Guten Morgen.

Da ich mit meinem Problemchen selbst nicht weiterkomme, wende ich mich heute an das Board, mit Bitte um eine Hilfestellung.

Seit einiger Zeit kommt, wenn ich Anti-Malware durchlaufen lasse, folgendes:

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\matze\LOCALS~1\Temp\msctvlti.scr

Nach dem Neustart und erneutem Suchlauf kommt die Meldung allerdings wieder und wieder.
Ich zeigte die Meldung einem Bekannten, der beim benachbarten Elektronik-Markt für sämtliche PC-Arbeiten zuständig ist. Er meinte, ich solle in der Systemsteuerung den Computerschutz deaktivieren, Anti-Malware laufen lassen, PC runter- und wieder rauffahren, Computerschutz wieder rein und dann sollte der Schädling weg sein - leider erfolglos.
Im Netz stoße ich nur auf englischsprachige Ansätze, die ich nur zu einem gewissen Maß verstehe, und der Google-Übersetzer ist da keine Hilfe.


Es wäre nett, wenn Sie mir helfen könnten.
Vielen Dank.
MfG Matze

Hi,

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe

• Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

• Unter Extra Registry, wähle bitte Use SafeList

• Klicke nun auf Run Scan links oben

• Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

• Poste die Logfiles hier in den Thread

chris

Guten Morgen. Habe das OTL laufen lassen und musste feststellen, das der Vorbeseitzer dieses PC das System wohl nicht so sonderlich aufgeräumt hat.
Ich hoffe, dass Ihr mit den Files was anfangen könnte, weil ich verstehe nur Bahnhof...

Hier die Logfiles:OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 18.07.2012 05:39:47 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\matze\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,57% Memory free
3,19 Gb Paging File | 1,69 Gb Available in Paging File | 52,87% Paging File free
Paging file location(s): c:\pagefile.sys 200 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 155,97 Gb Free Space | 67,00% Space Free | Partition Type: NTFS
Drive F: | 134,39 Gb Total Space | 134,30 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: MATZE-PC | User Name: matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\matze\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe (Microsoft Corporation)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - c:\db84ef81ef9096746454f2ea\MPSigStub.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (KSS) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
SRV - (ST2012_Svc) -- C:\Program Files\Spyware Terminator\st_rsser.exe (Crawler.com)
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109989&babsrc=HP_ss&mntrId=54ef81ba000000000000e0cb4eec1922
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 23 78 17 5B 26 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109989&babsrc=SP_ss&mntrId=54ef81ba000000000000e0cb4eec1922
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67ED3CAD-1009-46AE-9278-C95C6EA1CE24}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=5055aa19-e132-4987-97f1-076f51809478&apn_sauid=48F7F637-AA70-482C-A8A8-CD0550F6018B
IE - HKCU\..\SearchScopes\{D2EE36C7-B6A6-4EC2-B012-46501C910878}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{FFED6871-DEDE-CBDE-E27D-F3AA70FC13CA}: "URL" = hxxp://adsc.startya.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Yahoo&cfg=2-491-0-0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=de_DE&apn_uid=5055aa19-e132-4987-97f1-076f51809478&apn_ptnrs=T8&apn_sauid=48F7F637-AA70-482C-A8A8-CD0550F6018B&apn_dtid=YYYYYYYYDE&&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
 
[2012.03.18 15:42:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matze\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2011.02.12 00:27:12 | 000,000,998 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
F3 - HKCU WinNT: Load - (C:\Users\matze\LOCALS~1\Temp\msctvlti.scr) -  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bon.at ([webdwk13] http in Trusted sites)
O15 - HKCU\..Trusted Domains: robinwood.at ([]http in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2147FE9C-660B-41C9-880E-E307531C13C2}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (zipfldra.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c1f22c9d-55cb-11df-ba8f-e0cb4eec1922}\Shell - "" = AutoRun
O33 - MountPoints2\{c1f22c9d-55cb-11df-ba8f-e0cb4eec1922}\Shell\AutoRun\command - "" = H:\install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.18 05:38:28 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\matze\Desktop\OTL.exe
[2012.07.12 07:47:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 07:47:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 07:47:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 07:47:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 07:47:23 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 07:47:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 07:47:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.12 07:45:52 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 05:59:05 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.12 05:58:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.12 05:58:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.08 11:45:10 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.07.01 10:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.01 10:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.07.01 10:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.06.26 20:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.06.26 20:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.06.26 06:49:50 | 000,000,000 | ---D | C] -- C:\Users\matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.06.26 06:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.06.26 06:49:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.06.24 18:47:05 | 000,000,000 | ---D | C] -- C:\Users\matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2012.06.24 18:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.06.24 18:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012.06.24 18:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared Free
[2012.06.24 18:12:44 | 000,000,000 | ---D | C] -- C:\Users\matze\Documents\a-squared Free
[2012.06.24 18:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2012.06.23 18:51:05 | 000,000,000 | ---D | C] -- C:\Users\matze\AppData\Roaming\TeamViewer
[2012.06.23 18:43:27 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.23 18:43:27 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.23 18:43:09 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.23 18:43:09 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.23 18:43:08 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.23 18:42:55 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.23 18:42:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\matze\AppData\Roaming\*.tmp files -> C:\Users\matze\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.18 05:40:05 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 05:40:05 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 05:39:45 | 000,664,618 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.18 05:39:45 | 000,624,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.18 05:39:45 | 000,134,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.18 05:39:45 | 000,110,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.18 05:38:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\matze\Desktop\OTL.exe
[2012.07.18 05:34:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.18 05:34:51 | 2415,357,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.12 18:54:25 | 000,330,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.08 12:26:23 | 000,000,000 | ---- | M] () -- C:\Windows\RON 2010 GERMAN Uninstaller.exe
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.01 20:04:46 | 000,030,173 | -HS- | M] () -- C:\Users\matze\Desktop\Folder.jpg
[2012.07.01 20:04:46 | 000,007,594 | -HS- | M] () -- C:\Users\matze\Desktop\AlbumArtSmall.jpg
[2012.06.24 16:20:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.24 16:20:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\matze\AppData\Roaming\*.tmp files -> C:\Users\matze\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.08 12:26:23 | 000,000,000 | ---- | C] () -- C:\Windows\RON 2010 GERMAN Uninstaller.exe
[2012.05.24 17:14:56 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.03.15 17:50:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.03.09 06:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.03.09 06:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.02.29 10:12:52 | 000,000,016 | ---- | C] () -- C:\Users\matze\AppData\Roaming\blckdom.res
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.21 19:08:28 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.07.21 19:08:28 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.07.07 20:10:09 | 000,007,602 | ---- | C] () -- C:\Users\matze\AppData\Local\Resmon.ResmonCfg
[2011.04.27 20:43:06 | 000,000,124 | ---- | C] () -- C:\Windows\WET.INI
[2011.03.06 12:41:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.06 12:40:47 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.02.19 21:46:45 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.02.19 21:46:37 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.02.19 21:46:32 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.02.06 19:38:09 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2011.01.23 20:07:50 | 000,017,408 | ---- | C] () -- C:\Users\matze\AppData\Local\WebpageIcons.db
[2011.01.23 18:44:10 | 000,516,096 | ---- | C] () -- C:\Windows\System32\BldSetup.EXE
[2011.01.23 18:44:10 | 000,212,992 | ---- | C] () -- C:\Windows\System32\Setup.EXE
[2011.01.23 18:44:10 | 000,114,688 | ---- | C] () -- C:\Windows\System32\BldDat.EXE
[2011.01.23 18:44:10 | 000,098,304 | ---- | C] () -- C:\Windows\System32\BldOpt.EXE
[2011.01.23 18:44:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\ZCompress.EXE
[2011.01.23 18:44:10 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2011.01.23 18:44:10 | 000,073,728 | ---- | C] () -- C:\Windows\System32\WinSFX.bin
[2011.01.23 18:44:10 | 000,069,632 | ---- | C] () -- C:\Windows\System32\Dspan.bin
[2011.01.23 18:44:10 | 000,062,716 | ---- | C] () -- C:\Windows\System32\Uninstall985F.DAT
[2010.10.31 18:07:51 | 000,136,448 | ---- | C] () -- C:\Windows\RMTOOLS.DLL
[2010.09.07 13:14:34 | 000,311,296 | ---- | C] () -- C:\Windows\System32\EmRegSys.dll
[2010.08.06 22:51:34 | 000,000,000 | ---- | C] () -- C:\Windows\editor.INI
[2010.08.04 09:46:43 | 000,000,551 | ---- | C] () -- C:\Users\matze\AppData\Roaming\AutoGK.ini
[2010.07.20 08:05:40 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.04.17 19:38:15 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib

< End of report >
         

--- --- ---
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 18.07.2012 05:39:47 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\matze\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,57% Memory free
3,19 Gb Paging File | 1,69 Gb Available in Paging File | 52,87% Paging File free
Paging file location(s): c:\pagefile.sys 200 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 155,97 Gb Free Space | 67,00% Space Free | Partition Type: NTFS
Drive F: | 134,39 Gb Total Space | 134,30 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: MATZE-PC | User Name: matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E9CF9F-B514-4996-9158-26A62BAB4853}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{24BF2FE6-B27F-4CCB-82C4-FB49A4AADA78}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3D19F355-8931-49C3-93E3-CC5B4AF2BAE7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5F0823E1-9DBB-4AB9-AF56-2A874E581D2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7EBF8452-D2F4-4870-96CE-09A4B8FB7BC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7EF397EA-333B-4F26-AE3E-0FF4DF78A8D7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8A3F5423-E8B3-40BF-BF5E-DE2C3D19D6F9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A9C1C2D6-B5D3-473E-A040-823D1E546D17}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B91486CE-39A3-4E6C-AEAD-974696918B3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C668168E-8681-4865-A67F-C52BFFFB19A8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CA5E7D6D-FD25-45C7-BB2A-C4E212C0EA0D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D240CF7B-3CA3-490E-AC94-17AAD0DE3CBD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E02682C9-8CCF-4825-87C5-C40E6C705D6B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E7CE5BD3-2774-4C60-AAA5-D87A9A6417CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EEDCC821-170A-4E8B-9BEC-E01276430F78}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F68C9AD7-FC1A-48B5-80E8-E57E468389C1}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0787146F-DFF9-4AAC-A7FA-06CE8D6D4806}" = protocol=6 | dir=in | app=c:\program files\opera next\opera.exe | 
"{2A269B9F-C7E9-49ED-9A27-E40A5A95E1EA}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{2B508172-F7EF-437B-A666-043EEAB47C9B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{300535B4-5D9A-4760-86C4-E8291483B3AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{33B2A476-FB24-4B6F-897C-A6C97000CF76}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | 
"{3787E7EB-0805-4BED-A49E-D2D28275941E}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | 
"{5DA9A895-EFFF-42C9-BA28-5A201F969FE5}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | 
"{6559F8A2-DEEE-447E-9225-7951CDE3B8D0}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{819915D9-790F-4A18-9AE1-661C19799AD8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{977BDCDD-923F-41CA-A5A9-6A0484FB9E88}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe | 
"{A4DBCCC6-147F-46E3-B61E-70785CAD5157}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{A7FB049C-3A27-4C4C-A40F-A377DFBD9F0F}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"{B99DC53A-1A65-4F8A-A610-3C4943260117}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe | 
"{B9E17FF0-97E4-4777-944B-9B18EC072355}" = protocol=17 | dir=in | app=c:\program files\opera next\opera.exe |  
"{CF6AF4B6-945E-44BF-A7B2-CA9C610A9D16}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | 
"{D149B1B4-EC71-41D1-B6E0-81CFE591AB1A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E0F7D63B-64A5-4559-8AED-F3F5BA0DD83A}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{E715B069-B036-4D78-AC4C-9C6902CBA9DB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F1950DEC-5989-448B-8AAD-C137C09247E4}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |  
"TCP Query User{681EB33A-8078-4F43-92D6-73561766DADA}C:\program files\vfb-fanplayer\ps_olect.exe" = protocol=6 | dir=in | app=c:\program files\vfb-fanplayer\ps_olect.exe | 
"TCP Query User{9B8C13A9-E363-48DE-A263-230D3903DEB3}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"TCP Query User{B223D61B-228C-466B-8852-3CBC244E6846}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{C5E11DD9-6033-44E2-B572-F29FFF799BAD}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{131DD3FF-9229-4960-AA45-9323E2D44472}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"UDP Query User{1E383766-8D5C-498A-9190-534E9F228D3E}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{2F4C2DE9-ED7C-42EF-921E-E90F04470797}C:\program files\vfb-fanplayer\ps_olect.exe" = protocol=17 | dir=in | app=c:\program files\vfb-fanplayer\ps_olect.exe | 
"UDP Query User{D29A6373-0805-4BC1-98E7-704943EF5785}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{02BEB9A6-6695-F451-A98A-E08B048B5687}" = ATI Problem Report Wizard
"{02C1D5C6-E758-0CE0-911D-0260AEE1EFC7}" = CCC Help English
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10819FDB-BDDA-80F1-4EAF-1D8916C114E4}" = AMD VISION Engine Control Center
"{1CE75322-B65F-6BB8-B503-D7D967160919}" = CCC Help Thai
"{1E48A3E8-9A1C-B5DE-B2EF-CA740BBCA6A5}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{31957600-31D0-FE19-4235-B85B4C768FC3}" = CCC Help Italian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37361C5C-B767-B01C-0661-F430C4C0B61B}" = CCC Help Spanish
"{38D451A9-A844-8652-5A42-70825EC90B25}" = CCC Help Greek
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DF8ACB2-0F93-ECED-EE9B-355548333562}" = CCC Help Chinese Traditional
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60C6FE80-AB40-10F7-0106-752620AB4339}" = CCC Help Russian
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80F895CC-D64F-6A32-354D-099AB1AAF001}" = CCC Help Japanese
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1EC1FE-3224-29CB-F7A7-4EF245A1ED8C}" = CCC Help Hungarian
"{8D4E81BC-F137-FDC0-F33F-1DC907362F87}" = CCC Help French
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DD8B5D0-DAEF-871E-FD91-FFD411A86E1E}" = CCC Help Norwegian
"{8E4E59D9-0F68-09A6-A2B3-05010F8D1843}" = CCC Help Finnish
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93F9EDEC-77CD-67A2-B328-09FFE6CEB72E}" = CCC Help German
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A4E726E-5414-65E1-1772-2C1F5320BEE3}" = CCC Help Portuguese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A0C597A7-3BD9-9066-6293-E3107E1DB32D}" = CCC Help Korean
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A6F1A4B7-4EFA-653F-98EB-BFD8C209FF1C}" = AMD Accelerated Video Transcoding
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AD8FC1D4-BFFA-24E7-2BC2-D1AF308D74F0}" = AMD Media Foundation Decoders
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B7F293A4-8666-6410-36F4-E47EB2029CCB}" = AMD Drag and Drop Transcoding
"{B8E30929-A479-8D58-FE6B-264FAF3F05D3}" = CCC Help Danish
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BD929149-9035-153F-7E1E-96E30D26341B}" = CCC Help Turkish
"{BECBB896-7789-174F-DD95-106F3B3E9A4C}" = Catalyst Control Center InstallProxy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5CB4BD3-117E-73B6-F89B-E13AB5A30626}" = AMD Fuel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB462448-5967-5FE5-2C77-A2C921EACCAA}" = CCC Help Swedish
"{CDB9EC82-12C0-6D98-7CA3-5859C477DFD0}" = ccc-utility
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2277ED3-1AAD-762B-F6E6-8D172FF7D29E}" = Catalyst Control Center Graphics Previews Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD6959D3-EC84-56DC-4642-7DC9B05E8D4A}" = CCC Help Dutch
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E619B39D-9F76-1571-91FC-F53EE1D093D4}" = AMD Catalyst Install Manager
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E908333A-8345-359F-B229-1F439C221B34}" = CCC Help Polish
"{EB834284-080E-109C-17A2-237D563B098C}" = Catalyst Control Center Localization All
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F14E8360-454B-592E-38C8-4F66E7C51AAB}" = CCC Help Chinese Standard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFE07FA8-37BD-02CB-DEBF-0B64B57C20F8}" = ATI AVIVO Codecs
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ANSTOSS 3_is1" = ANSTOSS 3
"Any Video Converter_is1" = Any Video Converter 3.2.5
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.4
"a-squared Free_is1" = a-squared Free 4.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"Die Sims" = Die Sims
"Everest Poker" = Everest Poker (Remove Only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Opera 12.00.1467" = Opera 12.00
"Security Task Manager" = Security Task Manager 1.8d
"SpeedFan" = SpeedFan (remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"VfB-FanPlayer_is1" = VfB-FanPlayer Version 2.00.7
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"VobSub" = VobSub v2.23 (Remove Only)
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"XMedia Recode" = XMedia Recode 3.0.1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Translator" = Google Translator
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.01.2012 11:05:44 | Computer Name = matze-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 13.01.2012 16:07:34 | Computer Name = matze-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 16.01.2012 02:36:03 | Computer Name = matze-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 24.01.2012 11:45:57 | Computer Name = matze-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 26.01.2012 01:50:51 | Computer Name = matze-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 29.01.2012 06:48:38 | Computer Name = matze-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.02.2012 05:51:37 | Computer Name = matze-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 13.02.2012 01:59:43 | Computer Name = matze-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 14.02.2012 15:16:12 | Computer Name = matze-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 21.02.2012 15:43:20 | Computer Name = matze-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 15.07.2012 09:40:42 | Computer Name = matze-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 15.07.2012 09:42:32 | Computer Name = matze-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 15.07.2012 13:03:22 | Computer Name = matze-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
Error - 16.07.2012 03:53:30 | Computer Name = matze-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
Error - 16.07.2012 03:57:58 | Computer Name = matze-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
Error - 16.07.2012 04:51:45 | Computer Name = matze-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
Error - 16.07.2012 10:44:51 | Computer Name = matze-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
Error - 16.07.2012 11:40:58 | Computer Name = matze-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
Error - 17.07.2012 00:01:20 | Computer Name = matze-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
Error - 17.07.2012 23:35:16 | Computer Name = matze-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
 
< End of report >
         

--- --- ---


Sollte sich auf dem Rechner was befinden, was das außer dem Trojaner nicht hingehört, bitte ich höflichst um Info. Denke hier dann evtl. an Formatierung.

Vielen Dank für die Mühe.

Hi,

Fix für OTL:

• Doppelklick auf die OTL.exe, um das Programm auszuführen.

• Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

• Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
F3 - HKCU WinNT: Load - (C:\Users\matze\LOCALS~1\Temp\msctvlti.scr) -  File not found
O20 - AppInit_DLLs: (zipfldra.dll) -  File not found

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = dword:0x00

:Commands
[emptytemp]
[Reboot]
         

• Den roten Run Fixes! Button anklicken.

• Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

• Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

• %systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten...

chris

Hallo nochmals.
So, hier sind die Logs vom TDSSKiller und von Anti-Malware.

07:52:58.0274 0816 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
07:52:58.0321 0816 ============================================================
07:52:58.0321 0816 Current date / time: 2012/07/18 07:52:58.0321
07:52:58.0321 0816 SystemInfo:
07:52:58.0321 0816
07:52:58.0321 0816 OS Version: 6.1.7601 ServicePack: 1.0
07:52:58.0321 0816 Product type: Workstation
07:52:58.0321 0816 ComputerName: MATZE-PC
07:52:58.0321 0816 UserName: matze
07:52:58.0321 0816 Windows directory: C:\Windows
07:52:58.0321 0816 System windows directory: C:\Windows
07:52:58.0321 0816 Processor architecture: Intel x86
07:52:58.0321 0816 Number of processors: 2
07:52:58.0321 0816 Page size: 0x1000
07:52:58.0321 0816 Boot type: Normal boot
07:52:58.0321 0816 ============================================================
07:53:00.0652 0816 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:53:00.0668 0816 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x1C042, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
07:53:00.0668 0816 ============================================================
07:53:00.0668 0816 \Device\Harddisk0\DR0:
07:53:00.0668 0816 MBR partitions:
07:53:00.0683 0816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B1B7, BlocksNum 0x10CC9A49
07:53:00.0683 0816 \Device\Harddisk1\DR1:
07:53:00.0683 0816 MBR partitions:
07:53:00.0683 0816 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:53:00.0683 0816 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
07:53:00.0683 0816 ============================================================
07:53:00.0746 0816 C: <-> \Device\Harddisk1\DR1\Partition1
07:53:00.0761 0816 F: <-> \Device\Harddisk0\DR0\Partition0
07:53:00.0761 0816 ============================================================
07:53:00.0761 0816 Initialize success
07:53:00.0761 0816 ============================================================
07:53:09.0066 2728 ============================================================
07:53:09.0066 2728 Scan started
07:53:09.0066 2728 Mode: Manual; SigCheck; TDLFS;
07:53:09.0066 2728 ============================================================
07:53:10.0797 2728 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
07:53:10.0938 2728 1394ohci - ok
07:53:13.0119 2728 a2free (0adfa052c927f2a214133e4df2ef5ab0) C:\Program Files\a-squared Free\a2service.exe
07:53:28.0215 2728 a2free ( UnsignedFile.Multi.Generic ) - warning
07:53:28.0215 2728 a2free - detected UnsignedFile.Multi.Generic (1)
07:53:28.0496 2728 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
07:53:28.0512 2728 ACPI - ok
07:53:28.0605 2728 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
07:53:28.0646 2728 AcpiPmi - ok
07:53:28.0773 2728 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
07:53:28.0788 2728 adp94xx - ok
07:53:28.0883 2728 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
07:53:28.0896 2728 adpahci - ok
07:53:29.0013 2728 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
07:53:29.0023 2728 adpu320 - ok
07:53:29.0136 2728 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
07:53:29.0221 2728 AeLookupSvc - ok
07:53:29.0298 2728 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
07:53:29.0471 2728 AFD - ok
07:53:29.0612 2728 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
07:53:29.0627 2728 agp440 - ok
07:53:29.0674 2728 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
07:53:29.0674 2728 aic78xx - ok
07:53:29.0783 2728 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
07:53:29.0846 2728 ALG - ok
07:53:29.0924 2728 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
07:53:29.0924 2728 aliide - ok
07:53:30.0095 2728 AMD External Events Utility (08cceba1ab4cb0987df1c2581fac44e9) C:\Windows\system32\atiesrxx.exe
07:53:35.0352 2728 AMD External Events Utility - ok
07:53:35.0597 2728 AMD FUEL Service - ok
07:53:35.0657 2728 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
07:53:35.0669 2728 amdagp - ok
07:53:35.0739 2728 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
07:53:35.0747 2728 amdide - ok
07:53:35.0804 2728 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
07:53:35.0809 2728 amdiox86 - ok
07:53:35.0856 2728 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
07:53:35.0887 2728 AmdK8 - ok
07:53:38.0123 2728 amdkmdag (85ae6bcb9abfe51763aedbf0bc7d647d) C:\Windows\system32\DRIVERS\atikmdag.sys
07:53:38.0248 2728 amdkmdag - ok
07:53:39.0387 2728 amdkmdap (8f34ee9d8d4b9cbb155265d3c614e672) C:\Windows\system32\DRIVERS\atikmpag.sys
07:53:39.0403 2728 amdkmdap - ok
07:53:39.0434 2728 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
07:53:39.0465 2728 AmdPPM - ok
07:53:39.0649 2728 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
07:53:39.0659 2728 amdsata - ok
07:53:40.0017 2728 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
07:53:40.0029 2728 amdsbs - ok
07:53:40.0062 2728 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
07:53:40.0069 2728 amdxata - ok
07:53:40.0529 2728 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
07:53:40.0544 2728 AntiVirSchedulerService - ok
07:53:40.0763 2728 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
07:53:40.0763 2728 AntiVirService - ok
07:53:40.0919 2728 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
07:53:40.0965 2728 AppID - ok
07:53:40.0997 2728 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
07:53:41.0043 2728 AppIDSvc - ok
07:53:41.0106 2728 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
07:53:41.0121 2728 Appinfo - ok
07:53:41.0387 2728 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
07:53:41.0465 2728 AppMgmt - ok
07:53:41.0543 2728 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
07:53:41.0558 2728 arc - ok
07:53:41.0589 2728 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
07:53:41.0589 2728 arcsas - ok
07:53:41.0856 2728 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
07:53:41.0886 2728 ASPI ( UnsignedFile.Multi.Generic ) - warning
07:53:41.0886 2728 ASPI - detected UnsignedFile.Multi.Generic (1)
07:53:42.0126 2728 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:53:42.0133 2728 aspnet_state - ok
07:53:42.0171 2728 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
07:53:42.0211 2728 AsyncMac - ok
07:53:42.0263 2728 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
07:53:42.0273 2728 atapi - ok
07:53:42.0536 2728 AtiHDAudioService (6adc42cf4a6ab84975ca63dccfaaf5d8) C:\Windows\system32\drivers\AtihdW73.sys
07:53:42.0543 2728 AtiHDAudioService - ok
07:53:45.0505 2728 atikmdag (85ae6bcb9abfe51763aedbf0bc7d647d) C:\Windows\system32\DRIVERS\atikmdag.sys
07:53:45.0614 2728 atikmdag - ok
07:53:45.0895 2728 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
07:53:45.0942 2728 AudioEndpointBuilder - ok
07:53:45.0942 2728 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
07:53:45.0973 2728 Audiosrv - ok
07:53:46.0107 2728 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
07:53:46.0115 2728 avgntflt - ok
07:53:46.0207 2728 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
07:53:46.0217 2728 avipbb - ok
07:53:46.0305 2728 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
07:53:46.0315 2728 avkmgr - ok
07:53:46.0362 2728 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
07:53:46.0435 2728 AxInstSV - ok
07:53:46.0510 2728 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
07:53:46.0542 2728 b06bdrv - ok
07:53:46.0625 2728 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
07:53:46.0655 2728 b57nd60x - ok
07:53:46.0683 2728 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
07:53:46.0730 2728 BDESVC - ok
07:53:46.0761 2728 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
07:53:46.0792 2728 Beep - ok
07:53:46.0917 2728 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
07:53:46.0979 2728 BFE - ok
07:53:47.0151 2728 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
07:53:47.0198 2728 BITS - ok
07:53:47.0260 2728 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
07:53:47.0276 2728 blbdrive - ok
07:53:47.0354 2728 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
07:53:47.0385 2728 bowser - ok
07:53:47.0432 2728 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:53:47.0479 2728 BrFiltLo - ok
07:53:47.0541 2728 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:53:47.0572 2728 BrFiltUp - ok
07:53:47.0619 2728 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
07:53:47.0650 2728 Browser - ok
07:53:47.0744 2728 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
07:53:47.0806 2728 Brserid - ok
07:53:47.0822 2728 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
07:53:47.0837 2728 BrSerWdm - ok
07:53:47.0869 2728 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:53:47.0884 2728 BrUsbMdm - ok
07:53:47.0900 2728 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
07:53:47.0931 2728 BrUsbSer - ok
07:53:48.0025 2728 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
07:53:48.0056 2728 BTHMODEM - ok
07:53:48.0103 2728 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
07:53:48.0149 2728 bthserv - ok
07:53:48.0239 2728 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
07:53:48.0279 2728 cdfs - ok
07:53:48.0409 2728 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
07:53:48.0446 2728 cdrom - ok
07:53:48.0531 2728 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
07:53:48.0579 2728 CertPropSvc - ok
07:53:48.0666 2728 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
07:53:48.0706 2728 circlass - ok
07:53:48.0819 2728 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
07:53:48.0831 2728 CLFS - ok
07:53:49.0003 2728 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:53:49.0018 2728 clr_optimization_v2.0.50727_32 - ok
07:53:49.0237 2728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:53:49.0268 2728 clr_optimization_v4.0.30319_32 - ok
07:53:49.0362 2728 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
07:53:49.0377 2728 CmBatt - ok
07:53:49.0440 2728 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
07:53:49.0455 2728 cmdide - ok
07:53:49.0518 2728 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
07:53:49.0533 2728 CNG - ok
07:53:49.0564 2728 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
07:53:49.0580 2728 Compbatt - ok
07:53:49.0642 2728 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
07:53:49.0642 2728 CompositeBus - ok
07:53:49.0674 2728 COMSysApp - ok
07:53:49.0736 2728 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
07:53:49.0752 2728 crcdisk - ok
07:53:49.0908 2728 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
07:53:49.0954 2728 CryptSvc - ok
07:53:50.0126 2728 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
07:53:50.0142 2728 CSC - ok
07:53:50.0592 2728 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
07:53:50.0625 2728 CscService - ok
07:53:50.0800 2728 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
07:53:50.0857 2728 DcomLaunch - ok
07:53:50.0935 2728 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
07:53:50.0972 2728 defragsvc - ok
07:53:51.0073 2728 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
07:53:51.0104 2728 DfsC - ok
07:53:51.0198 2728 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
07:53:51.0245 2728 Dhcp - ok
07:53:51.0291 2728 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
07:53:51.0323 2728 discache - ok
07:53:51.0416 2728 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
07:53:51.0432 2728 Disk - ok
07:53:51.0494 2728 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
07:53:51.0557 2728 Dnscache - ok
07:53:51.0588 2728 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
07:53:51.0619 2728 dot3svc - ok
07:53:51.0681 2728 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
07:53:51.0728 2728 DPS - ok
07:53:51.0775 2728 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
07:53:51.0791 2728 drmkaud - ok
07:53:52.0009 2728 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
07:53:52.0025 2728 DXGKrnl - ok
07:53:52.0134 2728 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
07:53:52.0165 2728 EapHost - ok
07:53:53.0101 2728 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
07:53:53.0159 2728 ebdrv - ok
07:53:53.0549 2728 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
07:53:53.0611 2728 EFS - ok
07:53:53.0720 2728 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
07:53:53.0783 2728 ehRecvr - ok
07:53:53.0861 2728 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
07:53:53.0892 2728 ehSched - ok
07:53:54.0235 2728 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
07:53:54.0251 2728 ElbyCDIO - ok
07:53:54.0391 2728 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
07:53:54.0407 2728 elxstor - ok
07:53:54.0469 2728 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
07:53:54.0485 2728 ErrDev - ok
07:53:54.0563 2728 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
07:53:54.0610 2728 EventSystem - ok
07:53:54.0910 2728 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
07:53:55.0013 2728 exfat - ok
07:53:55.0078 2728 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
07:53:55.0185 2728 fastfat - ok
07:53:55.0525 2728 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
07:53:55.0603 2728 Fax - ok
07:53:55.0728 2728 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
07:53:55.0791 2728 fdc - ok
07:53:55.0900 2728 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
07:53:55.0947 2728 fdPHost - ok
07:53:55.0978 2728 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
07:53:56.0009 2728 FDResPub - ok
07:53:56.0134 2728 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
07:53:56.0149 2728 FileInfo - ok
07:53:56.0181 2728 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
07:53:56.0212 2728 Filetrace - ok
07:53:56.0274 2728 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
07:53:56.0305 2728 flpydisk - ok
07:53:56.0508 2728 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
07:53:56.0508 2728 FltMgr - ok
07:53:56.0775 2728 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
07:53:56.0845 2728 FontCache - ok
07:53:57.0052 2728 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:53:57.0062 2728 FontCache3.0.0.0 - ok
07:53:57.0117 2728 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
07:53:57.0127 2728 FsDepends - ok
07:53:57.0165 2728 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
07:53:57.0195 2728 Fs_Rec - ok
07:53:57.0260 2728 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
07:53:57.0275 2728 fvevol - ok
07:53:57.0395 2728 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:53:57.0402 2728 gagp30kx - ok
07:53:57.0515 2728 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
07:53:57.0525 2728 ggflt - ok
07:53:57.0545 2728 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
07:53:57.0552 2728 ggsemc - ok
07:53:57.0655 2728 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
07:53:57.0717 2728 giveio ( UnsignedFile.Multi.Generic ) - warning
07:53:57.0717 2728 giveio - detected UnsignedFile.Multi.Generic (1)
07:53:58.0279 2728 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
07:53:58.0326 2728 gpsvc - ok
07:53:58.0372 2728 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
07:53:58.0450 2728 hcw85cir - ok
07:53:58.0560 2728 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
07:53:58.0606 2728 HdAudAddService - ok
07:53:58.0699 2728 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
07:53:58.0722 2728 HDAudBus - ok
07:53:58.0782 2728 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
07:53:58.0812 2728 HidBatt - ok
07:53:58.0857 2728 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
07:53:58.0889 2728 HidBth - ok
07:53:58.0964 2728 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
07:53:58.0994 2728 HidIr - ok
07:53:59.0044 2728 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
07:53:59.0082 2728 hidserv - ok
07:53:59.0162 2728 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
07:53:59.0172 2728 HidUsb - ok
07:53:59.0254 2728 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
07:53:59.0284 2728 hkmsvc - ok
07:53:59.0409 2728 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
07:53:59.0457 2728 HomeGroupListener - ok
07:53:59.0544 2728 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
07:53:59.0607 2728 HomeGroupProvider - ok
07:53:59.0687 2728 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
07:53:59.0697 2728 HpSAMD - ok
07:53:59.0829 2728 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
07:53:59.0860 2728 HTTP - ok
07:53:59.0922 2728 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
07:53:59.0922 2728 hwpolicy - ok
07:54:00.0000 2728 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
07:54:00.0031 2728 i8042prt - ok
07:54:00.0203 2728 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
07:54:00.0219 2728 iaStorV - ok
07:54:00.0562 2728 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:54:00.0577 2728 idsvc - ok
07:54:00.0999 2728 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
07:54:00.0999 2728 iirsp - ok
07:54:01.0383 2728 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
07:54:01.0416 2728 IKEEXT - ok
07:54:01.0508 2728 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
07:54:01.0516 2728 intelide - ok
07:54:01.0588 2728 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
07:54:01.0598 2728 intelppm - ok
07:54:01.0641 2728 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
07:54:01.0683 2728 IPBusEnum - ok
07:54:01.0703 2728 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:54:01.0728 2728 IpFilterDriver - ok
07:54:01.0868 2728 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
07:54:01.0914 2728 iphlpsvc - ok
07:54:01.0961 2728 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
07:54:01.0992 2728 IPMIDRV - ok
07:54:02.0039 2728 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
07:54:02.0086 2728 IPNAT - ok
07:54:02.0148 2728 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
07:54:02.0226 2728 IRENUM - ok
07:54:02.0273 2728 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
07:54:02.0289 2728 isapnp - ok
07:54:02.0351 2728 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
07:54:02.0367 2728 iScsiPrt - ok
07:54:02.0445 2728 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:54:02.0460 2728 kbdclass - ok
07:54:02.0548 2728 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
07:54:02.0568 2728 kbdhid - ok
07:54:02.0613 2728 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
07:54:02.0623 2728 KeyIso - ok
07:54:02.0663 2728 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
07:54:02.0676 2728 KSecDD - ok
07:54:02.0711 2728 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
07:54:02.0721 2728 KSecPkg - ok
07:54:03.0274 2728 KSS (e47ffca0909871ac1bff0d446ff63ca9) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
07:54:03.0290 2728 KSS - ok
07:54:03.0385 2728 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
07:54:03.0425 2728 KtmRm - ok
07:54:03.0505 2728 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
07:54:03.0550 2728 LanmanServer - ok
07:54:03.0650 2728 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
07:54:03.0695 2728 LanmanWorkstation - ok
07:54:03.0717 2728 Lbd - ok
07:54:03.0830 2728 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
07:54:03.0862 2728 lltdio - ok
07:54:03.0942 2728 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
07:54:03.0965 2728 lltdsvc - ok
07:54:04.0021 2728 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
07:54:04.0052 2728 lmhosts - ok
07:54:04.0099 2728 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:54:04.0099 2728 LSI_FC - ok
07:54:04.0161 2728 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:54:04.0177 2728 LSI_SAS - ok
07:54:04.0224 2728 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:54:04.0224 2728 LSI_SAS2 - ok
07:54:04.0286 2728 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:54:04.0302 2728 LSI_SCSI - ok
07:54:04.0395 2728 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
07:54:04.0411 2728 luafv - ok
07:54:04.0473 2728 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
07:54:04.0489 2728 MBAMSwissArmy - ok
07:54:04.0520 2728 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
07:54:04.0536 2728 Mcx2Svc - ok
07:54:04.0583 2728 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
07:54:04.0583 2728 megasas - ok
07:54:04.0676 2728 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
07:54:04.0692 2728 MegaSR - ok
07:54:04.0754 2728 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
07:54:04.0785 2728 MMCSS - ok
07:54:04.0817 2728 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
07:54:04.0863 2728 Modem - ok
07:54:04.0926 2728 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
07:54:04.0957 2728 monitor - ok
07:54:05.0035 2728 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
07:54:05.0051 2728 mouclass - ok
07:54:05.0113 2728 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
07:54:05.0144 2728 mouhid - ok
07:54:05.0191 2728 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
07:54:05.0191 2728 mountmgr - ok
07:54:05.0253 2728 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
07:54:05.0269 2728 mpio - ok
07:54:05.0300 2728 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
07:54:05.0331 2728 mpsdrv - ok
07:54:05.0441 2728 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
07:54:05.0487 2728 MpsSvc - ok
07:54:05.0554 2728 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
07:54:05.0581 2728 MRxDAV - ok
07:54:05.0631 2728 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:54:05.0669 2728 mrxsmb - ok
07:54:05.0776 2728 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:54:05.0804 2728 mrxsmb10 - ok
07:54:05.0851 2728 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:54:05.0869 2728 mrxsmb20 - ok
07:54:05.0924 2728 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
07:54:05.0934 2728 msahci - ok
07:54:05.0981 2728 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
07:54:05.0994 2728 msdsm - ok
07:54:06.0029 2728 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
07:54:06.0061 2728 MSDTC - ok
07:54:06.0101 2728 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
07:54:06.0126 2728 Msfs - ok
07:54:06.0136 2728 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
07:54:06.0154 2728 mshidkmdf - ok
07:54:06.0200 2728 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
07:54:06.0216 2728 msisadrv - ok
07:54:06.0278 2728 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
07:54:06.0310 2728 MSiSCSI - ok
07:54:06.0310 2728 msiserver - ok
07:54:06.0403 2728 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
07:54:06.0450 2728 MSKSSRV - ok
07:54:06.0481 2728 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
07:54:06.0512 2728 MSPCLOCK - ok
07:54:06.0559 2728 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
07:54:06.0606 2728 MSPQM - ok
07:54:06.0700 2728 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
07:54:06.0731 2728 MsRPC - ok
07:54:06.0793 2728 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
07:54:06.0793 2728 mssmbios - ok
07:54:06.0887 2728 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
07:54:06.0902 2728 MSTEE - ok
07:54:06.0934 2728 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
07:54:06.0965 2728 MTConfig - ok
07:54:07.0058 2728 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
07:54:07.0058 2728 MTsensor - ok
07:54:07.0105 2728 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
07:54:07.0105 2728 Mup - ok
07:54:07.0168 2728 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
07:54:07.0214 2728 napagent - ok
07:54:07.0277 2728 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
07:54:07.0292 2728 NativeWifiP - ok
07:54:07.0339 2728 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
07:54:07.0355 2728 NDIS - ok
07:54:07.0433 2728 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
07:54:07.0464 2728 NdisCap - ok
07:54:07.0526 2728 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
07:54:07.0558 2728 NdisTapi - ok
07:54:07.0604 2728 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
07:54:07.0651 2728 Ndisuio - ok
07:54:07.0710 2728 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
07:54:07.0755 2728 NdisWan - ok
07:54:07.0790 2728 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
07:54:07.0840 2728 NDProxy - ok
07:54:07.0925 2728 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
07:54:07.0965 2728 NetBIOS - ok
07:54:08.0017 2728 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
07:54:08.0062 2728 NetBT - ok
07:54:08.0110 2728 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
07:54:08.0137 2728 Netlogon - ok
07:54:08.0237 2728 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
07:54:08.0282 2728 Netman - ok
07:54:08.0333 2728 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
07:54:08.0380 2728 netprofm - ok
07:54:08.0551 2728 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:54:08.0551 2728 NetTcpPortSharing - ok
07:54:08.0629 2728 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
07:54:08.0645 2728 nfrd960 - ok
07:54:08.0770 2728 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
07:54:08.0817 2728 NlaSvc - ok
07:54:08.0941 2728 NMIndexingService - ok
07:54:08.0973 2728 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
07:54:09.0019 2728 Npfs - ok
07:54:09.0066 2728 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
07:54:09.0097 2728 nsi - ok
07:54:09.0160 2728 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
07:54:09.0191 2728 nsiproxy - ok
07:54:09.0519 2728 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
07:54:09.0597 2728 Ntfs - ok
07:54:09.0854 2728 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
07:54:09.0902 2728 Null - ok
07:54:10.0037 2728 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
07:54:10.0089 2728 NVENETFD - ok
07:54:11.0492 2728 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:54:11.0648 2728 nvlddmkm - ok
07:54:12.0044 2728 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
07:54:12.0054 2728 nvraid - ok
07:54:12.0204 2728 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
07:54:12.0214 2728 nvstor - ok
07:54:12.0284 2728 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
07:54:12.0294 2728 nv_agp - ok
07:54:12.0567 2728 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:54:12.0579 2728 odserv - ok
07:54:12.0644 2728 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
07:54:12.0669 2728 ohci1394 - ok
07:54:12.0810 2728 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:54:12.0826 2728 ose - ok
07:54:12.0919 2728 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
07:54:12.0982 2728 p2pimsvc - ok
07:54:13.0107 2728 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
07:54:13.0122 2728 p2psvc - ok
07:54:13.0185 2728 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
07:54:13.0216 2728 Parport - ok
07:54:13.0263 2728 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
07:54:13.0278 2728 partmgr - ok
07:54:13.0325 2728 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
07:54:13.0341 2728 Parvdm - ok
07:54:13.0403 2728 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
07:54:13.0419 2728 PcaSvc - ok
07:54:13.0559 2728 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
07:54:13.0559 2728 pci - ok
07:54:13.0621 2728 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
07:54:13.0621 2728 pciide - ok
07:54:13.0684 2728 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
07:54:13.0684 2728 pcmcia - ok
07:54:13.0715 2728 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
07:54:13.0715 2728 pcw - ok
07:54:13.0809 2728 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
07:54:13.0840 2728 PEAUTH - ok
07:54:14.0152 2728 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
07:54:14.0202 2728 PeerDistSvc - ok
07:54:14.0367 2728 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
07:54:14.0415 2728 pla - ok
07:54:14.0702 2728 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
07:54:14.0762 2728 PlugPlay - ok
07:54:14.0870 2728 PnkBstrA (19e83b09ab8ee1d837665da941e2ac44) C:\Windows\system32\PnkBstrA.exe
07:54:14.0870 2728 PnkBstrA - ok
07:54:14.0917 2728 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
07:54:14.0948 2728 PNRPAutoReg - ok
07:54:15.0026 2728 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
07:54:15.0041 2728 PNRPsvc - ok
07:54:15.0151 2728 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
07:54:15.0197 2728 PolicyAgent - ok
07:54:15.0260 2728 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
07:54:15.0275 2728 Power - ok
07:54:15.0400 2728 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
07:54:15.0431 2728 PptpMiniport - ok
07:54:15.0478 2728 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
07:54:15.0494 2728 Processor - ok
07:54:15.0572 2728 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
07:54:15.0619 2728 ProfSvc - ok
07:54:15.0665 2728 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
07:54:15.0681 2728 ProtectedStorage - ok
07:54:15.0743 2728 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
07:54:15.0775 2728 Psched - ok
07:54:16.0024 2728 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
07:54:16.0040 2728 ql2300 - ok
07:54:16.0386 2728 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
07:54:16.0396 2728 ql40xx - ok
07:54:16.0461 2728 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
07:54:16.0501 2728 QWAVE - ok
07:54:16.0556 2728 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
07:54:16.0569 2728 QWAVEdrv - ok
07:54:16.0599 2728 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
07:54:16.0639 2728 RasAcd - ok
07:54:16.0701 2728 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:54:16.0736 2728 RasAgileVpn - ok
07:54:16.0776 2728 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
07:54:16.0801 2728 RasAuto - ok
07:54:16.0859 2728 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:54:16.0889 2728 Rasl2tp - ok
07:54:16.0971 2728 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
07:54:17.0018 2728 RasMan - ok
07:54:17.0080 2728 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
07:54:17.0127 2728 RasPppoe - ok
07:54:17.0205 2728 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
07:54:17.0252 2728 RasSstp - ok
07:54:17.0346 2728 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
07:54:17.0361 2728 rdbss - ok
07:54:17.0392 2728 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
07:54:17.0408 2728 rdpbus - ok
07:54:17.0439 2728 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:54:17.0470 2728 RDPCDD - ok
07:54:17.0533 2728 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
07:54:17.0564 2728 RDPDR - ok
07:54:17.0611 2728 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
07:54:17.0658 2728 RDPENCDD - ok
07:54:17.0704 2728 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
07:54:17.0736 2728 RDPREFMP - ok
07:54:17.0814 2728 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
07:54:17.0860 2728 RdpVideoMiniport - ok
07:54:17.0907 2728 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
07:54:17.0970 2728 RDPWD - ok
07:54:18.0079 2728 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
07:54:18.0094 2728 rdyboost - ok
07:54:18.0141 2728 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
07:54:18.0188 2728 RemoteAccess - ok
07:54:18.0235 2728 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
07:54:18.0250 2728 RemoteRegistry - ok
07:54:18.0297 2728 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
07:54:18.0344 2728 RpcEptMapper - ok
07:54:18.0360 2728 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
07:54:18.0375 2728 RpcLocator - ok
07:54:18.0422 2728 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
07:54:18.0438 2728 RpcSs - ok
07:54:18.0513 2728 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
07:54:18.0555 2728 rspndr - ok
07:54:18.0598 2728 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
07:54:18.0643 2728 s3cap - ok
07:54:18.0680 2728 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
07:54:18.0690 2728 SamSs - ok
07:54:18.0743 2728 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
07:54:18.0753 2728 sbp2port - ok
07:54:18.0793 2728 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
07:54:18.0815 2728 SCardSvr - ok
07:54:18.0863 2728 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
07:54:18.0890 2728 scfilter - ok
07:54:19.0058 2728 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
07:54:19.0095 2728 Schedule - ok
07:54:19.0151 2728 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
07:54:19.0182 2728 SCPolicySvc - ok
07:54:19.0244 2728 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
07:54:19.0275 2728 SDRSVC - ok
07:54:19.0322 2728 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:54:19.0369 2728 secdrv - ok
07:54:19.0400 2728 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
07:54:19.0431 2728 seclogon - ok
07:54:19.0525 2728 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
07:54:19.0541 2728 seehcri - ok
07:54:19.0619 2728 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
07:54:19.0650 2728 SENS - ok
07:54:19.0697 2728 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
07:54:19.0743 2728 SensrSvc - ok
07:54:19.0775 2728 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
07:54:19.0775 2728 Serenum - ok
07:54:19.0806 2728 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
07:54:19.0821 2728 Serial - ok
07:54:19.0868 2728 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
07:54:19.0884 2728 sermouse - ok
07:54:19.0962 2728 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
07:54:19.0993 2728 SessionEnv - ok
07:54:20.0040 2728 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
07:54:20.0071 2728 sffdisk - ok
07:54:20.0133 2728 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
07:54:20.0149 2728 sffp_mmc - ok
07:54:20.0165 2728 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
07:54:20.0180 2728 sffp_sd - ok
07:54:20.0227 2728 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
07:54:20.0243 2728 sfloppy - ok
07:54:20.0305 2728 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
07:54:20.0336 2728 SharedAccess - ok
07:54:20.0430 2728 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
07:54:20.0477 2728 ShellHWDetection - ok
07:54:20.0523 2728 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
07:54:20.0539 2728 sisagp - ok
07:54:20.0601 2728 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:54:20.0601 2728 SiSRaid2 - ok
07:54:20.0648 2728 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
07:54:20.0664 2728 SiSRaid4 - ok
07:54:20.0709 2728 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
07:54:20.0731 2728 Smb - ok
07:54:20.0814 2728 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
07:54:20.0824 2728 SNMPTRAP - ok
07:54:20.0941 2728 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
07:54:20.0951 2728 speedfan - ok
07:54:21.0006 2728 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
07:54:21.0019 2728 spldr - ok
07:54:21.0059 2728 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
07:54:21.0099 2728 Spooler - ok
07:54:21.0707 2728 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
07:54:21.0769 2728 sppsvc - ok
07:54:21.0925 2728 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
07:54:21.0972 2728 sppuinotify - ok
07:54:22.0113 2728 sp_rsdrv2 (7b426b8e809edf081d771ef429345528) C:\Windows\system32\drivers\sp_rsdrv2.sys
07:54:22.0128 2728 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
07:54:22.0128 2728 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
07:54:22.0206 2728 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
07:54:22.0237 2728 srv - ok
07:54:22.0331 2728 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
07:54:22.0362 2728 srv2 - ok
07:54:22.0409 2728 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
07:54:22.0425 2728 srvnet - ok
07:54:22.0487 2728 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
07:54:22.0562 2728 ssadbus - ok
07:54:22.0682 2728 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
07:54:22.0704 2728 ssadmdfl - ok
07:54:22.0804 2728 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
07:54:22.0814 2728 ssadmdm - ok
07:54:22.0900 2728 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
07:54:22.0907 2728 sscdbus - ok
07:54:22.0985 2728 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
07:54:22.0992 2728 sscdmdfl - ok
07:54:23.0027 2728 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
07:54:23.0040 2728 sscdmdm - ok
07:54:23.0165 2728 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
07:54:23.0210 2728 SSDPSRV - ok
07:54:23.0380 2728 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
07:54:23.0387 2728 ssmdrv - ok
07:54:23.0420 2728 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
07:54:23.0457 2728 SstpSvc - ok
07:54:23.0667 2728 ST2012_Svc (7c5cdac3e30fe427ace4e3f04d2fb449) C:\Program Files\Spyware Terminator\st_rsser.exe
07:54:23.0682 2728 ST2012_Svc - ok
07:54:23.0737 2728 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
07:54:23.0745 2728 stexstor - ok
07:54:23.0887 2728 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
07:54:23.0934 2728 StiSvc - ok
07:54:24.0059 2728 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
07:54:24.0059 2728 storflt - ok
07:54:24.0137 2728 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
07:54:24.0153 2728 storvsc - ok
07:54:24.0246 2728 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
07:54:24.0262 2728 swenum - ok
07:54:24.0340 2728 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
07:54:24.0371 2728 swprv - ok
07:54:24.0387 2728 Synth3dVsc - ok
07:54:24.0465 2728 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
07:54:24.0496 2728 SysMain - ok
07:54:24.0543 2728 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
07:54:24.0574 2728 TabletInputService - ok
07:54:24.0652 2728 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
07:54:24.0667 2728 TapiSrv - ok
07:54:24.0730 2728 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
07:54:24.0761 2728 TBS - ok
07:54:24.0917 2728 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
07:54:24.0945 2728 Tcpip - ok
07:54:25.0410 2728 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
07:54:25.0437 2728 TCPIP6 - ok
07:54:25.0760 2728 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
07:54:25.0790 2728 tcpipreg - ok
07:54:25.0830 2728 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
07:54:25.0876 2728 TDPIPE - ok
07:54:25.0939 2728 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
07:54:25.0939 2728 TDTCP - ok
07:54:26.0032 2728 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
07:54:26.0064 2728 tdx - ok
07:54:26.0126 2728 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
07:54:26.0126 2728 TermDD - ok
07:54:26.0235 2728 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
07:54:26.0282 2728 TermService - ok
07:54:26.0329 2728 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
07:54:26.0360 2728 Themes - ok
07:54:26.0422 2728 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
07:54:26.0438 2728 THREADORDER - ok
07:54:26.0547 2728 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
07:54:26.0578 2728 TrkWks - ok
07:54:26.0688 2728 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
07:54:26.0719 2728 TrustedInstaller - ok
07:54:26.0781 2728 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:54:26.0797 2728 tssecsrv - ok
07:54:26.0889 2728 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
07:54:26.0924 2728 TsUsbFlt - ok
07:54:26.0927 2728 tsusbhub - ok
07:54:27.0042 2728 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
07:54:27.0082 2728 tunnel - ok
07:54:27.0142 2728 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
07:54:27.0152 2728 uagp35 - ok
07:54:27.0217 2728 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
07:54:27.0249 2728 udfs - ok
07:54:27.0322 2728 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
07:54:27.0354 2728 UI0Detect - ok
07:54:27.0417 2728 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
07:54:27.0427 2728 uliagpkx - ok
07:54:27.0487 2728 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
07:54:27.0507 2728 umbus - ok
07:54:27.0562 2728 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
07:54:27.0572 2728 UmPass - ok
07:54:27.0612 2728 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
07:54:27.0649 2728 UmRdpService - ok
07:54:27.0734 2728 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
07:54:27.0759 2728 upnphost - ok
07:54:27.0834 2728 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
07:54:27.0865 2728 usbccgp - ok
07:54:27.0928 2728 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
07:54:27.0943 2728 usbcir - ok
07:54:27.0990 2728 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
07:54:28.0006 2728 usbehci - ok
07:54:28.0068 2728 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
07:54:28.0099 2728 usbhub - ok
07:54:28.0162 2728 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
07:54:28.0177 2728 usbohci - ok
07:54:28.0240 2728 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
07:54:28.0255 2728 usbprint - ok
07:54:28.0318 2728 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:54:28.0349 2728 USBSTOR - ok
07:54:28.0427 2728 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
07:54:28.0489 2728 usbuhci - ok
07:54:28.0536 2728 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
07:54:28.0567 2728 UxSms - ok
07:54:28.0614 2728 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
07:54:28.0630 2728 VaultSvc - ok
07:54:28.0677 2728 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
07:54:28.0708 2728 VClone - ok
07:54:28.0770 2728 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
07:54:28.0786 2728 vdrvroot - ok
07:54:28.0848 2728 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
07:54:28.0895 2728 vds - ok
07:54:28.0989 2728 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
07:54:29.0004 2728 vga - ok
07:54:29.0082 2728 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
07:54:29.0113 2728 VgaSave - ok
07:54:29.0113 2728 VGPU - ok
07:54:29.0207 2728 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
07:54:29.0223 2728 vhdmp - ok
07:54:29.0285 2728 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
07:54:29.0301 2728 viaagp - ok
07:54:29.0364 2728 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
07:54:29.0391 2728 ViaC7 - ok
07:54:29.0441 2728 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
07:54:29.0451 2728 viaide - ok
07:54:29.0556 2728 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
07:54:29.0569 2728 vmbus - ok
07:54:29.0624 2728 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
07:54:29.0641 2728 VMBusHID - ok
07:54:29.0766 2728 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
07:54:29.0776 2728 volmgr - ok
07:54:29.0829 2728 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
07:54:29.0841 2728 volmgrx - ok
07:54:29.0946 2728 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
07:54:29.0951 2728 volsnap - ok
07:54:30.0076 2728 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
07:54:30.0092 2728 vsmraid - ok
07:54:30.0279 2728 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
07:54:30.0326 2728 VSS - ok
07:54:30.0372 2728 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
07:54:30.0388 2728 vwifibus - ok
07:54:30.0528 2728 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
07:54:30.0560 2728 W32Time - ok
07:54:30.0606 2728 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
07:54:30.0638 2728 WacomPen - ok
07:54:30.0716 2728 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
07:54:30.0762 2728 WANARP - ok
07:54:30.0762 2728 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
07:54:30.0778 2728 Wanarpv6 - ok
07:54:31.0293 2728 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
07:54:31.0355 2728 wbengine - ok
07:54:31.0433 2728 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
07:54:31.0449 2728 WbioSrvc - ok
07:54:31.0500 2728 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
07:54:31.0535 2728 wcncsvc - ok
07:54:31.0590 2728 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
07:54:31.0640 2728 WcsPlugInService - ok
07:54:31.0692 2728 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
07:54:31.0702 2728 Wd - ok
07:54:31.0815 2728 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
07:54:31.0830 2728 Wdf01000 - ok
07:54:31.0870 2728 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
07:54:31.0920 2728 WdiServiceHost - ok
07:54:31.0922 2728 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
07:54:31.0937 2728 WdiSystemHost - ok
07:54:32.0005 2728 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
07:54:32.0020 2728 WebClient - ok
07:54:32.0105 2728 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
07:54:32.0130 2728 Wecsvc - ok
07:54:32.0200 2728 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
07:54:32.0262 2728 wercplsupport - ok
07:54:32.0340 2728 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
07:54:32.0372 2728 WerSvc - ok
07:54:32.0481 2728 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
07:54:32.0512 2728 WfpLwf - ok
07:54:32.0543 2728 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
07:54:32.0559 2728 WIMMount - ok
07:54:32.0824 2728 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
07:54:32.0871 2728 WinDefend - ok
07:54:32.0871 2728 WinHttpAutoProxySvc - ok
07:54:32.0964 2728 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
07:54:33.0027 2728 Winmgmt - ok
07:54:33.0354 2728 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
07:54:33.0401 2728 WinRM - ok
07:54:33.0526 2728 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
07:54:33.0557 2728 WinUsb - ok
07:54:33.0828 2728 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
07:54:33.0878 2728 Wlansvc - ok
07:54:34.0457 2728 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:54:34.0473 2728 wlidsvc - ok
07:54:34.0816 2728 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
07:54:34.0832 2728 WmiAcpi - ok
07:54:34.0910 2728 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
07:54:34.0941 2728 wmiApSrv - ok
07:54:35.0315 2728 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
07:54:35.0378 2728 WMPNetworkSvc - ok
07:54:35.0659 2728 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
07:54:35.0721 2728 WPCSvc - ok
07:54:35.0783 2728 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
07:54:35.0835 2728 WPDBusEnum - ok
07:54:35.0935 2728 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
07:54:35.0967 2728 ws2ifsl - ok
07:54:36.0055 2728 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
07:54:36.0082 2728 wscsvc - ok
07:54:36.0085 2728 WSearch - ok
07:54:36.0450 2728 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
07:54:36.0481 2728 wuauserv - ok
07:54:36.0964 2728 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
07:54:36.0980 2728 WudfPf - ok
07:54:37.0105 2728 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:54:37.0120 2728 WUDFRd - ok
07:54:37.0183 2728 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
07:54:37.0230 2728 wudfsvc - ok
07:54:37.0323 2728 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
07:54:37.0354 2728 WwanSvc - ok
07:54:37.0370 2728 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
07:54:37.0432 2728 \Device\Harddisk0\DR0 - ok
07:54:37.0448 2728 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
07:54:38.0037 2728 \Device\Harddisk1\DR1 - ok
07:54:38.0042 2728 Boot (0x1200) (c58dd2ca8092a0712f7ec056e7f48799) \Device\Harddisk0\DR0\Partition0
07:54:38.0042 2728 \Device\Harddisk0\DR0\Partition0 - ok
07:54:38.0064 2728 Boot (0x1200) (5973922d4acf1bd40491bdeec6e934f3) \Device\Harddisk1\DR1\Partition0
07:54:38.0082 2728 \Device\Harddisk1\DR1\Partition0 - ok
07:54:38.0104 2728 Boot (0x1200) (e93d6e787e8f81a439c1b2ec693827f0) \Device\Harddisk1\DR1\Partition1
07:54:38.0107 2728 \Device\Harddisk1\DR1\Partition1 - ok
07:54:38.0109 2728 ============================================================
07:54:38.0109 2728 Scan finished
07:54:38.0109 2728 ============================================================
07:54:38.0122 2112 Detected object count: 4
07:54:38.0122 2112 Actual detected object count: 4
08:00:41.0614 2112 a2free ( UnsignedFile.Multi.Generic ) - skipped by user
08:00:41.0614 2112 a2free ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:00:41.0614 2112 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
08:00:41.0614 2112 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:00:41.0629 2112 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
08:00:41.0629 2112 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:00:41.0629 2112 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
08:00:41.0629 2112 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.18.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
matze :: MATZE-PC [Administrator]

18.07.2012 07:50:34
mbam-log-2012-07-18 (07-50-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 323198
Laufzeit: 1 Stunde(n), 21 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Anti-Malware hat jetzt erstmal nichts gefunden gehabt.
Danke vorab.
MfG Matze

Hi,

das sieht eigentlich gut aus...

Prüfen wir noch den Bootblock...

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.

• Doppelklick auf die MBRCheck.exe.

• Vista und Win7 User mit Rechtsklick "als Administrator starten"

• Das Tool braucht nur eine Sekunde.

• Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste bitte den Inhalt des .txt Dokumentes

und lassen zur Sicherheit noch SUPERAntiSpyware los:
Superantispyware (SASW):
http://www.trojaner-board.de/51871-a...tispyware.html

chris

Hallo Chris,
hier das Log vom MBRCheck.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000016c

Kernel Drivers (total 196):
0x82E52000 \SystemRoot\system32\ntkrnlpa.exe
0x82E1B000 \SystemRoot\system32\halmacpi.dll
0x80BD2000 \SystemRoot\system32\kdcom.dll
0x8B039000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8B044000 \SystemRoot\system32\PSHED.dll
0x8B055000 \SystemRoot\system32\BOOTVID.dll
0x8B05D000 \SystemRoot\system32\CLFS.SYS
0x8B09F000 \SystemRoot\system32\CI.dll
0x8B14A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B1BB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B213000 \SystemRoot\system32\drivers\ACPI.sys
0x8B25B000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8B264000 \SystemRoot\system32\drivers\msisadrv.sys
0x8B26C000 \SystemRoot\system32\drivers\pci.sys
0x8B296000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8B2A1000 \SystemRoot\System32\drivers\partmgr.sys
0x8B2B2000 \SystemRoot\system32\drivers\volmgr.sys
0x8B2C2000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B30D000 \SystemRoot\system32\drivers\pciide.sys
0x8B314000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8B322000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B338000 \SystemRoot\system32\drivers\vmbus.sys
0x8B362000 \SystemRoot\system32\drivers\winhv.sys
0x8B374000 \SystemRoot\system32\drivers\atapi.sys
0x8B37D000 \SystemRoot\system32\drivers\ataport.SYS
0x8B3A0000 \SystemRoot\system32\drivers\nvstor.sys
0x8B417000 \SystemRoot\system32\drivers\storport.sys
0x8B45F000 \SystemRoot\system32\drivers\amdxata.sys
0x8B468000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B49C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B4AD000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B3C5000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B5DC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B63C000 \SystemRoot\System32\Drivers\cng.sys
0x8B699000 \SystemRoot\System32\drivers\pcw.sys
0x8B6A7000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B6B0000 \SystemRoot\system32\drivers\ndis.sys
0x8B767000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B7A5000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B808000 \SystemRoot\System32\drivers\tcpip.sys
0x8B953000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B984000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8B98D000 \SystemRoot\system32\drivers\volsnap.sys
0x8B9CC000 \SystemRoot\System32\Drivers\spldr.sys
0x8B9D4000 \SystemRoot\system32\speedfan.sys
0x8B7CA000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B9D9000 \SystemRoot\System32\Drivers\mup.sys
0x8B9E9000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B9F1000 \SystemRoot\system32\giveio.sys
0x8B600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B5EF000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B1C9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x90A1A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90A39000 \SystemRoot\System32\Drivers\Null.SYS
0x90A40000 \SystemRoot\System32\Drivers\Beep.SYS
0x90A47000 \SystemRoot\System32\drivers\vga.sys
0x90A53000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90A74000 \SystemRoot\System32\drivers\watchdog.sys
0x90A81000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90A89000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90A91000 \SystemRoot\system32\drivers\rdprefmp.sys
0x90A99000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90AA4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90AB2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90AC9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90AD5000 \SystemRoot\system32\drivers\afd.sys
0x90B2F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90B61000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90B68000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90B87000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90B95000 \SystemRoot\system32\DRIVERS\serial.sys
0x90BAF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90BC2000 \SystemRoot\system32\drivers\termdd.sys
0x90BD3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90BD9000 \??\C:\Windows\system32\drivers\sp_rsdrv2.sys
0x9063E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9067F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90689000 \SystemRoot\system32\drivers\mssmbios.sys
0x90693000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x9069D000 \SystemRoot\System32\drivers\discache.sys
0x906A9000 \SystemRoot\system32\drivers\csc.sys
0x9070D000 \SystemRoot\System32\Drivers\dfsc.sys
0x90725000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90733000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0x9073F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90785000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x90797000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x90799000 \SystemRoot\system32\DRIVERS\serenum.sys
0x907A3000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x907AD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90600000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9060F000 \SystemRoot\system32\drivers\HDAudBus.sys
0x9123F000 \SystemRoot\system32\DRIVERS\nvm62x32.sys
0x91294000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x9AA14000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x912E0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91397000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9AA00000 \SystemRoot\system32\drivers\CompositeBus.sys
0x913D0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x913E2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9120B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90A00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9B424000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9B43B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9B452000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9B45C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9B469000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9B476000 \SystemRoot\system32\DRIVERS\VClone.sys
0x9B482000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x9B4A8000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x9B4AE000 \SystemRoot\system32\drivers\swenum.sys
0x9B4B0000 \SystemRoot\system32\drivers\ks.sys
0x9B4E4000 \SystemRoot\system32\DRIVERS\amdiox86.sys
0x9B4F4000 \SystemRoot\system32\drivers\umbus.sys
0x9B502000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9B546000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9B557000 \SystemRoot\system32\drivers\HdAudio.sys
0x9B5A7000 \SystemRoot\system32\drivers\portcls.sys
0x9B5D6000 \SystemRoot\system32\drivers\drmk.sys
0x9B400000 \SystemRoot\system32\drivers\AtihdW73.sys
0x9B5EF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9B418000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8B000000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x9122D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9BA70000 \SystemRoot\System32\win32k.sys
0x9062E000 \SystemRoot\System32\drivers\Dxapi.sys
0x90764000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9B422000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8B9F2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8B400000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9AA0D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B3F0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8B200000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8CC10000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8CC27000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9BCE0000 \SystemRoot\System32\TSDDD.dll
0x9BD10000 \SystemRoot\System32\cdd.dll
0x8CC32000 \SystemRoot\system32\drivers\luafv.sys
0x8CC4D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8CC68000 \SystemRoot\system32\drivers\WudfPf.sys
0x8CC82000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8CC92000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8CCA5000 \SystemRoot\system32\drivers\HTTP.sys
0x8CD2A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8CD43000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8CD55000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8CD78000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8CDB3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA3416000 \SystemRoot\system32\drivers\peauth.sys
0xA34AD000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA34B7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA34D8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA34E5000 \SystemRoot\system32\drivers\spsys.sys
0xA354F000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA359F000 \SystemRoot\System32\DRIVERS\srv.sys
0x8CDCE000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77710000 \Windows\System32\ntdll.dll
0x479B0000 \Windows\System32\smss.exe
0x77950000 \Windows\System32\apisetschema.dll
0x00A20000 \Windows\System32\autochk.exe
0x77870000 \Windows\System32\msctf.dll
0x776C0000 \Windows\System32\Wldap32.dll
0x775E0000 \Windows\System32\kernel32.dll
0x77510000 \Windows\System32\user32.dll
0x77860000 \Windows\System32\lpk.dll
0x77850000 \Windows\System32\psapi.dll
0x77500000 \Windows\System32\nsi.dll
0x774F0000 \Windows\System32\normaliz.dll
0x774C0000 \Windows\System32\imagehlp.dll
0x77410000 \Windows\System32\msvcrt.dll
0x773D0000 \Windows\System32\ws2_32.dll
0x77270000 \Windows\System32\ole32.dll
0x771D0000 \Windows\System32\usp10.dll
0x77130000 \Windows\System32\advapi32.dll
0x770A0000 \Windows\System32\clbcatq.dll
0x77010000 \Windows\System32\oleaut32.dll
0x76F60000 \Windows\System32\rpcrt4.dll
0x76F40000 \Windows\System32\imm32.dll
0x76F20000 \Windows\System32\sechost.dll
0x76D80000 \Windows\System32\setupapi.dll
0x76C60000 \Windows\System32\wininet.dll
0x76010000 \Windows\System32\shell32.dll
0x75E50000 \Windows\System32\iertutil.dll
0x75E00000 \Windows\System32\gdi32.dll
0x75CE0000 \Windows\System32\urlmon.dll
0x75C80000 \Windows\System32\difxapi.dll
0x75C20000 \Windows\System32\shlwapi.dll
0x75BA0000 \Windows\System32\comdlg32.dll
0x75B70000 \Windows\System32\cfgmgr32.dll
0x75A50000 \Windows\System32\crypt32.dll
0x75A00000 \Windows\System32\KernelBase.dll
0x759D0000 \Windows\System32\wintrust.dll
0x759B0000 \Windows\System32\devobj.dll
0x75920000 \Windows\System32\comctl32.dll
0x75910000 \Windows\System32\msasn1.dll

Processes (total 61):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
424 csrss.exe
512 C:\Windows\System32\wininit.exe
524 csrss.exe
560 C:\Windows\System32\services.exe
576 C:\Windows\System32\lsass.exe
584 C:\Windows\System32\lsm.exe
676 C:\Windows\System32\winlogon.exe
736 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\atiesrxx.exe
944 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\audiodg.exe
1196 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\atieclxx.exe
1312 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\spoolsv.exe
1516 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1536 C:\Windows\System32\svchost.exe
1760 C:\Windows\System32\dwm.exe
1768 C:\Program Files\a-squared Free\a2service.exe
1800 C:\Windows\explorer.exe
1840 C:\Windows\System32\taskhost.exe
1880 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1936 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2032 C:\Windows\System32\svchost.exe
340 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
1120 C:\Windows\System32\sppsvc.exe
1624 C:\Windows\System32\svchost.exe
1816 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2244 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2544 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2552 C:\Windows\System32\conhost.exe
2752 WUDFHost.exe
3008 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3056 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3164 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
3244 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3388 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3556 C:\Windows\System32\SearchIndexer.exe
3688 C:\Program Files\Windows Media Player\wmpnetwk.exe
4004 C:\Windows\System32\svchost.exe
2320 WmiPrvSE.exe
2992 C:\Program Files\Opera\opera.exe
3116 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
900 C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
440 C:\Windows\System32\svchost.exe
4048 WmiPrvSE.exe
2156 C:\Users\matze\Desktop\MBRCheck.exe
3520 C:\Windows\System32\conhost.exe
2800 C:\Windows\System32\dllhost.exe
3940 C:\Windows\servicing\TrustedInstaller.exe
2592 C:\Users\matze\Desktop\SUPERAntiSpyware.exe
3412 C:\Windows\System32\wuauclt.exe
1024 C:\Users\matze\Desktop\SUPERAntiSpyware.exe
180 C:\Windows\System32\SearchProtocolHost.exe
3804 C:\Windows\System32\SearchFilterHost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`06500000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000003`a9636e00 (NTFS)

PhysicalDrive1 Model Number: ST3250318AS, Rev: CC38
PhysicalDrive0 Model Number: WDCWD1600AAJB-00WRA0, Rev: 58.01H58

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

Das andere lasse ich heute abend laufen.
Vielen Dank.

Guten Morgen,

hier noch das Log von SuperAntispyware:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/19/2012 at 09:02 AM

Application Version : 5.5.1006

Core Rules Database Version : 8923
Trace Rules Database Version: 6735

Scan type : Complete Scan
Total Scan Time : 00:17:33

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 838
Memory threats detected : 0
Registry items scanned : 35020
Registry threats detected : 0
File items scanned : 16242
File threats detected : 0

Schönen Tag zusammen.
Danke.

Hi,

sieht auch OK aus, warten wir mal was SUPERAntiSpyware noch bringt...

chris

Hallo Chris. Habe SUPERAntiSpyware laufen lassen. Das Log ist kurioserweise im Post vom MBRLog gelandet, also am Ende meines letzten Eintrags. War (aus meiner Sicht) ergebnislos. Danke vorab für die Antwort. MfG Matze

Hi,

wenn der Rechner keine Mucken mehr macht, sollten wir durch sein.

OTL und das Verzeichnis C:\_OLT kannst Du löschen, MAM und SUPERAntiSpyware je nach Laune behalten und ca. 1x die Woche updaten und scannen lassen...

chris

Hallo Chris,

System läuft fehlerlos. Werde die beiden Programme auf jeden Fall behalten.
Vielen, vielen Dank für die Hilfe!!

Schönes Wochenende.
Matze