Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Problem mit Rootkit BOO/TDss.O (https://www.trojaner-board.de/114437-problem-rootkit-boo-tdss-o.html)

The_Pirate 30.04.2012 10:06
Problem mit Rootkit BOO/TDss.O
 
Hallo,

nach diversen Problemen (Popups von Fehlermeldungen) hat mit Avira DE-Cleaner mitgeteilt, dass sich mein Rechner den oben genannten Rootkit eingefangen habe.

Ich habe schon TDSSKiller laufen lassen, das Logfile ist hier:

Code:
01:59:52.0431 2028    TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
01:59:53.0274 2028    ============================================================
01:59:53.0274 2028    Current date / time: 2012/04/30 01:59:53.0274
01:59:53.0274 2028    SystemInfo:
01:59:53.0274 2028   
01:59:53.0274 2028    OS Version: 6.1.7600 ServicePack: 0.0
01:59:53.0274 2028    Product type: Workstation
01:59:53.0274 2028    ComputerName: *********
01:59:53.0274 2028    UserName: *********
01:59:53.0274 2028    Windows directory: C:\windows
01:59:53.0274 2028    System windows directory: C:\windows
01:59:53.0274 2028    Running under WOW64
01:59:53.0274 2028    Processor architecture: Intel x64
01:59:53.0274 2028    Number of processors: 4
01:59:53.0274 2028    Page size: 0x1000
01:59:53.0274 2028    Boot type: Safe boot
01:59:53.0274 2028    ============================================================
01:59:55.0426 2028    Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:59:55.0426 2028    ============================================================
01:59:55.0426 2028    \Device\Harddisk0\DR0:
01:59:55.0426 2028    MBR partitions:
01:59:55.0426 2028    \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x15997000
01:59:55.0426 2028    \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x171C9800, BlocksNum 0xE2602B0
01:59:55.0426 2028    ============================================================
01:59:55.0520 2028    C: <-> \Device\Harddisk0\DR0\Partition0
01:59:55.0707 2028    D: <-> \Device\Harddisk0\DR0\Partition1
01:59:55.0707 2028    ============================================================
01:59:55.0707 2028    Initialize success
01:59:55.0707 2028    ============================================================
01:59:57.0735 1096    ============================================================
01:59:57.0735 1096    Scan started
01:59:57.0735 1096    Mode: Manual;
01:59:57.0735 1096    ============================================================
02:00:00.0309 1096    1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
02:00:00.0309 1096    1394ohci - ok
02:00:00.0668 1096    ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
02:00:00.0668 1096    ACDaemon - ok
02:00:00.0918 1096    ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
02:00:00.0933 1096    ACPI - ok
02:00:01.0027 1096    AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
02:00:01.0027 1096    AcpiPmi - ok
02:00:01.0120 1096    adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
02:00:01.0370 1096    adp94xx - ok
02:00:01.0417 1096    adpahci        (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
02:00:01.0432 1096    adpahci - ok
02:00:01.0479 1096    adpu320        (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
02:00:01.0479 1096    adpu320 - ok
02:00:01.0526 1096    AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
02:00:01.0526 1096    AeLookupSvc - ok
02:00:01.0588 1096    AFD            (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
02:00:01.0588 1096    AFD - ok
02:00:01.0666 1096    agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
02:00:01.0666 1096    agp440 - ok
02:00:01.0698 1096    ALG            (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
02:00:01.0698 1096    ALG - ok
02:00:01.0744 1096    aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
02:00:01.0744 1096    aliide - ok
02:00:01.0791 1096    amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
02:00:01.0791 1096    amdide - ok
02:00:01.0822 1096    AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
02:00:01.0822 1096    AmdK8 - ok
02:00:01.0869 1096    AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
02:00:01.0869 1096    AmdPPM - ok
02:00:01.0963 1096    amdsata        (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
02:00:01.0978 1096    amdsata - ok
02:00:02.0103 1096    amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
02:00:02.0134 1096    amdsbs - ok
02:00:02.0181 1096    amdxata        (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
02:00:02.0197 1096    amdxata - ok
02:00:02.0228 1096    AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
02:00:02.0228 1096    AppID - ok
02:00:02.0275 1096    AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
02:00:02.0275 1096    AppIDSvc - ok
02:00:02.0290 1096    Appinfo        (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
02:00:02.0290 1096    Appinfo - ok
02:00:02.0462 1096    Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:00:02.0462 1096    Apple Mobile Device - ok
02:00:02.0540 1096    arc            (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
02:00:02.0540 1096    arc - ok
02:00:02.0571 1096    arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
02:00:02.0571 1096    arcsas - ok
02:00:02.0680 1096    ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
02:00:02.0680 1096    ArcSoftKsUFilter - ok
02:00:02.0992 1096    aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:00:03.0024 1096    aspnet_state - ok
02:00:03.0055 1096    AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
02:00:03.0055 1096    AsyncMac - ok
02:00:03.0102 1096    atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
02:00:03.0102 1096    atapi - ok
02:00:03.0226 1096    athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\windows\system32\DRIVERS\athrx.sys
02:00:03.0258 1096    athr - ok
02:00:03.0414 1096    AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
02:00:03.0445 1096    AudioEndpointBuilder - ok
02:00:03.0460 1096    AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
02:00:03.0460 1096    AudioSrv - ok
02:00:03.0523 1096    AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
02:00:03.0523 1096    AxInstSV - ok
02:00:03.0648 1096    b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
02:00:03.0694 1096    b06bdrv - ok
02:00:03.0772 1096    b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
02:00:03.0772 1096    b57nd60a - ok
02:00:03.0835 1096    BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
02:00:03.0835 1096    BDESVC - ok
02:00:03.0835 1096    Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
02:00:03.0835 1096    Beep - ok
02:00:04.0100 1096    BFE            (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
02:00:04.0131 1096    BFE - ok
02:00:04.0209 1096    BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll
02:00:04.0240 1096    BITS - ok
02:00:04.0755 1096    blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
02:00:04.0755 1096    blbdrive - ok
02:00:04.0989 1096    Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
02:00:05.0005 1096    Bonjour Service - ok
02:00:05.0488 1096    bowser          (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
02:00:05.0488 1096    bowser - ok
02:00:05.0598 1096    BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
02:00:05.0629 1096    BrFiltLo - ok
02:00:05.0707 1096    BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
02:00:05.0707 1096    BrFiltUp - ok
02:00:05.0769 1096    BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
02:00:05.0769 1096    BridgeMP - ok
02:00:05.0894 1096    Browser        (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
02:00:05.0910 1096    Browser - ok
02:00:05.0941 1096    Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
02:00:05.0956 1096    Brserid - ok
02:00:06.0019 1096    BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
02:00:06.0019 1096    BrSerWdm - ok
02:00:06.0050 1096    BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
02:00:06.0050 1096    BrUsbMdm - ok
02:00:06.0128 1096    BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
02:00:06.0128 1096    BrUsbSer - ok
02:00:06.0159 1096    BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
02:00:06.0159 1096    BTHMODEM - ok
02:00:06.0206 1096    bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
02:00:06.0206 1096    bthserv - ok
02:00:06.0253 1096    cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
02:00:06.0253 1096    cdfs - ok
02:00:06.0315 1096    cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
02:00:06.0315 1096    cdrom - ok
02:00:06.0346 1096    CertPropSvc    (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
02:00:06.0346 1096    CertPropSvc - ok
02:00:06.0409 1096    circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
02:00:06.0409 1096    circlass - ok
02:00:06.0471 1096    CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
02:00:06.0487 1096    CLFS - ok
02:00:06.0549 1096    clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:00:06.0549 1096    clr_optimization_v2.0.50727_32 - ok
02:00:06.0596 1096    clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:00:06.0596 1096    clr_optimization_v2.0.50727_64 - ok
02:00:06.0768 1096    clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:00:06.0814 1096    clr_optimization_v4.0.30319_32 - ok
02:00:06.0908 1096    clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:00:06.0986 1096    clr_optimization_v4.0.30319_64 - ok
02:00:07.0017 1096    CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
02:00:07.0017 1096    CmBatt - ok
02:00:07.0126 1096    cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
02:00:07.0126 1096    cmdide - ok
02:00:07.0236 1096    CNG            (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
02:00:07.0267 1096    CNG - ok
02:00:07.0282 1096    Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
02:00:07.0282 1096    Compbatt - ok
02:00:07.0345 1096    CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
02:00:07.0345 1096    CompositeBus - ok
02:00:07.0376 1096    COMSysApp - ok
02:00:07.0423 1096    crcdisk        (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
02:00:07.0423 1096    crcdisk - ok
02:00:07.0485 1096    CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
02:00:07.0485 1096    CryptSvc - ok
02:00:07.0563 1096    DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
02:00:07.0579 1096    DcomLaunch - ok
02:00:07.0813 1096    defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
02:00:07.0844 1096    defragsvc - ok
02:00:07.0953 1096    DfsC            (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
02:00:07.0953 1096    DfsC - ok
02:00:08.0016 1096    Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
02:00:08.0016 1096    Dhcp - ok
02:00:08.0047 1096    discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
02:00:08.0047 1096    discache - ok
02:00:08.0172 1096    Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
02:00:08.0172 1096    Disk - ok
02:00:08.0234 1096    Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
02:00:08.0234 1096    Dnscache - ok
02:00:08.0328 1096    dot3svc        (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
02:00:08.0359 1096    dot3svc - ok
02:00:08.0546 1096    DPS            (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
02:00:08.0577 1096    DPS - ok
02:00:08.0655 1096    drmkaud        (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
02:00:08.0671 1096    drmkaud - ok
02:00:08.0749 1096    DXGKrnl        (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys
02:00:08.0764 1096    DXGKrnl - ok
02:00:08.0811 1096    EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
02:00:08.0811 1096    EapHost - ok
02:00:09.0108 1096    ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
02:00:09.0420 1096    ebdrv - ok
02:00:09.0607 1096    EFS            (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\System32\lsass.exe
02:00:09.0607 1096    EFS - ok
02:00:09.0716 1096    ehRecvr        (b91d81b3b54a54ccafc03733dbc2e29e) C:\windows\ehome\ehRecvr.exe
02:00:09.0747 1096    ehRecvr - ok
02:00:09.0794 1096    ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
02:00:09.0794 1096    ehSched - ok
02:00:09.0919 1096    elxstor        (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
02:00:09.0950 1096    elxstor - ok
02:00:09.0966 1096    ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
02:00:09.0966 1096    ErrDev - ok
02:00:10.0090 1096    EUCR            (89d11159b361dd1eac5dd4e9895c04a4) C:\windows\system32\DRIVERS\EUCR6SK.SYS
02:00:10.0090 1096    EUCR - ok
02:00:10.0137 1096    EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
02:00:10.0153 1096    EventSystem - ok
02:00:10.0200 1096    exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
02:00:10.0200 1096    exfat - ok
02:00:10.0246 1096    fastfat        (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
02:00:10.0246 1096    fastfat - ok
02:00:10.0324 1096    Fax            (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
02:00:10.0340 1096    Fax - ok
02:00:10.0387 1096    fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
02:00:10.0387 1096    fdc - ok
02:00:10.0402 1096    fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
02:00:10.0402 1096    fdPHost - ok
02:00:10.0418 1096    FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
02:00:10.0418 1096    FDResPub - ok
02:00:10.0465 1096    FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
02:00:10.0465 1096    FileInfo - ok
02:00:10.0496 1096    Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
02:00:10.0496 1096    Filetrace - ok
02:00:10.0543 1096    flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
02:00:10.0543 1096    flpydisk - ok
02:00:10.0590 1096    FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
02:00:10.0590 1096    FltMgr - ok
02:00:10.0668 1096    FontCache      (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\windows\system32\FntCache.dll
02:00:10.0714 1096    FontCache - ok
02:00:10.0808 1096    FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:00:10.0808 1096    FontCache3.0.0.0 - ok
02:00:10.0870 1096    FsDepends      (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
02:00:10.0870 1096    FsDepends - ok
02:00:10.0917 1096    fspad_wlh64    (768fae6c348e5538b370fa62ab1b43b1) C:\windows\system32\DRIVERS\fspad_wlh64.sys
02:00:10.0917 1096    fspad_wlh64 - ok
02:00:10.0933 1096    fspad_xp64      (768fae6c348e5538b370fa62ab1b43b1) C:\windows\system32\DRIVERS\fspad_xp64.sys
02:00:10.0933 1096    fspad_xp64 - ok
02:00:10.0948 1096    Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
02:00:10.0948 1096    Fs_Rec - ok
02:00:11.0011 1096    fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\windows\system32\DRIVERS\fvevol.sys
02:00:11.0026 1096    fvevol - ok
02:00:11.0042 1096    gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
02:00:11.0042 1096    gagp30kx - ok
02:00:11.0136 1096    GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
02:00:11.0136 1096    GEARAspiWDM - ok
02:00:11.0214 1096    gpsvc          (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
02:00:11.0245 1096    gpsvc - ok
02:00:11.0916 1096    gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:00:11.0916 1096    gupdate - ok
02:00:11.0931 1096    gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:00:11.0931 1096    gupdatem - ok
02:00:11.0978 1096    hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
02:00:11.0978 1096    hcw85cir - ok
02:00:12.0555 1096    HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
02:00:12.0571 1096    HdAudAddService - ok
02:00:12.0649 1096    HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
02:00:12.0649 1096    HDAudBus - ok
02:00:12.0774 1096    HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
02:00:12.0774 1096    HECIx64 - ok
02:00:12.0820 1096    HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
02:00:12.0852 1096    HidBatt - ok
02:00:13.0398 1096    HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
02:00:13.0429 1096    HidBth - ok
02:00:13.0522 1096    HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
02:00:13.0522 1096    HidIr - ok
02:00:13.0616 1096    hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
02:00:13.0616 1096    hidserv - ok
02:00:13.0710 1096    HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
02:00:13.0710 1096    HidUsb - ok
02:00:13.0741 1096    hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
02:00:13.0741 1096    hkmsvc - ok
02:00:13.0803 1096    HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
02:00:13.0834 1096    HomeGroupListener - ok
02:00:13.0928 1096    HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
02:00:13.0928 1096    HomeGroupProvider - ok
02:00:13.0990 1096    HpSAMD          (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
02:00:14.0006 1096    HpSAMD - ok
02:00:14.0115 1096    HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
02:00:14.0115 1096    HTTP - ok
02:00:14.0209 1096    hwpolicy        (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
02:00:14.0209 1096    hwpolicy - ok
02:00:14.0302 1096    i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
02:00:14.0302 1096    i8042prt - ok
02:00:14.0490 1096    iaStor          (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
02:00:14.0490 1096    iaStor - ok
02:00:14.0926 1096    IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
02:00:14.0926 1096    IAStorDataMgrSvc - ok
02:00:15.0082 1096    iaStorV        (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
02:00:15.0129 1096    iaStorV - ok
02:00:15.0519 1096    idsvc          (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:00:15.0862 1096    idsvc - ok
02:00:16.0611 1096    igfx            (2a22ab054f4630d2ef4bab2853f6d5f6) C:\windows\system32\DRIVERS\igdkmd64.sys
02:00:16.0814 1096    igfx - ok
02:00:16.0986 1096    iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
02:00:16.0986 1096    iirsp - ok
02:00:17.0064 1096    IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
02:00:17.0079 1096    IKEEXT - ok
02:00:17.0157 1096    Impcd          (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
02:00:17.0157 1096    Impcd - ok
02:00:17.0313 1096    IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\windows\system32\drivers\RTKVHD64.sys
02:00:17.0360 1096    IntcAzAudAddService - ok
02:00:17.0532 1096    IntcDAud        (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
02:00:17.0532 1096    IntcDAud - ok
02:00:17.0563 1096    intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
02:00:17.0563 1096    intelide - ok
02:00:17.0594 1096    intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
02:00:17.0594 1096    intelppm - ok
02:00:17.0625 1096    IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
02:00:17.0625 1096    IPBusEnum - ok
02:00:17.0672 1096    IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
02:00:17.0672 1096    IpFilterDriver - ok
02:00:17.0719 1096    iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
02:00:17.0719 1096    iphlpsvc - ok
02:00:17.0734 1096    IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
02:00:17.0734 1096    IPMIDRV - ok
02:00:17.0766 1096    IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
02:00:17.0766 1096    IPNAT - ok
02:00:17.0859 1096    iPod Service    (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
02:00:17.0875 1096    iPod Service - ok
02:00:17.0922 1096    IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
02:00:17.0922 1096    IRENUM - ok
02:00:17.0968 1096    isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
02:00:17.0968 1096    isapnp - ok
02:00:18.0000 1096    iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
02:00:18.0000 1096    iScsiPrt - ok
02:00:18.0031 1096    kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
02:00:18.0046 1096    kbdclass - ok
02:00:18.0078 1096    kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
02:00:18.0078 1096    kbdhid - ok
02:00:18.0109 1096    KeyIso          (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
02:00:18.0109 1096    KeyIso - ok
02:00:18.0124 1096    KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
02:00:18.0124 1096    KSecDD - ok
02:00:18.0171 1096    KSecPkg        (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
02:00:18.0171 1096    KSecPkg - ok
02:00:18.0187 1096    ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
02:00:18.0187 1096    ksthunk - ok
02:00:18.0234 1096    KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
02:00:18.0249 1096    KtmRm - ok
02:00:18.0327 1096    LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
02:00:18.0343 1096    LanmanServer - ok
02:00:18.0374 1096    LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
02:00:18.0374 1096    LanmanWorkstation - ok
02:00:18.0468 1096    lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
02:00:18.0468 1096    lltdio - ok
02:00:18.0514 1096    lltdsvc        (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
02:00:18.0514 1096    lltdsvc - ok
02:00:18.0561 1096    lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
02:00:18.0561 1096    lmhosts - ok
02:00:18.0655 1096    LMS            (1e2f802846eb944e0333efee7c9532a8) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
02:00:18.0670 1096    LMS - ok
02:00:18.0686 1096    LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
02:00:18.0702 1096    LSI_FC - ok
02:00:18.0733 1096    LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
02:00:18.0733 1096    LSI_SAS - ok
02:00:18.0764 1096    LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
02:00:18.0764 1096    LSI_SAS2 - ok
02:00:18.0795 1096    LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
02:00:18.0795 1096    LSI_SCSI - ok
02:00:18.0826 1096    luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
02:00:18.0826 1096    luafv - ok
02:00:18.0873 1096    MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
02:00:18.0873 1096    MBAMProtector - ok
02:00:18.0967 1096    MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:00:18.0998 1096    MBAMService - ok
02:00:19.0060 1096    Mcx2Svc        (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
02:00:19.0060 1096    Mcx2Svc - ok
02:00:19.0092 1096    megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
02:00:19.0092 1096    megasas - ok
02:00:19.0107 1096    MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
02:00:19.0123 1096    MegaSR - ok
02:00:19.0170 1096    MGHwCtrl - ok
02:00:19.0263 1096    Micro Star SCM  (71c6748ee8de938532057ef10b4b7e44) C:\Program Files (x86)\System Control Manager\MSIService.exe
02:00:19.0263 1096    Micro Star SCM - ok
02:00:19.0294 1096    MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
02:00:19.0294 1096    MMCSS - ok
02:00:19.0326 1096    Modem          (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
02:00:19.0326 1096    Modem - ok
02:00:19.0341 1096    monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
02:00:19.0341 1096    monitor - ok
02:00:19.0372 1096    mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
02:00:19.0372 1096    mouclass - ok
02:00:19.0388 1096    mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
02:00:19.0388 1096    mouhid - ok
02:00:19.0419 1096    mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
02:00:19.0419 1096    mountmgr - ok
02:00:19.0482 1096    MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:00:19.0482 1096    MozillaMaintenance - ok
02:00:19.0497 1096    mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
02:00:19.0497 1096    mpio - ok
02:00:19.0528 1096    mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
02:00:19.0528 1096    mpsdrv - ok
02:00:19.0544 1096    MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
02:00:19.0544 1096    MRxDAV - ok
02:00:19.0591 1096    mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
02:00:19.0591 1096    mrxsmb - ok
02:00:19.0622 1096    mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
02:00:19.0622 1096    mrxsmb10 - ok
02:00:19.0669 1096    mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
02:00:19.0669 1096    mrxsmb20 - ok
02:00:19.0716 1096    msahci          (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
02:00:19.0716 1096    msahci - ok
02:00:19.0731 1096    msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
02:00:19.0731 1096    msdsm - ok
02:00:19.0762 1096    MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
02:00:19.0762 1096    MSDTC - ok
02:00:19.0794 1096    Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
02:00:19.0794 1096    Msfs - ok
02:00:19.0809 1096    mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
02:00:19.0809 1096    mshidkmdf - ok
02:00:19.0825 1096    msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
02:00:19.0825 1096    msisadrv - ok
02:00:19.0872 1096    MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
02:00:19.0872 1096    MSiSCSI - ok
02:00:19.0872 1096    msiserver - ok
02:00:19.0903 1096    MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
02:00:19.0903 1096    MSKSSRV - ok
02:00:19.0950 1096    MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
02:00:19.0950 1096    MSPCLOCK - ok
02:00:19.0965 1096    MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
02:00:19.0965 1096    MSPQM - ok
02:00:19.0996 1096    MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
02:00:20.0028 1096    MsRPC - ok
02:00:20.0059 1096    mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
02:00:20.0059 1096    mssmbios - ok
02:00:20.0090 1096    MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
02:00:20.0090 1096    MSTEE - ok
02:00:20.0106 1096    MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
02:00:20.0106 1096    MTConfig - ok
02:00:20.0121 1096    Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
02:00:20.0121 1096    Mup - ok
02:00:20.0168 1096    napagent        (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
02:00:20.0184 1096    napagent - ok
02:00:20.0246 1096    NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
02:00:20.0246 1096    NativeWifiP - ok
02:00:20.0355 1096    NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
02:00:20.0355 1096    NDIS - ok
02:00:20.0386 1096    NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
02:00:20.0402 1096    NdisCap - ok
02:00:20.0418 1096    NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
02:00:20.0418 1096    NdisTapi - ok
02:00:20.0433 1096    Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
02:00:20.0433 1096    Ndisuio - ok
02:00:20.0449 1096    NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
02:00:20.0464 1096    NdisWan - ok
02:00:20.0496 1096    NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
02:00:20.0496 1096    NDProxy - ok
02:00:20.0527 1096    NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
02:00:20.0527 1096    NetBIOS - ok
02:00:20.0558 1096    NetBT          (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
02:00:20.0558 1096    NetBT - ok
02:00:20.0589 1096    Netlogon        (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
02:00:20.0589 1096    Netlogon - ok
02:00:20.0652 1096    Netman          (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
02:00:20.0714 1096    Netman - ok
02:00:20.0823 1096    NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:00:20.0823 1096    NetMsmqActivator - ok
02:00:20.0823 1096    NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:00:20.0839 1096    NetPipeActivator - ok
02:00:20.0901 1096    netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
02:00:20.0917 1096    netprofm - ok
02:00:21.0057 1096    netr28x        (b6e1bf8dbff4b18f1a2d65da6e40bc7c) C:\windows\system32\DRIVERS\netr28x.sys
02:00:21.0057 1096    netr28x - ok
02:00:21.0198 1096    NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:00:21.0198 1096    NetTcpActivator - ok
02:00:21.0198 1096    NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:00:21.0198 1096    NetTcpPortSharing - ok
02:00:21.0260 1096    nfrd960        (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
02:00:21.0260 1096    nfrd960 - ok
02:00:21.0307 1096    NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
02:00:21.0322 1096    NlaSvc - ok
02:00:21.0322 1096    Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
02:00:21.0322 1096    Npfs - ok
02:00:21.0338 1096    nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
02:00:21.0354 1096    nsi - ok
02:00:21.0385 1096    nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
02:00:21.0400 1096    nsiproxy - ok
02:00:21.0494 1096    Ntfs            (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
02:00:21.0525 1096    Ntfs - ok
02:00:21.0697 1096    Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
02:00:21.0697 1096    Null - ok
02:00:22.0149 1096    nvlddmkm        (33fc1e65ea8e3c836d7293526d04d459) C:\windows\system32\DRIVERS\nvlddmkm.sys
02:00:22.0383 1096    nvlddmkm - ok
02:00:22.0555 1096    nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
02:00:22.0555 1096    nvraid - ok
02:00:22.0586 1096    nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
02:00:22.0586 1096    nvstor - ok
02:00:22.0648 1096    nvsvc          (bb8da091ec7f8169ea6e32042ed0b456) C:\windows\system32\nvvsvc.exe
02:00:22.0664 1096    nvsvc - ok
02:00:22.0836 1096    nvUpdatusService (ec6e07aa055776ca474e0ce0b0d1822f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
02:00:22.0867 1096    nvUpdatusService - ok
02:00:23.0023 1096    nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
02:00:23.0023 1096    nv_agp - ok
02:00:23.0038 1096    ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
02:00:23.0038 1096    ohci1394 - ok
02:00:23.0163 1096    ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:00:23.0163 1096    ose - ok
02:00:23.0413 1096    osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:00:23.0491 1096    osppsvc - ok
02:00:23.0600 1096    p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
02:00:23.0616 1096    p2pimsvc - ok
02:00:23.0662 1096    p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
02:00:23.0678 1096    p2psvc - ok
02:00:23.0740 1096    Parport        (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
02:00:23.0740 1096    Parport - ok
02:00:23.0772 1096    partmgr        (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
02:00:23.0772 1096    partmgr - ok
02:00:23.0787 1096    PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
02:00:23.0787 1096    PcaSvc - ok
02:00:23.0850 1096    pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
02:00:23.0850 1096    pci - ok
02:00:23.0865 1096    pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
02:00:23.0865 1096    pciide - ok
02:00:23.0896 1096    pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
02:00:23.0912 1096    pcmcia - ok
02:00:23.0959 1096    PCTCore        (d48bd0ff27afb97005b33c9b6d26da3f) C:\windows\system32\drivers\PCTCore64.sys
02:00:23.0974 1096    PCTCore - ok
02:00:24.0037 1096    pctDS          (1335454528adfa13e1d3c4fa3fdbdc42) C:\windows\system32\drivers\pctDS64.sys
02:00:24.0084 1096    pctDS - ok
02:00:24.0146 1096    pctEFA          (df2a2505f17319dada4b204688cec0c2) C:\windows\system32\drivers\pctEFA64.sys
02:00:24.0146 1096    pctEFA - ok
02:00:24.0208 1096    PCTSD          (9b7670b21e7fcbe9da9c4a751f31cca6) C:\windows\system32\Drivers\PCTSD64.sys
02:00:24.0224 1096    PCTSD - ok
02:00:24.0286 1096    pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
02:00:24.0286 1096    pcw - ok
02:00:24.0333 1096    PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
02:00:24.0333 1096    PEAUTH - ok
02:00:24.0411 1096    PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
02:00:24.0411 1096    PerfHost - ok
02:00:24.0505 1096    pla            (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
02:00:24.0536 1096    pla - ok
02:00:24.0598 1096    PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
02:00:24.0614 1096    PlugPlay - ok
02:00:24.0630 1096    PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
02:00:24.0630 1096    PNRPAutoReg - ok
02:00:24.0661 1096    PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
02:00:24.0661 1096    PNRPsvc - ok
02:00:24.0739 1096    PolicyAgent    (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
02:00:24.0754 1096    PolicyAgent - ok
02:00:24.0770 1096    Power          (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
02:00:24.0770 1096    Power - ok
02:00:24.0864 1096    PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
02:00:24.0864 1096    PptpMiniport - ok
02:00:24.0895 1096    Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
02:00:24.0895 1096    Processor - ok
02:00:24.0926 1096    ProfSvc        (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
02:00:24.0942 1096    ProfSvc - ok
02:00:24.0973 1096    ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
02:00:24.0973 1096    ProtectedStorage - ok
02:00:25.0035 1096    Psched          (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
02:00:25.0035 1096    Psched - ok
02:00:25.0144 1096    ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
02:00:25.0222 1096    ql2300 - ok
02:00:25.0378 1096    ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
02:00:25.0378 1096    ql40xx - ok
02:00:25.0410 1096    QWAVE          (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
02:00:25.0410 1096    QWAVE - ok
02:00:25.0425 1096    QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
02:00:25.0425 1096    QWAVEdrv - ok
02:00:25.0441 1096    RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
02:00:25.0441 1096    RasAcd - ok
02:00:25.0472 1096    RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
02:00:25.0488 1096    RasAgileVpn - ok
02:00:25.0519 1096    RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
02:00:25.0519 1096    RasAuto - ok
02:00:25.0534 1096    Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
02:00:25.0534 1096    Rasl2tp - ok
02:00:25.0581 1096    RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
02:00:25.0581 1096    RasMan - ok
02:00:25.0597 1096    RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
02:00:25.0612 1096    RasPppoe - ok
02:00:25.0628 1096    RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
02:00:25.0628 1096    RasSstp - ok
02:00:25.0675 1096    rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
02:00:25.0675 1096    rdbss - ok
02:00:25.0690 1096    rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
02:00:25.0690 1096    rdpbus - ok
02:00:25.0706 1096    RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
02:00:25.0706 1096    RDPCDD - ok
02:00:25.0737 1096    RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
02:00:25.0737 1096    RDPENCDD - ok
02:00:25.0753 1096    RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
02:00:25.0753 1096    RDPREFMP - ok
02:00:25.0784 1096    RDPWD          (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
02:00:25.0784 1096    RDPWD - ok
02:00:25.0815 1096    rdyboost        (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
02:00:25.0831 1096    rdyboost - ok
02:00:25.0862 1096    RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
02:00:25.0862 1096    RemoteAccess - ok
02:00:25.0893 1096    RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
02:00:25.0909 1096    RemoteRegistry - ok
02:00:25.0909 1096    RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
02:00:25.0924 1096    RpcEptMapper - ok
02:00:25.0940 1096    RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
02:00:25.0940 1096    RpcLocator - ok
02:00:25.0987 1096    RpcSs          (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
02:00:25.0987 1096    RpcSs - ok
02:00:26.0034 1096    rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
02:00:26.0034 1096    rspndr - ok
02:00:26.0080 1096    RTL8167        (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\windows\system32\DRIVERS\Rt64win7.sys
02:00:26.0080 1096    RTL8167 - ok
02:00:26.0127 1096    SamSs          (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
02:00:26.0127 1096    SamSs - ok
02:00:26.0143 1096    sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
02:00:26.0143 1096    sbp2port - ok
02:00:26.0190 1096    SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
02:00:26.0190 1096    SCardSvr - ok
02:00:26.0205 1096    scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
02:00:26.0221 1096    scfilter - ok
02:00:26.0314 1096    Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
02:00:26.0346 1096    Schedule - ok
02:00:26.0377 1096    SCPolicySvc    (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
02:00:26.0377 1096    SCPolicySvc - ok
02:00:26.0564 1096    sdAuxService    (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
02:00:26.0564 1096    sdAuxService - ok
02:00:26.0658 1096    sdbus          (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
02:00:26.0673 1096    sdbus - ok
02:00:26.0782 1096    sdCoreService  (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
02:00:26.0814 1096    sdCoreService - ok
02:00:26.0860 1096    SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
02:00:26.0860 1096    SDRSVC - ok
02:00:26.0954 1096    SeaPort        (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
02:00:26.0954 1096    SeaPort - ok
02:00:27.0063 1096    secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
02:00:27.0063 1096    secdrv - ok
02:00:27.0079 1096    seclogon        (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
02:00:27.0094 1096    seclogon - ok
02:00:27.0110 1096    SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
02:00:27.0110 1096    SENS - ok
02:00:27.0126 1096    SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
02:00:27.0126 1096    SensrSvc - ok
02:00:27.0172 1096    Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
02:00:27.0172 1096    Serenum - ok
02:00:27.0204 1096    Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
02:00:27.0204 1096    Serial - ok
02:00:27.0266 1096    sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
02:00:27.0266 1096    sermouse - ok
02:00:27.0297 1096    SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
02:00:27.0313 1096    SessionEnv - ok
02:00:27.0328 1096    sffdisk        (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
02:00:27.0328 1096    sffdisk - ok
02:00:27.0328 1096    sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
02:00:27.0328 1096    sffp_mmc - ok
02:00:27.0344 1096    sffp_sd        (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
02:00:27.0344 1096    sffp_sd - ok
02:00:27.0344 1096    sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
02:00:27.0344 1096    sfloppy - ok
02:00:27.0391 1096    SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
02:00:27.0406 1096    SharedAccess - ok
02:00:27.0453 1096    ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
02:00:27.0469 1096    ShellHWDetection - ok
02:00:27.0500 1096    SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
02:00:27.0500 1096    SiSRaid2 - ok
02:00:27.0531 1096    SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
02:00:27.0531 1096    SiSRaid4 - ok
02:00:27.0562 1096    Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
02:00:27.0578 1096    Smb - ok
02:00:27.0656 1096    smserial        (7ae8bca90539ecbde87ac45ba1436be3) C:\windows\system32\DRIVERS\SmSerl64.sys
02:00:27.0672 1096    smserial - ok
02:00:27.0734 1096    SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
02:00:27.0734 1096    SNMPTRAP - ok
02:00:27.0750 1096    spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
02:00:27.0750 1096    spldr - ok
02:00:27.0812 1096    Spooler        (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
02:00:27.0843 1096    Spooler - ok
02:00:27.0999 1096    sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
02:00:28.0062 1096    sppsvc - ok
02:00:28.0186 1096    sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
02:00:28.0186 1096    sppuinotify - ok
02:00:28.0280 1096    srv            (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
02:00:28.0280 1096    srv - ok
02:00:28.0327 1096    srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
02:00:28.0327 1096    srv2 - ok
02:00:28.0374 1096    srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
02:00:28.0374 1096    srvnet - ok
02:00:28.0420 1096    SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
02:00:28.0420 1096    SSDPSRV - ok
02:00:28.0436 1096    SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
02:00:28.0452 1096    SstpSvc - ok
02:00:28.0467 1096    stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
02:00:28.0483 1096    stexstor - ok
02:00:28.0545 1096    stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
02:00:28.0561 1096    stisvc - ok
02:00:28.0592 1096    swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
02:00:28.0592 1096    swenum - ok
02:00:28.0654 1096    swprv          (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
02:00:28.0670 1096    swprv - ok
02:00:28.0764 1096    SysMain        (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
02:00:28.0795 1096    SysMain - ok
02:00:28.0920 1096    TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
02:00:28.0920 1096    TabletInputService - ok
02:00:28.0951 1096    TapiSrv        (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
02:00:28.0951 1096    TapiSrv - ok
02:00:28.0966 1096    TBS            (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
02:00:28.0966 1096    TBS - ok
02:00:29.0138 1096    Tcpip          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
02:00:29.0185 1096    Tcpip - ok
02:00:29.0388 1096    TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
02:00:29.0388 1096    TCPIP6 - ok
02:00:29.0481 1096    tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
02:00:29.0481 1096    tcpipreg - ok
02:00:29.0512 1096    TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
02:00:29.0512 1096    TDPIPE - ok
02:00:29.0528 1096    TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
02:00:29.0528 1096    TDTCP - ok
02:00:29.0559 1096    tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
02:00:29.0559 1096    tdx - ok
02:00:29.0746 1096    TeamViewer7    (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
02:00:29.0793 1096    TeamViewer7 - ok
02:00:29.0934 1096    TermDD          (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
02:00:29.0949 1096    TermDD - ok
02:00:30.0027 1096    TermService    (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
02:00:30.0043 1096    TermService - ok
02:00:30.0058 1096    Themes          (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
02:00:30.0058 1096    Themes - ok
02:00:30.0090 1096    THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
02:00:30.0090 1096    THREADORDER - ok
02:00:30.0105 1096    TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
02:00:30.0105 1096    TrkWks - ok
02:00:30.0183 1096    TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
02:00:30.0183 1096    TrustedInstaller - ok
02:00:30.0230 1096    tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
02:00:30.0230 1096    tssecsrv - ok
02:00:30.0292 1096    tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
02:00:30.0292 1096    tunnel - ok
02:00:30.0308 1096    uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
02:00:30.0308 1096    uagp35 - ok
02:00:30.0355 1096    udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
02:00:30.0355 1096    udfs - ok
02:00:30.0386 1096    UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
02:00:30.0386 1096    UI0Detect - ok
02:00:30.0402 1096    uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
02:00:30.0402 1096    uliagpkx - ok
02:00:30.0417 1096    umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
02:00:30.0417 1096    umbus - ok
02:00:30.0448 1096    UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
02:00:30.0448 1096    UmPass - ok
02:00:30.0620 1096    UNS            (af905f4966cfc8b973623ab150cd4b2b) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
02:00:30.0667 1096    UNS - ok
02:00:30.0792 1096    upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
02:00:30.0823 1096    upnphost - ok
02:00:30.0870 1096    USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
02:00:30.0870 1096    USBAAPL64 - ok
02:00:30.0916 1096    usbccgp        (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
02:00:30.0916 1096    usbccgp - ok
02:00:30.0932 1096    usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
02:00:30.0932 1096    usbcir - ok
02:00:30.0963 1096    usbehci        (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys
02:00:30.0963 1096    usbehci - ok
02:00:30.0994 1096    usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys
02:00:31.0010 1096    usbhub - ok
02:00:31.0026 1096    usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
02:00:31.0041 1096    usbohci - ok
02:00:31.0057 1096    usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
02:00:31.0057 1096    usbprint - ok
02:00:31.0057 1096    USBSTOR        (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
02:00:31.0072 1096    USBSTOR - ok
02:00:31.0088 1096    usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
02:00:31.0088 1096    usbuhci - ok
02:00:31.0150 1096    usbvideo        (d501e12614b00a3252073101d6a1a74b) C:\windows\system32\Drivers\usbvideo.sys
02:00:31.0150 1096    usbvideo - ok
02:00:31.0197 1096    UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
02:00:31.0197 1096    UxSms - ok
02:00:31.0228 1096    VaultSvc        (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
02:00:31.0228 1096    VaultSvc - ok
02:00:31.0260 1096    vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
02:00:31.0260 1096    vdrvroot - ok
02:00:31.0322 1096    vds            (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
02:00:31.0353 1096    vds - ok
02:00:31.0384 1096    vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
02:00:31.0384 1096    vga - ok
02:00:31.0400 1096    VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
02:00:31.0400 1096    VgaSave - ok
02:00:31.0431 1096    vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
02:00:31.0447 1096    vhdmp - ok
02:00:31.0478 1096    viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
02:00:31.0478 1096    viaide - ok
02:00:31.0494 1096    volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
02:00:31.0494 1096    volmgr - ok
02:00:31.0540 1096    volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
02:00:31.0556 1096    volmgrx - ok
02:00:31.0618 1096    volsnap        (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
02:00:31.0618 1096    volsnap - ok
02:00:31.0665 1096    vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
02:00:31.0665 1096    vsmraid - ok
02:00:31.0759 1096    VSS            (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
02:00:31.0806 1096    VSS - ok
02:00:31.0962 1096    vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
02:00:31.0962 1096    vwifibus - ok
02:00:31.0993 1096    vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
02:00:31.0993 1096    vwififlt - ok
02:00:32.0040 1096    vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
02:00:32.0040 1096    vwifimp - ok
02:00:32.0102 1096    W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
02:00:32.0133 1096    W32Time - ok
02:00:32.0149 1096    WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
02:00:32.0149 1096    WacomPen - ok
02:00:32.0196 1096    WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
02:00:32.0196 1096    WANARP - ok
02:00:32.0196 1096    Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
02:00:32.0196 1096    Wanarpv6 - ok
02:00:32.0305 1096    wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
02:00:32.0336 1096    wbengine - ok
02:00:32.0461 1096    WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
02:00:32.0461 1096    WbioSrvc - ok
02:00:32.0523 1096    wcncsvc        (8321c2ca3b62b61b293cda3451984468) C:\windows\System32\wcncsvc.dll
02:00:32.0539 1096    wcncsvc - ok
02:00:32.0554 1096    WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
02:00:32.0554 1096    WcsPlugInService - ok
02:00:32.0632 1096    Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
02:00:32.0632 1096    Wd - ok
02:00:32.0695 1096    Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
02:00:32.0710 1096    Wdf01000 - ok
02:00:32.0757 1096    WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
02:00:32.0757 1096    WdiServiceHost - ok
02:00:32.0773 1096    WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
02:00:32.0773 1096    WdiSystemHost - ok
02:00:32.0804 1096    WebClient      (8a438cbb8c032a0c798b0c642ffbe572) C:\windows\System32\webclnt.dll
02:00:32.0804 1096    WebClient - ok
02:00:32.0835 1096    Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
02:00:32.0835 1096    Wecsvc - ok
02:00:32.0866 1096    wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
02:00:32.0866 1096    wercplsupport - ok
02:00:32.0898 1096    WerSvc          (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
02:00:32.0898 1096    WerSvc - ok
02:00:32.0991 1096    WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
02:00:32.0991 1096    WfpLwf - ok
02:00:33.0007 1096    WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
02:00:33.0007 1096    WIMMount - ok
02:00:33.0085 1096    WinDefend - ok
02:00:33.0085 1096    WinHttpAutoProxySvc - ok
02:00:33.0178 1096    Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
02:00:33.0194 1096    Winmgmt - ok
02:00:33.0319 1096    WinRM          (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
02:00:33.0366 1096    WinRM - ok
02:00:33.0537 1096    WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
02:00:33.0537 1096    WinUsb - ok
02:00:33.0615 1096    Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
02:00:33.0631 1096    Wlansvc - ok
02:00:33.0709 1096    WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
02:00:33.0709 1096    WmiAcpi - ok
02:00:33.0802 1096    wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
02:00:33.0802 1096    wmiApSrv - ok
02:00:33.0849 1096    WMPNetworkSvc - ok
02:00:33.0880 1096    WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
02:00:33.0896 1096    WPCSvc - ok
02:00:33.0927 1096    WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
02:00:33.0927 1096    WPDBusEnum - ok
02:00:33.0958 1096    ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
02:00:33.0958 1096    ws2ifsl - ok
02:00:33.0974 1096    wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
02:00:33.0974 1096    wscsvc - ok
02:00:33.0990 1096    WSearch - ok
02:00:34.0146 1096    wuauserv        (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
02:00:34.0224 1096    wuauserv - ok
02:00:34.0380 1096    WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
02:00:34.0380 1096    WudfPf - ok
02:00:34.0427 1096    WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
02:00:34.0427 1096    WUDFRd - ok
02:00:34.0458 1096    wudfsvc        (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
02:00:34.0458 1096    wudfsvc - ok
02:00:34.0489 1096    WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
02:00:34.0489 1096    WwanSvc - ok
02:00:34.0536 1096    MBR (0x1B8)    (14321d2c56b8c2b3045d514f070e8ed1) \Device\Harddisk0\DR0
02:00:34.0567 1096    \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
02:00:34.0567 1096    \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
02:00:34.0598 1096    Boot (0x1200)  (9db6211045b839115e51421dda36a8cb) \Device\Harddisk0\DR0\Partition0
02:00:34.0598 1096    \Device\Harddisk0\DR0\Partition0 - ok
02:00:34.0629 1096    Boot (0x1200)  (862d02533f77c60a8bdf1fe169203cd3) \Device\Harddisk0\DR0\Partition1
02:00:34.0629 1096    \Device\Harddisk0\DR0\Partition1 - ok
02:00:34.0629 1096    ============================================================
02:00:34.0629 1096    Scan finished
02:00:34.0629 1096    ============================================================
02:00:34.0629 1104    Detected object count: 1
02:00:34.0629 1104    Actual detected object count: 1
02:00:56.0485 1104    \Device\Harddisk0\DR0\# - copied to quarantine
02:00:56.0485 1104    \Device\Harddisk0\DR0 - copied to quarantine
02:00:56.0532 1104    \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
02:00:56.0532 1104    \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
02:00:56.0532 1104    \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
02:00:56.0532 1104    \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
02:00:56.0532 1104    \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
02:00:56.0547 1104    \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
02:00:56.0547 1104    \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
02:00:56.0547 1104    \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
02:00:56.0547 1104    \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
02:00:56.0579 1104    \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
02:00:56.0594 1104    \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
02:00:56.0594 1104    \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
02:00:56.0594 1104    \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
02:00:56.0594 1104    \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
02:00:56.0594 1104    \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
02:00:56.0594 1104    \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
02:00:56.0594 1104    \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
02:00:56.0672 1104    \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
02:00:56.0688 1104    \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
02:00:56.0703 1104    \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
02:00:56.0719 1104    \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
02:00:56.0735 1104    \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
02:00:56.0750 1104    \Device\Harddisk0\DR0 - processing error
02:01:08.0419 1104    \Device\Harddisk0\DR0 - will be restored on reboot
02:01:08.0513 1104    \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
02:01:10.0665 2020    Deinitialize success
Hab danach, weil es nicht besser wurde, ComboFix drübergeschickt:

Code:
ComboFix 12-04-29.02 - ******** 30.04.2012  2:22.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3886.2844 [GMT 2:00]
ausgeführt von:: c:\users\*********\Desktop\cofi.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3HUSDTQCqzyz0Q
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-28 bis 2012-04-30  ))))))))))))))))))))))))))))))
.
.
2012-04-30 00:30 . 2012-04-30 00:30    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2012-04-30 00:30 . 2012-04-30 00:30    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-04-30 00:00 . 2012-04-30 00:00    --------    d-----w-    C:\TDSSKiller_Quarantine
2012-04-29 23:20 . 2011-12-01 14:07    1096688    ----a-w-    c:\windows\system32\drivers\pctEFA64.sys
2012-04-29 23:20 . 2011-12-01 14:07    453896    ----a-w-    c:\windows\system32\drivers\pctDS64.sys
2012-04-29 23:20 . 2012-02-24 08:31    145432    ----a-w-    c:\windows\system32\drivers\pctwfpfilter64.sys
2012-04-29 23:20 . 2012-02-24 08:31    339608    ----a-w-    c:\windows\system32\drivers\pctgntdi64.sys
2012-04-29 23:20 . 2011-11-14 13:12    367912    ----a-w-    c:\windows\system32\drivers\PCTCore64.sys
2012-04-29 23:20 . 2012-02-24 08:36    230952    ----a-w-    c:\windows\system32\drivers\PCTSD64.sys
2012-04-29 23:20 . 2012-02-24 08:35    14776    ----a-w-    c:\windows\system32\drivers\pctBTFix64.sys
2012-04-29 23:20 . 2012-02-24 08:37    92896    ----a-w-    c:\windows\system32\drivers\pctplsg64.sys
2012-04-29 23:20 . 2012-04-29 23:29    --------    d-----w-    c:\program files (x86)\PC Tools Security
2012-04-29 23:20 . 2012-04-29 23:23    --------    d-----w-    c:\program files (x86)\Common Files\PC Tools
2012-04-29 23:20 . 2012-04-29 23:20    --------    d-----w-    c:\programdata\PC Tools
2012-04-29 23:16 . 2012-04-29 23:19    --------    d-----w-    c:\users\*********\AppData\Roaming\GetRightToGo
2012-04-29 23:08 . 2012-04-04 13:56    24904    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-04-29 22:45 . 2012-04-29 22:45    244736    ---ha-w-    c:\programdata\3HUSDTQCqzyz0Q.exe
2012-04-26 14:54 . 2012-04-26 14:54    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2012-04-26 14:54 . 2012-04-26 14:54    157352    ----a-w-    c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 14:54 . 2012-04-26 14:54    129976    ----a-w-    c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-03 10:34 . 2012-04-03 10:34    --------    d-----w-    C:\found.000
2012-04-01 19:21 . 2012-04-01 19:21    --------    d--h--w-    c:\users\**********\AppData\Roaming\TeamViewer
2012-04-01 16:18 . 2012-04-01 16:18    --------    d-----w-    c:\program files (x86)\TeamViewer
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 12:21 . 2012-03-08 11:46    8643640    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1CAE415-47B2-4786-82CE-52B5F5EADB89}\mpengine.dll
2012-02-23 08:18 . 2012-03-08 11:46    279656    ------w-    c:\windows\system32\MpSigStub.exe
2012-02-15 10:01 . 2012-02-15 10:01    52736    ----a-w-    c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 10:01 . 2012-02-15 10:01    4547944    ----a-w-    c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-10-30 08:46    89008    ----a-w-    c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [2011-10-30 89008]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-01-08 2396160]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-02-02 220744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-03-23 1800808]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
R3 16384126;16384126; [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [x]
R3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;c:\windows\system32\DRIVERS\fspad_xp64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MGHwCtrl;MGHwCtrl;c:\program files (x86)\msi\msi Software Install\MGHwCtrl.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2012-02-24 402336]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05 00:58]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05 00:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-23 17412200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\1k95elk5.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-30  02:34:05
ComboFix-quarantined-files.txt  2012-04-30 00:34
.
Vor Suchlauf: 7 Verzeichnis(se), 95.268.810.752 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 94.760.005.632 Bytes frei
.
- - End Of File - - DB08135E52C70E0C77A0A8BED6D7113A
Danach hatte ich immerhin meine Daten zurück. Malwarebytes-Scan (frisch upgedatet) hat dann folgendes ergeben:

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
 
Datenbank Version: v2012.04.29.07
 
Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
 
 
30.04.2012 09:51:19
mbam-log-2012-04-30 (10-23-04).txt
 
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 335768
Laufzeit: 29 Minute(n), 48 Sekunde(n)
 
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien: 12
C:\TDSSKiller_Quarantine\30.04.2012_01.59.53\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\30.04.2012_01.59.53\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\30.04.2012_01.59.53\mbr0000\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\30.04.2012_01.59.53\mbr0000\tdlfs0000\tsk0009.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\30.04.2012_01.59.53\mbr0000\tdlfs0000\tsk0010.dta (Rootkit.TDSS.64) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\30.04.2012_01.59.53\mbr0000\tdlfs0000\tsk0012.dta (Rootkit.TDSS.64) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\30.04.2012_02.46.17\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\30.04.2012_02.46.17\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\30.04.2012_02.46.17\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\30.04.2012_02.46.17\tdlfs0000\tsk0009.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\30.04.2012_02.46.17\tdlfs0000\tsk0010.dta (Rootkit.TDSS.64) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\30.04.2012_02.46.17\tdlfs0000\tsk0012.dta (Rootkit.TDSS.64) -> Keine Aktion durchgeführt.
 
(Ende)
DDS-Logfile gibt es auch:

DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by ********* at 10:07:30 on 2012-04-30
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3886.2799 [GMT 2:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\**********\Desktop\dds.com
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.de/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{26F7C85B-2A9B-4E31-998B-978E81957942} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AFA71E5D-7E1F-44A2-975F-68265BE7EE1F} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{28387537-e3f9-4ed7-860c-11e69af4a8a0}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
{21FA44EF-376D-4D53-9B0F-8A89D3229068}
{28387537-e3f9-4ed7-860c-11e69af4a8a0}
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\1k95elk5.default\
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\windows\system32\drivers\PCTCore64.sys --> C:\windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\windows\system32\drivers\pctDS64.sys --> C:\windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\windows\system32\drivers\pctEFA64.sys --> C:\windows\system32\drivers\pctEFA64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;C:\windows\system32\DRIVERS\fspad_wlh64.sys --> C:\windows\system32\DRIVERS\fspad_wlh64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\system32\DRIVERS\netr28x.sys --> C:\windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S1 PCTSD;PC Tools Spyware Doctor Driver;C:\windows\system32\Drivers\PCTSD64.sys --> C:\windows\system32\Drivers\PCTSD64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-5 136176]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-4 13336]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-5 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-6-4 1800808]
S2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-4-30 402336]
S2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-4-30 1117624]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-1 2666880]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-6-4 2320920]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
S3 EUCR;EUCR;C:\windows\system32\DRIVERS\EUCR6SK.SYS --> C:\windows\system32\DRIVERS\EUCR6SK.SYS [?]
S3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;C:\windows\system32\DRIVERS\fspad_xp64.sys --> C:\windows\system32\DRIVERS\fspad_xp64.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-5 136176]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-30 08:07:37    --------    d-----w-    C:\Users\***********\AppData\Local\Microsoft
2012-04-30 00:43:43    --------    d-sh--w-    C:\$RECYCLE.BIN
2012-04-30 00:09:33    98816    ----a-w-    C:\windows\sed.exe
2012-04-30 00:09:33    518144    ----a-w-    C:\windows\SWREG.exe
2012-04-30 00:09:33    256000    ----a-w-    C:\windows\PEV.exe
2012-04-30 00:09:33    208896    ----a-w-    C:\windows\MBR.exe
2012-04-30 00:00:56    --------    d-----w-    C:\TDSSKiller_Quarantine
2012-04-29 23:20:26    453896    ----a-w-    C:\windows\System32\drivers\pctDS64.sys
2012-04-29 23:20:26    1096688    ----a-w-    C:\windows\System32\drivers\pctEFA64.sys
2012-04-29 23:20:23    339608    ----a-w-    C:\windows\System32\drivers\pctgntdi64.sys
2012-04-29 23:20:23    145432    ----a-w-    C:\windows\System32\drivers\pctwfpfilter64.sys
2012-04-29 23:20:19    367912    ----a-w-    C:\windows\System32\drivers\PCTCore64.sys
2012-04-29 23:20:17    230952    ----a-w-    C:\windows\System32\drivers\PCTSD64.sys
2012-04-29 23:20:17    14776    ----a-w-    C:\windows\System32\drivers\pctBTFix64.sys
2012-04-29 23:20:13    92896    ----a-w-    C:\windows\System32\drivers\pctplsg64.sys
2012-04-29 23:20:05    --------    d-----w-    C:\ProgramData\PC Tools
2012-04-29 23:20:05    --------    d-----w-    C:\Program Files (x86)\PC Tools Security
2012-04-29 23:20:05    --------    d-----w-    C:\Program Files (x86)\Common Files\PC Tools
2012-04-29 23:16:59    --------    d-----w-    C:\Users\**********\AppData\Roaming\GetRightToGo
2012-04-29 23:08:17    24904    ----a-w-    C:\windows\System32\drivers\mbam.sys
2012-04-29 22:45:16    244736    ----a-w-    C:\ProgramData\3HUSDTQCqzyz0Q.exe
2012-04-26 14:54:35    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-26 14:54:34    157352    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 14:54:34    129976    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-03 10:34:33    --------    d-----w-    C:\found.000
2012-04-01 19:21:39    --------    d-----w-    C:\Users\********\AppData\Roaming\TeamViewer
2012-04-01 16:18:22    --------    d-----w-    C:\Program Files (x86)\TeamViewer
.
==================== Find3M  ====================
.
2012-02-23 08:18:36    279656    ------w-    C:\windows\System32\MpSigStub.exe
2012-02-15 10:01:50    52736    ----a-w-    C:\windows\System32\drivers\usbaapl64.sys
2012-02-15 10:01:50    4547944    ----a-w-    C:\windows\System32\usbaaplrc.dll
.
============= FINISH: 10:08:21,25 ===============
--- --- ---
Hat sich aber weiter noch nichts getan, habe immer noch Probleme, Programme stürzen ab/lassen sich nicht starten, Startleiste ist leer, schwarzer Hintergrund etc.

Wäre super, wenn mir jemand helfen könnte!

markusg 30.04.2012 17:50
hi
nutzt du den pc für onlinebanking, einkäufe, sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?

The_Pirate 30.04.2012 17:59
Hallo,

eigentlich nur fürs Onlinebanking, allerdings eher sporadisch. PayPal benutze ich aber immer wieder mal. Ich werd mal direkt die Passwörter an einem anderen, sauberen Rechner ändern.

markusg 01.05.2012 11:26
hi
bank anrufen, onlinebanking sperren lassen, neue zugangsdaten schicken lassen.

der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

The_Pirate 01.05.2012 13:49
Hallo,

vielen Dank für deine Hilfe.

Zu den von dir angesprochenen Punkten:

1. Autorun ist deaktiviert, Daten sind gesichert (ist kaum was Relevantes draufgewesen zum Glück).

2. Treiber sind von der Hersteller-Homepage runtergeladen und weggebrannt, Servicepack 1 hab ich auf USB-Stick. Soll die Formatierung dann über die ISO-DVD gemacht werden? Das werde ich zusammen mit dem Neuaufsetzen von Windows dann wohl erst am nächsten Wochenende schaffen, da ich dann erst wieder an einen Rechner komme, mit dem ich die ISO-DVD brennen kann.

3. Werde ich deinen Anweisungen gemäß machen, wenn der Rechner wieder aufgesetzt ist.

4. Passwörter werden geändert, Bank ist informiert (Onlinebanking mache ich, wenn dann eh nur mit Chip Card Reader).

Was genau ist denn mit dem Rechner passiert, dass er so hoffnungslos hinüber ist?

Nochmals vielen Dank für deine Hilfe.

markusg 01.05.2012 17:22
du hast ein rootkit, solche rootkits können weitere enderungen am system machen die wir evtl nicht nachvollziehen können.
wie das mit der formatierung geht, weist du?

The_Pirate 01.05.2012 17:35
Falls ich nichts fundamental missverstehe, kann ich das doch über die Datenträgerverwaltung, das entsprechende Volume auswählen und dann Rechtsklick -->Formatieren.

Ansonsten sollte es doch aber auch über die Installations-CD funktionieren, oder (über Benutzerdefiniert)?

The_Pirate 05.05.2012 20:52
So, habe alles entsprechend deinen Anweisungen durchgeführt, System ist neu aufgesetzt (Festplattenpartitionen dabei formatiert) , Windows 7 Service Pack 1 ist installiert, ebenso alle Gerätetreiber.

Weiterhin habe ich die von dir empfohlenen Programme ebenfalls installiert (Avast, Malwarebytes, Secunia PSI, FileHippo, Paragon) und die entsprechenden Systemeinstellungen zum besseren Schutz vorgenommen.

markusg 06.05.2012 19:22
hi, sehr gut.
und sorry, eintrag vom ersten mai übersehen.
ich möchte erst mal anhand einer checkliste prüfen ob du alles hast.
- instalieren von optionalen und wichtigen updates.
- konfigurieren von windows updates.
- dep für alle prozesse aktivieren.
- sehop aktivieren.
- chrome instalieren.
- sandboxie instalieren.
- autorun deaktivieren.
- panda vaccine instalieren.
- secunia instalieren.
- file hippo instalieren.
beachte:
secunia und file hippo bieten englische updates, überall wo du auf die nutzeroberfläche zugreifst, wie zb reader, browser, etc benötigst du deutsche updates, also hier die hersteller seiten in den favoriten deines browsers speichern und wenn ein update gezeigt wird, von dort hohlen, bei java, flash quicktime, ist es egal ob deutsch oder englisch.
- backup software instalieren, backup und rettungsdvd erstellen.
hier ne kurze anleitung:
Anleitung: Systemabbild mit Paragon Drive Backup - NETZWELT

- wenn du onlinebanking machst, kann ich noch kurz was über die vorteile von card reader und banking software sagen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131