Trojaner-Board - Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme (https://www.trojaner-board.de/104360-kein-zugriff-dateien-externen-karten-u-a-probleme.html)

Der PC ist beim Reboot, den das Fix gefordert hat, nicht mehr hochgekommen. Rien ne va plus. X-Mal hintereinander. Bis ich in den abgesicherten Modus gegangen bin und heute morgen er dann überhaupt nicht mehr wollte und die Starthilfe was repariert hat.

Wenn er das Fix-Log nicht automatisch irgendwo abspeichert, ist es nicht mehr vorhanden.

Wie geht es denn jetzt weiter? Ich würde unheimlich gerne noch einen Schritt heute Abend erledigt bekommen.

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Hab ich erledigt ... ich hoffe, ich habe es richtig gemacht ... ist jedenfalls hochgeladen ...

Ich wollte nur kurz am Rande anmerken, dass ich NICHT weiß, ob das, was in dem Log steht, noch der aktuelle Stand ist, weil ich ja nicht weiß, was die Starthilfe repariert hat. Für den Fall, dass du meinem Gedankengang folgen kannst ...

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/4

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/4

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56222

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 56222

FF - prefs.js..network.proxy.type: 1

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKCU..\Run: [AdobeBridge]  File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{20951ce3-86c3-11df-924f-001fc6f55680}\Shell - "" = AutoRun

O33 - MountPoints2\{20951ce3-86c3-11df-924f-001fc6f55680}\Shell\AutoRun\command - "" = J:\AutoRun.exe

O33 - MountPoints2\{20951cf0-86c3-11df-924f-001fc6f55680}\Shell - "" = AutoRun

O33 - MountPoints2\{20951cf0-86c3-11df-924f-001fc6f55680}\Shell\AutoRun\command - "" = J:\AutoRun.exe

O33 - MountPoints2\{844f82ca-8779-11df-991f-d89a0763a026}\Shell - "" = AutoRun

O33 - MountPoints2\{844f82ca-8779-11df-991f-d89a0763a026}\Shell\AutoRun\command - "" = J:\AutoRun.exe

O33 - MountPoints2\{b02346cc-881b-11df-98ec-001fc6f55680}\Shell - "" = AutoRun

O33 - MountPoints2\{b02346cc-881b-11df-98ec-001fc6f55680}\Shell\AutoRun\command - "" = K:\pushinst.exe

O33 - MountPoints2\J\Shell - "" = AutoRun

O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe

[2011.10.17 18:53:49 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Fest\taskmgr.exe

[2011.10.17 18:53:49 | 000,005,632 | -HS- | M] () -- C:\Users\Fest\wevtapi.dll

:Files

C:\Windows\Tasks\at*.job

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Diesmal hat es einwandfrei geklappt ... ich wünschte nur, ich wüsste, was ich gestern falsch gemacht habe. Aber egal.

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Prefs.js: "127.0.0.1" removed from network.proxy.http

Prefs.js: 56222 removed from network.proxy.http_port

Prefs.js: 1 removed from network.proxy.type

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20951ce3-86c3-11df-924f-001fc6f55680}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20951ce3-86c3-11df-924f-001fc6f55680}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20951ce3-86c3-11df-924f-001fc6f55680}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20951ce3-86c3-11df-924f-001fc6f55680}\ not found.

File J:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20951cf0-86c3-11df-924f-001fc6f55680}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20951cf0-86c3-11df-924f-001fc6f55680}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20951cf0-86c3-11df-924f-001fc6f55680}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20951cf0-86c3-11df-924f-001fc6f55680}\ not found.

File J:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{844f82ca-8779-11df-991f-d89a0763a026}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{844f82ca-8779-11df-991f-d89a0763a026}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{844f82ca-8779-11df-991f-d89a0763a026}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{844f82ca-8779-11df-991f-d89a0763a026}\ not found.

File J:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b02346cc-881b-11df-98ec-001fc6f55680}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b02346cc-881b-11df-98ec-001fc6f55680}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b02346cc-881b-11df-98ec-001fc6f55680}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b02346cc-881b-11df-98ec-001fc6f55680}\ not found.

File K:\pushinst.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.

File J:\AutoRun.exe not found.

C:\Users\Fest\taskmgr.exe moved successfully.

C:\Users\Fest\wevtapi.dll moved successfully.

========== FILES ==========

C:\Windows\Tasks\At1.job moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

->Flash cache emptied: 53632 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Fest

->Temp folder emptied: 951589247 bytes

->Temporary Internet Files folder emptied: 5705757 bytes

->FireFox cache emptied: 1307076 bytes

->Apple Safari cache emptied: 0 bytes

->Opera cache emptied: 117528519 bytes

->Flash cache emptied: 54402 bytes

 

User: Gast

->Temp folder emptied: 246440 bytes

->Temporary Internet Files folder emptied: 1296 bytes

->Flash cache emptied: 53632 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 878 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 678217692 bytes

 

Total Files Cleaned = 1.673,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 10232011_204119
 

Files\Folders moved on Reboot...

C:\Users\Fest\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Guten Morgen Arne, nachdem wir uns heute Abend hier verpassen werden und du ja inzwischen auch weißt, was ich für eine kleine Miss Ungeduld bin, habe ich nun mal Kaspersky TDSSKiller ausgeführt - und mach dann gleich noch unhide.:

Code:

08:10:26.0495 4116        TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48

08:10:26.0623 4116        ============================================================

08:10:26.0623 4116        Current date / time: 2011/10/24 08:10:26.0623

08:10:26.0623 4116        SystemInfo:

08:10:26.0623 4116        

08:10:26.0623 4116        OS Version: 6.1.7601 ServicePack: 1.0

08:10:26.0623 4116        Product type: Workstation

08:10:26.0623 4116        ComputerName: FEST-PC

08:10:26.0623 4116        UserName: Fest

08:10:26.0623 4116        Windows directory: C:\Windows

08:10:26.0623 4116        System windows directory: C:\Windows

08:10:26.0623 4116        Running under WOW64

08:10:26.0623 4116        Processor architecture: Intel x64

08:10:26.0623 4116        Number of processors: 4

08:10:26.0623 4116        Page size: 0x1000

08:10:26.0623 4116        Boot type: Normal boot

08:10:26.0623 4116        ============================================================

08:10:29.0613 4116        Initialize success

08:10:55.0213 4608        ============================================================

08:10:55.0213 4608        Scan started

08:10:55.0213 4608        Mode: Manual; SigCheck; TDLFS; 

08:10:55.0213 4608        ============================================================

08:10:56.0601 4608        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

08:10:56.0695 4608        1394ohci - ok

08:10:56.0741 4608        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

08:10:56.0773 4608        ACPI - ok

08:10:56.0788 4608        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

08:10:56.0866 4608        AcpiPmi - ok

08:10:56.0944 4608        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

08:10:56.0975 4608        adp94xx - ok

08:10:57.0007 4608        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

08:10:57.0022 4608        adpahci - ok

08:10:57.0038 4608        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

08:10:57.0053 4608        adpu320 - ok

08:10:57.0116 4608        AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

08:10:57.0209 4608        AFD - ok

08:10:57.0225 4608        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

08:10:57.0256 4608        agp440 - ok

08:10:57.0272 4608        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

08:10:57.0287 4608        aliide - ok

08:10:57.0334 4608        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

08:10:57.0350 4608        amdide - ok

08:10:57.0412 4608        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

08:10:57.0475 4608        AmdK8 - ok

08:10:57.0506 4608        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

08:10:57.0553 4608        AmdPPM - ok

08:10:57.0599 4608        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

08:10:57.0615 4608        amdsata - ok

08:10:57.0631 4608        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

08:10:57.0662 4608        amdsbs - ok

08:10:57.0662 4608        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

08:10:57.0677 4608        amdxata - ok

08:10:57.0771 4608        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

08:10:57.0911 4608        AppID - ok

08:10:57.0974 4608        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

08:10:58.0005 4608        arc - ok

08:10:58.0021 4608        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

08:10:58.0036 4608        arcsas - ok

08:10:58.0083 4608        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

08:10:58.0223 4608        AsyncMac - ok

08:10:58.0239 4608        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

08:10:58.0255 4608        atapi - ok

08:10:58.0286 4608        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

08:10:58.0301 4608        avgntflt - ok

08:10:58.0317 4608        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

08:10:58.0317 4608        avipbb - ok

08:10:58.0364 4608        avmeject        (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys

08:10:58.0379 4608        avmeject - ok

08:10:58.0442 4608        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

08:10:58.0520 4608        b06bdrv - ok

08:10:58.0535 4608        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

08:10:58.0598 4608        b57nd60a - ok

08:10:58.0660 4608        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

08:10:58.0738 4608        Beep - ok

08:10:58.0785 4608        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

08:10:58.0816 4608        blbdrive - ok

08:10:58.0925 4608        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

08:10:59.0019 4608        bowser - ok

08:10:59.0035 4608        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

08:10:59.0097 4608        BrFiltLo - ok

08:10:59.0128 4608        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

08:10:59.0159 4608        BrFiltUp - ok

08:10:59.0191 4608        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

08:10:59.0237 4608        Brserid - ok

08:10:59.0253 4608        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

08:10:59.0269 4608        BrSerWdm - ok

08:10:59.0284 4608        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

08:10:59.0315 4608        BrUsbMdm - ok

08:10:59.0331 4608        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

08:10:59.0378 4608        BrUsbSer - ok

08:10:59.0409 4608        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

08:10:59.0456 4608        BTHMODEM - ok

08:10:59.0503 4608        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

08:10:59.0549 4608        cdfs - ok

08:10:59.0596 4608        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

08:10:59.0627 4608        cdrom - ok

08:10:59.0659 4608        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

08:10:59.0690 4608        circlass - ok

08:10:59.0721 4608        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

08:10:59.0752 4608        CLFS - ok

08:10:59.0815 4608        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

08:10:59.0830 4608        CmBatt - ok

08:10:59.0877 4608        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

08:10:59.0893 4608        cmdide - ok

08:10:59.0939 4608        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

08:10:59.0986 4608        CNG - ok

08:10:59.0986 4608        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

08:11:00.0002 4608        Compbatt - ok

08:11:00.0017 4608        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

08:11:00.0064 4608        CompositeBus - ok

08:11:00.0111 4608        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

08:11:00.0111 4608        crcdisk - ok

08:11:00.0158 4608        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

08:11:00.0189 4608        DfsC - ok

08:11:00.0220 4608        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

08:11:00.0283 4608        discache - ok

08:11:00.0345 4608        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

08:11:00.0361 4608        Disk - ok

08:11:00.0423 4608        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

08:11:00.0454 4608        drmkaud - ok

08:11:00.0501 4608        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

08:11:00.0532 4608        DXGKrnl - ok

08:11:00.0626 4608        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

08:11:00.0719 4608        ebdrv - ok

08:11:00.0766 4608        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

08:11:00.0782 4608        elxstor - ok

08:11:00.0813 4608        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

08:11:00.0860 4608        ErrDev - ok

08:11:00.0891 4608        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

08:11:00.0938 4608        exfat - ok

08:11:00.0969 4608        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

08:11:01.0063 4608        fastfat - ok

08:11:01.0078 4608        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

08:11:01.0125 4608        fdc - ok

08:11:01.0156 4608        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

08:11:01.0172 4608        FileInfo - ok

08:11:01.0203 4608        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

08:11:01.0265 4608        Filetrace - ok

08:11:01.0297 4608        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

08:11:01.0312 4608        flpydisk - ok

08:11:01.0375 4608        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

08:11:01.0406 4608        FltMgr - ok

08:11:01.0437 4608        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

08:11:01.0453 4608        FsDepends - ok

08:11:01.0468 4608        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

08:11:01.0468 4608        Fs_Rec - ok

08:11:01.0499 4608        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

08:11:01.0515 4608        fvevol - ok

08:11:01.0577 4608        fwlanusbn       (630cb27253ea63bb0990c40c72bfcfe1) C:\Windows\system32\DRIVERS\fwlanusbn.sys

08:11:01.0624 4608        fwlanusbn - ok

08:11:01.0640 4608        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

08:11:01.0655 4608        gagp30kx - ok

08:11:01.0874 4608        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

08:11:01.0889 4608        GEARAspiWDM - ok

08:11:01.0905 4608        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

08:11:01.0967 4608        hcw85cir - ok

08:11:02.0014 4608        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

08:11:02.0045 4608        HDAudBus - ok

08:11:02.0077 4608        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

08:11:02.0123 4608        HidBatt - ok

08:11:02.0155 4608        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

08:11:02.0217 4608        HidBth - ok

08:11:02.0233 4608        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

08:11:02.0279 4608        HidIr - ok

08:11:02.0311 4608        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

08:11:02.0342 4608        HidUsb - ok

08:11:02.0404 4608        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

08:11:02.0420 4608        HpSAMD - ok

08:11:02.0482 4608        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

08:11:02.0560 4608        HTTP - ok

08:11:02.0607 4608        hwdatacard      (d96a290f699081ae737390c0fe329d7c) C:\Windows\system32\DRIVERS\ewusbmdm.sys

08:11:02.0669 4608        hwdatacard - ok

08:11:02.0716 4608        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

08:11:02.0732 4608        hwpolicy - ok

08:11:02.0794 4608        hwusbdev        (e0c7255498640fc64b19aae17fd6f965) C:\Windows\system32\DRIVERS\ewusbdev.sys

08:11:02.0825 4608        hwusbdev - ok

08:11:02.0888 4608        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

08:11:02.0903 4608        i8042prt - ok

08:11:02.0935 4608        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

08:11:02.0966 4608        iaStorV - ok

08:11:02.0981 4608        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

08:11:02.0997 4608        iirsp - ok

08:11:03.0091 4608        IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys

08:11:03.0137 4608        IntcAzAudAddService - ok

08:11:03.0169 4608        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

08:11:03.0184 4608        intelide - ok

08:11:03.0215 4608        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

08:11:03.0262 4608        intelppm - ok

08:11:03.0293 4608        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:11:03.0340 4608        IpFilterDriver - ok

08:11:03.0371 4608        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

08:11:03.0403 4608        IPMIDRV - ok

08:11:03.0449 4608        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

08:11:03.0512 4608        IPNAT - ok

08:11:03.0543 4608        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

08:11:03.0637 4608        IRENUM - ok

08:11:03.0652 4608        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

08:11:03.0652 4608        isapnp - ok

08:11:03.0683 4608        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

08:11:03.0699 4608        iScsiPrt - ok

08:11:03.0730 4608        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

08:11:03.0746 4608        kbdclass - ok

08:11:03.0793 4608        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

08:11:03.0824 4608        kbdhid - ok

08:11:03.0871 4608        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

08:11:03.0886 4608        KSecDD - ok

08:11:03.0902 4608        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

08:11:03.0917 4608        KSecPkg - ok

08:11:03.0933 4608        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

08:11:04.0011 4608        ksthunk - ok

08:11:04.0105 4608        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

08:11:04.0198 4608        lltdio - ok

08:11:04.0229 4608        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

08:11:04.0245 4608        LSI_FC - ok

08:11:04.0261 4608        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

08:11:04.0276 4608        LSI_SAS - ok

08:11:04.0307 4608        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

08:11:04.0307 4608        LSI_SAS2 - ok

08:11:04.0339 4608        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

08:11:04.0370 4608        LSI_SCSI - ok

08:11:04.0417 4608        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

08:11:04.0479 4608        luafv - ok

08:11:04.0495 4608        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

08:11:04.0510 4608        megasas - ok

08:11:04.0526 4608        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

08:11:04.0541 4608        MegaSR - ok

08:11:04.0588 4608        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

08:11:04.0635 4608        Modem - ok

08:11:04.0666 4608        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

08:11:04.0713 4608        monitor - ok

08:11:04.0760 4608        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

08:11:04.0775 4608        mouclass - ok

08:11:04.0807 4608        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

08:11:04.0822 4608        mouhid - ok

08:11:04.0869 4608        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

08:11:04.0885 4608        mountmgr - ok

08:11:04.0916 4608        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

08:11:04.0931 4608        mpio - ok

08:11:04.0947 4608        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

08:11:05.0025 4608        mpsdrv - ok

08:11:05.0072 4608        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

08:11:05.0150 4608        MRxDAV - ok

08:11:05.0181 4608        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:11:05.0243 4608        mrxsmb - ok

08:11:05.0290 4608        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:11:05.0353 4608        mrxsmb10 - ok

08:11:05.0368 4608        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:11:05.0384 4608        mrxsmb20 - ok

08:11:05.0415 4608        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

08:11:05.0415 4608        msahci - ok

08:11:05.0446 4608        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

08:11:05.0462 4608        msdsm - ok

08:11:05.0477 4608        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

08:11:05.0524 4608        Msfs - ok

08:11:05.0524 4608        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

08:11:05.0587 4608        mshidkmdf - ok

08:11:05.0602 4608        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

08:11:05.0618 4608        msisadrv - ok

08:11:05.0680 4608        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

08:11:05.0743 4608        MSKSSRV - ok

08:11:05.0774 4608        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

08:11:05.0821 4608        MSPCLOCK - ok

08:11:05.0821 4608        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

08:11:05.0852 4608        MSPQM - ok

08:11:05.0914 4608        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

08:11:05.0945 4608        MsRPC - ok

08:11:05.0961 4608        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

08:11:05.0977 4608        mssmbios - ok

08:11:05.0992 4608        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

08:11:06.0023 4608        MSTEE - ok

08:11:06.0039 4608        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

08:11:06.0086 4608        MTConfig - ok

08:11:06.0117 4608        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

08:11:06.0148 4608        Mup - ok

08:11:06.0195 4608        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

08:11:06.0257 4608        NativeWifiP - ok

08:11:06.0351 4608        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

08:11:06.0398 4608        NDIS - ok

08:11:06.0413 4608        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

08:11:06.0429 4608        NdisCap - ok

08:11:06.0476 4608        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

08:11:06.0538 4608        NdisTapi - ok

08:11:06.0569 4608        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

08:11:06.0616 4608        Ndisuio - ok

08:11:06.0647 4608        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

08:11:06.0710 4608        NdisWan - ok

08:11:06.0757 4608        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

08:11:06.0835 4608        NDProxy - ok

08:11:06.0866 4608        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

08:11:06.0913 4608        NetBIOS - ok

08:11:06.0944 4608        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

08:11:07.0022 4608        NetBT - ok

08:11:07.0084 4608        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

08:11:07.0100 4608        nfrd960 - ok

08:11:07.0131 4608        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

08:11:07.0162 4608        Npfs - ok

08:11:07.0178 4608        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

08:11:07.0225 4608        nsiproxy - ok

08:11:07.0271 4608        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

08:11:07.0318 4608        Ntfs - ok

08:11:07.0334 4608        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

08:11:07.0381 4608        Null - ok

08:11:07.0427 4608        NVHDA           (17a7e888e330c7dfe59c97be44ddcf16) C:\Windows\system32\drivers\nvhda64v.sys

08:11:07.0427 4608        NVHDA - ok

08:11:07.0693 4608        nvlddmkm        (f0fbfe1e29ff233b0e000054c1fb968a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

08:11:07.0849 4608        nvlddmkm - ok

08:11:07.0864 4608        NVNET           (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys

08:11:07.0880 4608        NVNET - ok

08:11:07.0911 4608        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

08:11:07.0927 4608        nvraid - ok

08:11:07.0958 4608        nvsmu           (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys

08:11:07.0958 4608        nvsmu - ok

08:11:08.0005 4608        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

08:11:08.0036 4608        nvstor - ok

08:11:08.0051 4608        nvstor64        (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys

08:11:08.0067 4608        nvstor64 - ok

08:11:08.0083 4608        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

08:11:08.0098 4608        nv_agp - ok

08:11:08.0161 4608        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

08:11:08.0192 4608        ohci1394 - ok

08:11:08.0239 4608        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

08:11:08.0270 4608        Parport - ok

08:11:08.0317 4608        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

08:11:08.0332 4608        partmgr - ok

08:11:08.0348 4608        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

08:11:08.0363 4608        pci - ok

08:11:08.0379 4608        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

08:11:08.0395 4608        pciide - ok

08:11:08.0426 4608        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

08:11:08.0441 4608        pcmcia - ok

08:11:08.0457 4608        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

08:11:08.0473 4608        pcw - ok

08:11:08.0488 4608        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

08:11:08.0535 4608        PEAUTH - ok

08:11:08.0613 4608        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

08:11:08.0691 4608        PptpMiniport - ok

08:11:08.0707 4608        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

08:11:08.0738 4608        Processor - ok

08:11:08.0785 4608        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

08:11:08.0831 4608        Psched - ok

08:11:08.0909 4608        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

08:11:08.0987 4608        ql2300 - ok

08:11:09.0003 4608        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

08:11:09.0019 4608        ql40xx - ok

08:11:09.0034 4608        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

08:11:09.0050 4608        QWAVEdrv - ok

08:11:09.0081 4608        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

08:11:09.0159 4608        RasAcd - ok

08:11:09.0221 4608        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

08:11:09.0284 4608        RasAgileVpn - ok

08:11:09.0315 4608        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:11:09.0393 4608        Rasl2tp - ok

08:11:09.0424 4608        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

08:11:09.0471 4608        RasPppoe - ok

08:11:09.0487 4608        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

08:11:09.0502 4608        RasSstp - ok

08:11:09.0549 4608        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

08:11:09.0596 4608        rdbss - ok

08:11:09.0611 4608        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

08:11:09.0627 4608        rdpbus - ok

08:11:09.0658 4608        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:11:09.0689 4608        RDPCDD - ok

08:11:09.0736 4608        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

08:11:09.0814 4608        RDPENCDD - ok

08:11:09.0830 4608        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

08:11:09.0861 4608        RDPREFMP - ok

08:11:09.0923 4608        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

08:11:10.0001 4608        RDPWD - ok

08:11:10.0033 4608        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

08:11:10.0048 4608        rdyboost - ok

08:11:10.0095 4608        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

08:11:10.0126 4608        rspndr - ok

08:11:10.0157 4608        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

08:11:10.0173 4608        sbp2port - ok

08:11:10.0220 4608        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

08:11:10.0282 4608        scfilter - ok

08:11:10.0298 4608        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

08:11:10.0345 4608        secdrv - ok

08:11:10.0376 4608        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

08:11:10.0391 4608        Serenum - ok

08:11:10.0407 4608        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

08:11:10.0454 4608        Serial - ok

08:11:10.0485 4608        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

08:11:10.0516 4608        sermouse - ok

08:11:10.0563 4608        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

08:11:10.0625 4608        sffdisk - ok

08:11:10.0672 4608        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

08:11:10.0703 4608        sffp_mmc - ok

08:11:10.0719 4608        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

08:11:10.0735 4608        sffp_sd - ok

08:11:10.0781 4608        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

08:11:10.0813 4608        sfloppy - ok

08:11:10.0891 4608        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

08:11:10.0906 4608        SiSRaid2 - ok

08:11:10.0922 4608        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

08:11:10.0937 4608        SiSRaid4 - ok

08:11:10.0969 4608        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

08:11:11.0062 4608        Smb - ok

08:11:11.0093 4608        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

08:11:11.0093 4608        spldr - ok

08:11:11.0125 4608        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

08:11:11.0140 4608        srv - ok

08:11:11.0203 4608        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

08:11:11.0249 4608        srv2 - ok

08:11:11.0296 4608        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

08:11:11.0343 4608        srvnet - ok

08:11:11.0374 4608        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

08:11:11.0405 4608        stexstor - ok

08:11:11.0452 4608        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

08:11:11.0468 4608        swenum - ok

08:11:11.0608 4608        Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

08:11:11.0702 4608        Tcpip - ok

08:11:11.0749 4608        TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

08:11:11.0780 4608        TCPIP6 - ok

08:11:11.0827 4608        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

08:11:11.0905 4608        tcpipreg - ok

08:11:11.0967 4608        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

08:11:12.0014 4608        TDPIPE - ok

08:11:12.0014 4608        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

08:11:12.0061 4608        TDTCP - ok

08:11:12.0092 4608        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

08:11:12.0154 4608        tdx - ok

08:11:12.0185 4608        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

08:11:12.0185 4608        TermDD - ok

08:11:12.0248 4608        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:11:12.0326 4608        tssecsrv - ok

08:11:12.0404 4608        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

08:11:12.0435 4608        TsUsbFlt - ok

08:11:12.0482 4608        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

08:11:12.0544 4608        tunnel - ok

08:11:12.0575 4608        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

08:11:12.0575 4608        uagp35 - ok

08:11:12.0622 4608        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

08:11:12.0669 4608        udfs - ok

08:11:12.0700 4608        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

08:11:12.0716 4608        uliagpkx - ok

08:11:12.0747 4608        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

08:11:12.0794 4608        umbus - ok

08:11:12.0825 4608        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

08:11:12.0872 4608        UmPass - ok

08:11:12.0919 4608        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

08:11:12.0965 4608        usbccgp - ok

08:11:13.0028 4608        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

08:11:13.0059 4608        usbcir - ok

08:11:13.0075 4608        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

08:11:13.0106 4608        usbehci - ok

08:11:13.0137 4608        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

08:11:13.0153 4608        usbhub - ok

08:11:13.0168 4608        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

08:11:13.0199 4608        usbohci - ok

08:11:13.0231 4608        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

08:11:13.0262 4608        usbprint - ok

08:11:13.0277 4608        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:11:13.0309 4608        USBSTOR - ok

08:11:13.0324 4608        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

08:11:13.0355 4608        usbuhci - ok

08:11:13.0387 4608        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

08:11:13.0402 4608        vdrvroot - ok

08:11:13.0449 4608        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

08:11:13.0465 4608        vga - ok

08:11:13.0480 4608        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

08:11:13.0511 4608        VgaSave - ok

08:11:13.0558 4608        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

08:11:13.0589 4608        vhdmp - ok

08:11:13.0636 4608        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

08:11:13.0652 4608        viaide - ok

08:11:13.0699 4608        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

08:11:13.0730 4608        volmgr - ok

08:11:13.0777 4608        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

08:11:13.0792 4608        volmgrx - ok

08:11:13.0808 4608        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

08:11:13.0808 4608        volsnap - ok

08:11:13.0855 4608        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

08:11:13.0886 4608        vsmraid - ok

08:11:13.0901 4608        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

08:11:13.0917 4608        vwifibus - ok

08:11:13.0948 4608        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

08:11:13.0995 4608        WacomPen - ok

08:11:14.0026 4608        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:11:14.0073 4608        WANARP - ok

08:11:14.0073 4608        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:11:14.0104 4608        Wanarpv6 - ok

08:11:14.0135 4608        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

08:11:14.0151 4608        Wd - ok

08:11:14.0167 4608        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

08:11:14.0182 4608        Wdf01000 - ok

08:11:14.0245 4608        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

08:11:14.0307 4608        WfpLwf - ok

08:11:14.0323 4608        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

08:11:14.0323 4608        WIMMount - ok

08:11:14.0385 4608        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

08:11:14.0416 4608        WmiAcpi - ok

08:11:14.0463 4608        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

08:11:14.0494 4608        ws2ifsl - ok

08:11:14.0541 4608        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

08:11:14.0603 4608        WudfPf - ok

08:11:14.0635 4608        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:11:14.0681 4608        WUDFRd - ok

08:11:14.0713 4608        MBR (0x1B8)     (9584e87b637328298df815aa49d3cfa0) \Device\Harddisk0\DR0

08:11:14.0869 4608        \Device\Harddisk0\DR0 - ok

08:11:14.0884 4608        Boot (0x1200)   (32eebb431ad9553a559b951e10e50078) \Device\Harddisk0\DR0\Partition0

08:11:14.0884 4608        \Device\Harddisk0\DR0\Partition0 - ok

08:11:14.0931 4608        Boot (0x1200)   (c7109835f91040e26ae302c6167b165a) \Device\Harddisk0\DR0\Partition1

08:11:14.0931 4608        \Device\Harddisk0\DR0\Partition1 - ok

08:11:14.0947 4608        Boot (0x1200)   (e029946fa7b5ca4111d1df1cf3895cb7) \Device\Harddisk0\DR0\Partition2

08:11:14.0947 4608        \Device\Harddisk0\DR0\Partition2 - ok

08:11:14.0962 4608        ============================================================

08:11:14.0962 4608        Scan finished

08:11:14.0962 4608        ============================================================

08:11:14.0978 3164        Detected object count: 0

08:11:14.0978 3164        Actual detected object count: 0

Kommt als nächstes ComboFix? Würde ich dann erst heute Nacht bzw. morgen Vormittag machen können.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Erledigt :-)

Code:

ComboFix 11-10-24.01 - Fest 24.10.2011  11:43:17.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6143.4853 [GMT 2:00]

ausgeführt von:: c:\users\Fest\Desktop\ComboFix.exe

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

c:\windows\IsUn0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-09-24 bis 2011-10-24  ))))))))))))))))))))))))))))))

.

.

2011-10-24 09:47 . 2011-10-24 09:47        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-10-22 16:59 . 2011-10-23 18:21        --------        d-----w-        C:\_OTL

2011-10-21 10:23 . 2011-10-21 10:23        --------        d-----w-        c:\program files (x86)\ESET

2011-10-19 07:10 . 2011-10-23 17:18        --------        d-----w-        c:\users\Gast

2011-10-17 20:13 . 2011-10-17 20:13        --------        d-----w-        c:\users\Fest\AppData\Roaming\Malwarebytes

2011-10-17 20:13 . 2011-10-17 20:13        --------        d-----w-        c:\programdata\Malwarebytes

2011-10-17 20:13 . 2011-08-31 15:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-10-17 20:13 . 2011-10-17 21:13        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-14 17:04 . 2011-09-13 00:26        9049936        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{45790A69-C00E-4EE3-9BEA-A1C6CC3C6ABE}\mpengine.dll

2011-10-13 14:13 . 2011-08-17 05:26        613888        ----a-w-        c:\windows\system32\psisdecd.dll

2011-10-13 14:13 . 2011-08-17 05:25        108032        ----a-w-        c:\windows\system32\psisrndr.ax

2011-10-13 14:13 . 2011-08-17 04:24        465408        ----a-w-        c:\windows\SysWow64\psisdecd.dll

2011-10-13 14:13 . 2011-08-17 04:19        75776        ----a-w-        c:\windows\SysWow64\psisrndr.ax

2011-10-13 14:12 . 2011-08-27 05:37        331776        ----a-w-        c:\windows\system32\oleacc.dll

2011-10-13 14:12 . 2011-08-27 04:26        233472        ----a-w-        c:\windows\SysWow64\oleacc.dll

2011-10-13 14:12 . 2011-08-27 05:37        861696        ----a-w-        c:\windows\system32\oleaut32.dll

2011-10-13 14:12 . 2011-08-27 04:26        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-16 15:31 . 2011-05-17 21:08        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-26 12:38 . 2011-01-11 11:40        640        ----a-w-        c:\windows\uninstallstickies.bat

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

c:\users\Fest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2011-1-11 1122304]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe [2011-9-1 1302640]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]

S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

ezSharedSvc

.

Inhalt des "geplante Tasks" Ordners

.

2011-10-21 c:\windows\Tasks\HPCeeScheduleForFest.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]

.

2011-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]

"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uLocal Page = c:\windows\system32\blank.htm

mStart Page = 

mLocal Page = 

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Fest\AppData\Roaming\Mozilla\Firefox\Profiles\xo9lld2z.default\

FF - prefs.js: network.proxy.http - 

FF - prefs.js: network.proxy.http_port - 

FF - prefs.js: network.proxy.type - 

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\avmwlanstick\WlanNetService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-10-24  11:53:13 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-10-24 09:53

.

Vor Suchlauf: 10 Verzeichnis(se), 344.160.215.040 Bytes frei

Nach Suchlauf: 11 Verzeichnis(se), 343.787.114.496 Bytes frei

.

- - End Of File - - C07A499E1F6141DCB92C06C9735B9EC6

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Et voilà:

Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-10-24 13:02:51

-----------------------------

13:02:51.562    OS Version: Windows x64 6.1.7601 Service Pack 1

13:02:51.562    Number of processors: 4 586 0x502

13:02:51.562    ComputerName: FEST-PC  UserName: Fest

13:02:52.608    Initialize success

13:02:56.476    AVAST engine defs: 11102401

13:02:59.238    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055

13:02:59.238    Disk 0 Vendor: ST375052 HP34 Size: 715404MB BusType: 3

13:03:01.281    Disk 0 MBR read successfully

13:03:01.281    Disk 0 MBR scan

13:03:01.297    Disk 0 unknown MBR code

13:03:01.312    Service scanning

13:03:02.389    Modules scanning

13:03:02.389    Disk 0 trace - called modules:

13:03:02.404    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 

13:03:02.420    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e14060]

13:03:02.420    3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80051aac20]

13:03:02.436    5 ACPI.sys[fffff88000ee17a1] -> nt!IofCallDriver -> \Device\00000055[0xfffffa8005bdc5f0]

13:03:18.270    AVAST engine scan C:\Windows

13:03:52.605    AVAST engine scan C:\Windows\system32

13:06:08.044    AVAST engine scan C:\Windows\system32\drivers

13:06:32.084    AVAST engine scan C:\Users\Fest

13:27:19.117    AVAST engine scan C:\ProgramData

13:29:40.468    Scan finished successfully

13:30:05.756    Disk 0 MBR has been saved successfully to "C:\Users\Fest\Desktop\MBR.dat"

13:30:05.756    The log file has been saved successfully to "C:\Users\Fest\Desktop\aswMBR.txt"

Nur zu meinem Verständnis: Warum haben wir hier nicht GMER und OSAM gebraucht? Hat das etwas damit zu tun, dass das hier kein 32-bit-Rechner ist? Oder liegt es an der Natur der Funde auf dem Rechner?

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.
Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Okay, derzeit scheinen nicht mein Tage zu sein ... Habe ich schon wieder etwas falsch gemacht? Wie lange dauert denn bitte der MBR-Fix? Sekundenbruchteile? Woran sehe ich, dass er fertig ist? Hätte da was stehen sollen?
Mien Log nach dem Fix schaut in meinen Augen jedenfalls genaus aus, wie vor dem Fix.

Zitat:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-24 14:30:38
-----------------------------
14:30:38.619 OS Version: Windows x64 6.1.7601 Service Pack 1
14:30:38.619 Number of processors: 4 586 0x502
14:30:38.619 ComputerName: FEST-PC UserName: Fest
14:30:48.416 Initialize success
14:30:53.549 AVAST engine defs: 11102401
14:30:59.445 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
14:30:59.445 Disk 0 Vendor: ST375052 HP34 Size: 715404MB BusType: 3
14:31:01.473 Disk 0 MBR read successfully
14:31:01.473 Disk 0 MBR scan
14:31:01.489 Disk 0 Windows 7 default MBR code
14:31:01.489 Service scanning
14:31:07.448 Modules scanning
14:31:07.448 Disk 0 trace - called modules:
14:31:07.464 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
14:31:07.479 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e66060]
14:31:07.479 3 CLASSPNP.SYS[fffff88001b9743f] -> nt!IofCallDriver -> [0xfffffa8005bbe7a0]
14:31:07.479 5 ACPI.sys[fffff88000eed7a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa8005bbe060]
14:31:16.808 AVAST engine scan C:\Windows
14:31:27.494 AVAST engine scan C:\Windows\system32
14:34:13.400 AVAST engine scan C:\Windows\system32\drivers
14:34:34.195 AVAST engine scan C:\Users\Fest
14:59:33.527 AVAST engine scan C:\ProgramData
15:01:50.931 Scan finished successfully
15:16:05.250 Disk 0 MBR has been saved successfully to "C:\Users\Fest\Desktop\MBR.dat"
15:16:05.250 The log file has been saved successfully to "C:\Users\Fest\Desktop\aswMBR.txt"

Vorher => 13:03:01.297 Disk 0 unknown MBR code

Nachher => 14:31:01.489 Disk 0 Windows 7 default MBR code

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Danke, Arne. (Jetzt habe ich den Beweis rot auf grün, dass ich auch noch blind bin. :-))) )
Scans mache ich heute Nacht/morgen Vormittag. Muss los.
Bis hier her: DANKE!!
S.