Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/ATRAPS.Gen, TR/ATRAPS.Gen2, BDS/ZAccess.V u. a. (https://www.trojaner-board.de/121920-tr-atraps-gen-tr-atraps-gen2-bds-zaccess-v-u-a.html)

cosinus 06.09.2012 13:24
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

SFischer 06.09.2012 18:11
Hallo cosinus,
hier das Log von Kaspersky (TDSS-Killer):

Code:
19:00:48.0546 0428  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:00:48.0671 0428  ============================================================
19:00:48.0671 0428  Current date / time: 2012/09/06 19:00:48.0671
19:00:48.0671 0428  SystemInfo:
19:00:48.0671 0428 
19:00:48.0671 0428  OS Version: 5.1.2600 ServicePack: 3.0
19:00:48.0671 0428  Product type: Workstation
19:00:48.0671 0428  ComputerName: ESPRIMO
19:00:48.0671 0428  UserName: Administrator
19:00:48.0671 0428  Windows directory: C:\WINDOWS
19:00:48.0671 0428  System windows directory: C:\WINDOWS
19:00:48.0671 0428  Processor architecture: Intel x86
19:00:48.0671 0428  Number of processors: 4
19:00:48.0671 0428  Page size: 0x1000
19:00:48.0671 0428  Boot type: Normal boot
19:00:48.0671 0428  ============================================================
19:00:49.0843 0428  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:00:49.0843 0428  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:00:49.0875 0428  ============================================================
19:00:49.0875 0428  \Device\Harddisk1\DR1:
19:00:49.0875 0428  MBR partitions:
19:00:49.0875 0428  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
19:00:49.0906 0428  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x10E713B5
19:00:49.0906 0428  \Device\Harddisk0\DR0:
19:00:49.0906 0428  MBR partitions:
19:00:49.0906 0428  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74503CBF
19:00:49.0921 0428  ============================================================
19:00:49.0937 0428  D: <-> \Device\Harddisk1\DR1\Partition2
19:00:49.0968 0428  C: <-> \Device\Harddisk1\DR1\Partition1
19:00:50.0015 0428  K: <-> \Device\Harddisk0\DR0\Partition1
19:00:50.0031 0428  ============================================================
19:00:50.0031 0428  Initialize success
19:00:50.0031 0428  ============================================================
19:02:38.0921 1284  ============================================================
19:02:38.0921 1284  Scan started
19:02:38.0921 1284  Mode: Manual; SigCheck; TDLFS;
19:02:38.0921 1284  ============================================================
19:02:39.0671 1284  ================ Scan system memory ========================
19:02:39.0671 1284  System memory - ok
19:02:39.0671 1284  ================ Scan services =============================
19:02:39.0750 1284  [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883          C:\WINDOWS\system32\DRIVERS\61883.sys
19:02:40.0875 1284  61883 - ok
19:02:40.0968 1284  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
19:02:40.0968 1284  AAV UpdateService - ok
19:02:40.0984 1284  Abiosdsk - ok
19:02:40.0984 1284  abp480n5 - ok
19:02:41.0015 1284  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:02:41.0140 1284  ACPI - ok
19:02:41.0156 1284  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:02:41.0234 1284  ACPIEC - ok
19:02:41.0312 1284  [ 2841973308641ACC6236E583449B6357 ] AcrSch2Svc      C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
19:02:41.0328 1284  AcrSch2Svc - ok
19:02:41.0468 1284  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:02:41.0734 1284  AdobeFlashPlayerUpdateSvc - ok
19:02:41.0734 1284  adpu160m - ok
19:02:41.0750 1284  [ 8BED39E3C35D6A489438B8141717A557 ] aec            C:\WINDOWS\system32\drivers\aec.sys
19:02:41.0828 1284  aec - ok
19:02:41.0875 1284  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD            C:\WINDOWS\System32\drivers\afd.sys
19:02:41.0921 1284  AFD - ok
19:02:41.0921 1284  Aha154x - ok
19:02:41.0921 1284  aic78u2 - ok
19:02:41.0921 1284  aic78xx - ok
19:02:41.0953 1284  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter        C:\WINDOWS\system32\alrsvc.dll
19:02:42.0046 1284  Alerter - ok
19:02:42.0062 1284  [ 190CD73D4984F94D823F9444980513E5 ] ALG            C:\WINDOWS\System32\alg.exe
19:02:42.0093 1284  ALG - ok
19:02:42.0109 1284  AliIde - ok
19:02:42.0109 1284  amsint - ok
19:02:42.0171 1284  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
19:02:42.0187 1284  AntiVirSchedulerService - ok
19:02:42.0218 1284  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
19:02:42.0234 1284  AntiVirService - ok
19:02:42.0250 1284  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt        C:\WINDOWS\System32\appmgmts.dll
19:02:42.0312 1284  AppMgmt - ok
19:02:42.0343 1284  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394        C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:02:42.0421 1284  Arp1394 - ok
19:02:42.0421 1284  asc - ok
19:02:42.0421 1284  asc3350p - ok
19:02:42.0421 1284  asc3550 - ok
19:02:42.0515 1284  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:02:42.0531 1284  aspnet_state - ok
19:02:42.0531 1284  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:02:42.0625 1284  AsyncMac - ok
19:02:42.0640 1284  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
19:02:42.0718 1284  atapi - ok
19:02:42.0781 1284  [ 1818E14EA07AAF6F5DC107F5EEE5F91F ] atchksrv        C:\Programme\Intel\AMT\atchksrv.exe
19:02:42.0812 1284  atchksrv - ok
19:02:42.0812 1284  Atdisk - ok
19:02:42.0843 1284  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:02:42.0906 1284  Atmarpc - ok
19:02:42.0937 1284  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:02:43.0015 1284  AudioSrv - ok
19:02:43.0046 1284  [ D9F724AA26C010A217C97606B160ED68 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
19:02:43.0109 1284  audstub - ok
19:02:43.0140 1284  [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc            C:\WINDOWS\system32\DRIVERS\avc.sys
19:02:43.0234 1284  Avc - ok
19:02:43.0265 1284  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:02:43.0281 1284  avgntflt - ok
19:02:43.0328 1284  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:02:43.0328 1284  avipbb - ok
19:02:43.0359 1284  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:02:43.0375 1284  avkmgr - ok
19:02:43.0406 1284  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:02:43.0484 1284  Beep - ok
19:02:43.0515 1284  [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen        C:\WINDOWS\system32\bgsvcgen.exe
19:02:43.0531 1284  bgsvcgen - ok
19:02:43.0546 1284  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:02:43.0671 1284  BITS - ok
19:02:43.0703 1284  [ B71549F23736ADF83A571061C47777FD ] Browser        C:\WINDOWS\System32\browser.dll
19:02:43.0734 1284  Browser - ok
19:02:43.0765 1284  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
19:02:43.0859 1284  cbidf2k - ok
19:02:43.0875 1284  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:02:43.0968 1284  CCDECODE - ok
19:02:43.0968 1284  cd20xrnt - ok
19:02:43.0984 1284  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
19:02:44.0062 1284  Cdaudio - ok
19:02:44.0093 1284  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:02:44.0171 1284  Cdfs - ok
19:02:44.0171 1284  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:02:44.0250 1284  Cdrom - ok
19:02:44.0265 1284  Changer - ok
19:02:44.0281 1284  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] cisvc          C:\WINDOWS\system32\cisvc.exe
19:02:44.0359 1284  cisvc - ok
19:02:44.0375 1284  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
19:02:44.0453 1284  ClipSrv - ok
19:02:44.0484 1284  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:02:44.0500 1284  clr_optimization_v2.0.50727_32 - ok
19:02:44.0500 1284  CmdIde - ok
19:02:44.0515 1284  COMSysApp - ok
19:02:44.0515 1284  Cpqarray - ok
19:02:44.0546 1284  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:02:44.0625 1284  CryptSvc - ok
19:02:44.0625 1284  dac2w2k - ok
19:02:44.0625 1284  dac960nt - ok
19:02:44.0671 1284  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:02:44.0703 1284  DcomLaunch - ok
19:02:44.0750 1284  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:02:44.0828 1284  Dhcp - ok
19:02:44.0859 1284  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:02:44.0921 1284  Disk - ok
19:02:44.0937 1284  dmadmin - ok
19:02:44.0968 1284  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:02:45.0078 1284  dmboot - ok
19:02:45.0093 1284  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:02:45.0171 1284  dmio - ok
19:02:45.0203 1284  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:02:45.0281 1284  dmload - ok
19:02:45.0328 1284  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:02:45.0406 1284  dmserver - ok
19:02:45.0406 1284  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:02:45.0484 1284  DMusic - ok
19:02:45.0515 1284  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:02:45.0593 1284  Dnscache - ok
19:02:45.0609 1284  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc        C:\WINDOWS\System32\dot3svc.dll
19:02:45.0703 1284  Dot3svc - ok
19:02:45.0703 1284  dpti2o - ok
19:02:45.0734 1284  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
19:02:45.0812 1284  drmkaud - ok
19:02:45.0843 1284  [ 0CEDF29CFA2E1209456D98C2EE4AE6F5 ] DTSRVC          C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
19:02:45.0843 1284  DTSRVC - ok
19:02:45.0890 1284  [ DA1D21BB7D9B06C64275564F8E86C94E ] e1express      C:\WINDOWS\system32\DRIVERS\e1e5132.sys
19:02:45.0890 1284  e1express - ok
19:02:45.0921 1284  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost        C:\WINDOWS\System32\eapsvc.dll
19:02:46.0015 1284  EapHost - ok
19:02:46.0046 1284  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc          C:\WINDOWS\System32\ersvc.dll
19:02:46.0125 1284  ERSvc - ok
19:02:46.0156 1284  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
19:02:46.0171 1284  Eventlog - ok
19:02:46.0203 1284  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem    C:\WINDOWS\system32\es.dll
19:02:46.0234 1284  EventSystem - ok
19:02:46.0265 1284  Fabs - ok
19:02:46.0281 1284  [ 38D332A6D56AF32635675F132548343E ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
19:02:46.0359 1284  Fastfat - ok
19:02:46.0390 1284  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:02:46.0437 1284  FastUserSwitchingCompatibility - ok
19:02:46.0453 1284  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc            C:\WINDOWS\system32\drivers\Fdc.sys
19:02:46.0531 1284  Fdc - ok
19:02:46.0546 1284  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:02:46.0625 1284  Fips - ok
19:02:46.0718 1284  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
19:02:46.0859 1284  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:02:46.0859 1284  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:02:46.0875 1284  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
19:02:46.0937 1284  Flpydisk - ok
19:02:46.0968 1284  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:02:47.0031 1284  FltMgr - ok
19:02:47.0062 1284  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:02:47.0078 1284  FontCache3.0.0.0 - ok
19:02:47.0093 1284  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:02:47.0171 1284  Fs_Rec - ok
19:02:47.0187 1284  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:02:47.0265 1284  Ftdisk - ok
19:02:47.0296 1284  [ 997527391DEC418DC62D784D848D73BE ] GigasetGenericUSB C:\WINDOWS\system32\DRIVERS\GigasetGenericUSB.sys
19:02:47.0343 1284  GigasetGenericUSB - ok
19:02:47.0375 1284  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:02:47.0453 1284  Gpc - ok
19:02:47.0484 1284  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:02:47.0546 1284  HDAudBus - ok
19:02:47.0593 1284  [ C865D1F6D03595DF213DC3C67E4E4C58 ] HECI            C:\WINDOWS\system32\DRIVERS\HECI.sys
19:02:47.0625 1284  HECI - ok
19:02:47.0671 1284  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:02:47.0750 1284  helpsvc - ok
19:02:47.0765 1284  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ        C:\WINDOWS\System32\hidserv.dll
19:02:47.0859 1284  HidServ - ok
19:02:47.0906 1284  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:02:47.0968 1284  hidusb - ok
19:02:48.0000 1284  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:02:48.0078 1284  hkmsvc - ok
19:02:48.0078 1284  hpn - ok
19:02:48.0109 1284  [ 128EF741B2293C36810561092B566B1C ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
19:02:48.0140 1284  HSFHWBS2 - ok
19:02:48.0171 1284  [ 9A0D0C461EF2B3D80CB7875B4B995E47 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:02:48.0250 1284  HSF_DP - ok
19:02:48.0281 1284  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:02:48.0328 1284  HTTP - ok
19:02:48.0343 1284  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:02:48.0421 1284  HTTPFilter - ok
19:02:48.0421 1284  i2omgmt - ok
19:02:48.0437 1284  i2omp - ok
19:02:48.0437 1284  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:02:48.0515 1284  i8042prt - ok
19:02:48.0546 1284  [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
19:02:48.0562 1284  iaStor - ok
19:02:48.0609 1284  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc          C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:02:48.0656 1284  idsvc - ok
19:02:48.0687 1284  [ 667CFDB801DF771F47B7C39373C2D850 ] IFXTPM          C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
19:02:48.0718 1284  IFXTPM - ok
19:02:48.0718 1284  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi          C:\WINDOWS\system32\DRIVERS\imapi.sys
19:02:48.0812 1284  Imapi - ok
19:02:48.0859 1284  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:02:48.0937 1284  ImapiService - ok
19:02:48.0937 1284  ini910u - ok
19:02:49.0062 1284  [ E3FEC5A562D1C5E1E1177D20A4E5BEBA ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:02:49.0203 1284  IntcAzAudAddService - ok
19:02:49.0218 1284  IntelIde - ok
19:02:49.0250 1284  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:02:49.0328 1284  intelppm - ok
19:02:49.0343 1284  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw          C:\WINDOWS\system32\drivers\ip6fw.sys
19:02:49.0421 1284  Ip6Fw - ok
19:02:49.0453 1284  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:02:49.0531 1284  IpFilterDriver - ok
19:02:49.0546 1284  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:02:49.0625 1284  IpInIp - ok
19:02:49.0656 1284  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:02:49.0734 1284  IpNat - ok
19:02:49.0750 1284  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:02:49.0828 1284  IPSec - ok
19:02:49.0859 1284  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:02:49.0890 1284  IRENUM - ok
19:02:49.0906 1284  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:02:49.0984 1284  isapnp - ok
19:02:50.0046 1284  [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
19:02:50.0062 1284  JavaQuickStarterService - ok
19:02:50.0093 1284  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:02:50.0156 1284  Kbdclass - ok
19:02:50.0171 1284  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:02:50.0250 1284  kbdhid - ok
19:02:50.0265 1284  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:02:50.0343 1284  kmixer - ok
19:02:50.0375 1284  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:02:50.0421 1284  KSecDD - ok
19:02:50.0453 1284  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:02:50.0500 1284  lanmanserver - ok
19:02:50.0531 1284  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:02:50.0578 1284  lanmanworkstation - ok
19:02:50.0578 1284  lbrtfdc - ok
19:02:50.0609 1284  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
19:02:50.0687 1284  LmHosts - ok
19:02:50.0687 1284  [ AE299DB6FCC6358CF6AD681054E3BA59 ] LMS            C:\Programme\Intel\AMT\LMS.exe
19:02:50.0703 1284  LMS - ok
19:02:50.0734 1284  [ 7A1A532F14FDE28489DC349C6E404A67 ] LPDSVC          C:\WINDOWS\system32\tcpsvcs.exe
19:02:50.0828 1284  LPDSVC - ok
19:02:50.0859 1284  [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector  C:\WINDOWS\system32\drivers\mbam.sys
19:02:50.0859 1284  MBAMProtector - ok
19:02:50.0890 1284  [ 43683E970F008C93C9429EF428147A54 ] MBAMService    C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
19:02:50.0906 1284  MBAMService - ok
19:02:50.0953 1284  [ 5110EDD87E2508F02B922E83A2487DFC ] mdmxsdk        C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:02:50.0953 1284  mdmxsdk - ok
19:02:50.0984 1284  [ B7550A7107281D170CE85524B1488C98 ] Messenger      C:\WINDOWS\System32\msgsvc.dll
19:02:51.0078 1284  Messenger - ok
19:02:51.0109 1284  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
19:02:51.0187 1284  mnmdd - ok
19:02:51.0218 1284  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc        C:\WINDOWS\system32\mnmsrvc.exe
19:02:51.0281 1284  mnmsrvc - ok
19:02:51.0312 1284  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
19:02:51.0390 1284  Modem - ok
19:02:51.0390 1284  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:02:51.0453 1284  Mouclass - ok
19:02:51.0484 1284  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:02:51.0562 1284  mouhid - ok
19:02:51.0593 1284  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:02:51.0671 1284  MountMgr - ok
19:02:51.0718 1284  [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC            C:\WINDOWS\system32\drivers\mqac.sys
19:02:51.0750 1284  MQAC - ok
19:02:51.0750 1284  mraid35x - ok
19:02:51.0781 1284  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:02:51.0875 1284  MRxDAV - ok
19:02:51.0921 1284  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:02:51.0953 1284  MRxSmb - ok
19:02:52.0000 1284  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC          C:\WINDOWS\system32\msdtc.exe
19:02:52.0078 1284  MSDTC - ok
19:02:52.0093 1284  [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV            C:\WINDOWS\system32\DRIVERS\msdv.sys
19:02:52.0187 1284  MSDV - ok
19:02:52.0203 1284  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:02:52.0265 1284  Msfs - ok
19:02:52.0265 1284  MSIServer - ok
19:02:52.0281 1284  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:02:52.0375 1284  MSKSSRV - ok
19:02:52.0406 1284  [ 0DCA65CF0B5E016192DFC8D184544FB6 ] MSMQ            C:\WINDOWS\system32\mqsvc.exe
19:02:52.0437 1284  MSMQ - ok
19:02:52.0453 1284  [ 7E68E3D511CF98CCD613DE1253DA4247 ] MSMQTriggers    C:\WINDOWS\system32\mqtgsvc.exe
19:02:52.0500 1284  MSMQTriggers - ok
19:02:52.0515 1284  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:02:52.0578 1284  MSPCLOCK - ok
19:02:52.0593 1284  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
19:02:52.0671 1284  MSPQM - ok
19:02:52.0687 1284  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:02:52.0765 1284  mssmbios - ok
19:02:52.0796 1284  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE          C:\WINDOWS\system32\drivers\MSTEE.sys
19:02:52.0875 1284  MSTEE - ok
19:02:52.0906 1284  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
19:02:52.0937 1284  Mup - ok
19:02:52.0968 1284  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:02:53.0062 1284  NABTSFEC - ok
19:02:53.0093 1284  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:02:53.0187 1284  napagent - ok
19:02:53.0234 1284  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:02:53.0312 1284  NDIS - ok
19:02:53.0328 1284  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:02:53.0421 1284  NdisIP - ok
19:02:53.0453 1284  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:02:53.0500 1284  NdisTapi - ok
19:02:53.0515 1284  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:02:53.0593 1284  Ndisuio - ok
19:02:53.0625 1284  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:02:53.0703 1284  NdisWan - ok
19:02:53.0734 1284  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
19:02:53.0781 1284  NDProxy - ok
19:02:53.0875 1284  [ B044BB341E164DA6750A9B8E6A5FF6A1 ] Nero BackItUp Scheduler 3 C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
19:02:53.0906 1284  Nero BackItUp Scheduler 3 - ok
19:02:53.0953 1284  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
19:02:54.0031 1284  NetBIOS - ok
19:02:54.0046 1284  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
19:02:54.0109 1284  NetBT - ok
19:02:54.0140 1284  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:02:54.0234 1284  NetDDE - ok
19:02:54.0234 1284  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:02:54.0312 1284  NetDDEdsdm - ok
19:02:54.0328 1284  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:02:54.0406 1284  Netlogon - ok
19:02:54.0437 1284  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
19:02:54.0515 1284  Netman - ok
19:02:54.0546 1284  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:02:54.0562 1284  NetTcpPortSharing - ok
19:02:54.0593 1284  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394        C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:02:54.0671 1284  NIC1394 - ok
19:02:54.0703 1284  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla            C:\WINDOWS\System32\mswsock.dll
19:02:54.0718 1284  Nla - ok
19:02:54.0796 1284  [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
19:02:54.0812 1284  NMIndexingService - ok
19:02:54.0843 1284  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:02:54.0906 1284  Npfs - ok
19:02:54.0921 1284  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:02:55.0031 1284  Ntfs - ok
19:02:55.0046 1284  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp        C:\WINDOWS\system32\lsass.exe
19:02:55.0125 1284  NtLmSsp - ok
19:02:55.0156 1284  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
19:02:55.0281 1284  NtmsSvc - ok
19:02:55.0281 1284  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:02:55.0343 1284  Null - ok
19:02:55.0500 1284  [ 23B95A09677E62EC8D1641ECF39B9BFB ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:02:55.0734 1284  nv - ok
19:02:55.0765 1284  [ C501206816F35D20422B4C3F88D62860 ] NVSvc          C:\WINDOWS\system32\nvsvc32.exe
19:02:55.0781 1284  NVSvc - ok
19:02:55.0812 1284  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:02:55.0890 1284  NwlnkFlt - ok
19:02:55.0921 1284  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:02:55.0984 1284  NwlnkFwd - ok
19:02:56.0015 1284  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:02:56.0093 1284  ohci1394 - ok
19:02:56.0093 1284  [ F84785660305B9B903FB3BCA8BA29837 ] Parport        C:\WINDOWS\system32\drivers\Parport.sys
19:02:56.0171 1284  Parport - ok
19:02:56.0203 1284  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
19:02:56.0265 1284  PartMgr - ok
19:02:56.0296 1284  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:02:56.0375 1284  ParVdm - ok
19:02:56.0390 1284  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
19:02:56.0468 1284  PCI - ok
19:02:56.0468 1284  PCIDump - ok
19:02:56.0500 1284  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:02:56.0562 1284  PCIIde - ok
19:02:56.0593 1284  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:02:56.0671 1284  Pcmcia - ok
19:02:56.0671 1284  PDCOMP - ok
19:02:56.0671 1284  PDFRAME - ok
19:02:56.0703 1284  [ 089CA80CE0766B031164714B51DF99BB ] PdiPorts        C:\WINDOWS\system32\Drivers\PdiPorts.sys
19:02:56.0718 1284  PdiPorts - ok
19:02:56.0734 1284  [ 0A098DF98EC8FACAA30BD7DB4C7AEA06 ] PdiService      C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe
19:02:56.0750 1284  PdiService - ok
19:02:56.0750 1284  PDRELI - ok
19:02:56.0750 1284  PDRFRAME - ok
19:02:56.0750 1284  perc2 - ok
19:02:56.0750 1284  perc2hib - ok
19:02:56.0812 1284  [ EC4F52692B5CF116CA6B0428D84A9ABA ] Pivot          C:\WINDOWS\system32\drivers\pivot.sys
19:02:56.0828 1284  Pivot ( UnsignedFile.Multi.Generic ) - warning
19:02:56.0828 1284  Pivot - detected UnsignedFile.Multi.Generic (1)
19:02:56.0859 1284  [ 7D72AC1ABDA06FF42FD57345D0D75523 ] pivotmou        C:\WINDOWS\System32\drivers\pivotmou.sys
19:02:56.0875 1284  pivotmou ( UnsignedFile.Multi.Generic ) - warning
19:02:56.0875 1284  pivotmou - detected UnsignedFile.Multi.Generic (1)
19:02:56.0906 1284  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
19:02:56.0906 1284  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
19:02:56.0906 1284  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
19:02:56.0921 1284  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
19:02:56.0937 1284  PlugPlay - ok
19:02:56.0937 1284  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent    C:\WINDOWS\system32\lsass.exe
19:02:57.0000 1284  PolicyAgent - ok
19:02:57.0046 1284  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:02:57.0125 1284  PptpMiniport - ok
19:02:57.0125 1284  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:02:57.0203 1284  ProtectedStorage - ok
19:02:57.0203 1284  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:02:57.0281 1284  PSched - ok
19:02:57.0296 1284  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:02:57.0375 1284  Ptilink - ok
19:02:57.0375 1284  ql1080 - ok
19:02:57.0375 1284  Ql10wnt - ok
19:02:57.0390 1284  ql12160 - ok
19:02:57.0390 1284  ql1240 - ok
19:02:57.0390 1284  ql1280 - ok
19:02:57.0406 1284  [ 0087F01D35A65B32393CC8BBA46EE4A6 ] QV2KUX          C:\WINDOWS\system32\DRIVERS\qv2kux.sys
19:02:57.0484 1284  QV2KUX - ok
19:02:57.0515 1284  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:02:57.0593 1284  RasAcd - ok
19:02:57.0625 1284  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto        C:\WINDOWS\System32\rasauto.dll
19:02:57.0687 1284  RasAuto - ok
19:02:57.0703 1284  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:02:57.0781 1284  Rasl2tp - ok
19:02:57.0812 1284  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:02:57.0890 1284  RasMan - ok
19:02:57.0890 1284  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:02:57.0968 1284  RasPppoe - ok
19:02:57.0968 1284  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:02:58.0031 1284  Raspti - ok
19:02:58.0046 1284  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:02:58.0125 1284  Rdbss - ok
19:02:58.0140 1284  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:02:58.0218 1284  RDPCDD - ok
19:02:58.0234 1284  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr          C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:02:58.0312 1284  rdpdr - ok
19:02:58.0343 1284  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
19:02:58.0375 1284  RDPWD - ok
19:02:58.0390 1284  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
19:02:58.0484 1284  RDSessMgr - ok
19:02:58.0500 1284  [ ED761D453856F795A7FE056E42C36365 ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
19:02:58.0562 1284  redbook - ok
19:02:58.0593 1284  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:02:58.0687 1284  RemoteAccess - ok
19:02:58.0718 1284  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:02:58.0796 1284  RemoteRegistry - ok
19:02:58.0828 1284  [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST          C:\WINDOWS\system32\drivers\RMCast.sys
19:02:58.0859 1284  RMCAST - ok
19:02:58.0875 1284  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:02:58.0968 1284  RpcLocator - ok
19:02:58.0984 1284  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs          C:\WINDOWS\system32\rpcss.dll
19:02:59.0015 1284  RpcSs - ok
19:02:59.0046 1284  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:02:59.0140 1284  RSVP - ok
19:02:59.0140 1284  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs          C:\WINDOWS\system32\lsass.exe
19:02:59.0218 1284  SamSs - ok
19:02:59.0234 1284  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:02:59.0328 1284  SCardSvr - ok
19:02:59.0359 1284  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:02:59.0437 1284  Schedule - ok
19:02:59.0453 1284  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:02:59.0484 1284  Secdrv - ok
19:02:59.0515 1284  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:02:59.0593 1284  seclogon - ok
19:02:59.0593 1284  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
19:02:59.0671 1284  SENS - ok
19:02:59.0687 1284  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum        C:\WINDOWS\system32\DRIVERS\serenum.sys
19:02:59.0765 1284  serenum - ok
19:02:59.0765 1284  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
19:02:59.0843 1284  Serial - ok
19:02:59.0875 1284  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy        C:\WINDOWS\system32\drivers\Sfloppy.sys
19:02:59.0937 1284  Sfloppy - ok
19:02:59.0953 1284  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:02:59.0968 1284  ShellHWDetection - ok
19:02:59.0968 1284  Simbad - ok
19:03:00.0000 1284  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:03:00.0078 1284  SLIP - ok
19:03:00.0125 1284  [ DECA2315713EDE05E47E4A4122EEC3E0 ] snapman        C:\WINDOWS\system32\DRIVERS\snapman.sys
19:03:00.0140 1284  snapman - ok
19:03:00.0140 1284  Sparrow - ok
19:03:00.0156 1284  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:03:00.0218 1284  splitter - ok
19:03:00.0250 1284  [ 60784F891563FB1B767F70117FC2428F ] Spooler        C:\WINDOWS\system32\spoolsv.exe
19:03:00.0296 1284  Spooler - ok
19:03:00.0296 1284  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:03:00.0343 1284  sr - ok
19:03:00.0390 1284  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice      C:\WINDOWS\system32\srsvc.dll
19:03:00.0421 1284  srservice - ok
19:03:00.0453 1284  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
19:03:00.0515 1284  Srv - ok
19:03:00.0531 1284  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
19:03:00.0578 1284  SSDPSRV - ok
19:03:00.0625 1284  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:03:00.0625 1284  ssmdrv - ok
19:03:00.0640 1284  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:03:00.0718 1284  stisvc - ok
19:03:00.0750 1284  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:03:00.0843 1284  streamip - ok
19:03:00.0875 1284  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:03:00.0937 1284  swenum - ok
19:03:00.0953 1284  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:03:01.0015 1284  swmidi - ok
19:03:01.0031 1284  SwPrv - ok
19:03:01.0031 1284  symc810 - ok
19:03:01.0031 1284  symc8xx - ok
19:03:01.0031 1284  sym_hi - ok
19:03:01.0031 1284  sym_u3 - ok
19:03:01.0078 1284  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:03:01.0156 1284  sysaudio - ok
19:03:01.0171 1284  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
19:03:01.0265 1284  SysmonLog - ok
19:03:01.0281 1284  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
19:03:01.0359 1284  TapiSrv - ok
19:03:01.0390 1284  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:03:01.0437 1284  Tcpip - ok
19:03:01.0468 1284  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:03:01.0562 1284  TDPIPE - ok
19:03:01.0609 1284  [ 3630F5B8181554DEECFE2E4252BC4C4C ] tdrpman251      C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
19:03:01.0640 1284  tdrpman251 - ok
19:03:01.0656 1284  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
19:03:01.0734 1284  TDTCP - ok
19:03:01.0734 1284  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:03:01.0812 1284  TermDD - ok
19:03:01.0859 1284  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService    C:\WINDOWS\System32\termsrv.dll
19:03:01.0953 1284  TermService - ok
19:03:02.0000 1284  [ 8691929929F2EE71F0AD82B760C2A05E ] TestHandler    C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe
19:03:02.0015 1284  TestHandler - ok
19:03:02.0046 1284  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:03:02.0046 1284  Themes - ok
19:03:02.0093 1284  [ 6DCB8DDB481CD3C40FA68593723B4D89 ] tifsfilter      C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
19:03:02.0093 1284  tifsfilter - ok
19:03:02.0140 1284  [ C820BFC70FEB25EC877C49E81CD477C1 ] timounter      C:\WINDOWS\system32\DRIVERS\timntr.sys
19:03:02.0171 1284  timounter - ok
19:03:02.0203 1284  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr        C:\WINDOWS\system32\tlntsvr.exe
19:03:02.0250 1284  TlntSvr - ok
19:03:02.0250 1284  TosIde - ok
19:03:02.0281 1284  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:03:02.0359 1284  TrkWks - ok
19:03:02.0375 1284  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:03:02.0468 1284  Udfs - ok
19:03:02.0468 1284  ultra - ok
19:03:02.0546 1284  [ 57A8B36053910BC9608C2F789C6B6AB5 ] UNS            C:\Programme\Intel\AMT\UNS.exe
19:03:02.0656 1284  UNS - ok
19:03:02.0703 1284  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:03:02.0781 1284  Update - ok
19:03:02.0812 1284  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:03:02.0859 1284  upnphost - ok
19:03:02.0875 1284  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS            C:\WINDOWS\System32\ups.exe
19:03:02.0968 1284  UPS - ok
19:03:03.0000 1284  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
19:03:03.0078 1284  usbaudio - ok
19:03:03.0125 1284  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp        C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:03:03.0187 1284  usbccgp - ok
19:03:03.0203 1284  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci        C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:03:03.0265 1284  usbehci - ok
19:03:03.0281 1284  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:03:03.0359 1284  usbhub - ok
19:03:03.0390 1284  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:03:03.0484 1284  usbprint - ok
19:03:03.0500 1284  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan        C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:03:03.0578 1284  usbscan - ok
19:03:03.0625 1284  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:03:03.0687 1284  usbstor - ok
19:03:03.0703 1284  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:03:03.0765 1284  usbuhci - ok
19:03:03.0796 1284  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
19:03:03.0875 1284  VgaSave - ok
19:03:03.0875 1284  ViaIde - ok
19:03:03.0921 1284  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
19:03:04.0000 1284  VolSnap - ok
19:03:04.0031 1284  [ 68F106273BE29E7B7EF8266977268E78 ] VSS            C:\WINDOWS\System32\vssvc.exe
19:03:04.0093 1284  VSS - ok
19:03:04.0109 1284  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time        C:\WINDOWS\system32\w32time.dll
19:03:04.0171 1284  W32Time - ok
19:03:04.0187 1284  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:03:04.0265 1284  Wanarp - ok
19:03:04.0265 1284  WDICA - ok
19:03:04.0281 1284  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:03:04.0359 1284  wdmaud - ok
19:03:04.0390 1284  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient      C:\WINDOWS\System32\webclnt.dll
19:03:04.0453 1284  WebClient - ok
19:03:04.0468 1284  [ CE545A84BF3411E7516FA8DA51AD9D93 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:03:04.0500 1284  winachsf - ok
19:03:04.0562 1284  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
19:03:04.0656 1284  winmgmt - ok
19:03:04.0687 1284  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:03:04.0750 1284  WmdmPmSN - ok
19:03:04.0781 1284  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi            C:\WINDOWS\System32\advapi32.dll
19:03:04.0828 1284  Wmi - ok
19:03:04.0875 1284  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:03:04.0953 1284  WmiApSrv - ok
19:03:05.0031 1284  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc  C:\Programme\Windows Media Player\WMPNetwk.exe
19:03:05.0062 1284  WMPNetworkSvc - ok
19:03:05.0109 1284  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:03:05.0171 1284  WSTCODEC - ok
19:03:05.0203 1284  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:03:05.0281 1284  wuauserv - ok
19:03:05.0328 1284  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:03:05.0343 1284  WudfPf - ok
19:03:05.0359 1284  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:03:05.0359 1284  WudfRd - ok
19:03:05.0390 1284  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc        C:\WINDOWS\System32\WUDFSvc.dll
19:03:05.0406 1284  WudfSvc - ok
19:03:05.0453 1284  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:03:05.0546 1284  WZCSVC - ok
19:03:05.0578 1284  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
19:03:05.0656 1284  xmlprov - ok
19:03:05.0656 1284  ================ Scan global ===============================
19:03:05.0687 1284  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
19:03:05.0718 1284  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:03:05.0734 1284  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:03:05.0750 1284  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
19:03:05.0765 1284  [Global] - ok
19:03:05.0765 1284  ================ Scan MBR ==================================
19:03:05.0781 1284  [ EBA341AD91BD67E83FD5FC3592A6E89B ] \Device\Harddisk1\DR1
19:03:06.0125 1284  \Device\Harddisk1\DR1 - ok
19:03:06.0140 1284  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:03:06.0187 1284  \Device\Harddisk0\DR0 - ok
19:03:06.0187 1284  ================ Scan VBR ==================================
19:03:06.0187 1284  [ 7CAFF2822949E0D023D63744DCB4B703 ] \Device\Harddisk1\DR1\Partition1
19:03:06.0203 1284  \Device\Harddisk1\DR1\Partition1 - ok
19:03:06.0234 1284  [ E08C4AFE85CDC8B75479DB99B040F9CA ] \Device\Harddisk1\DR1\Partition2
19:03:06.0234 1284  \Device\Harddisk1\DR1\Partition2 - ok
19:03:06.0234 1284  [ 934795FE71F54E5A28BBBE9DC6134092 ] \Device\Harddisk0\DR0\Partition1
19:03:06.0234 1284  \Device\Harddisk0\DR0\Partition1 - ok
19:03:06.0234 1284  ============================================================
19:03:06.0234 1284  Scan finished
19:03:06.0234 1284  ============================================================
19:03:06.0343 2404  Detected object count: 4
19:03:06.0343 2404  Actual detected object count: 4
19:05:24.0703 2404  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:24.0703 2404  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:24.0703 2404  Pivot ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:24.0703 2404  Pivot ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:24.0703 2404  pivotmou ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:24.0703 2404  pivotmou ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:24.0718 2404  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:24.0718 2404  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 06.09.2012 21:01
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

SFischer 07.09.2012 04:52
Hallo Cosinus,
danke für Deine Antwort. Fahre jetzt in Kurzurlaub. Melde mich, sobald ich wieder zu Hause bin. Viele Grüße SFischer

SFischer 12.09.2012 09:21
Hallo cosinus, hier die Combofix.txt:

Combofix Logfile:
Code:
ComboFix 12-09-11.02 - Administrator 12.09.2012  9:55.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3070.2308 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\windows\Installer\$PatchCache$\Managed\3706342866B54DD48A51342744051302\15.1.0\distributor.ini2
c:\windows\IsUn0407.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-12 bis 2012-09-12  ))))))))))))))))))))))))))))))
.
.
2012-08-31 18:28 . 2012-08-31 18:28        --------        d-----w-        C:\_OTL
2012-08-17 04:22 . 2012-08-17 04:22        --------        d-----w-        c:\programme\ESET
2012-08-16 18:48 . 2012-08-16 18:48        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2012-08-16 18:48 . 2012-08-16 18:48        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-08-16 18:48 . 2012-08-16 18:48        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-08-16 18:48 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 18:24 . 2012-08-01 19:02        477168        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2010-04-24 04:57        473072        ----a-w-        c:\windows\system32\deployJava1.dll
2012-08-28 16:39 . 2012-08-01 19:02        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2012-08-16 19:38 . 2012-06-23 07:34        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-16 19:38 . 2012-06-23 07:34        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-06 13:59 . 2006-02-28 12:00        78336        ----a-w-        c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-04-27 13:54        139784        ----a-r-        c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2006-02-28 12:00        1866240        ----a-w-        c:\windows\system32\win32k.sys
2012-07-02 17:39 . 2006-02-28 12:00        916992        ----a-w-        c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2006-02-28 12:00        43520        ------w-        c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2006-02-28 12:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-02-28 12:00        385024        ------w-        c:\windows\system32\html.iec
1999-03-11 17:22 . 1999-03-11 17:22        99840        -c--a-w-        c:\programme\Gemeinsame Dateien\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53        70144        -c--a-w-        c:\programme\Gemeinsame Dateien\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53        48640        -c--a-w-        c:\programme\Gemeinsame Dateien\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53        31744        -c--a-w-        c:\programme\Gemeinsame Dateien\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53        186368        -c--a-w-        c:\programme\Gemeinsame Dateien\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53        17920        -c--a-w-        c:\programme\Gemeinsame Dateien\IRASRIAL.DLL
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-20 16858112]
"atchk"="c:\programme\Intel\AMT\atchk.exe" [2007-07-06 408088]
"NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-04-29 2221352]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"TrueImageMonitor.exe"="c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-06 4389592]
"AcronisTimounterMonitor"="c:\programme\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-11-06 962688]
"Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2009-11-06 377712]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"DeskUpdateNotifier"="c:\programme\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe" [2011-11-10 100120]
"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2008-08-07 90112]
"PivotSoftware"="c:\programme\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT ACR"="c:\programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe" [2010-06-30 121456]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
Password Safe.lnk - c:\programme\Password Safe\pwsafe.exe [2011-3-17 3545600]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Acrobat Assistant.lnk - c:\programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
Logitech Desktop Messenger.lnk - c:\programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-9-15 67128]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\programme\Gemeinsame Dateien\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-1-23 172544]
Symantec Fax Starter Edition-Anschluss.lnk - c:\programme\Microsoft Office\Office\1031\OLFSNT40.EXE [1999-3-11 46080]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          auto_reactivate c:\bootwiz\asrm.bin\0autocheck autochk *
.
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [22.08.2010 14:08 902432]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [16.10.2011 09:56 36000]
R2 AAV UpdateService;AAV UpdateService;c:\programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [24.10.2008 17:35 128296]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.10.2011 09:56 86224]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [27.08.2009 18:09 1253376]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [16.08.2012 20:48 655944]
R2 PdiService;Portrait Displays SDK Service;c:\programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe [09.10.2011 16:20 109168]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\programme\Intel\AMT\UNS.exe [27.04.2009 16:42 2521624]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [04.04.2007 18:16 41216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16.08.2012 20:48 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23.06.2012 09:34 250056]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [07.08.2008 12:10 3276800]
S3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\drivers\GigasetGenericUSB.sys [14.03.2010 14:01 44032]
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 19:38]
.
2012-09-04 c:\windows\Tasks\DeskUpdate.job
- c:\programme\Fujitsu\DeskUpdate\ducmd.exe [2010-08-23 12:34]
.
2012-09-11 c:\windows\Tasks\User_Feed_Synchronization-{95F0716E-F69E-4AE7-83D0-08F827F5C9FD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.boersensignale.de/boersenprognoseaktuell.html
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-09-12 09:59
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1677128483-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,a9,17,b5,da,4c,fe,45,80,85,2f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,a9,17,b5,da,4c,fe,45,80,85,2f,\
.
[HKEY_USERS\S-1-5-21-1960408961-1677128483-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c6,95,85,18,c3,69,23,5f,d7,4d,aa,a5,d7,c1,90,39,65,56,61,7a,76,76,3a,
  e1,33,17,6c,ed,72,83,98,19,d7,6a,d8,cc,3c,08,9e,6c,4b,bd,65,2a,19,2f,92,02,\
"??"=hex:59,0e,32,af,6b,cd,57,59,62,49,ff,4e,f8,65,4e,b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1760)
c:\windows\system32\CLBCATQ.DLL
.
Zeit der Fertigstellung: 2012-09-12  10:00:52
ComboFix-quarantined-files.txt  2012-09-12 08:00
.
Vor Suchlauf: 13 Verzeichnis(se), 62.746.673.152 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 62.983.004.160 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2165FE927F259116724B1CCD012A2A48
--- --- ---

cosinus 12.09.2012 14:09
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

SFischer 12.09.2012 17:19
Hallo cosinus, vielen Dank für die schnelle Antwort!
Zuerst das Log von GMER:
[code]
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-12 18:15:49
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1f ST3250310AS rev.4.AAA
Running: k9kc2xss.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pgrdapob.sys


---- System - GMER 1.0.15 ----

SSDT            BA7F123E                                            ZwCreateKey
SSDT            BA7F1234                                            ZwCreateThread
SSDT            BA7F1243                                            ZwDeleteKey
SSDT            BA7F124D                                            ZwDeleteValueKey
SSDT            BA7F1252                                            ZwLoadKey
SSDT            BA7F1220                                            ZwOpenProcess
SSDT            BA7F1225                                            ZwOpenThread
SSDT            BA7F125C                                            ZwReplaceKey
SSDT            BA7F1257                                            ZwRestoreKey
SSDT            BA7F1248                                            ZwSetValueKey

Code            \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys  pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys            section is writeable [0xB849C380, 0x34C81F, 0xE8000020]
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS          Das System kann die angegebene Datei nicht finden. !
?              C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys      Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                              tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1              tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2              tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3              tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume4              tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume4              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume4              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \FileSystem\Fastfat \Fat                            tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \FileSystem\Fastfat \Fat                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---


Hallo cosinus, hier noch die Logs von OSAM und aswMBR:
Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:57:42 on 12.09.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "Acronis" - C:\WINDOWS\system32\auto_reactivate.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"DeskUpdate.job" - "Fujitsu Technology Solutions" - C:\Programme\Fujitsu\DeskUpdate\ducmd.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"Acronis Try&Decide and Restore Points filter (build 251)" (tdrpman251) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tdrpm251.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"iaStor" (iaStor) - "Intel Corporation" - C:\WINDOWS\system32\drivers\iaStor.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Pivot" (Pivot) - "Portrait Displays, Inc." - C:\WINDOWS\System32\drivers\pivot.sys
"Pivot Mouse/Pointers Filter Driver" (pivotmou) - "Portrait Displays, Inc." - C:\WINDOWS\System32\drivers\pivotmou.sys
"Portrait Displays low level device driver" (PdiPorts) - "Portrait Displays, Inc." - C:\WINDOWS\System32\Drivers\PdiPorts.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Programme\Audible\Bin\AudibleExt.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "Logitech Inc." - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Programme\Audible\Bin\AudibleExt.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (File not found | COM-object registry key not found)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
{654D0431-C930-43C4-B8DA-9AA01BA5B486} "PDI GUI Engine COM Obj" - "Portrait Displays, Inc" - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\HtmlEngine.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{8602BDD8-9780-4717-B89A-7F89AF75B2AB} "ShellExt Class" - "Portrait Displays, Inc." - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\shellmenu.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{E0D79300-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll
{E0D79301-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll
{E0D79302-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} "EPUImageControl Class" - "eBay, Inc." - C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} "GpcContainer Class" - "Cisco WebEx LLC" - C:\Programme\WebEx\ieatgpc.dll /
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{C08DF07A-3E49-4E25-9AB0-D3882835F153} "QUICKfind BHO Object" - ? - C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll  (File found, but it contains no detailed information)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Acrobat Assistant.lnk" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Logitech Desktop Messenger.lnk" - "Logitech Inc." - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)
"PHOTOfunSTUDIO 5.1 HD Edition.lnk" - "Panasonic Corporation" - C:\Programme\Gemeinsame Dateien\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe  (Shortcut exists | File exists)
"Symantec Fax Starter Edition-Anschluss.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini
"Password Safe.lnk" - "SourceForge.net" - C:\Programme\Password Safe\pwsafe.exe  (Shortcut exists | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor" - "Acronis" - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"atchk" - "Intel Corporation" - "C:\Programme\Intel\AMT\atchk.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"DeskUpdateNotifier" - "Fujitsu Technology Solutions" - "C:\Programme\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
"DT ACR" - ? - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe -ACR  (File found, but it contains no detailed information)
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NBKeyScan" - "Nero AG" - "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"OpwareSE4" - "ScanSoft, Inc." - "C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"PivotSoftware" - ? - "C:\Programme\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10  (File found, but it contains no detailed information)
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TrayServer" - "MAGIX AG" - C:\PROGRA~1\MAGIX\VIDEO_~1\TrayServer.exe
"TrueImageMonitor.exe" - "Acronis" - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"OLFax Ports" - "Microsoft Corporation" - C:\WINDOWS\system32\OLFMNT40.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AAV UpdateService" (AAV UpdateService) - ? - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\WINDOWS\system32\bgsvcgen.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
"Fujitsu Diagnostic Testhandler" (TestHandler) - "Fujitsu Technology Solutions" - C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe
"Intel(R) Active Management Technology Local Management Service" (LMS) - "Intel" - C:\Programme\Intel\AMT\LMS.exe
"Intel(R) Active Management Technology System Status Service" (atchksrv) - "Intel Corporation" - C:\Programme\Intel\AMT\atchksrv.exe
"Intel(R) Active Management Technology User Notification Service" (UNS) - "Intel" - C:\Programme\Intel\AMT\UNS.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe
"Portrait Displays Display Tune Service" (DTSRVC) - ? - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe  (File found, but it contains no detailed information)
"Portrait Displays SDK Service" (PdiService) - "Portrait Displays, Inc." - C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru



Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-12 20:03:13
-----------------------------
20:03:13.625    OS Version: Windows 5.1.2600 Service Pack 3
20:03:13.625    Number of processors: 4 586 0xF0B
20:03:13.625    ComputerName: ESPRIMO  UserName:
20:03:14.093    Initialize success
20:14:45.343    AVAST engine defs: 12091200
20:26:00.875    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-14
20:26:00.875    Disk 0 Vendor: SAMSUNG_HD103UI 1AA01113 Size: 953869MB BusType: 3
20:26:00.875    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1f
20:26:00.875    Disk 1 Vendor: ST3250310AS 4.AAA Size: 238475MB BusType: 3
20:26:00.890    Disk 1 MBR read successfully
20:26:00.890    Disk 1 MBR scan
20:26:00.921    Disk 1 unknown MBR code
20:26:00.921    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS        99998 MB offset 63
20:26:00.921    Disk 1 Partition - 00    0F Extended LBA            138466 MB offset 204796620
20:26:00.937    Disk 1 Partition 2 00    07    HPFS/NTFS NTFS      138466 MB offset 204796683
20:26:00.953    Disk 1 scanning sectors +488376000
20:26:01.015    Disk 1 scanning C:\WINDOWS\system32\drivers
20:26:09.046    Service scanning
20:26:21.640    Modules scanning
20:26:26.062    Disk 1 trace - called modules:
20:26:26.078    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:26:26.078    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b008ab8]
20:26:26.078    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000072[0x8b019f18]
20:26:26.078    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1f[0x8b00a940]
20:26:26.703    AVAST engine scan C:\WINDOWS
20:26:40.703    AVAST engine scan C:\WINDOWS\system32
20:28:31.609    AVAST engine scan C:\WINDOWS\system32\drivers
20:28:44.687    AVAST engine scan C:\Dokumente und Einstellungen\Administrator
20:31:06.546    AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:36:45.812    Scan finished successfully
20:54:04.015    Disk 1 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
20:54:04.015    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.txt"

cosinus 12.09.2012 20:23
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:17 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19