TR/Spy.ipsiut.gq.1

Gleypa · 29.02.2012, 16:05

Code:

ATTFilter

 16:01:11.0921 2712	TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
16:01:12.0327 2712	============================================================
16:01:12.0327 2712	Current date / time: 2012/02/29 16:01:12.0327
16:01:12.0327 2712	SystemInfo:
16:01:12.0327 2712	
16:01:12.0327 2712	OS Version: 6.0.6002 ServicePack: 2.0
16:01:12.0327 2712	Product type: Workstation
16:01:12.0327 2712	ComputerName: LAURA-PC
16:01:12.0327 2712	UserName: Laura
16:01:12.0327 2712	Windows directory: C:\Windows
16:01:12.0327 2712	System windows directory: C:\Windows
16:01:12.0327 2712	Processor architecture: Intel x86
16:01:12.0327 2712	Number of processors: 2
16:01:12.0327 2712	Page size: 0x1000
16:01:12.0327 2712	Boot type: Normal boot
16:01:12.0327 2712	============================================================
16:01:12.0826 2712	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:01:12.0826 2712	\Device\Harddisk0\DR0:
16:01:12.0826 2712	MBR used
16:01:12.0826 2712	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1202E000
16:01:12.0826 2712	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1342E800, BlocksNum 0x11FFF800
16:01:12.0982 2712	Initialize success
16:01:12.0982 2712	============================================================
16:01:26.0913 2588	============================================================
16:01:26.0913 2588	Scan started
16:01:26.0913 2588	Mode: Manual; SigCheck; TDLFS; 
16:01:26.0913 2588	============================================================
16:01:27.0615 2588	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:01:27.0771 2588	ACPI - ok
16:01:27.0989 2588	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:01:28.0021 2588	adp94xx - ok
16:01:28.0239 2588	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:01:28.0286 2588	adpahci - ok
16:01:28.0535 2588	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:01:28.0567 2588	adpu160m - ok
16:01:28.0972 2588	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:01:29.0003 2588	adpu320 - ok
16:01:29.0222 2588	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:01:29.0331 2588	AFD - ok
16:01:29.0471 2588	AFPAnsi - ok
16:01:29.0596 2588	AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
16:01:29.0737 2588	AgereSoftModem - ok
16:01:29.0986 2588	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:01:30.0002 2588	agp440 - ok
16:01:30.0329 2588	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:01:30.0361 2588	aic78xx - ok
16:01:30.0517 2588	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:01:30.0532 2588	aliide - ok
16:01:30.0657 2588	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:01:30.0688 2588	amdagp - ok
16:01:30.0969 2588	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:01:31.0000 2588	amdide - ok
16:01:31.0172 2588	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:01:31.0375 2588	AmdK7 - ok
16:01:31.0515 2588	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:01:31.0609 2588	AmdK8 - ok
16:01:31.0921 2588	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:01:31.0936 2588	arc - ok
16:01:32.0201 2588	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:01:32.0217 2588	arcsas - ok
16:01:32.0591 2588	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:01:32.0701 2588	AsyncMac - ok
16:01:32.0981 2588	atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:01:32.0981 2588	atapi - ok
16:01:33.0169 2588	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
16:01:33.0200 2588	avgntflt - ok
16:01:33.0387 2588	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
16:01:33.0403 2588	avipbb - ok
16:01:33.0481 2588	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
16:01:33.0496 2588	avkmgr - ok
16:01:33.0637 2588	bcm4sbxp        (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
16:01:33.0793 2588	bcm4sbxp - ok
16:01:33.0980 2588	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:01:34.0058 2588	Beep - ok
16:01:34.0292 2588	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:01:34.0354 2588	blbdrive - ok
16:01:34.0557 2588	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:01:34.0619 2588	bowser - ok
16:01:34.0822 2588	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:01:34.0931 2588	BrFiltLo - ok
16:01:35.0119 2588	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:01:35.0198 2588	BrFiltUp - ok
16:01:35.0318 2588	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:01:35.0458 2588	Brserid - ok
16:01:35.0637 2588	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:01:35.0781 2588	BrSerWdm - ok
16:01:36.0039 2588	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:01:36.0128 2588	BrUsbMdm - ok
16:01:36.0365 2588	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:01:36.0464 2588	BrUsbSer - ok
16:01:36.0605 2588	BthEnum         (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
16:01:36.0667 2588	BthEnum - ok
16:01:36.0807 2588	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:01:36.0901 2588	BTHMODEM - ok
16:01:37.0135 2588	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
16:01:37.0197 2588	BthPan - ok
16:01:37.0400 2588	BTHPORT         (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
16:01:37.0525 2588	BTHPORT - ok
16:01:37.0681 2588	BTHUSB          (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
16:01:37.0712 2588	BTHUSB - ok
16:01:37.0931 2588	btwaudio        (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
16:01:37.0946 2588	btwaudio - ok
16:01:38.0165 2588	btwavdt         (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
16:01:38.0165 2588	btwavdt - ok
16:01:38.0367 2588	btwrchid        (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
16:01:38.0383 2588	btwrchid - ok
16:01:38.0508 2588	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:01:38.0570 2588	cdfs - ok
16:01:38.0742 2588	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:01:38.0804 2588	cdrom - ok
16:01:39.0038 2588	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:01:39.0101 2588	circlass - ok
16:01:39.0366 2588	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:01:39.0403 2588	CLFS - ok
16:01:39.0537 2588	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:01:39.0630 2588	CmBatt - ok
16:01:39.0870 2588	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:01:39.0893 2588	cmdide - ok
16:01:40.0115 2588	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:01:40.0155 2588	Compbatt - ok
16:01:40.0354 2588	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:01:40.0378 2588	crcdisk - ok
16:01:40.0576 2588	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:01:40.0657 2588	Crusoe - ok
16:01:40.0817 2588	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:01:40.0861 2588	DfsC - ok
16:01:41.0060 2588	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:01:41.0074 2588	disk - ok
16:01:41.0205 2588	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:01:41.0251 2588	drmkaud - ok
16:01:41.0450 2588	dvd43llh        (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\Windows\system32\DRIVERS\dvd43llh.sys
16:01:41.0481 2588	dvd43llh ( UnsignedFile.Multi.Generic ) - warning
16:01:41.0481 2588	dvd43llh - detected UnsignedFile.Multi.Generic (1)
16:01:41.0590 2588	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:01:41.0653 2588	DXGKrnl - ok
16:01:41.0824 2588	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:01:41.0871 2588	E1G60 - ok
16:01:42.0121 2588	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:01:42.0136 2588	Ecache - ok
16:01:42.0355 2588	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:01:42.0370 2588	elxstor - ok
16:01:42.0583 2588	ENTECH          (fd9fc82f134b1c91004ffc76a5ae494b) C:\Windows\system32\DRIVERS\ENTECH.sys
16:01:42.0616 2588	ENTECH ( UnsignedFile.Multi.Generic ) - warning
16:01:42.0616 2588	ENTECH - detected UnsignedFile.Multi.Generic (1)
16:01:42.0766 2588	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:01:42.0817 2588	ErrDev - ok
16:01:43.0029 2588	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:01:43.0117 2588	exfat - ok
16:01:43.0347 2588	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:01:43.0368 2588	fastfat - ok
16:01:43.0612 2588	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:01:43.0660 2588	fdc - ok
16:01:43.0839 2588	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:01:43.0852 2588	FileInfo - ok
16:01:44.0135 2588	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:01:44.0178 2588	Filetrace - ok
16:01:44.0297 2588	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:01:44.0378 2588	flpydisk - ok
16:01:44.0650 2588	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:01:44.0667 2588	FltMgr - ok
16:01:44.0860 2588	fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
16:01:44.0885 2588	fssfltr - ok
16:01:44.0984 2588	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:01:45.0047 2588	Fs_Rec - ok
16:01:45.0171 2588	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:01:45.0198 2588	gagp30kx - ok
16:01:45.0371 2588	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:01:45.0379 2588	GEARAspiWDM - ok
16:01:45.0645 2588	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
16:01:45.0700 2588	HdAudAddService - ok
16:01:45.0916 2588	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:01:45.0979 2588	HDAudBus - ok
16:01:46.0216 2588	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:01:46.0314 2588	HidBth - ok
16:01:46.0447 2588	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:01:46.0507 2588	HidIr - ok
16:01:46.0612 2588	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:01:46.0657 2588	HidUsb - ok
16:01:46.0759 2588	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:01:46.0771 2588	HpCISSs - ok
16:01:47.0060 2588	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:01:47.0137 2588	HTTP - ok
16:01:47.0339 2588	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:01:47.0363 2588	i2omp - ok
16:01:47.0665 2588	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:01:47.0742 2588	i8042prt - ok
16:01:47.0954 2588	ialm            (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:01:48.0144 2588	ialm - ok
16:01:48.0447 2588	iaNvStor        (3e349157986c533e3cbeb8c1e17290bb) C:\Windows\system32\DRIVERS\iaNvStor.sys
16:01:48.0459 2588	iaNvStor - ok
16:01:48.0686 2588	iaStor          (f263a9036f8897ffa2ae54685e03ad60) C:\Windows\system32\DRIVERS\iaStor.sys
16:01:48.0701 2588	iaStor - ok
16:01:48.0834 2588	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:01:48.0879 2588	iaStorV - ok
16:01:49.0020 2588	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:01:49.0043 2588	iirsp - ok
16:01:49.0362 2588	IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys
16:01:49.0643 2588	IntcAzAudAddService - ok
16:01:49.0783 2588	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:01:49.0799 2588	intelide - ok
16:01:49.0892 2588	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:01:49.0924 2588	intelppm - ok
16:01:50.0017 2588	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:01:50.0064 2588	IpFilterDriver - ok
16:01:50.0095 2588	IpInIp - ok
16:01:50.0126 2588	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:01:50.0158 2588	IPMIDRV - ok
16:01:50.0251 2588	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:01:50.0282 2588	IPNAT - ok
16:01:50.0360 2588	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:01:50.0407 2588	IRENUM - ok
16:01:50.0501 2588	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:01:50.0516 2588	isapnp - ok
16:01:50.0610 2588	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:01:50.0626 2588	iScsiPrt - ok
16:01:50.0735 2588	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:01:50.0750 2588	iteatapi - ok
16:01:50.0844 2588	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:01:50.0844 2588	iteraid - ok
16:01:50.0953 2588	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:01:50.0969 2588	kbdclass - ok
16:01:51.0047 2588	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
16:01:51.0094 2588	kbdhid - ok
16:01:51.0218 2588	KMDFMEMIO       (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
16:01:51.0265 2588	KMDFMEMIO - ok
16:01:51.0343 2588	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:01:51.0374 2588	KSecDD - ok
16:01:51.0499 2588	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:01:51.0546 2588	lltdio - ok
16:01:51.0624 2588	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:01:51.0640 2588	LSI_FC - ok
16:01:51.0749 2588	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:01:51.0749 2588	LSI_SAS - ok
16:01:51.0842 2588	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:01:51.0858 2588	LSI_SCSI - ok
16:01:51.0936 2588	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:01:51.0983 2588	luafv - ok
16:01:52.0123 2588	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:01:52.0139 2588	megasas - ok
16:01:52.0217 2588	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:01:52.0232 2588	MegaSR - ok
16:01:52.0342 2588	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:01:52.0373 2588	Modem - ok
16:01:52.0435 2588	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:01:52.0498 2588	monitor - ok
16:01:52.0557 2588	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:01:52.0569 2588	mouclass - ok
16:01:52.0632 2588	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:01:52.0662 2588	mouhid - ok
16:01:52.0692 2588	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:01:52.0704 2588	MountMgr - ok
16:01:52.0826 2588	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:01:52.0840 2588	mpio - ok
16:01:52.0934 2588	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:01:52.0979 2588	mpsdrv - ok
16:01:53.0075 2588	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:01:53.0087 2588	Mraid35x - ok
16:01:53.0166 2588	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:01:53.0241 2588	MRxDAV - ok
16:01:53.0362 2588	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:01:53.0387 2588	mrxsmb - ok
16:01:53.0501 2588	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:01:53.0531 2588	mrxsmb10 - ok
16:01:53.0641 2588	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:01:53.0673 2588	mrxsmb20 - ok
16:01:53.0774 2588	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:01:53.0800 2588	msahci - ok
16:01:53.0876 2588	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:01:53.0887 2588	msdsm - ok
16:01:53.0966 2588	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:01:53.0999 2588	Msfs - ok
16:01:54.0105 2588	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:01:54.0114 2588	msisadrv - ok
16:01:54.0199 2588	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:01:54.0241 2588	MSKSSRV - ok
16:01:54.0361 2588	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:01:54.0391 2588	MSPCLOCK - ok
16:01:54.0481 2588	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:01:54.0525 2588	MSPQM - ok
16:01:54.0635 2588	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:01:54.0650 2588	MsRPC - ok
16:01:54.0705 2588	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:01:54.0717 2588	mssmbios - ok
16:01:54.0834 2588	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:01:54.0905 2588	MSTEE - ok
16:01:54.0990 2588	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:01:55.0020 2588	Mup - ok
16:01:55.0133 2588	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:01:55.0159 2588	NativeWifiP - ok
16:01:55.0244 2588	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:01:55.0265 2588	NDIS - ok
16:01:55.0363 2588	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:01:55.0392 2588	NdisTapi - ok
16:01:55.0441 2588	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:01:55.0467 2588	Ndisuio - ok
16:01:55.0559 2588	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:01:55.0589 2588	NdisWan - ok
16:01:55.0676 2588	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:01:55.0711 2588	NDProxy - ok
16:01:55.0821 2588	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:01:55.0861 2588	NetBIOS - ok
16:01:55.0995 2588	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:01:56.0015 2588	netbt - ok
16:01:56.0263 2588	NETw3v32        (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
16:01:56.0668 2588	NETw3v32 - ok
16:01:56.0895 2588	NETw5v32        (0b214c6a4728f085fb64a29ed9c4de94) C:\Windows\system32\DRIVERS\NETw5v32.sys
16:01:57.0616 2588	NETw5v32 - ok
16:01:57.0734 2588	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:01:57.0746 2588	nfrd960 - ok
16:01:57.0802 2588	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:01:57.0842 2588	Npfs - ok
16:01:57.0963 2588	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:01:58.0022 2588	nsiproxy - ok
16:01:58.0174 2588	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:01:58.0223 2588	Ntfs - ok
16:01:58.0378 2588	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:01:58.0431 2588	ntrigdigi - ok
16:01:58.0559 2588	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:01:58.0602 2588	Null - ok
16:01:59.0231 2588	nvlddmkm        (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:01:59.0999 2588	nvlddmkm - ok
16:02:00.0227 2588	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:02:00.0241 2588	nvraid - ok
16:02:00.0425 2588	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:02:00.0438 2588	nvstor - ok
16:02:00.0508 2588	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:02:00.0526 2588	nv_agp - ok
16:02:00.0594 2588	NwlnkFlt - ok
16:02:00.0624 2588	NwlnkFwd - ok
16:02:00.0776 2588	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
16:02:00.0819 2588	ohci1394 - ok
16:02:01.0054 2588	PAC7302         (14191c739f2af6f9efeb58697535498f) C:\Windows\system32\DRIVERS\PAC7302.SYS
16:02:01.0123 2588	PAC7302 - ok
16:02:01.0233 2588	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:02:01.0292 2588	Parport - ok
16:02:01.0719 2588	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:02:01.0732 2588	partmgr - ok
16:02:01.0940 2588	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:02:02.0029 2588	Parvdm - ok
16:02:02.0191 2588	Pcatip          (f447e6d6b32bf98666790c45f665abb9) C:\Windows\system32\DRIVERS\Pcatip.sys
16:02:02.0207 2588	Pcatip ( UnsignedFile.Multi.Generic ) - warning
16:02:02.0207 2588	Pcatip - detected UnsignedFile.Multi.Generic (1)
16:02:02.0325 2588	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:02:02.0341 2588	pci - ok
16:02:02.0493 2588	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:02:02.0514 2588	pciide - ok
16:02:02.0646 2588	pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
16:02:02.0676 2588	pcmcia - ok
16:02:02.0845 2588	Pcouffin        (c3224a794b4fe2f6d0d5434a9fcad26d) C:\Windows\system32\Drivers\Pcouffin.sys
16:02:02.0867 2588	Pcouffin ( UnsignedFile.Multi.Generic ) - warning
16:02:02.0867 2588	Pcouffin - detected UnsignedFile.Multi.Generic (1)
16:02:03.0184 2588	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:02:03.0403 2588	PEAUTH - ok
16:02:03.0737 2588	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:02:03.0811 2588	PptpMiniport - ok
16:02:04.0119 2588	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:02:04.0181 2588	Processor - ok
16:02:04.0468 2588	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:02:04.0528 2588	PSched - ok
16:02:04.0718 2588	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:02:04.0870 2588	ql2300 - ok
16:02:05.0119 2588	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:02:05.0166 2588	ql40xx - ok
16:02:05.0572 2588	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:02:05.0650 2588	QWAVEdrv - ok
16:02:05.0739 2588	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:02:05.0774 2588	RasAcd - ok
16:02:06.0117 2588	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:02:06.0210 2588	Rasl2tp - ok
16:02:06.0416 2588	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:02:06.0460 2588	RasPppoe - ok
16:02:06.0754 2588	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:02:06.0786 2588	RasSstp - ok
16:02:07.0120 2588	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:02:07.0198 2588	rdbss - ok
16:02:07.0588 2588	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:02:07.0650 2588	RDPCDD - ok
16:02:07.0791 2588	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:02:07.0853 2588	rdpdr - ok
16:02:07.0978 2588	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:02:08.0041 2588	RDPENCDD - ok
16:02:08.0225 2588	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:02:08.0304 2588	RDPWD - ok
16:02:08.0479 2588	RFCOMM          (10536b0ad6f416fc7f1149977c28ccdc) C:\Windows\system32\DRIVERS\rfcomm.sys
16:02:08.0523 2588	RFCOMM - ok
16:02:08.0674 2588	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:02:08.0735 2588	rspndr - ok
16:02:08.0891 2588	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:02:08.0918 2588	sbp2port - ok
16:02:08.0999 2588	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
16:02:09.0094 2588	sdbus - ok
16:02:09.0328 2588	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:02:09.0469 2588	secdrv - ok
16:02:09.0765 2588	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:02:09.0843 2588	Serenum - ok
16:02:10.0185 2588	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:02:10.0304 2588	Serial - ok
16:02:10.0605 2588	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:02:10.0676 2588	sermouse - ok
16:02:10.0923 2588	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:02:10.0944 2588	sffdisk - ok
16:02:11.0147 2588	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:02:11.0194 2588	sffp_mmc - ok
16:02:11.0488 2588	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:02:11.0566 2588	sffp_sd - ok
16:02:11.0730 2588	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:02:11.0796 2588	sfloppy - ok
16:02:12.0057 2588	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:02:12.0073 2588	sisagp - ok
16:02:12.0268 2588	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:02:12.0290 2588	SiSRaid2 - ok
16:02:12.0455 2588	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:02:12.0466 2588	SiSRaid4 - ok
16:02:12.0682 2588	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:02:12.0740 2588	Smb - ok
16:02:12.0933 2588	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:02:12.0943 2588	spldr - ok
16:02:13.0043 2588	sptd            (d390675b8ce45e5fb359338e5e649329) C:\Windows\System32\Drivers\sptd.sys
16:02:13.0074 2588	sptd - ok
16:02:13.0199 2588	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:02:13.0261 2588	srv - ok
16:02:13.0448 2588	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:02:13.0479 2588	srv2 - ok
16:02:13.0509 2588	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:02:13.0559 2588	srvnet - ok
16:02:13.0724 2588	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
16:02:13.0732 2588	ssmdrv - ok
16:02:14.0156 2588	StkCMini        (ab80c9dde1f8d9f9f946365205ed55eb) C:\Windows\system32\Drivers\StkCMini.sys
16:02:14.0480 2588	StkCMini - ok
16:02:14.0770 2588	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:02:14.0782 2588	swenum - ok
16:02:15.0007 2588	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:02:15.0038 2588	Symc8xx - ok
16:02:15.0303 2588	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:02:15.0319 2588	Sym_hi - ok
16:02:15.0568 2588	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:02:15.0599 2588	Sym_u3 - ok
16:02:15.0943 2588	SynTP           (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
16:02:15.0974 2588	SynTP - ok
16:02:16.0395 2588	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:02:16.0535 2588	Tcpip - ok
16:02:16.0925 2588	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:02:17.0003 2588	Tcpip6 - ok
16:02:17.0253 2588	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:02:17.0315 2588	tcpipreg - ok
16:02:17.0549 2588	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:02:17.0627 2588	TDPIPE - ok
16:02:17.0815 2588	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:02:17.0846 2588	TDTCP - ok
16:02:17.0939 2588	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:02:17.0971 2588	tdx - ok
16:02:18.0181 2588	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:02:18.0195 2588	TermDD - ok
16:02:18.0416 2588	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:02:18.0483 2588	tssecsrv - ok
16:02:18.0610 2588	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:02:18.0670 2588	tunmp - ok
16:02:18.0873 2588	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:02:18.0926 2588	tunnel - ok
16:02:19.0116 2588	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:02:19.0132 2588	uagp35 - ok
16:02:19.0444 2588	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:02:19.0491 2588	udfs - ok
16:02:19.0771 2588	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:02:19.0803 2588	uliagpkx - ok
16:02:20.0068 2588	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:02:20.0130 2588	uliahci - ok
16:02:20.0286 2588	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:02:20.0302 2588	UlSata - ok
16:02:20.0583 2588	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:02:20.0583 2588	ulsata2 - ok
16:02:20.0770 2588	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:02:20.0848 2588	umbus - ok
16:02:21.0097 2588	USBAAPL         (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys
16:02:21.0129 2588	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
16:02:21.0129 2588	USBAAPL - detected UnsignedFile.Multi.Generic (1)
16:02:21.0269 2588	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
16:02:21.0331 2588	usbaudio - ok
16:02:21.0550 2588	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:02:21.0612 2588	usbccgp - ok
16:02:21.0737 2588	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:02:21.0877 2588	usbcir - ok
16:02:21.0955 2588	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:02:21.0987 2588	usbehci - ok
16:02:22.0080 2588	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:02:22.0111 2588	usbhub - ok
16:02:22.0174 2588	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:02:22.0236 2588	usbohci - ok
16:02:22.0314 2588	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:02:22.0345 2588	usbprint - ok
16:02:22.0408 2588	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:02:22.0439 2588	USBSTOR - ok
16:02:22.0579 2588	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:02:22.0611 2588	usbuhci - ok
16:02:22.0673 2588	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:02:22.0720 2588	usbvideo - ok
16:02:22.0813 2588	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:02:22.0845 2588	vga - ok
16:02:22.0891 2588	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:02:22.0938 2588	VgaSave - ok
16:02:23.0016 2588	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:02:23.0032 2588	viaagp - ok
16:02:23.0125 2588	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:02:23.0219 2588	ViaC7 - ok
16:02:23.0313 2588	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:02:23.0328 2588	viaide - ok
16:02:23.0422 2588	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:02:23.0453 2588	volmgr - ok
16:02:23.0515 2588	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:02:23.0562 2588	volmgrx - ok
16:02:23.0640 2588	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:02:23.0687 2588	volsnap - ok
16:02:23.0749 2588	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:02:23.0781 2588	vsmraid - ok
16:02:23.0890 2588	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:02:24.0015 2588	WacomPen - ok
16:02:24.0093 2588	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:02:24.0155 2588	Wanarp - ok
16:02:24.0155 2588	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:02:24.0186 2588	Wanarpv6 - ok
16:02:24.0280 2588	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:02:24.0280 2588	Wd - ok
16:02:24.0358 2588	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:02:24.0389 2588	Wdf01000 - ok
16:02:24.0483 2588	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
16:02:24.0514 2588	WmiAcpi - ok
16:02:24.0639 2588	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:02:24.0670 2588	WpdUsb - ok
16:02:24.0763 2588	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:02:24.0795 2588	ws2ifsl - ok
16:02:24.0888 2588	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:02:24.0919 2588	WUDFRd - ok
16:02:24.0997 2588	yukonwlh        (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
16:02:25.0091 2588	yukonwlh - ok
16:02:25.0138 2588	MBR (0x1B8)     (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk0\DR0
16:02:25.0841 2588	\Device\Harddisk0\DR0 - ok
16:02:25.0841 2588	Boot (0x1200)   (a1269a87ae2c0809eba26726d4e37af3) \Device\Harddisk0\DR0\Partition0
16:02:25.0841 2588	\Device\Harddisk0\DR0\Partition0 - ok
16:02:25.0859 2588	Boot (0x1200)   (f498e6d90af6bd652f7fc2e5dc0bbc3d) \Device\Harddisk0\DR0\Partition1
16:02:25.0861 2588	\Device\Harddisk0\DR0\Partition1 - ok
16:02:25.0861 2588	============================================================
16:02:25.0861 2588	Scan finished
16:02:25.0861 2588	============================================================
16:02:25.0863 1028	Detected object count: 5
16:02:25.0864 1028	Actual detected object count: 5
16:03:00.0356 1028	dvd43llh ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:00.0356 1028	dvd43llh ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:03:00.0356 1028	ENTECH ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:00.0356 1028	ENTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:03:00.0356 1028	Pcatip ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:00.0356 1028	Pcatip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:03:00.0356 1028	Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:00.0356 1028	Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:03:00.0356 1028	USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:00.0356 1028	USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 29.02.2012, 16:35

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Gleypa · 29.02.2012, 18:59

Eine Frage - wieso ist Avira nun "entweder für die Ausführung nicht vorgesehen oder enthält einen Fehler" und muss neu installiert werden?

cosinus · 29.02.2012, 19:04

Entweder stellst du die Frage mal so, dass ich weiß was los ist und behälst im Hinterkopf, dass ich nicht auf deinen Monitor schauen kann oder wir lassen die Frage so und leiten sie an die

weiter

Gleypa · 29.02.2012, 19:38

^^ Schon ok, hat sich bereits geklärt.
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-02-29.01 - Laura 29.02.2012  19:04:15.1.2 - x86
ausgeführt von:: c:\users\Laura\Security\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Laura\Documents\~WRL0005.tmp
c:\users\Laura\Documents\~WRL0145.tmp
c:\users\Laura\Documents\~WRL0844.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AFPANSI
-------\Service_AFPAnsi
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-28 bis 2012-02-29  ))))))))))))))))))))))))))))))
.
.
2012-02-29 18:10 . 2012-02-29 18:13	--------	d-----w-	c:\users\Laura\AppData\Local\temp
2012-02-29 18:10 . 2012-02-29 18:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-28 18:46 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A2C66E6-DCD5-4609-B837-360507623290}\mpengine.dll
2012-02-24 20:30 . 2012-02-24 20:30	--------	d-----w-	c:\program files\ESET
2012-02-23 18:02 . 2012-02-29 17:59	--------	d-----w-	c:\users\Laura\Security
2012-02-22 19:36 . 2012-02-22 19:36	388096	----a-r-	c:\users\Laura\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-22 19:36 . 2012-02-22 19:36	--------	d-----w-	c:\program files\Trend Micro
2012-02-22 17:39 . 2012-02-22 17:39	--------	d-----w-	c:\users\Laura\AppData\Roaming\Malwarebytes
2012-02-22 17:38 . 2012-02-22 17:38	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-22 17:38 . 2012-02-22 17:38	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-22 17:38 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-22 16:53 . 2012-02-22 16:53	--------	d-----w-	c:\program files\CCleaner
2012-02-19 13:39 . 2012-02-19 13:39	--------	d-----w-	c:\program files\FreeMind
2012-02-16 12:59 . 2011-12-14 16:17	680448	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-16 12:59 . 2012-01-12 19:52	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-02-16 12:59 . 2011-12-20 10:56	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-02-15 17:57 . 2012-02-15 17:57	--------	d-----w-	c:\program files\Common Files\Java
2012-01-31 14:57 . 2011-11-17 06:48	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-31 14:57 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-01-31 14:57 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-01-31 14:57 . 2011-11-16 16:23	278528	----a-w-	c:\windows\system32\schannel.dll
2012-01-31 14:57 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-31 14:57 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 17:55 . 2010-09-11 13:09	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-15 16:40 . 2011-10-18 10:18	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-29 04:10 . 2009-11-17 15:33	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-09-11 16:46 . 2011-05-01 09:00	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-08 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-08 92704]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-03-01 826880]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 17:20]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 17:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.msn.com
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Laura\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Laura\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\b8yl6may.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?ct=1056757711&source=hade
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-svchospt - c:\windows\system32\svchospt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-29 19:17
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ani"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.arw"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2802037072-2988659577-669778842-1003)
"Progid"="ACDSee Foto-Manager 2009.bmp"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cr2"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.crw"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cur"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dcx"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dib"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.djvu"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dng"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.emf"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2802037072-2988659577-669778842-1003)
"Progid"="ACDSee Foto-Manager 2009.eps"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.fpx"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2802037072-2988659577-669778842-1003)
"Progid"="ACDSee Foto-Manager 2009.gif"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.icl"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.iff"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.j2k"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jfif"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jp2"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpc"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpe"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpeg"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2802037072-2988659577-669778842-1003)
"Progid"="ACDSee Foto-Manager 2009.jpg"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.kdc"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.lbm"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mrw"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.nef"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.orf"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pbm"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2802037072-2988659577-669778842-1003)
"Progid"="ACDSee Foto-Manager 2009.pcd"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pct"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pcx"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pef"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pgm"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pic"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pict"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2802037072-2988659577-669778842-1003)
"Progid"="ACDSee Foto-Manager 2009.png"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ppm"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.psd"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.psp"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.raf"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ras"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.raw"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rgb"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rle"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.sgi"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.srf"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2802037072-2988659577-669778842-1003)
"Progid"="ACDSee Foto-Manager 2009.tga"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.thm"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2802037072-2988659577-669778842-1003)
"Progid"="ACDSee Foto-Manager 2009.tif"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tiff"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ttc"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ttf"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wbm"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wbmp"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wmf"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xbm"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xmp"
.
[HKEY_USERS\S-1-5-21-2802037072-2988659577-669778842-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xpm"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1436)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\BBSvc.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\StkCSrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-29  19:21:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-29 18:21
.
Vor Suchlauf: 9 Verzeichnis(se), 50.675.564.544 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 50.144.296.960 Bytes frei
.
- - End Of File - - 3D5201983088EEBC41C977456B281D90

--- --- ---

cosinus · 01.03.2012, 10:27

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Gleypa · 03.03.2012, 22:04

GMER

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-03 22:02:07
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O
Running: mcmtom25.exe; Driver: C:\Users\Laura\AppData\Local\Temp\ugloapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text  C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                              section is writeable [0x9180A340, 0x3E9407, 0xE8000020]

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6                           
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd65b4f                           
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd6642e                           
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                      
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                   0
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                0x35 0x6A 0x87 0x90 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6 (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4cd65b4f (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4cd6642e (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                       0
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                    0x35 0x6A 0x87 0x90 ...

---- EOF - GMER 1.0.15 ----

Gleypa · 04.03.2012, 12:57

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:55:47 on 04.03.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Google Inc. Google Chrome 17.0.963.56

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"dvd43llh" (dvd43llh) - "RIF" - C:\Windows\System32\DRIVERS\dvd43llh.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Low level access layer for CD devices" (Pcouffin) - "VSO Software" - C:\Windows\System32\Drivers\Pcouffin.sys
"Pcatip" (Pcatip) - "VSO Software" - C:\Windows\System32\DRIVERS\Pcatip.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} "Windows Live Family Safety Browser Helper Class" - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fssbho.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"dvd43" - ? - C:\Program Files\dvd43\dvd43_tray.exe
"fssui" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"StarWind AE Service" (StarWindServiceAE) - ? - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe  (File not found)
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

Gleypa · 04.03.2012, 14:11

Code:

ATTFilter

 aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-04 13:01:29
-----------------------------
13:01:29.745    OS Version: Windows 6.0.6002 Service Pack 2
13:01:29.745    Number of processors: 2 586 0x1706
13:01:29.745    ComputerName: LAURA-PC  UserName: Laura
13:01:30.884    Initialize success
13:10:49.197    AVAST engine defs: 12030400
13:14:17.816    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:14:17.831    Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
13:14:17.863    Disk 0 MBR read successfully
13:14:17.878    Disk 0 MBR scan
13:14:17.878    Disk 0 unknown MBR code
13:14:17.909    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
13:14:17.925    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       147548 MB offset 20973568
13:14:17.956    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       147455 MB offset 323151872
13:14:17.972    Disk 0 scanning sectors +625139712
13:14:18.097    Disk 0 scanning C:\Windows\system32\drivers
13:14:36.957    Service scanning
13:15:09.811    Modules scanning
13:15:25.442    Disk 0 trace - called modules:
13:15:25.473    ntoskrnl.exe CLASSPNP.SYS disk.sys dvd43llh.sys iaStor.sys hal.dll 
13:15:25.473    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88f391c0]
13:15:25.473    3 CLASSPNP.SYS[8daa48b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x88403028]
13:15:26.425    AVAST engine scan C:\Windows
13:15:33.928    AVAST engine scan C:\Windows\system32
13:19:14.094    AVAST engine scan C:\Windows\system32\drivers
13:19:27.245    AVAST engine scan C:\Users\Laura
13:30:00.407    AVAST engine scan C:\ProgramData
13:31:00.966    Scan finished successfully
14:07:05.375    Disk 0 MBR has been saved successfully to "C:\Users\Laura\MBR.dat"
14:07:05.375    The log file has been saved successfully to "C:\Users\Laura\aswMBR.txt"

cosinus · 05.03.2012, 13:51

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Gleypa · 05.03.2012, 18:44

Alles klar Chef.

Code:

ATTFilter

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-05 18:17:33
-----------------------------
18:17:33.371    OS Version: Windows 6.0.6002 Service Pack 2
18:17:33.371    Number of processors: 2 586 0x1706
18:17:33.387    ComputerName: LAURA-PC  UserName: Laura
18:18:12.029    Initialize success
18:18:20.781    AVAST engine defs: 12030400
18:18:30.468    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:18:30.468    Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
18:18:30.484    Disk 0 MBR read successfully
18:18:30.484    Disk 0 MBR scan
18:18:30.500    Disk 0 Windows VISTA default MBR code
18:18:30.515    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
18:18:30.531    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       147548 MB offset 20973568
18:18:30.562    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       147455 MB offset 323151872
18:18:30.578    Disk 0 scanning sectors +625139712
18:18:30.702    Disk 0 scanning C:\Windows\system32\drivers
18:18:44.352    Service scanning
18:19:31.044    Modules scanning
18:19:57.112    Disk 0 trace - called modules:
18:19:57.127    ntoskrnl.exe CLASSPNP.SYS disk.sys dvd43llh.sys iaStor.sys hal.dll 
18:19:57.143    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89438ac8]
18:19:57.143    3 CLASSPNP.SYS[8daa78b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x88401028]
18:19:57.798    AVAST engine scan C:\Windows
18:20:04.132    AVAST engine scan C:\Windows\system32
18:25:13.043    AVAST engine scan C:\Windows\system32\drivers
18:25:53.073    AVAST engine scan C:\Users\Laura
18:38:02.046    AVAST engine scan C:\ProgramData
18:39:25.321    Scan finished successfully
18:39:46.303    Disk 0 MBR has been saved successfully to "C:\Users\Laura\MBR.dat"
18:39:46.318    The log file has been saved successfully to "C:\Users\Laura\aswMBR (3).txt"

cosinus · 05.03.2012, 19:10

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Gleypa · 05.03.2012, 21:05

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.05.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Laura :: LAURA-PC [Administrator]

05.03.2012 19:46:41
mbam-log-2012-03-05 (19-46-41).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 319500
Laufzeit: 1 Stunde(n), 10 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 06.03.2012, 13:35

Was ist mit dem anderen?

Gleypa · 06.03.2012, 20:36

Ruhig Brauner, hier ist er:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/06/2012 at 08:31 PM

Application Version : 5.0.1144

Core Rules Database Version : 8307
Trace Rules Database Version: 6119

Scan type       : Complete Scan
Total Scan Time : 00:56:54

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 676
Memory threats detected   : 0
Registry items scanned    : 35837
Registry threats detected : 0
File items scanned        : 38939
File threats detected     : 37

Adware.Tracking Cookie
	C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\7VMYAQBL.txt [ /mediaplex.com ]
	C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\C9X2G3W9.txt [ /smartadserver.com ]
	C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\4B6P03P2.txt [ /c.atdmt.com ]
	C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\U6ETAN2C.txt [ /doubleclick.net ]
	C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\H9QFLPKF.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\HSWL77SW.txt [ /serving-sys.com ]
	C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\FB7UTSMD.txt [ /dyntracker.com ]
	C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\BINYFWM6.txt [ /atdmt.com ]
	C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\I4CAPXFJ.txt [ /bs.serving-sys.com ]
	C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\O5THML1K.txt [ /atdmt.combing.com ]
	C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\DZBNZCFJ.txt [ /apmebf.com ]
	C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\N3YF3N3W.txt [ /adfarm1.adition.com ]
	C:\USERS\LAURA\Cookies\7VMYAQBL.txt [ Cookie:laura@mediaplex.com/ ]
	C:\USERS\LAURA\Cookies\4B6P03P2.txt [ Cookie:laura@c.atdmt.com/ ]
	C:\USERS\LAURA\Cookies\U6ETAN2C.txt [ Cookie:laura@doubleclick.net/ ]
	C:\USERS\LAURA\Cookies\FB7UTSMD.txt [ Cookie:laura@dyntracker.com/ ]
	C:\USERS\LAURA\Cookies\BINYFWM6.txt [ Cookie:laura@atdmt.com/ ]
	C:\USERS\LAURA\Cookies\O5THML1K.txt [ Cookie:laura@atdmt.combing.com/ ]
	C:\USERS\LAURA\Cookies\DZBNZCFJ.txt [ Cookie:laura@apmebf.com/ ]
	C:\USERS\LAURA\Cookies\N3YF3N3W.txt [ Cookie:laura@adfarm1.adition.com/ ]
	accounts.google.com [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.sim-technik.de [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.msnportal.112.2o7.net [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.produkt-pfadfinder.de [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.produkt-pfadfinder.de [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.produkt-pfadfinder.de [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.guj.122.2o7.net [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\LAURA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

29.02.2012, 19:04	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Spy.ipsiut.gq.1 Entweder stellst du die Frage mal so, dass ich weiß was los ist und behälst im Hinterkopf, dass ich nicht auf deinen Monitor schauen kann oder wir lassen die Frage so und leiten sie an die weiter __________________ Logfiles bitte immer in CODE-Tags posten

05.03.2012, 19:10	#27
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Spy.ipsiut.gq.1 Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

06.03.2012, 13:35	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Spy.ipsiut.gq.1 Was ist mit dem anderen? __________________ Logfiles bitte immer in CODE-Tags posten

TR/Spy.ipsiut.gq.1

Plagegeister aller Art und deren Bekämpfung: TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

TR/Spy.ipsiut.gq.1

Ähnliche Themen: TR/Spy.ipsiut.gq.1

29.02.2012, 18:59	#18
Gleypa	TR/Spy.ipsiut.gq.1 Eine Frage - wieso ist Avira nun "entweder für die Ausführung nicht vorgesehen oder enthält einen Fehler" und muss neu installiert werden? __________________