming\Google\Update\1\SD\m.txt
c:\users\***\AppData\Roaming\Google\Update\1\SD\s.txt
c:\users\***\AppData\Roaming\Mac\MacJie.key
c:\users\***\AppData\Roaming\SogouExplorer
c:\users\***\AppData\Roaming\SogouExplorer\abw
c:\users\***\AppData\Roaming\SogouExplorer\adbdata.dat
c:\users\***\AppData\Roaming\SogouExplorer\CommCfg.xml
c:\users\***\AppData\Roaming\SogouExplorer\confdll.dll
c:\users\***\AppData\Roaming\SogouExplorer\Config.xml
c:\users\***\AppData\Roaming\SogouExplorer\configlocal.xml
c:\users\***\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2010.08.19.16
c:\users\***\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2010.11.13.11
c:\users\***\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2010.11.17.18
c:\users\***\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2010.11.20.11
c:\users\***\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2011.03.03.04
c:\users\***\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2011.08.04.20
c:\users\***\AppData\Roaming\SogouExplorer\dew
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\default_page.ico
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\http_ie.sogou.com_80_fav.ico
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\http_pinyin.sogou.com_80_fav.ico
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\http_pralerts.zonealarm.com_80_fav.ico
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\http_www.ceruleanstudios.com_80_fav.ico
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\http_www.icq.com_80_fav.ico
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\http_www.trillian.im_80_fav.ico
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\https_www3.gotowebinar.com_443_fav.ico
c:\users\***\AppData\Roaming\SogouExplorer\Favorite2.dat
c:\users\***\AppData\Roaming\SogouExplorer\FormData.dat
c:\users\***\AppData\Roaming\SogouExplorer\HistoryUrl.db
c:\users\***\AppData\Roaming\SogouExplorer\MCPattern.db
c:\users\***\AppData\Roaming\SogouExplorer\Misc.db
c:\users\***\AppData\Roaming\SogouExplorer\Openpage.xml
c:\users\***\AppData\Roaming\SogouExplorer\playevent.pat
c:\users\***\AppData\Roaming\SogouExplorer\se_setup.ini
c:\users\***\AppData\Roaming\SogouExplorer\SEacc_F5_pattern.txt
c:\users\***\AppData\Roaming\SogouExplorer\SEacc_refresh_pattern.txt
c:\users\***\AppData\Roaming\SogouExplorer\sodaliblite.dll
c:\users\***\AppData\Roaming\SogouExplorer\SogouExplorerSetup.exe
c:\users\***\AppData\Roaming\SogouExplorer\uhistory.db
c:\users\***\AppData\Roaming\SogouExplorer\UserId.enc
c:\users\***\AppData\Roaming\SogouExplorer\videopattern
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\data_0
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\data_1
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\data_2
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\data_3
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000001
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000002
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000003
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000004
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\index
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cookies
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\VisitedLinks
c:\windows\IsUn0407.exe
c:\windows\PFRO.log
c:\windows\system32\drivers\~GLH0014.TMP
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-21 bis 2012-06-21  ))))))))))))))))))))))))))))))
.
.
2012-06-21 10:30 . 2012-06-02 22:19        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 10:30 . 2012-06-02 22:19        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 10:30 . 2012-06-02 22:19        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 10:30 . 2012-06-02 22:12        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 10:29 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 10:29 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 10:29 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 10:29 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 10:29 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-19 23:24 . 2012-02-29 15:11        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-06-19 23:24 . 2012-02-29 15:11        172032        ----a-w-        c:\windows\system32\wintrust.dll
2012-06-19 23:24 . 2012-02-29 15:09        157696        ----a-w-        c:\windows\system32\imagehlp.dll
2012-06-19 23:24 . 2012-02-29 13:32        12800        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-06-19 18:49 . 2012-06-19 18:49        --------        d-----w-        c:\program files\Microsoft Chart Controls
2012-06-19 14:17 . 2012-06-19 14:17        --------        d-----w-        C:\fe83392acf11f46d51bad2caf9119a
2012-06-19 14:07 . 2012-06-19 14:07        98816        ----a-w-        c:\windows\system32\mfps.dll
2012-06-19 13:52 . 2011-11-18 17:47        66560        ----a-w-        c:\windows\system32\packager.dll
2012-06-19 13:51 . 2010-12-17 15:45        2067968        ----a-w-        c:\windows\system32\mstscax.dll
2012-06-19 13:51 . 2010-12-17 13:54        677888        ----a-w-        c:\windows\system32\mstsc.exe
2012-06-19 13:48 . 2011-09-30 15:57        707584        ----a-w-        c:\program files\Common Files\System\wab32.dll
2012-06-19 13:48 . 2012-04-03 08:16        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-06-19 13:48 . 2012-04-03 08:16        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-06-19 13:45 . 2011-04-21 13:55        508416        ----a-w-        c:\windows\system32\drivers\bthport.sys
2012-06-19 10:30 . 2012-06-19 10:30        --------        d-----w-        C:\_OTL
2012-06-17 12:20 . 2012-06-17 12:20        0        ----a-w-        c:\windows\system32\nsd8756.tmp
2012-06-16 12:18 . 2012-06-16 12:18        --------        d-----w-        c:\program files\ESET
2012-06-14 14:43 . 2012-06-14 14:49        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2012-06-14 14:43 . 2012-06-14 14:45        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2012-06-14 10:33 . 2012-06-14 10:33        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-06-14 10:33 . 2012-06-14 10:33        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-14 10:33 . 2012-06-14 10:33        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-06-14 10:33 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-08 07:21 . 2012-06-08 07:21        2991512        ----a-w-        c:\windows\system32\SogouPY.ime
2012-05-22 16:19 . 2012-06-20 18:04        --------        d-----w-        c:\program files\Diablo III
2012-05-22 16:19 . 2012-05-22 16:44        --------        d-----w-        c:\programdata\Blizzard Entertainment
2012-05-22 16:19 . 2012-05-22 16:44        --------        d-----w-        c:\program files\Common Files\Blizzard Entertainment
2012-05-22 16:13 . 2012-05-22 16:13        --------        d-----w-        c:\programdata\Battle.net
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 12:07 . 2009-07-10 17:35        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2012-06-20 22:03 . 2009-07-11 17:51        140304        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2012-06-20 22:03 . 2009-07-11 19:01        281032        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2012-06-20 22:03 . 2009-07-11 17:51        281032        ----a-w-        c:\windows\system32\PnkBstrB.exe
2012-06-20 18:35 . 2009-07-11 17:51        281032        ----a-w-        c:\windows\system32\PnkBstrB.ex0
2012-06-19 18:43 . 2009-07-11 17:51        138056        ----a-w-        c:\users\***\AppData\Roaming\PnkBstrK.sys
2012-06-19 18:43 . 2009-07-11 17:50        76888        ----a-w-        c:\windows\system32\PnkBstrA.exe
2012-05-09 14:55 . 2011-10-16 13:24        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-09 14:55 . 2011-10-16 13:24        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-04-01 13:28 . 2012-04-01 13:28        19352        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2008-08-08 22:48 . 2008-08-08 22:48        90112        ----a-w-        c:\program files\Common Files\CPInstallAction.dll
2012-05-06 10:58 . 2011-05-15 17:12        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2009-05-04 05:14 . 2009-10-11 18:17        36864        ----a-w-        c:\program files\mozilla firefox\components\NsThunderLoader.dll
2009-05-04 05:14 . 2009-10-11 18:17        53248        ----a-w-        c:\program files\mozilla firefox\components\ThunderComponent.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08        143360        ----a-w-        c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-12 2969496]
"Dexpot"="c:\program files\Dexpot\dexpot.exe" [2011-11-22 1425408]
"Duden Korrektor SysTray"="c:\program files\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-07-14 332432]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-09-03 8105984]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"DirectConsole2"="c:\program files\ASUS\Direct Console\Direct Console.exe" [2008-08-21 2705976]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-17 1194728]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-17 1966928]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-07-14 332432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-12-5 692224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
  Ime File        REG_SZ                SOGOUPY.IME
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05        40368        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 03:52        104936        ----a-w-        c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 18:16        2363392        ----a-w-        c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-08-19 07:24        13793824        ----a-w-        c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-08-19 07:24        92704        ----a-w-        c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f]
2011-07-01 09:38        153232        ---ha-w-        c:\programdata\Duden\DKReg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-04 15:03]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 15:04]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 15:04]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1799299016-3692624258-2031827036-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 15:48]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1799299016-3692624258-2031827036-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 15:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = local;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3hp8zgmd.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: network.proxy.http - 114.32.112.213
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
------- Dateityp-Verknüpfung -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\users\***\AppData\Local\Akamai\netsession_win.exe
HKCU-Run-Google - c:\users\***\AppData\Roaming\googleoez.exe
AddRemove-Command & Conquer - d:\spiele\CnC\Uninstal.exe
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-21 14:08
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1799299016-3692624258-2031827036-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:45,ca,61,db,8e,38,ba,2e,41,da,d4,d3,f0,4e,f2,d0,e0,eb,24,0f,e7,29,1a,
  30,8b,a8,62,b5,c7,15,14,c9,68,c1,e0,64,1c,46,90,b7,b5,d5,94,07,33,cb,fc,10,\
"??"=hex:3e,f2,b3,06,b5,62,1f,ca,97,78,ed,73,a0,8c,5f,4d
.
[HKEY_USERS\S-1-5-21-1799299016-3692624258-2031827036-1000\Software\SecuROM\License information*]
"datasecu"=hex:95,55,66,54,ae,a3,0c,53,72,e2,6e,21,10,53,b3,da,ca,c1,9a,5d,1d,
  9f,74,10,f8,9a,58,03,43,3e,bd,ea,0f,24,d7,be,00,08,18,84,19,2d,1a,09,cb,f7,\
"rkeysecu"=hex:ae,76,d6,ff,5c,aa,c1,e8,dd,b6,31,1e,eb,bc,d0,71
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{0494ed2b-a00c-406c-a62f-21ebc82e1186}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:2a000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{199d9774-1d87-43c0-bcef-811959e175fd}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a002354
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{214985cb-91b5-4edb-bf49-04603d706110}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:26002243
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{33420e29-6319-49a4-b419-f73ef867e746}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f001e8c
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{524e379e-e44e-48f3-bcc2-88d51e6e642f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:24000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{98595871-6298-4994-88cc-750eae58c6e5}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1c000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ac27e35c-a17d-4f60-be78-eb644acff10d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10002354
"Dhcpv6State"=dword:00000001
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b040e30f-1320-4b9c-aeb9-c4a1e75acbdd}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:29000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c3ff4a6b-afd8-4b3b-b55b-de46eadd3bd9}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1100215d
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{e0a5b4ad-2971-4d2c-9730-425ce6b065a4}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14020054
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{e3956ff0-3f9f-4edc-b5e3-0fbfac891c85}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:277a7700
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ed7eb904-6721-47cc-a022-f7788a4a5638}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c002243
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ee935c63-a647-4d71-b1eb-b2cb7135d8d9}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:217a7991
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(1008)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'Explorer.exe'(4524)
c:\program files\Dexpot\hooxpot.dll
c:\program files\SetPoint\GameHook.dll
c:\program files\SetPoint\lgscroll.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\Windows Mail\WinMail.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21  14:20:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-21 12:19
.
Vor Suchlauf: 16 Verzeichnis(se), 34.484.191.232 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 36.857.126.912 Bytes frei
.
- - End Of File - - 56DBC4D0925505FD4C13B816650ACAC2

cosinus 21.06.2012 15:10
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

DA1985 22.06.2012 12:18
Hier erstmal die beiden Log-Dateien von GMER und OSAM:

GMER Log:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-22 11:58:04
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.BKFO
Running: fpbl496r.exe; Driver: C:\Users\***~1\AppData\Local\Temp\kwxciuod.sys


---- System - GMER 1.0.15 ----

SSDT            925FD9E6                                                                                                                ZwCreateSection
SSDT            925FD9F0                                                                                                                ZwRequestWaitReplyPort
SSDT            925FD9EB                                                                                                                ZwSetContextThread
SSDT            925FD9F5                                                                                                                ZwSetSecurityObject
SSDT            925FD9FA                                                                                                                ZwSystemDebugControl
SSDT            925FD987                                                                                                                ZwTerminateProcess

INT 0x51        ?                                                                                                                      90E0C550
INT 0x62        ?                                                                                                                      87AEFBF8
INT 0x71        ?                                                                                                                      90E0C7D0
INT 0x72        ?                                                                                                                      87AEFBF8
INT 0x81        ?                                                                                                                      90E0CA50
INT 0x82        ?                                                                                                                      87AEFBF8
INT 0x82        ?                                                                                                                      87AEFBF8
INT 0xA2        ?                                                                                                                      8612CBF8
INT 0xA2        ?                                                                                                                      87AEFBF8
INT 0xA2        ?                                                                                                                      87AEFBF8
INT 0xA2        ?                                                                                                                      8612CBF8
INT 0xA3        ?                                                                                                                      87AEFBF8

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 215                                                                                          828B88D8 4 Bytes  [E6, D9, 5F, 92] {OUT 0xd9, AL; POP EDI; XCHG EDX, EAX}
.text          ntkrnlpa.exe!KeSetEvent + 539                                                                                          828B8BFC 4 Bytes  [F0, D9, 5F, 92]
.text          ntkrnlpa.exe!KeSetEvent + 56D                                                                                          828B8C30 4 Bytes  [EB, D9, 5F, 92] {JMP 0xffffffffffffffdb; POP EDI; XCHG EDX, EAX}
.text          ntkrnlpa.exe!KeSetEvent + 5D1                                                                                          828B8C94 4 Bytes  [F5, D9, 5F, 92] {CMC ; FSTP DWORD [EDI-0x6e]}
.text          ntkrnlpa.exe!KeSetEvent + 619                                                                                          828B8CDC 4 Bytes  [FA, D9, 5F, 92] {CLI ; FSTP DWORD [EDI-0x6e]}
.text          ...                                                                                                                   
?              System32\Drivers\sppu.sys                                                                                              Das System kann den angegebenen Pfad nicht finden. !
.text          USBPORT.SYS!DllUnload                                                                                                  8F54341B 5 Bytes  JMP 87AEF1D8
.text          aqlmmun0.SYS                                                                                                            908B2000 22 Bytes  [82, D3, BC, 82, 6C, D2, BC, ...]
.text          aqlmmun0.SYS                                                                                                            908B2017 111 Bytes  [00, 32, 57, 79, 80, 3D, 55, ...]
.text          aqlmmun0.SYS                                                                                                            908B2087 33 Bytes  [82, E6, E4, 8B, 82, 36, 3A, ...]
.text          aqlmmun0.SYS                                                                                                            908B20A9 35 Bytes  [22, 85, 82, A0, 19, 85, 82, ...]
.text          aqlmmun0.SYS                                                                                                            908B20CE 10 Bytes  [00, 00, 00, 00, 00, 00, 02, ...]
.text          ...                                                                                                                   
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                                  section is writeable [0xA9EF4300, 0x3B6D8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                  section is writeable [0xA9FCC300, 0x1BEE, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                              [8068B6D6] \SystemRoot\System32\Drivers\sppu.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                [8068B042] \SystemRoot\System32\Drivers\sppu.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                        [8068B800] \SystemRoot\System32\Drivers\sppu.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                              [8068B0C0] \SystemRoot\System32\Drivers\sppu.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                        [8068B13E] \SystemRoot\System32\Drivers\sppu.sys
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                      [8069AE9C] \SystemRoot\System32\Drivers\sppu.sys
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortNotification]                                              CC358B04
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortWritePortUchar]                                            83908D7F
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortWritePortUlong]                                            458B38C6
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                        A5A5A514
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                            100D8BA5
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                      5F908D50
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortReadPortUchar]                                            30810889
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortStallExecution]                                            54771129
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortGetParentBusType]                                          10C25D5E
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortRequestCallback]                                          8B55CC00
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                    084D8BEC
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                      0CF0918B
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortCompleteRequest]                                          458B0000
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortMoveMemory]                                                [8B108910] \SystemRoot\System32\drivers\fwpkclnt.sys (FWP/IPsec Kernel-Mode API/Microsoft Corporation)
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                000CF491
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                    04508900
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                      053C7980
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortReadPortUshort]                                            560C558B
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                      C6127557
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortInitialize]                                                B18D0502
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortGetDeviceBase]                                            00000CF8
IAT            \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortDeviceStateChange]                                        A508788D

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                  8612F1F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                  AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

Device          \FileSystem\fastfat \FatCdrom                                                                                          927FC1F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                Alidevice.SYS (Windows NT alipay kernel module/alipay.com)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                Alidevice.SYS (Windows NT alipay kernel module/alipay.com)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                    853701F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{C3FF4A6B-AFD8-4B3B-B55B-DE46EADD3BD9}                                                926F4390
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                        87AD8498
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                        87AD8498
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                        87AD8498
Device          \Driver\usbehci \Device\USBPDO-3                                                                                        87AE01F8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                        87AD8498
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                        87AD8498
Device          \Driver\PCI_PNP6229 \Device\00000062                                                                                    sppu.sys
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                        87AD8498
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                  853701F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                  snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                  timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device          \Driver\usbehci \Device\USBPDO-7                                                                                        87AE01F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                  853701F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                  snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                  timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device          \Driver\cdrom \Device\CdRom0                                                                                            87D1D1F8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                      [82EB55A0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                          [82EB55A0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                          [82EB55A0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                  853701F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                  snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                  timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device          \Driver\netbt \Device\NetBT_Tcpip_{ED7EB904-6721-47CC-A022-F7788A4A5638}                                                926F4390
Device          \Driver\cdrom \Device\CdRom1                                                                                            87D1D1F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                                926F4390
Device          \Driver\Smb \Device\NetbiosSmb                                                                                          9273F1F8
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                      87D991F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{AC27E35C-A17D-4F60-BE78-EB644ACFF10D}                                                926F4390
Device          \Driver\BTHUSB \Device\00000098                                                                                        bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000098                                                                                        bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                        87AD8498
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                        87AD8498
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                        87AD8498
Device          \Driver\usbehci \Device\USBFDO-3                                                                                        87AE01F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                        87AD8498
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                        87AD8498
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                        87AD8498
Device          \Driver\usbehci \Device\USBFDO-7                                                                                        87AE01F8
Device          \Driver\sptd \Device\3035466244                                                                                        sppu.sys
Device          \Driver\aqlmmun0 \Device\Scsi\aqlmmun01Port2Path0Target0Lun0                                                            87D841F8
Device          \Driver\aqlmmun0 \Device\Scsi\aqlmmun01                                                                                87D841F8
Device          \Driver\BTHUSB \Device\0000009a                                                                                        bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\0000009a                                                                                        bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device          \FileSystem\fastfat \Fat                                                                                                927FC1F8

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \FileSystem\cdfs \Cdfs                                                                                                  AECE01F8

---- Threads - GMER 1.0.15 ----

Thread          System [4:2996]                                                                                                        AC5198C8
Thread          System [4:3000]                                                                                                        AC5198C8

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243c4f209                                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243c4f209@000de68e61ff                                0x41 0xCB 0xCF 0x71 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                      771343423
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                      285507792
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                      2
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                       
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                    1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0xEA 0xDA 0x14 0xDB ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                       
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x8E 0x77 0xF2 0x04 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                             
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0xD0 0x6A 0xD1 0xA3 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                         
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x7A 0x8B 0x5A 0x6F ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0494ed2b-a00c-406c-a62f-21ebc82e1186}@Dhcpv6Iaid  704643072
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0494ed2b-a00c-406c-a62f-21ebc82e1186}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{199d9774-1d87-43c0-bcef-811959e175fd}@Dhcpv6Iaid  167781204
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{199d9774-1d87-43c0-bcef-811959e175fd}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{199d9774-1d87-43c0-bcef-811959e175fd}@NameServer 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{214985cb-91b5-4edb-bf49-04603d706110}@Dhcpv6Iaid  637542979
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{214985cb-91b5-4edb-bf49-04603d706110}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{33420e29-6319-49a4-b419-f73ef867e746}@Dhcpv6Iaid  251666060
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{33420e29-6319-49a4-b419-f73ef867e746}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{524e379e-e44e-48f3-bcc2-88d51e6e642f}@Dhcpv6Iaid  603979776
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{524e379e-e44e-48f3-bcc2-88d51e6e642f}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{98595871-6298-4994-88cc-750eae58c6e5}@Dhcpv6Iaid  469762048
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{98595871-6298-4994-88cc-750eae58c6e5}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid  117445666
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ac27e35c-a17d-4f60-be78-eb644acff10d}@Dhcpv6Iaid  268444500
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ac27e35c-a17d-4f60-be78-eb644acff10d}@Dhcpv6State  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ac27e35c-a17d-4f60-be78-eb644acff10d}@NameServer 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{b040e30f-1320-4b9c-aeb9-c4a1e75acbdd}@Dhcpv6Iaid  687865856
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{b040e30f-1320-4b9c-aeb9-c4a1e75acbdd}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6Iaid  201331746
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c3ff4a6b-afd8-4b3b-b55b-de46eadd3bd9}@Dhcpv6Iaid  285221213
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c3ff4a6b-afd8-4b3b-b55b-de46eadd3bd9}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c3ff4a6b-afd8-4b3b-b55b-de46eadd3bd9}@NameServer 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{e0a5b4ad-2971-4d2c-9730-425ce6b065a4}@Dhcpv6Iaid  335675476
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{e0a5b4ad-2971-4d2c-9730-425ce6b065a4}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{e0a5b4ad-2971-4d2c-9730-425ce6b065a4}@NameServer 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{e3956ff0-3f9f-4edc-b5e3-0fbfac891c85}@Dhcpv6Iaid  662337280
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{e3956ff0-3f9f-4edc-b5e3-0fbfac891c85}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ed7eb904-6721-47cc-a022-f7788a4a5638}@Dhcpv6Iaid  201335363
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ed7eb904-6721-47cc-a022-f7788a4a5638}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ed7eb904-6721-47cc-a022-f7788a4a5638}@NameServer 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ee935c63-a647-4d71-b1eb-b2cb7135d8d9}@Dhcpv6Iaid  561674641
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ee935c63-a647-4d71-b1eb-b2cb7135d8d9}@Dhcpv6State  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid  100668450
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6Iaid  234886178
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6State  0
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243c4f209 (not active ControlSet)                       
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243c4f209@000de68e61ff                                    0x41 0xCB 0xCF 0x71 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                        1
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                      0xEA 0xDA 0x14 0xDB ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                        C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                        0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x8E 0x77 0xF2 0x04 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)         
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                            0xD0 0x6A 0xD1 0xA3 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0x7A 0x8B 0x5A 0x6F ...
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{0494ed2b-a00c-406c-a62f-21ebc82e1186}@Dhcpv6Iaid      704643072
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{0494ed2b-a00c-406c-a62f-21ebc82e1186}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{199d9774-1d87-43c0-bcef-811959e175fd}@Dhcpv6Iaid      167781204
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{199d9774-1d87-43c0-bcef-811959e175fd}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{199d9774-1d87-43c0-bcef-811959e175fd}@NameServer     
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{214985cb-91b5-4edb-bf49-04603d706110}@Dhcpv6Iaid      637542979
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{214985cb-91b5-4edb-bf49-04603d706110}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{33420e29-6319-49a4-b419-f73ef867e746}@Dhcpv6Iaid      251666060
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{33420e29-6319-49a4-b419-f73ef867e746}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{524e379e-e44e-48f3-bcc2-88d51e6e642f}@Dhcpv6Iaid      603979776
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{524e379e-e44e-48f3-bcc2-88d51e6e642f}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{98595871-6298-4994-88cc-750eae58c6e5}@Dhcpv6Iaid      469762048
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{98595871-6298-4994-88cc-750eae58c6e5}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid      117445666
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ac27e35c-a17d-4f60-be78-eb644acff10d}@Dhcpv6Iaid      268444500
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ac27e35c-a17d-4f60-be78-eb644acff10d}@Dhcpv6State      1
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ac27e35c-a17d-4f60-be78-eb644acff10d}@NameServer     
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{b040e30f-1320-4b9c-aeb9-c4a1e75acbdd}@Dhcpv6Iaid      687865856
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{b040e30f-1320-4b9c-aeb9-c4a1e75acbdd}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6Iaid      201331746
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{c3ff4a6b-afd8-4b3b-b55b-de46eadd3bd9}@Dhcpv6Iaid      285221213
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{c3ff4a6b-afd8-4b3b-b55b-de46eadd3bd9}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{c3ff4a6b-afd8-4b3b-b55b-de46eadd3bd9}@NameServer     
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{e0a5b4ad-2971-4d2c-9730-425ce6b065a4}@Dhcpv6Iaid      335675476
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{e0a5b4ad-2971-4d2c-9730-425ce6b065a4}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{e0a5b4ad-2971-4d2c-9730-425ce6b065a4}@NameServer     
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{e3956ff0-3f9f-4edc-b5e3-0fbfac891c85}@Dhcpv6Iaid      662337280
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{e3956ff0-3f9f-4edc-b5e3-0fbfac891c85}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ed7eb904-6721-47cc-a022-f7788a4a5638}@Dhcpv6Iaid      201335363
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ed7eb904-6721-47cc-a022-f7788a4a5638}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ed7eb904-6721-47cc-a022-f7788a4a5638}@NameServer     
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ee935c63-a647-4d71-b1eb-b2cb7135d8d9}@Dhcpv6Iaid      561674641
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ee935c63-a647-4d71-b1eb-b2cb7135d8d9}@Dhcpv6State      1
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid      100668450
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6Iaid      234886178
Reg            HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6State      0

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                                                                      0 bytes
File            C:\ADSM_PData_0150\DB                                                                                                  0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                                            624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                                            16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                                            16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                                              512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                                        253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                                                512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                                            0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                                  29752 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                                        512 bytes

---- EOF - GMER 1.0.15 ----

OSAM-Log:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:52:06 on 22.06.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Opera Software Opera Internet Browser 12.00

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1799299016-3692624258-2031827036-1000Core.job" - "Google Inc." - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1799299016-3692624258-2031827036-1000UA.job" - "Google Inc." - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\Windows\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\Windows\System32\DRIVERS\tifsfilt.sys
"Alidevice" (Alidevice) - "alipay.com" - C:\Windows\system32\drivers\Alidevice.sys
"aqlmmun0" (aqlmmun0) - "Microsoft Corporation" - C:\Windows\system32\drivers\aqlmmun0.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\AsDsm.sys
"enodpl" (enodpl) - ? - C:\Windows\System32\drivers\enodpl.sys  (File found, but it contains no detailed information)
"EterlogicVirtualSerialDriver" (EterlogicVirtualSerialDriver) - ? - C:\Windows\system32\drivers\VSPE.sys  (File found, but it contains no detailed information)
"ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys  (File found, but it contains no detailed information)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kwxciuod" (kwxciuod) - ? - C:\Users\***~1\AppData\Local\Temp\kwxciuod.sys  (Hidden registry entry, rootkit activity | File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"lullaby" (lullaby) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\lullaby.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PlayLinc Adapter" (hamachi_oem) - "Applied Networking Inc." - C:\Windows\System32\DRIVERS\gan_adapter.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SCDEmu" (SCDEmu) - "PowerISO Computing, Inc." - C:\Windows\system32\drivers\SCDEmu.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"tandpl" (tandpl) - ? - C:\Windows\System32\drivers\tandpl.sys  (File found, but it contains no detailed information)
"vsdatant7" (vsdatant7) - ? - C:\Windows\System32\drivers\vsdatant.win7.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f "StubPath" - "Expert System S.p.A." - C:\ProgramData\Duden\dkreg.exe /dktray=on /csapi=on /ALLUSERS
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech Inc." - C:\Program Files\SetPoint\kbcplext.dll
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech Inc." - C:\Program Files\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - "PowerISO Computing, Inc." - C:\Program Files\PowerISO\PWRISOSH.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} "CDownloadCtrl Object" - "IGN Entertainment" - C:\Program Files\Download Manager\DLMControl.dll / hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\npjpi170_02.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - ? - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX  (File not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
"ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} "{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}" - ? -  (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - C:\Windows\system32\relog_ap.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"SetPoint.lnk" - "Logitech Inc." - C:\Program Files\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"Dexpot" - "Dexpot GbR" - C:\Program Files\Dexpot\dexpot.exe
"Duden Korrektor SysTray" - "Expert System S.p.A." - C:\Program Files\Duden\Duden-Rechtschreibprüfung\DKTray.exe
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"Pando Media Booster" - ? - C:\Program Files\Pando Networks\Media Booster\PMB.exe
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ATKOSD2" - "ASUS" - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DirectConsole2" - "ASUSTek." - C:\Program Files\ASUS\Direct Console\Direct Console.exe
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HControlUser" - "ASUS" - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NBKeyScan" - "Nero AG" - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"P2Go_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TrueImageMonitor.exe" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bullzip PDF Print Monitor" - "Bullzip" - C:\Windows\system32\bzpdf.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acronis OS Selector Reinstall Service" (AcronisOSSReinstallSvc) - ? - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe  (File found, but it contains no detailed information)
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
"ADSM Service" (ADSMService) - ? - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
"AmplusnetPrivacyTools" (AmplusnetPrivacyTools) - ? - C:\Windows\system32\AmplusnetPrivacyTools.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca1514d26808b8)" (gupdate1ca1514d26808b8) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Anmerkung zu OSAM:
Nachdem der Autorun-Scan durchgelaufen ist und ich die ersten zwei "Next" geklickt habe (siehe Eure OSAM-Anleitung) will er zu dem Online Malware Scanner verbinden. Dabei erhalte ich:
* Connecting to OMS Base: OK
* Checking protocol version: OK
* Getting server configuration: OK
* Collecting hashes: OK
* Waiting for server analyse request: FAILED
Bei diesem Fenster bleibt mir also nur der Cancel-Button. Das als Anmerkung, weil ich nicht weiss, ob das aus der Log-Datei ersichtlich ist.

Nächster Schritt Deiner Anweisung kommt je nach Zeit voraussichtlich heute am Nachmittag oder Abend. -

cosinus 22.06.2012 12:55
Zitat:
* Waiting for server analyse request: FAILED
Bei diesem Fenster bleibt mir also nur der Cancel-Button. Das als Anmerkung, weil ich nicht weiss, ob das aus der Log-Datei ersichtlich ist.
*hüstel*

- die Online-Abfrage durch OSAM bitte überspringen.

DA1985 22.06.2012 13:33
Zitat:
Zitat von cosinus (Beitrag 850573)
*hüstel*

- die Online-Abfrage durch OSAM bitte überspringen.
Da habe ich wohl zu viel in dem OSAM-Thread und zu wenig in Deiner Anweisung gelesen... viele Grüße vom DAU :twak:

cosinus 22.06.2012 13:50
Zitat:
Zitat von DA1985 (Beitrag 850615)
... viele Grüße vom DAU :twak:
Sei nicht so streng mit dir :lach: :party:

DA1985 23.06.2012 11:36
So, hier nun doch mit einem Tag Verzug die Log-Datei von aswMBR:
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-23 02:52:05
-----------------------------
02:52:05.935    OS Version: Windows 6.0.6002 Service Pack 2
02:52:05.935    Number of processors: 2 586 0x1706
02:52:05.935    ComputerName: ***LAPTOP  UserName: ***
02:52:24.409    Initialize success
02:52:35.809    AVAST engine defs: 12062200
02:52:51.472    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:52:51.472    Disk 0 Vendor: Hitachi_ BKFO Size: 476940MB BusType: 3
02:52:51.940    Disk 0 MBR read successfully
02:52:51.940    Disk 0 MBR scan
02:52:52.002    Disk 0 unknown MBR code
02:52:52.111    Disk 0 Partition 1 00    1C Hidd FAT32 LBA MSDOS5.0    10001 MB offset 63
02:52:52.252    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      102406 MB offset 20482875
02:52:52.267    Disk 0 Partition - 00    05    Extended            364529 MB offset 230211450
02:52:52.423    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      364529 MB offset 230211514
02:52:53.110    Disk 0 scanning sectors +976768065
02:52:53.547    Disk 0 scanning C:\Windows\system32\drivers
02:55:15.007    Service scanning
02:55:41.527    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
02:55:50.153    Modules scanning
02:58:51.035    Disk 0 trace - called modules:
02:58:51.145    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys sppu.sys >>UNKNOWN [0x860e4938]<<
02:58:51.145    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872fd848]
02:58:51.145    3 CLASSPNP.SYS[8b3b98b3] -> nt!IofCallDriver -> [0x862016c8]
02:58:51.145    5 acpi.sys[807c16bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8618a028]
02:58:51.784    AVAST engine scan C:\Windows
03:00:20.657    AVAST engine scan C:\Windows\system32
03:32:17.082    AVAST engine scan C:\Windows\system32\drivers
03:35:51.831    AVAST engine scan C:\Users\***
05:43:59.808    AVAST engine scan C:\ProgramData
06:04:44.625    Scan finished successfully
12:32:27.284    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
12:32:27.284    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

cosinus 24.06.2012 16:16
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

DA1985 25.06.2012 10:12
Der MBR-Fix scheint geklappt zu haben, bekam nach wenigen Sekunden die Nachricht über den Erfolg des Fixens. Nach Neustart des PCs und einem weiteren Scan mit MBR sieht das entsprechende Log folgendermaßen aus:
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-25 01:34:16
-----------------------------
01:34:16.341    OS Version: Windows 6.0.6002 Service Pack 2
01:34:16.341    Number of processors: 2 586 0x1706
01:34:16.341    ComputerName: ***LAPTOP  UserName: ***
01:34:58.882    Initialize success
01:35:17.072    AVAST engine defs: 12062401
01:36:25.244    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:36:25.259    Disk 0 Vendor: Hitachi_ BKFO Size: 476940MB BusType: 3
01:36:25.290    Disk 0 MBR read successfully
01:36:25.290    Disk 0 MBR scan
01:36:25.290    Disk 0 Windows VISTA default MBR code
01:36:25.306    Disk 0 Partition 1 00    1C Hidd FAT32 LBA MSDOS5.0    10001 MB offset 63
01:36:25.322    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      102406 MB offset 20482875
01:36:25.337    Disk 0 Partition - 00    05    Extended            364529 MB offset 230211450
01:36:25.368    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      364529 MB offset 230211514
01:36:25.384    Disk 0 scanning sectors +976768065
01:36:25.509    Disk 0 scanning C:\Windows\system32\drivers
01:36:48.659    Service scanning
01:37:18.762    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
01:37:36.437    Modules scanning
01:38:06.389    Disk 0 trace - called modules:
01:38:06.420    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spkk.sys >>UNKNOWN [0x860e8938]<<
01:38:06.420    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8738e8e0]
01:38:06.420    3 CLASSPNP.SYS[8b3c78b3] -> nt!IofCallDriver -> [0x86202678]
01:38:06.436    5 acpi.sys[805c26bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8539e028]
01:38:08.604    AVAST engine scan C:\Windows
01:38:13.736    AVAST engine scan C:\Windows\system32
01:41:16.818    AVAST engine scan C:\Windows\system32\drivers
01:41:32.418    AVAST engine scan C:\Users\***
02:06:14.012    AVAST engine scan C:\ProgramData
02:11:42.751    Scan finished successfully
11:06:22.813    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
11:06:22.829    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR_2.txt"

cosinus 25.06.2012 12:11
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:59 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131