Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd ab (https://www.trojaner-board.de/123376-startfenster-com-flash-shockwave-update-flash-plugin-stuerzt-dauernd-ab.html)

cosinus 11.09.2012 15:51
Code:
Admin :: BÜRO-PC [Administrator]
Büro-PC, User: Admin - ist das ein Firmenrechner?

tigershark20 11.09.2012 19:24
Nein, das ist mein Privat-Rechner, der aber im Arbeitszimmer steht, deswegen Büro-PC.

cosinus 11.09.2012 23:16
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - user.js - File not found
SRV - File not found [On_Demand | Stopped] -- c:\programdata\partner\partner.exe -- (Partner Service)
IE - HKU\S-1-5-21-4294008180-2172255532-983037165-1003\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=dQrNw2Q8yL6A6tpkZRjrcFhg3nE?q={searchTerms}
IE - HKU\S-1-5-21-4294008180-2172255532-983037165-1005\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=LO_MdShu8UqBTYz5km95XlvNP70?q={searchTerms}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-4294008180-2172255532-983037165-1003..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4294008180-2172255532-983037165-1005..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7e85633f-7643-11dd-bac9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7e85633f-7643-11dd-bac9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Msetup4.exe
:Files
c:\programdata\partner
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

tigershark20 12.09.2012 15:15
Code:
All processes killed
========== OTL ==========
Service Partner Service stopped successfully!
Service Partner Service deleted successfully!
File c:\programdata\partner\partner.exe not found.
Registry key HKEY_USERS\S-1-5-21-4294008180-2172255532-983037165-1003\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-4294008180-2172255532-983037165-1005\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4294008180-2172255532-983037165-1003\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-4294008180-2172255532-983037165-1005\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
File C:\Programme\Spybot - Search & Destroy\TeaTimer.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e85633f-7643-11dd-bac9-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e85633f-7643-11dd-bac9-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e85633f-7643-11dd-bac9-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e85633f-7643-11dd-bac9-806e6f6e6963}\ not found.
File E:\Msetup4.exe not found.
========== FILES ==========
File\Folder c:\programdata\partner not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Tobias\Documents\Desktop\cmd.bat deleted successfully.
C:\Users\Tobias\Documents\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 858402 bytes
->Temporary Internet Files folder emptied: 52936777 bytes
->Java cache emptied: 27844531 bytes
->FireFox cache emptied: 102732139 bytes
->Flash cache emptied: 535 bytes
 
User: Alexandra
->Temp folder emptied: 11305206 bytes
->Temporary Internet Files folder emptied: 3441128 bytes
->Java cache emptied: 41461958 bytes
->FireFox cache emptied: 40960945 bytes
->Flash cache emptied: 1571 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 75 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ms4
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 75 bytes
 
User: Public
 
User: TEMP
 
User: Tobias
->Temp folder emptied: 27060409 bytes
->Temporary Internet Files folder emptied: 70596243 bytes
->Java cache emptied: 721268 bytes
->FireFox cache emptied: 221682066 bytes
->Flash cache emptied: 2475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1143514 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64972 bytes
RecycleBin emptied: 373873329 bytes
 
Total Files Cleaned = 931,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.3 log created on 09122012_155135

cosinus 12.09.2012 15:32
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

tigershark20 12.09.2012 16:03
Code:
16:59:51.0392 6032  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:59:51.0860 6032  ============================================================
16:59:51.0860 6032  Current date / time: 2012/09/12 16:59:51.0860
16:59:51.0860 6032  SystemInfo:
16:59:51.0860 6032 
16:59:51.0860 6032  OS Version: 6.0.6002 ServicePack: 2.0
16:59:51.0860 6032  Product type: Workstation
16:59:51.0860 6032  ComputerName: BÜRO-PC
16:59:51.0860 6032  UserName: Admin
16:59:51.0860 6032  Windows directory: C:\Windows
16:59:51.0860 6032  System windows directory: C:\Windows
16:59:51.0860 6032  Processor architecture: Intel x86
16:59:51.0860 6032  Number of processors: 2
16:59:51.0860 6032  Page size: 0x1000
16:59:51.0860 6032  Boot type: Normal boot
16:59:51.0860 6032  ============================================================
16:59:53.0311 6032  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:59:53.0311 6032  ============================================================
16:59:53.0311 6032  \Device\Harddisk0\DR0:
16:59:53.0311 6032  MBR partitions:
16:59:53.0311 6032  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x12057000
16:59:53.0311 6032  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x133DF800, BlocksNum 0x1204E800
16:59:53.0311 6032  ============================================================
16:59:53.0358 6032  C: <-> \Device\Harddisk0\DR0\Partition1
16:59:53.0451 6032  D: <-> \Device\Harddisk0\DR0\Partition2
16:59:53.0451 6032  ============================================================
16:59:53.0451 6032  Initialize success
16:59:53.0451 6032  ============================================================
17:01:06.0705 0484  ============================================================
17:01:06.0705 0484  Scan started
17:01:06.0705 0484  Mode: Manual; SigCheck; TDLFS;
17:01:06.0705 0484  ============================================================
17:01:07.0376 0484  ================ Scan system memory ========================
17:01:07.0376 0484  System memory - ok
17:01:07.0376 0484  ================ Scan services =============================
17:01:07.0625 0484  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:01:08.0015 0484  ACPI - ok
17:01:08.0156 0484  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:01:08.0187 0484  AdobeARMservice - ok
17:01:08.0234 0484  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
17:01:08.0296 0484  adp94xx - ok
17:01:08.0327 0484  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci        C:\Windows\system32\drivers\adpahci.sys
17:01:08.0374 0484  adpahci - ok
17:01:08.0405 0484  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:01:08.0452 0484  adpu160m - ok
17:01:08.0483 0484  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
17:01:08.0530 0484  adpu320 - ok
17:01:08.0577 0484  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
17:01:08.0764 0484  AeLookupSvc - ok
17:01:08.0826 0484  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
17:01:08.0889 0484  AFD - ok
17:01:08.0936 0484  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:01:08.0982 0484  agp440 - ok
17:01:09.0014 0484  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
17:01:09.0076 0484  aic78xx - ok
17:01:09.0107 0484  [ 8D59617A9C3DBF4650AA44F4E9215744 ] AlfaFF          C:\Windows\system32\Drivers\AlfaFF.sys
17:01:09.0170 0484  AlfaFF - ok
17:01:09.0201 0484  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
17:01:09.0357 0484  ALG - ok
17:01:09.0404 0484  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:01:09.0450 0484  aliide - ok
17:01:09.0466 0484  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:01:09.0513 0484  amdagp - ok
17:01:09.0528 0484  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:01:09.0575 0484  amdide - ok
17:01:09.0591 0484  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
17:01:09.0700 0484  AmdK7 - ok
17:01:09.0731 0484  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
17:01:09.0825 0484  AmdK8 - ok
17:01:09.0887 0484  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:01:09.0918 0484  AntiVirSchedulerService - ok
17:01:09.0950 0484  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:01:09.0981 0484  AntiVirService - ok
17:01:10.0028 0484  [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:01:10.0090 0484  AntiVirWebService - ok
17:01:10.0137 0484  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
17:01:10.0230 0484  Appinfo - ok
17:01:10.0262 0484  [ 5D2888182FB46632511ACEE92FDAD522 ] arc            C:\Windows\system32\drivers\arc.sys
17:01:10.0308 0484  arc - ok
17:01:10.0355 0484  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:01:10.0386 0484  arcsas - ok
17:01:10.0433 0484  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:01:10.0542 0484  AsyncMac - ok
17:01:10.0589 0484  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi          C:\Windows\system32\drivers\atapi.sys
17:01:10.0620 0484  atapi - ok
17:01:10.0667 0484  [ F4B36684811CA991AA2385CB963CA56B ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
17:01:10.0792 0484  Ati External Event Utility - ok
17:01:10.0964 0484  [ D4129EDF159A9B352BB0D3E5CE0DAC04 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:01:11.0276 0484  atikmdag - ok
17:01:11.0338 0484  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:01:11.0400 0484  AudioEndpointBuilder - ok
17:01:11.0432 0484  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:01:11.0494 0484  Audiosrv - ok
17:01:11.0541 0484  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:01:11.0572 0484  avgntflt - ok
17:01:11.0603 0484  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:01:11.0650 0484  avipbb - ok
17:01:11.0681 0484  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:01:11.0712 0484  avkmgr - ok
17:01:11.0790 0484  [ 7D0F2BFA273831124FA08526AF48AF18 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:01:11.0868 0484  b57nd60x - ok
17:01:11.0962 0484  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:01:11.0993 0484  BcmSqlStartupSvc - ok
17:01:12.0040 0484  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:01:12.0149 0484  Beep - ok
17:01:12.0212 0484  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
17:01:12.0290 0484  BFE - ok
17:01:12.0352 0484  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
17:01:12.0477 0484  BITS - ok
17:01:12.0508 0484  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:01:12.0586 0484  blbdrive - ok
17:01:12.0617 0484  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:01:12.0680 0484  bowser - ok
17:01:12.0711 0484  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:01:12.0773 0484  BrFiltLo - ok
17:01:12.0804 0484  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:01:12.0898 0484  BrFiltUp - ok
17:01:12.0929 0484  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
17:01:13.0023 0484  Browser - ok
17:01:13.0054 0484  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
17:01:13.0335 0484  Brserid - ok
17:01:13.0366 0484  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:01:13.0491 0484  BrSerWdm - ok
17:01:13.0506 0484  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:01:13.0631 0484  BrUsbMdm - ok
17:01:13.0662 0484  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:01:13.0787 0484  BrUsbSer - ok
17:01:13.0850 0484  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
17:01:13.0928 0484  BthEnum - ok
17:01:13.0959 0484  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:01:14.0146 0484  BTHMODEM - ok
17:01:14.0208 0484  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:01:14.0302 0484  BthPan - ok
17:01:14.0364 0484  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
17:01:14.0474 0484  BTHPORT - ok
17:01:14.0520 0484  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ        C:\Windows\System32\bthserv.dll
17:01:14.0598 0484  BthServ - ok
17:01:14.0645 0484  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
17:01:14.0692 0484  BTHUSB - ok
17:01:14.0770 0484  [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
17:01:14.0801 0484  btwaudio - ok
17:01:14.0817 0484  [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt        C:\Windows\system32\drivers\btwavdt.sys
17:01:14.0864 0484  btwavdt - ok
17:01:14.0895 0484  [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
17:01:14.0926 0484  btwrchid - ok
17:01:14.0973 0484  [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
17:01:14.0988 0484  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
17:01:14.0988 0484  BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
17:01:15.0035 0484  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:01:15.0113 0484  cdfs - ok
17:01:15.0160 0484  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
17:01:15.0222 0484  cdrom - ok
17:01:15.0269 0484  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
17:01:15.0347 0484  CertPropSvc - ok
17:01:15.0363 0484  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
17:01:15.0456 0484  circlass - ok
17:01:15.0503 0484  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
17:01:15.0550 0484  CLFS - ok
17:01:15.0597 0484  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:01:15.0628 0484  clr_optimization_v2.0.50727_32 - ok
17:01:15.0737 0484  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:01:15.0768 0484  clr_optimization_v4.0.30319_32 - ok
17:01:15.0815 0484  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:01:15.0893 0484  CmBatt - ok
17:01:15.0909 0484  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:01:15.0956 0484  cmdide - ok
17:01:15.0987 0484  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:01:16.0018 0484  Compbatt - ok
17:01:16.0034 0484  COMSysApp - ok
17:01:16.0080 0484  [ 097A0A4899B759A4F032BD464963B4BE ] cpuz132        C:\Windows\system32\drivers\cpuz132_x32.sys
17:01:16.0112 0484  cpuz132 ( UnsignedFile.Multi.Generic ) - warning
17:01:16.0112 0484  cpuz132 - detected UnsignedFile.Multi.Generic (1)
17:01:16.0127 0484  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
17:01:16.0174 0484  crcdisk - ok
17:01:16.0190 0484  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
17:01:16.0299 0484  Crusoe - ok
17:01:16.0361 0484  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:01:16.0424 0484  CryptSvc - ok
17:01:16.0486 0484  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:01:16.0595 0484  DcomLaunch - ok
17:01:16.0626 0484  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:01:16.0704 0484  DfsC - ok
17:01:16.0798 0484  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
17:01:17.0188 0484  DFSR - ok
17:01:17.0250 0484  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:01:17.0328 0484  Dhcp - ok
17:01:17.0391 0484  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
17:01:17.0422 0484  disk - ok
17:01:17.0469 0484  [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr        C:\Windows\system32\DRIVERS\DKbFltr.sys
17:01:17.0500 0484  DKbFltr - ok
17:01:17.0562 0484  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:01:17.0625 0484  Dnscache - ok
17:01:17.0672 0484  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
17:01:17.0734 0484  dot3svc - ok
17:01:17.0781 0484  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
17:01:17.0874 0484  DPS - ok
17:01:17.0906 0484  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
17:01:17.0984 0484  drmkaud - ok
17:01:18.0030 0484  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
17:01:18.0108 0484  DXGKrnl - ok
17:01:18.0140 0484  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
17:01:18.0249 0484  E1G60 - ok
17:01:18.0296 0484  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
17:01:18.0374 0484  EapHost - ok
17:01:18.0420 0484  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:01:18.0467 0484  Ecache - ok
17:01:18.0498 0484  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
17:01:18.0561 0484  ehRecvr - ok
17:01:18.0576 0484  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
17:01:18.0654 0484  ehSched - ok
17:01:18.0686 0484  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
17:01:18.0732 0484  ehstart - ok
17:01:18.0779 0484  [ 23B62471681A124889978F6295B3F4C6 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
17:01:18.0826 0484  elxstor - ok
17:01:18.0904 0484  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
17:01:19.0013 0484  EMDMgmt - ok
17:01:19.0044 0484  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:01:19.0107 0484  ErrDev - ok
17:01:19.0169 0484  [ A51FD9DF23720485991F56741BBEFCFB ] ETService      C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
17:01:19.0185 0484  ETService ( UnsignedFile.Multi.Generic ) - warning
17:01:19.0185 0484  ETService - detected UnsignedFile.Multi.Generic (1)
17:01:19.0232 0484  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
17:01:19.0310 0484  EventSystem - ok
17:01:19.0419 0484  [ 54B6E150BFF4A47EB0D204119D262E46 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:01:19.0512 0484  EvtEng ( UnsignedFile.Multi.Generic ) - warning
17:01:19.0512 0484  EvtEng - detected UnsignedFile.Multi.Generic (1)
17:01:19.0575 0484  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
17:01:19.0668 0484  exfat - ok
17:01:19.0715 0484  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
17:01:19.0793 0484  fastfat - ok
17:01:19.0824 0484  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
17:01:19.0902 0484  fdc - ok
17:01:19.0934 0484  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
17:01:20.0012 0484  fdPHost - ok
17:01:20.0027 0484  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:01:20.0168 0484  FDResPub - ok
17:01:20.0199 0484  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:01:20.0246 0484  FileInfo - ok
17:01:20.0277 0484  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
17:01:20.0370 0484  Filetrace - ok
17:01:20.0402 0484  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:01:20.0495 0484  flpydisk - ok
17:01:20.0542 0484  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:01:20.0589 0484  FltMgr - ok
17:01:20.0698 0484  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
17:01:20.0870 0484  FontCache - ok
17:01:20.0963 0484  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:01:20.0994 0484  FontCache3.0.0.0 - ok
17:01:21.0057 0484  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:01:21.0135 0484  Fs_Rec - ok
17:01:21.0166 0484  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:01:21.0213 0484  gagp30kx - ok
17:01:21.0322 0484  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
17:01:21.0353 0484  GoogleDesktopManager-051210-111108 - ok
17:01:21.0400 0484  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
17:01:21.0525 0484  gpsvc - ok
17:01:21.0572 0484  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
17:01:21.0618 0484  gupdate - ok
17:01:21.0634 0484  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:01:21.0665 0484  gupdatem - ok
17:01:21.0728 0484  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:01:21.0774 0484  gusvc - ok
17:01:21.0837 0484  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:01:21.0899 0484  HdAudAddService - ok
17:01:21.0962 0484  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:01:22.0086 0484  HDAudBus - ok
17:01:22.0149 0484  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:01:22.0289 0484  HidBth - ok
17:01:22.0383 0484  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
17:01:22.0539 0484  HidIr - ok
17:01:22.0586 0484  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
17:01:22.0648 0484  hidserv - ok
17:01:22.0710 0484  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:01:22.0773 0484  HidUsb - ok
17:01:22.0804 0484  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:01:22.0882 0484  hkmsvc - ok
17:01:22.0913 0484  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
17:01:22.0944 0484  HpCISSs - ok
17:01:23.0054 0484  [ F9A4BED3B4117752E0A7EEF69977FE1E ] HRService      C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe
17:01:23.0085 0484  HRService - ok
17:01:23.0116 0484  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:01:23.0194 0484  HSFHWAZL - ok
17:01:23.0256 0484  [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV        C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:01:23.0412 0484  HSF_DPV - ok
17:01:23.0444 0484  [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:01:23.0506 0484  HSXHWAZL - ok
17:01:23.0568 0484  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:01:23.0662 0484  HTTP - ok
17:01:23.0709 0484  [ C6B032D69650985468160FC9937CF5B4 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
17:01:23.0740 0484  i2omp - ok
17:01:23.0771 0484  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:01:23.0849 0484  i8042prt - ok
17:01:23.0880 0484  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
17:01:23.0927 0484  iaStorV - ok
17:01:24.0021 0484  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:01:24.0052 0484  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:01:24.0052 0484  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:01:24.0161 0484  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:01:24.0270 0484  idsvc - ok
17:01:24.0442 0484  [ 68FA70AD97555C4F81478D9FFE6374A8 ] IGBASVC        C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
17:01:24.0926 0484  IGBASVC ( UnsignedFile.Multi.Generic ) - warning
17:01:24.0926 0484  IGBASVC - detected UnsignedFile.Multi.Generic (1)
17:01:24.0957 0484  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
17:01:24.0988 0484  iirsp - ok
17:01:25.0035 0484  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:01:25.0128 0484  IKEEXT - ok
17:01:25.0175 0484  [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15          C:\Windows\system32\drivers\int15.sys
17:01:25.0206 0484  int15 ( UnsignedFile.Multi.Generic ) - warning
17:01:25.0206 0484  int15 - detected UnsignedFile.Multi.Generic (1)
17:01:25.0331 0484  [ 58628F232A00A3149D7CC7708C521499 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:01:25.0518 0484  IntcAzAudAddService - ok
17:01:25.0565 0484  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:01:25.0596 0484  intelide - ok
17:01:25.0628 0484  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:01:25.0721 0484  intelppm - ok
17:01:25.0752 0484  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
17:01:25.0830 0484  IPBusEnum - ok
17:01:25.0862 0484  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:01:25.0940 0484  IpFilterDriver - ok
17:01:25.0986 0484  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:01:26.0064 0484  iphlpsvc - ok
17:01:26.0080 0484  IpInIp - ok
17:01:26.0111 0484  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
17:01:26.0189 0484  IPMIDRV - ok
17:01:26.0220 0484  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
17:01:26.0298 0484  IPNAT - ok
17:01:26.0330 0484  [ E50A95179211B12946F7E035D60AF560 ] irda            C:\Windows\system32\DRIVERS\irda.sys
17:01:26.0423 0484  irda - ok
17:01:26.0454 0484  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:01:26.0517 0484  IRENUM - ok
17:01:26.0548 0484  [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon          C:\Windows\System32\irmon.dll
17:01:26.0673 0484  Irmon - ok
17:01:26.0704 0484  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:01:26.0751 0484  isapnp - ok
17:01:26.0813 0484  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:01:26.0860 0484  iScsiPrt - ok
17:01:26.0891 0484  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:01:26.0922 0484  iteatapi - ok
17:01:26.0938 0484  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
17:01:26.0985 0484  iteraid - ok
17:01:27.0016 0484  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr      C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
17:01:27.0047 0484  IviRegMgr - ok
17:01:27.0063 0484  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:01:27.0110 0484  kbdclass - ok
17:01:27.0156 0484  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:01:27.0234 0484  kbdhid - ok
17:01:27.0281 0484  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
17:01:27.0344 0484  KeyIso - ok
17:01:27.0390 0484  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:01:27.0468 0484  KSecDD - ok
17:01:27.0515 0484  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
17:01:27.0624 0484  KtmRm - ok
17:01:27.0656 0484  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:01:27.0765 0484  LanmanServer - ok
17:01:27.0812 0484  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:01:27.0890 0484  LanmanWorkstation - ok
17:01:27.0936 0484  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:01:27.0952 0484  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:01:27.0952 0484  LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:01:27.0968 0484  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:01:28.0061 0484  lltdio - ok
17:01:28.0092 0484  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
17:01:28.0186 0484  lltdsvc - ok
17:01:28.0217 0484  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
17:01:28.0342 0484  lmhosts - ok
17:01:28.0420 0484  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:01:28.0467 0484  LSI_FC - ok
17:01:28.0482 0484  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
17:01:28.0514 0484  LSI_SAS - ok
17:01:28.0545 0484  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:01:28.0576 0484  LSI_SCSI - ok
17:01:28.0623 0484  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
17:01:28.0701 0484  luafv - ok
17:01:28.0732 0484  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
17:01:28.0779 0484  Mcx2Svc - ok
17:01:28.0794 0484  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk        C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:01:28.0841 0484  mdmxsdk - ok
17:01:28.0872 0484  [ 0001CE609D66632FA17B84705F658879 ] megasas        C:\Windows\system32\drivers\megasas.sys
17:01:28.0904 0484  megasas - ok
17:01:28.0966 0484  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
17:01:29.0013 0484  MegaSR - ok
17:01:29.0044 0484  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
17:01:29.0138 0484  MMCSS - ok
17:01:29.0184 0484  MobilityService - ok
17:01:29.0216 0484  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
17:01:29.0309 0484  Modem - ok
17:01:29.0356 0484  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
17:01:29.0450 0484  monitor - ok
17:01:29.0465 0484  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:01:29.0512 0484  mouclass - ok
17:01:29.0528 0484  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:01:29.0621 0484  mouhid - ok
17:01:29.0652 0484  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:01:29.0684 0484  MountMgr - ok
17:01:29.0746 0484  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:01:29.0793 0484  MozillaMaintenance - ok
17:01:29.0824 0484  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:01:29.0871 0484  mpio - ok
17:01:29.0886 0484  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:01:29.0949 0484  mpsdrv - ok
17:01:30.0011 0484  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:01:30.0105 0484  MpsSvc - ok
17:01:30.0136 0484  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:01:30.0167 0484  Mraid35x - ok
17:01:30.0183 0484  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:01:30.0261 0484  MRxDAV - ok
17:01:30.0292 0484  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:01:30.0354 0484  mrxsmb - ok
17:01:30.0386 0484  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:01:30.0448 0484  mrxsmb10 - ok
17:01:30.0464 0484  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:01:30.0495 0484  mrxsmb20 - ok
17:01:30.0557 0484  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:01:30.0588 0484  msahci - ok
17:01:30.0635 0484  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
17:01:30.0682 0484  msdsm - ok
17:01:30.0698 0484  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
17:01:30.0791 0484  MSDTC - ok
17:01:30.0822 0484  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:01:30.0900 0484  Msfs - ok
17:01:30.0916 0484  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:01:30.0947 0484  msisadrv - ok
17:01:30.0994 0484  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
17:01:31.0072 0484  MSiSCSI - ok
17:01:31.0088 0484  msiserver - ok
17:01:31.0103 0484  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
17:01:31.0197 0484  MSKSSRV - ok
17:01:31.0212 0484  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:01:31.0290 0484  MSPCLOCK - ok
17:01:31.0306 0484  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
17:01:31.0384 0484  MSPQM - ok
17:01:31.0431 0484  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
17:01:31.0462 0484  MsRPC - ok
17:01:31.0493 0484  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:01:31.0524 0484  mssmbios - ok
17:01:31.0587 0484  MSSQL$MSSMLBIZ - ok
17:01:31.0634 0484  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:01:31.0665 0484  MSSQLServerADHelper - ok
17:01:31.0712 0484  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
17:01:31.0774 0484  MSTEE - ok
17:01:31.0790 0484  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
17:01:31.0821 0484  Mup - ok
17:01:31.0868 0484  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
17:01:31.0961 0484  napagent - ok
17:01:32.0008 0484  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
17:01:32.0055 0484  NativeWifiP - ok
17:01:32.0133 0484  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:01:32.0195 0484  NDIS - ok
17:01:32.0226 0484  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:01:32.0320 0484  NdisTapi - ok
17:01:32.0336 0484  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
17:01:32.0398 0484  Ndisuio - ok
17:01:32.0445 0484  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
17:01:32.0507 0484  NdisWan - ok
17:01:32.0523 0484  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
17:01:32.0585 0484  NDProxy - ok
17:01:32.0601 0484  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
17:01:32.0679 0484  NetBIOS - ok
17:01:32.0741 0484  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
17:01:32.0804 0484  netbt - ok
17:01:32.0819 0484  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
17:01:32.0866 0484  Netlogon - ok
17:01:32.0897 0484  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
17:01:33.0006 0484  Netman - ok
17:01:33.0022 0484  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
17:01:33.0131 0484  netprofm - ok
17:01:33.0178 0484  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:01:33.0209 0484  NetTcpPortSharing - ok
17:01:33.0381 0484  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
17:01:33.0677 0484  NETw5v32 - ok
17:01:33.0724 0484  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
17:01:33.0755 0484  nfrd960 - ok
17:01:33.0786 0484  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:01:33.0864 0484  NlaSvc - ok
17:01:33.0911 0484  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:01:33.0974 0484  Npfs - ok
17:01:33.0989 0484  [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA        C:\Windows\system32\DRIVERS\nscirda.sys
17:01:34.0083 0484  NSCIRDA - ok
17:01:34.0098 0484  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
17:01:34.0192 0484  nsi - ok
17:01:34.0208 0484  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:01:34.0301 0484  nsiproxy - ok
17:01:34.0364 0484  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:01:34.0488 0484  Ntfs - ok
17:01:34.0520 0484  [ CB76F68BA0D57C5D25B538981B1C611C ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
17:01:34.0551 0484  NTIBackupSvc - ok
17:01:34.0582 0484  [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr        C:\Windows\system32\DRIVERS\NTIDrvr.sys
17:01:34.0613 0484  NTIDrvr - ok
17:01:34.0629 0484  [ DF1C10A75DF7E50195FC417F88A33227 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
17:01:34.0660 0484  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
17:01:34.0660 0484  NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
17:01:34.0691 0484  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
17:01:34.0816 0484  ntrigdigi - ok
17:01:34.0832 0484  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
17:01:34.0925 0484  Null - ok
17:01:34.0956 0484  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:01:35.0003 0484  nvraid - ok
17:01:35.0034 0484  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:01:35.0081 0484  nvstor - ok
17:01:35.0112 0484  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:01:35.0159 0484  nv_agp - ok
17:01:35.0175 0484  NwlnkFlt - ok
17:01:35.0190 0484  NwlnkFwd - ok
17:01:35.0253 0484  [ D955D5DE998DB2476BF0892BE3A96C26 ] o2flash        C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
17:01:35.0315 0484  o2flash ( UnsignedFile.Multi.Generic ) - warning
17:01:35.0315 0484  o2flash - detected UnsignedFile.Multi.Generic (1)
17:01:35.0346 0484  [ 78575368974962042472F18B24D3CF28 ] O2MDRDR        C:\Windows\system32\DRIVERS\o2media.sys
17:01:35.0378 0484  O2MDRDR - ok
17:01:35.0409 0484  [ B6DBDA8C79DC4333AD9B0C15067B8247 ] O2SDRDR        C:\Windows\system32\DRIVERS\o2sd.sys
17:01:35.0440 0484  O2SDRDR - ok
17:01:35.0565 0484  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:01:35.0612 0484  odserv - ok
17:01:35.0690 0484  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:01:35.0783 0484  ohci1394 - ok
17:01:35.0846 0484  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:01:35.0892 0484  ose - ok
17:01:35.0970 0484  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:01:36.0064 0484  p2pimsvc - ok
17:01:36.0095 0484  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:01:36.0173 0484  p2psvc - ok
17:01:36.0189 0484  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
17:01:36.0314 0484  Parport - ok
17:01:36.0345 0484  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
17:01:36.0376 0484  partmgr - ok
17:01:36.0407 0484  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
17:01:36.0532 0484  Parvdm - ok
17:01:36.0563 0484  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:01:36.0641 0484  PcaSvc - ok
17:01:36.0688 0484  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
17:01:36.0735 0484  pci - ok
17:01:36.0766 0484  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
17:01:36.0797 0484  pciide - ok
17:01:36.0844 0484  [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:01:36.0891 0484  pcmcia - ok
17:01:36.0953 0484  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:01:37.0156 0484  PEAUTH - ok
17:01:37.0312 0484  pgsqlms4 - ok
17:01:37.0374 0484  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
17:01:37.0577 0484  pla - ok
17:01:37.0624 0484  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:01:37.0718 0484  PlugPlay - ok
17:01:37.0764 0484  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
17:01:37.0842 0484  PNRPAutoReg - ok
17:01:37.0874 0484  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
17:01:37.0952 0484  PNRPsvc - ok
17:01:37.0998 0484  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
17:01:38.0108 0484  PolicyAgent - ok
17:01:38.0139 0484  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:01:38.0232 0484  PptpMiniport - ok
17:01:38.0248 0484  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor      C:\Windows\system32\drivers\processr.sys
17:01:38.0326 0484  Processor - ok
17:01:38.0373 0484  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
17:01:38.0451 0484  ProfSvc - ok
17:01:38.0466 0484  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:01:38.0513 0484  ProtectedStorage - ok
17:01:38.0560 0484  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:01:38.0638 0484  PSched - ok
17:01:38.0669 0484  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2      C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
17:01:38.0700 0484  PSI_SVC_2 - ok
17:01:38.0747 0484  [ 72289D214B581981A860B0F9FB61E9C8 ] PVUSB          C:\Windows\system32\DRIVERS\CESG502.sys
17:01:38.0778 0484  PVUSB - ok
17:01:38.0841 0484  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:01:38.0981 0484  ql2300 - ok
17:01:39.0012 0484  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:01:39.0044 0484  ql40xx - ok
17:01:39.0090 0484  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
17:01:39.0153 0484  QWAVE - ok
17:01:39.0168 0484  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:01:39.0215 0484  QWAVEdrv - ok
17:01:39.0231 0484  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:01:39.0309 0484  RasAcd - ok
17:01:39.0340 0484  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
17:01:39.0434 0484  RasAuto - ok
17:01:39.0449 0484  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
17:01:39.0527 0484  Rasl2tp - ok
17:01:39.0574 0484  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
17:01:39.0668 0484  RasMan - ok
17:01:39.0761 0484  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:01:39.0886 0484  RasPppoe - ok
17:01:39.0917 0484  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
17:01:39.0964 0484  RasSstp - ok
17:01:39.0995 0484  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
17:01:40.0058 0484  rdbss - ok
17:01:40.0089 0484  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:01:40.0167 0484  RDPCDD - ok
17:01:40.0198 0484  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
17:01:40.0276 0484  rdpdr - ok
17:01:40.0292 0484  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:01:40.0370 0484  RDPENCDD - ok
17:01:40.0448 0484  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
17:01:40.0510 0484  RDPWD - ok
17:01:40.0541 0484  [ 001B4278407F4303EFC902A2B16F2453 ] regi            C:\Windows\system32\drivers\regi.sys
17:01:40.0572 0484  regi - ok
17:01:40.0666 0484  [ 3FF45B7F17D5837216ABAE652CC61540 ] RegSrvc        C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:01:40.0713 0484  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
17:01:40.0713 0484  RegSrvc - detected UnsignedFile.Multi.Generic (1)
17:01:40.0744 0484  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:01:40.0822 0484  RemoteAccess - ok
17:01:40.0869 0484  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:01:40.0931 0484  RemoteRegistry - ok
17:01:40.0978 0484  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:01:41.0056 0484  RFCOMM - ok
17:01:41.0087 0484  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
17:01:41.0165 0484  RpcLocator - ok
17:01:41.0196 0484  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
17:01:41.0306 0484  RpcSs - ok
17:01:41.0337 0484  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:01:41.0477 0484  rspndr - ok
17:01:41.0493 0484  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
17:01:41.0540 0484  SamSs - ok
17:01:41.0555 0484  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:01:41.0602 0484  sbp2port - ok
17:01:41.0696 0484  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
17:01:41.0805 0484  SBSDWSCService - ok
17:01:41.0836 0484  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:01:41.0914 0484  SCardSvr - ok
17:01:41.0961 0484  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
17:01:42.0101 0484  Schedule - ok
17:01:42.0148 0484  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
17:01:42.0210 0484  SCPolicySvc - ok
17:01:42.0257 0484  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
17:01:42.0351 0484  sdbus - ok
17:01:42.0382 0484  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:01:42.0460 0484  SDRSVC - ok
17:01:42.0491 0484  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:01:42.0616 0484  secdrv - ok
17:01:42.0632 0484  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
17:01:42.0710 0484  seclogon - ok
17:01:42.0725 0484  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
17:01:42.0819 0484  SENS - ok
17:01:42.0850 0484  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
17:01:42.0975 0484  Serenum - ok
17:01:43.0006 0484  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
17:01:43.0146 0484  Serial - ok
17:01:43.0178 0484  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:01:43.0240 0484  sermouse - ok
17:01:43.0287 0484  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:01:43.0365 0484  SessionEnv - ok
17:01:43.0380 0484  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
17:01:43.0443 0484  sffdisk - ok
17:01:43.0458 0484  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:01:43.0536 0484  sffp_mmc - ok
17:01:43.0552 0484  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
17:01:43.0630 0484  sffp_sd - ok
17:01:43.0646 0484  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
17:01:43.0770 0484  sfloppy - ok
17:01:43.0817 0484  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:01:43.0895 0484  SharedAccess - ok
17:01:43.0942 0484  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:01:44.0020 0484  ShellHWDetection - ok
17:01:44.0051 0484  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:01:44.0098 0484  sisagp - ok
17:01:44.0114 0484  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:01:44.0160 0484  SiSRaid2 - ok
17:01:44.0176 0484  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:01:44.0223 0484  SiSRaid4 - ok
17:01:44.0363 0484  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
17:01:44.0628 0484  slsvc - ok
17:01:44.0660 0484  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:01:44.0738 0484  SLUINotify - ok
17:01:44.0769 0484  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
17:01:44.0847 0484  Smb - ok
17:01:44.0894 0484  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:01:44.0940 0484  SNMPTRAP - ok
17:01:44.0972 0484  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
17:01:45.0003 0484  spldr - ok
17:01:45.0050 0484  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
17:01:45.0128 0484  Spooler - ok
17:01:45.0143 0484  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:01:45.0190 0484  SQLBrowser - ok
17:01:45.0221 0484  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:01:45.0252 0484  SQLWriter - ok
17:01:45.0299 0484  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
17:01:45.0377 0484  srv - ok
17:01:45.0424 0484  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:01:45.0502 0484  srv2 - ok
17:01:45.0533 0484  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:01:45.0580 0484  srvnet - ok
17:01:45.0627 0484  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
17:01:45.0720 0484  SSDPSRV - ok
17:01:45.0752 0484  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
17:01:45.0783 0484  ssmdrv - ok
17:01:45.0830 0484  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
17:01:45.0892 0484  SstpSvc - ok
17:01:45.0954 0484  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
17:01:46.0032 0484  stisvc - ok
17:01:46.0079 0484  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:01:46.0110 0484  swenum - ok
17:01:46.0173 0484  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
17:01:46.0251 0484  swprv - ok
17:01:46.0282 0484  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
17:01:46.0313 0484  Symc8xx - ok
17:01:46.0329 0484  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:01:46.0376 0484  Sym_hi - ok
17:01:46.0391 0484  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:01:46.0438 0484  Sym_u3 - ok
17:01:46.0500 0484  [ 32E8B307F0E9F72B66B518FD62EAB91E ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
17:01:46.0532 0484  SynTP - ok
17:01:46.0594 0484  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
17:01:46.0703 0484  SysMain - ok
17:01:46.0750 0484  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:01:46.0812 0484  TabletInputService - ok
17:01:46.0859 0484  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
17:01:46.0953 0484  TapiSrv - ok
17:01:46.0968 0484  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
17:01:47.0046 0484  TBS - ok
17:01:47.0109 0484  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
17:01:47.0234 0484  Tcpip - ok
17:01:47.0265 0484  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:01:47.0358 0484  Tcpip6 - ok
17:01:47.0405 0484  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:01:47.0483 0484  tcpipreg - ok
17:01:47.0514 0484  [ 58E3EB5A5C78740C5870EEE6648CCC46 ] TcUsb          C:\Windows\system32\Drivers\tcusb.sys
17:01:47.0546 0484  TcUsb - ok
17:01:47.0577 0484  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:01:47.0670 0484  TDPIPE - ok
17:01:47.0686 0484  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
17:01:47.0764 0484  TDTCP - ok
17:01:47.0811 0484  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
17:01:47.0858 0484  tdx - ok
17:01:47.0904 0484  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:01:47.0951 0484  TermDD - ok
17:01:47.0998 0484  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
17:01:48.0107 0484  TermService - ok
17:01:48.0170 0484  [ 95746E5B1473432F3D9458940DBA6E3A ] TfFsMon        C:\Windows\system32\drivers\TfFsMon.sys
17:01:48.0201 0484  TfFsMon - ok
17:01:48.0216 0484  [ 02FFDD873E31C5C2D57CA87D11EC36AF ] TfNetMon        C:\Windows\system32\drivers\TfNetMon.sys
17:01:48.0248 0484  TfNetMon - ok
17:01:48.0310 0484  [ F8BD92251AB439383C051CE907D78CCE ] TfSysMon        C:\Windows\system32\drivers\TfSysMon.sys
17:01:48.0341 0484  TfSysMon - ok
17:01:48.0357 0484  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
17:01:48.0419 0484  Themes - ok
17:01:48.0435 0484  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
17:01:48.0513 0484  THREADORDER - ok
17:01:48.0544 0484  ThreatFire - ok
17:01:48.0591 0484  [ E319535A8124F25C1C9C5288CACF3101 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
17:01:48.0638 0484  TomTomHOMEService - ok
17:01:48.0669 0484  [ 3AFFF25EAE28188FA4ECD292658BE31B ] TpChoice        C:\Windows\system32\DRIVERS\TpChoice.sys
17:01:48.0700 0484  TpChoice - ok
17:01:48.0731 0484  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
17:01:48.0809 0484  TrkWks - ok
17:01:48.0872 0484  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:01:48.0934 0484  TrustedInstaller - ok
17:01:48.0965 0484  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:01:49.0059 0484  tssecsrv - ok
17:01:49.0090 0484  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
17:01:49.0152 0484  tunmp - ok
17:01:49.0199 0484  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:01:49.0262 0484  tunnel - ok
17:01:49.0277 0484  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:01:49.0324 0484  uagp35 - ok
17:01:49.0355 0484  [ F763E070843EE2803DE1395002B42938 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
17:01:49.0386 0484  UBHelper - ok
17:01:49.0449 0484  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:01:49.0511 0484  udfs - ok
17:01:49.0558 0484  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
17:01:49.0636 0484  UI0Detect - ok
17:01:49.0667 0484  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:01:49.0698 0484  uliagpkx - ok
17:01:49.0730 0484  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci        C:\Windows\system32\drivers\uliahci.sys
17:01:49.0776 0484  uliahci - ok
17:01:49.0808 0484  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:01:49.0839 0484  UlSata - ok
17:01:49.0870 0484  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
17:01:49.0917 0484  ulsata2 - ok
17:01:49.0948 0484  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
17:01:50.0026 0484  umbus - ok
17:01:50.0057 0484  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
17:01:50.0166 0484  upnphost - ok
17:01:50.0182 0484  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
17:01:50.0244 0484  usbccgp - ok
17:01:50.0276 0484  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:01:50.0400 0484  usbcir - ok
17:01:50.0463 0484  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
17:01:50.0541 0484  usbehci - ok
17:01:50.0572 0484  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:01:50.0634 0484  usbhub - ok
17:01:50.0666 0484  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
17:01:50.0775 0484  usbohci - ok
17:01:50.0806 0484  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:01:50.0868 0484  usbprint - ok
17:01:50.0931 0484  [ A508C9BD8724980512136B039BBA65E9 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
17:01:51.0009 0484  usbscan - ok
17:01:51.0024 0484  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:01:51.0087 0484  USBSTOR - ok
17:01:51.0118 0484  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
17:01:51.0212 0484  usbuhci - ok
17:01:51.0243 0484  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:01:51.0336 0484  usbvideo - ok
17:01:51.0383 0484  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
17:01:51.0461 0484  UxSms - ok
17:01:51.0524 0484  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
17:01:51.0602 0484  vds - ok
17:01:51.0648 0484  [ 87B06E1F30B749A114F74622D013F8D4 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
17:01:51.0758 0484  vga - ok
17:01:51.0773 0484  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
17:01:51.0867 0484  VgaSave - ok
17:01:51.0882 0484  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:01:51.0929 0484  viaagp - ok
17:01:51.0945 0484  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7          C:\Windows\system32\drivers\viac7.sys
17:01:52.0023 0484  ViaC7 - ok
17:01:52.0038 0484  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
17:01:52.0085 0484  viaide - ok
17:01:52.0101 0484  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:01:52.0148 0484  volmgr - ok
17:01:52.0194 0484  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
17:01:52.0241 0484  volmgrx - ok
17:01:52.0288 0484  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
17:01:52.0350 0484  volsnap - ok
17:01:52.0366 0484  [ 587253E09325E6BF226B299774B728A9 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
17:01:52.0413 0484  vsmraid - ok
17:01:52.0460 0484  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
17:01:52.0694 0484  VSS - ok
17:01:52.0740 0484  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
17:01:52.0850 0484  W32Time - ok
17:01:52.0881 0484  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:01:53.0006 0484  WacomPen - ok
17:01:53.0021 0484  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:01:53.0099 0484  Wanarp - ok
17:01:53.0099 0484  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:01:53.0162 0484  Wanarpv6 - ok
17:01:53.0193 0484  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
17:01:53.0271 0484  wcncsvc - ok
17:01:53.0318 0484  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:01:53.0380 0484  WcsPlugInService - ok
17:01:53.0396 0484  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
17:01:53.0442 0484  Wd - ok
17:01:53.0474 0484  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:01:53.0536 0484  Wdf01000 - ok
17:01:53.0567 0484  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:01:53.0661 0484  WdiServiceHost - ok
17:01:53.0661 0484  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
17:01:53.0739 0484  WdiSystemHost - ok
17:01:53.0786 0484  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
17:01:53.0848 0484  WebClient - ok
17:01:53.0895 0484  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:01:53.0957 0484  Wecsvc - ok
17:01:53.0973 0484  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
17:01:54.0051 0484  wercplsupport - ok
17:01:54.0098 0484  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:01:54.0176 0484  WerSvc - ok
17:01:54.0222 0484  [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:01:54.0316 0484  winachsf - ok
17:01:54.0363 0484  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
17:01:54.0410 0484  WinDefend - ok
17:01:54.0410 0484  WinHttpAutoProxySvc - ok
17:01:54.0488 0484  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
17:01:54.0550 0484  Winmgmt - ok
17:01:54.0628 0484  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
17:01:54.0768 0484  WinRM - ok
17:01:54.0831 0484  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
17:01:54.0971 0484  Wlansvc - ok
17:01:55.0002 0484  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
17:01:55.0065 0484  WmiAcpi - ok
17:01:55.0127 0484  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:01:55.0205 0484  wmiApSrv - ok
17:01:55.0283 0484  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
17:01:55.0408 0484  WMPNetworkSvc - ok
17:01:55.0439 0484  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:01:55.0517 0484  WPCSvc - ok
17:01:55.0564 0484  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:01:55.0626 0484  WPDBusEnum - ok
17:01:55.0673 0484  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
17:01:55.0720 0484  WpdUsb - ok
17:01:55.0860 0484  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:01:55.0938 0484  WPFFontCache_v0400 - ok
17:01:55.0970 0484  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
17:01:56.0063 0484  ws2ifsl - ok
17:01:56.0110 0484  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
17:01:56.0172 0484  wscsvc - ok
17:01:56.0172 0484  WSearch - ok
17:01:56.0282 0484  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:01:56.0469 0484  wuauserv - ok
17:01:56.0500 0484  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:01:56.0562 0484  WUDFRd - ok
17:01:56.0609 0484  [ 575A4190D989F64732119E4114045A4F ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
17:01:56.0703 0484  wudfsvc - ok
17:01:56.0750 0484  [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
17:01:56.0781 0484  XAudio - ok
17:01:56.0812 0484  [ 15A317674A08DF26BE65164D959E9203 ] XAudioService  C:\Windows\system32\DRIVERS\xaudio.exe
17:01:56.0890 0484  XAudioService - ok
17:01:56.0937 0484  ================ Scan global ===============================
17:01:56.0968 0484  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:01:57.0030 0484  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:01:57.0062 0484  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:01:57.0124 0484  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:01:57.0140 0484  [Global] - ok
17:01:57.0140 0484  ================ Scan MBR ==================================
17:01:57.0171 0484  [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
17:02:03.0629 0484  \Device\Harddisk0\DR0 - ok
17:02:03.0629 0484  ================ Scan VBR ==================================
17:02:03.0629 0484  [ C43CD0F97B3AEDDD31FE970FB3CF3FD8 ] \Device\Harddisk0\DR0\Partition1
17:02:03.0645 0484  \Device\Harddisk0\DR0\Partition1 - ok
17:02:03.0660 0484  [ C24E2B11634EBD6652F97C8A405D7D43 ] \Device\Harddisk0\DR0\Partition2
17:02:03.0676 0484  \Device\Harddisk0\DR0\Partition2 - ok
17:02:03.0676 0484  ============================================================
17:02:03.0676 0484  Scan finished
17:02:03.0676 0484  ============================================================
17:02:03.0692 3832  Detected object count: 11
17:02:03.0692 3832  Actual detected object count: 11
17:02:30.0461 3832  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:30.0461 3832  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:02:30.0461 3832  cpuz132 ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:30.0461 3832  cpuz132 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:02:30.0461 3832  ETService ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:30.0461 3832  ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:02:30.0461 3832  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:30.0461 3832  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:02:30.0461 3832  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:30.0461 3832  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:02:30.0477 3832  IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:30.0477 3832  IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:02:30.0477 3832  int15 ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:30.0477 3832  int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:02:30.0477 3832  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:30.0477 3832  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:02:30.0477 3832  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:30.0477 3832  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:02:30.0477 3832  o2flash ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:30.0477 3832  o2flash ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:02:30.0477 3832  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:30.0477 3832  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 12.09.2012 19:25
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

tigershark20 13.09.2012 15:35
Code:
ComboFix 12-09-12.03 - Admin 12.09.2012  20:58:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.1792 [GMT 2:00]
ausgeführt von:: c:\users\Tobias\Documents\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\programdata\Roaming
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-13 bis 2012-09-13  ))))))))))))))))))))))))))))))
.
.
2012-09-12 19:41 . 2012-09-13 04:12        --------        d-----w-        c:\users\Admin\AppData\Local\temp
2012-09-12 19:41 . 2012-09-12 20:28        --------        d-----w-        c:\users\Tobias\AppData\Local\temp
2012-09-12 19:41 . 2012-09-12 19:41        --------        d-----w-        c:\users\ms4\AppData\Local\temp
2012-09-12 19:41 . 2012-09-12 19:41        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-12 19:41 . 2012-09-12 19:41        --------        d-----w-        c:\users\Alexandra\AppData\Local\temp
2012-09-12 13:51 . 2012-09-12 13:51        --------        d-----w-        C:\_OTL
2012-09-12 13:43 . 2012-08-23 07:15        7022536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{97742A56-4E0D-4565-8544-58ECB3605D81}\mpengine.dll
2012-09-09 12:50 . 2012-09-09 12:50        --------        d-----w-        c:\users\Admin\AppData\Local\Downloaded Installations
2012-09-07 16:16 . 2012-09-07 16:16        --------        d-----w-        c:\users\Admin\AppData\Local\CASIO
2012-09-05 05:58 . 2012-09-05 05:58        --------        d-----w-        c:\program files\ESET
2012-09-03 10:16 . 2012-09-03 10:16        --------        d-----w-        c:\users\Tobias\AppData\Local\Mozilla
2012-09-03 09:55 . 2012-09-03 09:55        --------        d-----w-        c:\users\Alexandra\AppData\Local\Mozilla
2012-09-02 18:19 . 2012-09-02 18:19        --------        d-----w-        c:\users\Admin\AppData\Local\Mozilla
2012-09-02 18:18 . 2012-09-09 08:08        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-09-02 17:43 . 2012-09-02 17:43        --------        d-----w-        c:\users\Alexandra\AppData\Roaming\GrabPro
2012-08-31 12:10 . 2012-08-31 12:09        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 12:09 . 2012-08-31 12:09        --------        d-----w-        c:\program files\Java
2012-08-30 08:24 . 2012-08-30 08:24        --------        d-----w-        c:\users\Tobias\AppData\Local\Downloaded Installations
2012-08-27 17:47 . 2012-08-27 17:47        --------        d-----w-        c:\program files\Common Files\Java
2012-08-27 17:18 . 2012-08-27 17:18        --------        d-----w-        c:\programdata\instedit.com
2012-08-27 17:18 . 2012-08-27 17:18        --------        d-----w-        c:\program files\instedit.com
2012-08-15 13:31 . 2012-06-29 00:00        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-08-15 13:31 . 2012-06-29 01:00        140920        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll
2012-08-15 13:31 . 2012-06-29 00:06        194560        ----a-w-        c:\program files\Internet Explorer\ieproxy.dll
2012-08-15 13:31 . 2012-06-29 00:06        194048        ----a-w-        c:\program files\Internet Explorer\IEShims.dll
2012-08-15 13:31 . 2012-06-29 00:04        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-08-15 13:31 . 2012-06-29 00:16        1800704        ----a-w-        c:\windows\system32\jscript9.dll
2012-08-15 13:31 . 2012-06-29 00:09        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-08-15 13:30 . 2012-06-29 01:00        748664        ----a-w-        c:\program files\Internet Explorer\iexplore.exe
2012-08-15 13:30 . 2012-06-29 00:10        387584        ----a-w-        c:\program files\Internet Explorer\jsdbgui.dll
2012-08-15 13:30 . 2012-06-29 00:10        678912        ----a-w-        c:\program files\Internet Explorer\iedvtool.dll
2012-08-15 13:30 . 2012-06-29 00:08        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-08-15 13:29 . 2012-07-04 14:02        2047488        ----a-w-        c:\windows\system32\win32k.sys
2012-08-15 11:16 . 2012-05-11 15:57        623616        ----a-w-        c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 12:09 . 2010-10-15 14:28        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-08-30 12:31 . 2010-01-21 21:06        339968        ----a-r-        c:\users\Admin\AppData\Roaming\Microsoft\Installer\{D06737BC-9887-46E0-A203-29D7FE756019}\NewShortcut2_D06737BC988746E0A20329D7FE756019.exe
2012-08-30 12:31 . 2010-01-21 21:06        339968        ----a-r-        c:\users\Admin\AppData\Roaming\Microsoft\Installer\{D06737BC-9887-46E0-A203-29D7FE756019}\NewShortcut1_D06737BC988746E0A20329D7FE756019.exe
2012-08-30 12:31 . 2009-02-12 13:43        339968        ----a-r-        c:\users\Admin\AppData\Roaming\Microsoft\Installer\{D06737BC-9887-46E0-A203-29D7FE756019}\ARPPRODUCTICON.exe
2012-08-27 17:45 . 2012-03-10 16:11        821736        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-07-03 11:46 . 2010-05-21 16:10        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-08 08:51 . 2012-09-08 08:51        266720        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-04 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-08-30 3687936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-09 870920]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-07-13 384232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-08-30 03:42        3085824        ----a-w-        c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24        567560        ----a-w-        c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 20:42        34040        ----a-w-        c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-31 10:08        30192        ----a-w-        c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-04 14:28        68856        ----a-w-        c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 08:39]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 08:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0808&m=travelmate_5730
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0808&m=travelmate_5730
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 78.42.43.62 192.168.0.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7zjaxh68.default-1346610326622\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-eRecoveryService - (no file)
AddRemove-West_Point_Bridge_Designer_2007 - c:\windows\iun6002.exe
AddRemove-{007811BF-E310-4285-BFC6-55DB29B3EDDE} - c:\progra~2\INSTAL~1\{00781~1\Setup.exe
AddRemove-{302A1E2E-DD58-4673-BC99-9CC10EC2637A} - c:\progra~2\INSTAL~1\{302A1~1\Setup.exe
AddRemove-{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539} - c:\progra~2\INSTAL~1\{A62F9~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-13 06:11
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pgsqlms4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"pgsqlms4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pgsqlms4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"pgsqlms4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(680)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.exe'(2376)
c:\program files\ThreatFire\TfWah.dll
c:\windows\system32\msi.dll
c:\windows\System32\npmproxy.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\wbemcomn.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Acer\Acer Bio Protection\BASVC.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\ThreatFire\TFService.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\UI0Detect.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-13  06:31:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-13 04:31
.
Vor Suchlauf: 12 Verzeichnis(se), 36.152.094.720 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 35.334.262.784 Bytes frei
.
- - End Of File - - E8A71343A571C99C1770692D90575352
Nach dem Neustart sind Windows Defender und OTL nicht mehr automatisch gestartet. Ist das so OK? Außerdem ist der Spybot SD Resident von OTL ausgeschaltet worden. Auch OK?
Zusätzlich ist ein neuer Dienst installiert worden: C:\WINDOWS\SYSTEM32\APPMGMTS.DLL, der allerdings momentan gestoppt ist.

cosinus 13.09.2012 21:54
Alles ok! :daumenhoc !

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

tigershark20 14.09.2012 21:57
gmer und osam log im Anhang
aswMBR läuft gerade

tigershark20 15.09.2012 09:05
und nun das aswMBR log
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 22:50:42
-----------------------------
22:50:42.710    OS Version: Windows 6.0.6002 Service Pack 2
22:50:42.710    Number of processors: 2 586 0x1706
22:50:42.710    ComputerName: BÜRO-PC  UserName: Admin
22:50:45.284    Initialize success
22:52:48.795    AVAST engine defs: 12091400
22:54:02.599    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
22:54:02.615    Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3
22:54:03.535    Disk 0 MBR read successfully
22:54:03.535    Disk 0 MBR scan
22:54:03.644    Disk 0 unknown MBR code
22:54:03.847    Disk 0 Partition 1 00    27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
22:54:03.972    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      147630 MB offset 20482048
22:54:04.097    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      147613 MB offset 322828288
22:54:05.001    Disk 0 scanning sectors +625139712
22:54:05.953    Disk 0 scanning C:\Windows\system32\drivers
22:56:44.385    Service scanning
22:57:24.383    Modules scanning
22:59:34.175    Disk 0 trace - called modules:
22:59:34.846    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
22:59:34.862    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86963ac8]
22:59:34.877    3 CLASSPNP.SYS[8aba78b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x85d6eb98]
22:59:36.406    AVAST engine scan C:\Windows
23:03:03.527    AVAST engine scan C:\Windows\system32
23:29:30.546    AVAST engine scan C:\Windows\system32\drivers
23:30:33.430    AVAST engine scan C:\Users\Admin
23:32:17.248    AVAST engine scan C:\ProgramData
23:37:09.093    Scan finished successfully
10:01:28.784    Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
10:01:28.800    The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

cosinus 15.09.2012 14:12
Warum zipst du die anderen Logs? Die passen normalerweise hier normal gepostet immer rein

tigershark20 15.09.2012 19:08
das osam log war kein Problem, aber das gmer log war über 2mb groß und hatte zu viele Zeichen als ich es normal einstellen wollte.
Osam Log
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:45:19 on 14.09.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"bdeadmin.cpl" - ? - C:\Windows\system32\bdeadmin.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AlfaFF File System mini-filter" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\Drivers\AlfaFF.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"cpuz132" (cpuz132) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\cpuz132_x32.sys
"int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kgldqpog" (kgldqpog) - ? - C:\Users\Admin\AppData\Local\Temp\kgldqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TfFsMon" (TfFsMon) - "PC Tools" - C:\Windows\System32\drivers\TfFsMon.sys
"TfNetMon" (TfNetMon) - "PC Tools" - C:\Windows\system32\drivers\TfNetMon.sys
"TfSysMon" (TfSysMon) - "PC Tools" - C:\Windows\System32\drivers\TfSysMon.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}" - ? -  (File not found | COM-object registry key not found) / hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir8d204.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"Exec" - ? - C:\Windows\bdoscandel.exe  (File not found)
"Quick-Launching Area" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"ThreatFire" - "PC Tools" - C:\Program Files\ThreatFire\TFTray.exe
"WinPatrol" - "BillP Studios" - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
"ZPdtWzdVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Haufe iDesk-Service in C:\Program Files\Haufe\iDesk\iDeskService\Zope" (HRService) - ? - C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe  (File found, but it contains no detailed information)
"iGroupTec Service" (IGBASVC) - ? - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe  (File found, but it contains no detailed information)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"NTI Backup Now 5 Agent Service" (BUNAgentSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - ? - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe  (File found, but it contains no detailed information)
"O2Micro Flash Memory Card Service" (o2flash) - "O2Micro International" - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"pgsqlms4 - PostgreSQL Server 8.4" (pgsqlms4) - "PostgreSQL Global Development Group" - C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"ThreatFire" (ThreatFire) - "PC Tools" - C:\Program Files\ThreatFire\TFService.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AWinNotifyVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
"spba" - "UPEK Inc." - C:\Program Files\Common Files\SPBA\homefus2.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 16.09.2012 16:09
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

tigershark20 16.09.2012 20:57
fix lief ohne probleme, allerdings hatte ich vorher bei der Datensicherung mit DirSync wieder eine Meldung von Threatfire, dass sich DirSync an verschiedene Stellen kopieren wollte. In der ThreatFire Anzeige konnte ich allerdings nur erkennen, dass DirSync log-Dateien und Einstellungsdateien weil Erstausführung speicherte. Das Programm hatte ich davor von der offiziellen Seite geladen.

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-16 21:25:11
-----------------------------
21:25:11.776    OS Version: Windows 6.0.6002 Service Pack 2
21:25:11.776    Number of processors: 2 586 0x1706
21:25:11.776    ComputerName: BÜRO-PC  UserName: Admin
21:25:13.975    Initialize success
21:30:42.407    AVAST engine defs: 12091400
21:30:48.788    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
21:30:48.788    Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3
21:30:48.835    Disk 0 MBR read successfully
21:30:48.835    Disk 0 MBR scan
21:30:48.866    Disk 0 Windows VISTA default MBR code
21:30:48.897    Disk 0 Partition 1 00    27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
21:30:48.913    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      147630 MB offset 20482048
21:30:48.944    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      147613 MB offset 322828288
21:30:48.959    Disk 0 scanning sectors +625139712
21:30:49.022    Disk 0 scanning C:\Windows\system32\drivers
21:31:06.946    Service scanning
21:31:44.729    Modules scanning
21:31:51.235    Disk 0 trace - called modules:
21:31:51.266    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
21:31:51.266    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a8aac8]
21:31:51.281    3 CLASSPNP.SYS[8aba98b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x85d6e030]
21:31:53.653    AVAST engine scan C:\Windows
21:32:00.080    AVAST engine scan C:\Windows\system32
21:37:18.803    AVAST engine scan C:\Windows\system32\drivers
21:37:41.860    AVAST engine scan C:\Users\Admin
21:39:10.733    AVAST engine scan C:\ProgramData
21:43:35.746    Scan finished successfully
21:55:56.996    Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
21:55:57.011    The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR2.txt"


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:45 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131