Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   mspd Trojaner o.ä. (https://www.trojaner-board.de/119590-mspd-trojaner-o-ae.html)

cosinus 20.07.2012 15:52
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Bodolino 20.07.2012 20:16
Hey Arne,

hier ist der log

Code:
21:10:37.0767 3504        TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
21:10:39.0795 3504        ============================================================
21:10:39.0795 3504        Current date / time: 2012/07/20 21:10:39.0795
21:10:39.0795 3504        SystemInfo:
21:10:39.0795 3504       
21:10:39.0795 3504        OS Version: 6.1.7601 ServicePack: 1.0
21:10:39.0795 3504        Product type: Workstation
21:10:39.0795 3504        ComputerName: BODO-PC
21:10:39.0795 3504        UserName: Bodo
21:10:39.0795 3504        Windows directory: C:\Windows
21:10:39.0795 3504        System windows directory: C:\Windows
21:10:39.0795 3504        Processor architecture: Intel x86
21:10:39.0795 3504        Number of processors: 2
21:10:39.0795 3504        Page size: 0x1000
21:10:39.0795 3504        Boot type: Normal boot
21:10:39.0795 3504        ============================================================
21:10:42.0135 3504        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:10:42.0167 3504        Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:10:42.0167 3504        ============================================================
21:10:42.0167 3504        \Device\Harddisk0\DR0:
21:10:42.0167 3504        MBR partitions:
21:10:42.0167 3504        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x18600000
21:10:42.0167 3504        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18600800, BlocksNum 0x18600000
21:10:42.0167 3504        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x30C00800, BlocksNum 0x9784800
21:10:42.0167 3504        \Device\Harddisk1\DR1:
21:10:42.0167 3504        MBR partitions:
21:10:42.0167 3504        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
21:10:42.0167 3504        \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0x7801800
21:10:42.0167 3504        \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x14002000, BlocksNum 0x7800000
21:10:42.0198 3504        \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x1B802800, BlocksNum 0x9A01000
21:10:42.0213 3504        \Device\Harddisk1\DR1\Partition4: MBR, Type 0xB, StartLBA 0x25204000, BlocksNum 0x22A000
21:10:42.0213 3504        ============================================================
21:10:42.0323 3504        C: <-> \Device\Harddisk1\DR1\Partition0
21:10:42.0369 3504        D: <-> \Device\Harddisk1\DR1\Partition1
21:10:42.0416 3504        F: <-> \Device\Harddisk1\DR1\Partition3
21:10:42.0479 3504        E: <-> \Device\Harddisk1\DR1\Partition2
21:10:42.0494 3504        G: <-> \Device\Harddisk1\DR1\Partition4
21:10:42.0978 3504        H: <-> \Device\Harddisk0\DR0\Partition0
21:10:43.0009 3504        I: <-> \Device\Harddisk0\DR0\Partition1
21:10:43.0056 3504        J: <-> \Device\Harddisk0\DR0\Partition2
21:10:43.0056 3504        ============================================================
21:10:43.0056 3504        Initialize success
21:10:43.0056 3504        ============================================================
21:11:06.0830 3284        ============================================================
21:11:06.0830 3284        Scan started
21:11:06.0830 3284        Mode: Manual; SigCheck; TDLFS;
21:11:06.0830 3284        ============================================================
21:11:07.0345 3284        !SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:11:07.0423 3284        !SASCORE - ok
21:11:07.0626 3284        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:11:07.0657 3284        1394ohci - ok
21:11:07.0719 3284        AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
21:11:07.0735 3284        AAV UpdateService - ok
21:11:07.0797 3284        acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
21:11:07.0829 3284        acedrv11 - ok
21:11:07.0860 3284        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:11:07.0891 3284        ACPI - ok
21:11:07.0938 3284        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:11:07.0953 3284        AcpiPmi - ok
21:11:08.0063 3284        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:11:08.0078 3284        AdobeFlashPlayerUpdateSvc - ok
21:11:08.0141 3284        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:11:08.0172 3284        adp94xx - ok
21:11:08.0219 3284        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:11:08.0250 3284        adpahci - ok
21:11:08.0281 3284        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:11:08.0312 3284        adpu320 - ok
21:11:08.0343 3284        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:11:08.0375 3284        AeLookupSvc - ok
21:11:08.0421 3284        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:11:08.0437 3284        AFD - ok
21:11:08.0562 3284        AgereSoftModem  (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
21:11:08.0609 3284        AgereSoftModem - ok
21:11:08.0640 3284        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:11:08.0655 3284        agp440 - ok
21:11:08.0687 3284        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:11:08.0702 3284        aic78xx - ok
21:11:08.0749 3284        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:11:08.0765 3284        ALG - ok
21:11:08.0780 3284        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:11:08.0796 3284        aliide - ok
21:11:08.0827 3284        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:11:08.0843 3284        amdagp - ok
21:11:08.0858 3284        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:11:08.0874 3284        amdide - ok
21:11:08.0905 3284        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:11:08.0921 3284        AmdK8 - ok
21:11:08.0952 3284        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:11:08.0967 3284        AmdPPM - ok
21:11:08.0983 3284        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:11:09.0014 3284        amdsata - ok
21:11:09.0045 3284        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:11:09.0077 3284        amdsbs - ok
21:11:09.0092 3284        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:11:09.0108 3284        amdxata - ok
21:11:09.0217 3284        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:11:09.0233 3284        AntiVirSchedulerService - ok
21:11:09.0279 3284        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:11:09.0295 3284        AntiVirService - ok
21:11:09.0342 3284        ApfiltrService  (3477e796ed9c9aace83eab276e4a92b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:11:09.0357 3284        ApfiltrService - ok
21:11:09.0389 3284        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:11:09.0435 3284        AppID - ok
21:11:09.0467 3284        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:11:09.0498 3284        AppIDSvc - ok
21:11:09.0545 3284        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:11:09.0576 3284        Appinfo - ok
21:11:09.0607 3284        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:11:09.0638 3284        arc - ok
21:11:09.0638 3284        archlp - ok
21:11:09.0669 3284        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:11:09.0701 3284        arcsas - ok
21:11:09.0716 3284        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:11:09.0763 3284        AsyncMac - ok
21:11:09.0794 3284        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:11:09.0810 3284        atapi - ok
21:11:09.0857 3284        AthBTPort      (197f4b57b4ea30661330dc8ffe0ee161) C:\Windows\system32\DRIVERS\btath_flt.sys
21:11:09.0872 3284        AthBTPort - ok
21:11:09.0888 3284        ATHDFU          (99925b8ec4fccdb3992292fbcb31069e) C:\Windows\system32\Drivers\AthDfu.sys
21:11:09.0903 3284        ATHDFU - ok
21:11:09.0997 3284        AtherosSvc      (72dd61bb00496ec94e6da09437bc8901) D:\Bluetooth Suite\adminservice.exe
21:11:09.0997 3284        AtherosSvc - ok
21:11:10.0075 3284        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:11:10.0122 3284        AudioEndpointBuilder - ok
21:11:10.0137 3284        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:11:10.0184 3284        Audiosrv - ok
21:11:10.0247 3284        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
21:11:10.0278 3284        avgntflt - ok
21:11:10.0325 3284        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
21:11:10.0340 3284        avipbb - ok
21:11:10.0356 3284        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
21:11:10.0371 3284        avkmgr - ok
21:11:10.0418 3284        avmaudio        (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaudio.sys
21:11:10.0449 3284        avmaudio - ok
21:11:10.0481 3284        avmaura        (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaura.sys
21:11:10.0496 3284        avmaura - ok
21:11:10.0527 3284        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:11:10.0559 3284        AxInstSV - ok
21:11:10.0621 3284        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:11:10.0652 3284        b06bdrv - ok
21:11:10.0683 3284        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:11:10.0715 3284        b57nd60x - ok
21:11:10.0761 3284        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:11:10.0777 3284        BDESVC - ok
21:11:10.0793 3284        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:11:10.0839 3284        Beep - ok
21:11:10.0917 3284        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:11:10.0980 3284        BFE - ok
21:11:11.0042 3284        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
21:11:11.0105 3284        BITS - ok
21:11:11.0136 3284        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:11:11.0151 3284        blbdrive - ok
21:11:11.0183 3284        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:11:11.0214 3284        bowser - ok
21:11:11.0229 3284        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:11:11.0245 3284        BrFiltLo - ok
21:11:11.0261 3284        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:11:11.0292 3284        BrFiltUp - ok
21:11:11.0339 3284        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:11:11.0370 3284        Browser - ok
21:11:11.0417 3284        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:11:11.0448 3284        Brserid - ok
21:11:11.0463 3284        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:11:11.0495 3284        BrSerWdm - ok
21:11:11.0510 3284        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:11:11.0526 3284        BrUsbMdm - ok
21:11:11.0541 3284        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:11:11.0557 3284        BrUsbSer - ok
21:11:11.0619 3284        BTATH_A2DP      (ff5542b83a41eb789f87a724874e7a3a) C:\Windows\system32\drivers\btath_a2dp.sys
21:11:11.0635 3284        BTATH_A2DP - ok
21:11:11.0666 3284        btath_avdt      (5e573c8f0985b6e2ccdb765986e3cc1c) C:\Windows\system32\drivers\btath_avdt.sys
21:11:11.0682 3284        btath_avdt - ok
21:11:11.0713 3284        BTATH_BUS      (9d605dbd544dc5654cdd9274a1ff5750) C:\Windows\system32\DRIVERS\btath_bus.sys
21:11:11.0729 3284        BTATH_BUS - ok
21:11:11.0760 3284        BTATH_HCRP      (4d5f0b263c75e17b5c73fda06117e3b0) C:\Windows\system32\DRIVERS\btath_hcrp.sys
21:11:11.0775 3284        BTATH_HCRP - ok
21:11:11.0791 3284        BTATH_LWFLT    (c05318684959d8990eb64c8b8aebc8a1) C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:11:11.0807 3284        BTATH_LWFLT - ok
21:11:11.0838 3284        BTATH_RCP      (cffc4ad2da60565394d191f32c4b7ef7) C:\Windows\system32\DRIVERS\btath_rcp.sys
21:11:11.0869 3284        BTATH_RCP - ok
21:11:11.0931 3284        BtFilter        (910146ea960ac76648d99ad321130014) C:\Windows\system32\DRIVERS\btfilter.sys
21:11:11.0947 3284        BtFilter - ok
21:11:11.0963 3284        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
21:11:11.0978 3284        BthEnum - ok
21:11:12.0009 3284        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:11:12.0041 3284        BTHMODEM - ok
21:11:12.0072 3284        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:11:12.0103 3284        BthPan - ok
21:11:12.0150 3284        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
21:11:12.0181 3284        BTHPORT - ok
21:11:12.0197 3284        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:11:12.0243 3284        bthserv - ok
21:11:12.0259 3284        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
21:11:12.0290 3284        BTHUSB - ok
21:11:12.0306 3284        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:11:12.0353 3284        cdfs - ok
21:11:12.0384 3284        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
21:11:12.0399 3284        cdrom - ok
21:11:12.0431 3284        ce6230          (ed49c07c591298e546545ef79b529f41) C:\Windows\system32\DRIVERS\CE6230StandaloneDriver.sys
21:11:12.0446 3284        ce6230 ( UnsignedFile.Multi.Generic ) - warning
21:11:12.0446 3284        ce6230 - detected UnsignedFile.Multi.Generic (1)
21:11:12.0462 3284        ce6230BDACAP    (21bcea4a57d7818a252f51674e2605dd) C:\Windows\system32\DRIVERS\CE6230BDA.sys
21:11:12.0462 3284        ce6230BDACAP ( UnsignedFile.Multi.Generic ) - warning
21:11:12.0462 3284        ce6230BDACAP - detected UnsignedFile.Multi.Generic (1)
21:11:12.0493 3284        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:11:12.0540 3284        CertPropSvc - ok
21:11:12.0555 3284        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:11:12.0587 3284        circlass - ok
21:11:12.0633 3284        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:11:12.0665 3284        CLFS - ok
21:11:12.0727 3284        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:11:12.0758 3284        clr_optimization_v2.0.50727_32 - ok
21:11:12.0852 3284        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:11:12.0867 3284        clr_optimization_v4.0.30319_32 - ok
21:11:12.0899 3284        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:11:12.0914 3284        CmBatt - ok
21:11:12.0961 3284        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:11:12.0977 3284        cmdide - ok
21:11:13.0055 3284        CNG            (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
21:11:13.0086 3284        CNG - ok
21:11:13.0117 3284        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:11:13.0133 3284        Compbatt - ok
21:11:13.0164 3284        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:11:13.0195 3284        CompositeBus - ok
21:11:13.0195 3284        COMSysApp - ok
21:11:13.0226 3284        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:11:13.0242 3284        crcdisk - ok
21:11:13.0289 3284        CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
21:11:13.0320 3284        CryptSvc - ok
21:11:13.0382 3284        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:11:13.0445 3284        DcomLaunch - ok
21:11:13.0491 3284        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:11:13.0554 3284        defragsvc - ok
21:11:13.0585 3284        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:11:13.0632 3284        DfsC - ok
21:11:13.0679 3284        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:11:13.0741 3284        Dhcp - ok
21:11:13.0757 3284        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:11:13.0803 3284        discache - ok
21:11:13.0819 3284        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:11:13.0850 3284        Disk - ok
21:11:13.0881 3284        DKbFltr        (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
21:11:13.0897 3284        DKbFltr - ok
21:11:13.0944 3284        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:11:13.0975 3284        Dnscache - ok
21:11:14.0022 3284        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:11:14.0069 3284        dot3svc - ok
21:11:14.0115 3284        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:11:14.0162 3284        DPS - ok
21:11:14.0209 3284        DritekPortIO    (5c918d413f5837e67a85775c9873775e) C:\Program Files\Launch Manager\DPortIO.sys
21:11:14.0225 3284        DritekPortIO - ok
21:11:14.0256 3284        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:11:14.0287 3284        drmkaud - ok
21:11:14.0318 3284        dsiarhwprog    (f35b5d0cc142b87e687fc504baa69d82) C:\Windows\system32\Drivers\dsiarhwprog.sys
21:11:14.0334 3284        dsiarhwprog - ok
21:11:14.0427 3284        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:11:14.0474 3284        DXGKrnl - ok
21:11:14.0505 3284        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:11:14.0552 3284        EapHost - ok
21:11:14.0849 3284        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:11:14.0927 3284        ebdrv - ok
21:11:15.0067 3284        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:11:15.0083 3284        EFS - ok
21:11:15.0161 3284        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:11:15.0192 3284        ehRecvr - ok
21:11:15.0239 3284        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:11:15.0254 3284        ehSched - ok
21:11:15.0317 3284        ElbyCDIO        (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:11:15.0332 3284        ElbyCDIO - ok
21:11:15.0395 3284        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:11:15.0426 3284        elxstor - ok
21:11:15.0473 3284        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:11:15.0488 3284        ErrDev - ok
21:11:15.0566 3284        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:11:15.0613 3284        EventSystem - ok
21:11:15.0644 3284        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:11:15.0691 3284        exfat - ok
21:11:15.0722 3284        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:11:15.0769 3284        fastfat - ok
21:11:15.0847 3284        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:11:15.0878 3284        Fax - ok
21:11:15.0909 3284        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:11:15.0941 3284        fdc - ok
21:11:15.0972 3284        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:11:16.0019 3284        fdPHost - ok
21:11:16.0034 3284        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:11:16.0081 3284        FDResPub - ok
21:11:16.0097 3284        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:11:16.0112 3284        FileInfo - ok
21:11:16.0128 3284        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:11:16.0175 3284        Filetrace - ok
21:11:16.0190 3284        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:11:16.0221 3284        flpydisk - ok
21:11:16.0253 3284        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:11:16.0284 3284        FltMgr - ok
21:11:16.0393 3284        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:11:16.0424 3284        FontCache - ok
21:11:16.0502 3284        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:11:16.0518 3284        FontCache3.0.0.0 - ok
21:11:16.0549 3284        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:11:16.0580 3284        FsDepends - ok
21:11:16.0611 3284        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:11:16.0627 3284        Fs_Rec - ok
21:11:16.0689 3284        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:11:16.0705 3284        fvevol - ok
21:11:16.0736 3284        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:11:16.0752 3284        gagp30kx - ok
21:11:16.0799 3284        GigasetGenericUSB (997527391dec418dc62d784d848d73be) C:\Windows\system32\DRIVERS\GigasetGenericUSB.sys
21:11:16.0814 3284        GigasetGenericUSB - ok
21:11:16.0908 3284        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:11:16.0955 3284        gpsvc - ok
21:11:17.0048 3284        gusvc          (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:11:17.0079 3284        gusvc - ok
21:11:17.0095 3284        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:11:17.0111 3284        hcw85cir - ok
21:11:17.0157 3284        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:11:17.0189 3284        HdAudAddService - ok
21:11:17.0220 3284        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:11:17.0251 3284        HDAudBus - ok
21:11:17.0267 3284        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:11:17.0282 3284        HidBatt - ok
21:11:17.0329 3284        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:11:17.0345 3284        HidBth - ok
21:11:17.0376 3284        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:11:17.0407 3284        HidIr - ok
21:11:17.0423 3284        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:11:17.0469 3284        hidserv - ok
21:11:17.0501 3284        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:11:17.0516 3284        HidUsb - ok
21:11:17.0563 3284        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:11:17.0610 3284        hkmsvc - ok
21:11:17.0657 3284        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:11:17.0672 3284        HomeGroupListener - ok
21:11:17.0719 3284        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:11:17.0750 3284        HomeGroupProvider - ok
21:11:17.0781 3284        hotcore3        (67e058c7c9620acb257342bb6ea26475) C:\Windows\system32\DRIVERS\hotcore3.sys
21:11:17.0797 3284        hotcore3 - ok
21:11:17.0828 3284        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:11:17.0844 3284        HpSAMD - ok
21:11:17.0922 3284        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:11:17.0984 3284        HTTP - ok
21:11:18.0015 3284        hwdatacard      (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:11:18.0031 3284        hwdatacard - ok
21:11:18.0047 3284        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:11:18.0078 3284        hwpolicy - ok
21:11:18.0093 3284        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:11:18.0125 3284        i8042prt - ok
21:11:18.0218 3284        IAANTMON        (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:11:18.0249 3284        IAANTMON - ok
21:11:18.0312 3284        iaStor          (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
21:11:18.0327 3284        iaStor - ok
21:11:18.0390 3284        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:11:18.0421 3284        iaStorV - ok
21:11:18.0593 3284        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:11:18.0624 3284        idsvc - ok
21:11:18.0983 3284        IGBASVC        (f4ae2183b7f4e69c65c20d19d5862915) C:\Program Files\Acer Bio Protection\BASVC.exe
21:11:19.0061 3284        IGBASVC ( UnsignedFile.Multi.Generic ) - warning
21:11:19.0061 3284        IGBASVC - detected UnsignedFile.Multi.Generic (1)
21:11:19.0107 3284        IGDCTRL        (506801c7d47be8cd1cf342bf28eb17ec) D:\Fritzbox\FRITZ!DSL\IGDCTRL.EXE
21:11:19.0123 3284        IGDCTRL - ok
21:11:19.0263 3284        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:11:19.0295 3284        iirsp - ok
21:11:19.0388 3284        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:11:19.0451 3284        IKEEXT - ok
21:11:19.0482 3284        int15          (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
21:11:19.0482 3284        int15 ( UnsignedFile.Multi.Generic ) - warning
21:11:19.0482 3284        int15 - detected UnsignedFile.Multi.Generic (1)
21:11:19.0778 3284        IntcAzAudAddService (82c6cc8ef3494884aed412c127f36ea9) C:\Windows\system32\drivers\RTKVHDA.sys
21:11:19.0856 3284        IntcAzAudAddService - ok
21:11:20.0012 3284        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:11:20.0028 3284        intelide - ok
21:11:20.0059 3284        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:11:20.0090 3284        intelppm - ok
21:11:20.0121 3284        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:11:20.0168 3284        IPBusEnum - ok
21:11:20.0184 3284        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:11:20.0231 3284        IpFilterDriver - ok
21:11:20.0309 3284        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:11:20.0371 3284        iphlpsvc - ok
21:11:20.0402 3284        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:11:20.0433 3284        IPMIDRV - ok
21:11:20.0465 3284        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:11:20.0511 3284        IPNAT - ok
21:11:20.0527 3284        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:11:20.0558 3284        IRENUM - ok
21:11:20.0574 3284        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:11:20.0605 3284        isapnp - ok
21:11:20.0636 3284        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:11:20.0667 3284        iScsiPrt - ok
21:11:20.0699 3284        itecir          (15f737ceda08fe6501c930682616db79) C:\Windows\system32\DRIVERS\itecir.sys
21:11:20.0714 3284        itecir - ok
21:11:20.0745 3284        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:11:20.0777 3284        kbdclass - ok
21:11:20.0808 3284        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:11:20.0839 3284        kbdhid - ok
21:11:20.0855 3284        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:20.0886 3284        KeyIso - ok
21:11:20.0917 3284        KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
21:11:20.0933 3284        KSecDD - ok
21:11:20.0979 3284        KSecPkg        (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
21:11:21.0011 3284        KSecPkg - ok
21:11:21.0057 3284        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:11:21.0120 3284        KtmRm - ok
21:11:21.0135 3284        L1E            (f7cdaba15c7e853f0a11af6d77fca990) C:\Windows\system32\DRIVERS\L1E62x86.sys
21:11:21.0151 3284        L1E - ok
21:11:21.0198 3284        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
21:11:21.0245 3284        LanmanServer - ok
21:11:21.0291 3284        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:11:21.0338 3284        LanmanWorkstation - ok
21:11:21.0541 3284        Lavasoft Ad-Aware Service (c48b0f913c944d736a455191ecd8ff45) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
21:11:21.0603 3284        Lavasoft Ad-Aware Service - ok
21:11:21.0650 3284        Lbd            (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
21:11:21.0681 3284        Lbd - ok
21:11:21.0744 3284        LBTServ        (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
21:11:21.0775 3284        LBTServ - ok
21:11:21.0791 3284        LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:11:21.0806 3284        LHidFilt - ok
21:11:21.0853 3284        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:11:21.0900 3284        lltdio - ok
21:11:21.0931 3284        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:11:21.0978 3284        lltdsvc - ok
21:11:21.0993 3284        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:11:22.0040 3284        lmhosts - ok
21:11:22.0056 3284        LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:11:22.0071 3284        LMouFilt - ok
21:11:22.0103 3284        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:11:22.0118 3284        LSI_FC - ok
21:11:22.0134 3284        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:11:22.0165 3284        LSI_SAS - ok
21:11:22.0181 3284        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:11:22.0196 3284        LSI_SAS2 - ok
21:11:22.0227 3284        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:11:22.0243 3284        LSI_SCSI - ok
21:11:22.0274 3284        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:11:22.0321 3284        luafv - ok
21:11:22.0352 3284        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:11:22.0383 3284        Mcx2Svc - ok
21:11:22.0399 3284        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:11:22.0430 3284        megasas - ok
21:11:22.0446 3284        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:11:22.0477 3284        MegaSR - ok
21:11:22.0508 3284        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:11:22.0555 3284        MMCSS - ok
21:11:22.0571 3284        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:11:22.0617 3284        Modem - ok
21:11:22.0633 3284        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:11:22.0649 3284        monitor - ok
21:11:22.0680 3284        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:11:22.0695 3284        mouclass - ok
21:11:22.0727 3284        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:11:22.0758 3284        mouhid - ok
21:11:22.0805 3284        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:11:22.0820 3284        mountmgr - ok
21:11:22.0867 3284        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:11:22.0883 3284        mpio - ok
21:11:22.0898 3284        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:11:22.0945 3284        mpsdrv - ok
21:11:23.0039 3284        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:11:23.0085 3284        MpsSvc - ok
21:11:23.0132 3284        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:11:23.0148 3284        MRxDAV - ok
21:11:23.0195 3284        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:11:23.0226 3284        mrxsmb - ok
21:11:23.0273 3284        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:11:23.0288 3284        mrxsmb10 - ok
21:11:23.0319 3284        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:11:23.0335 3284        mrxsmb20 - ok
21:11:23.0366 3284        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:11:23.0397 3284        msahci - ok
21:11:23.0444 3284        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:11:23.0475 3284        msdsm - ok
21:11:23.0507 3284        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:11:23.0538 3284        MSDTC - ok
21:11:23.0569 3284        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:11:23.0616 3284        Msfs - ok
21:11:23.0631 3284        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:11:23.0678 3284        mshidkmdf - ok
21:11:23.0694 3284        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:11:23.0725 3284        msisadrv - ok
21:11:23.0756 3284        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:11:23.0803 3284        MSiSCSI - ok
21:11:23.0819 3284        msiserver - ok
21:11:23.0834 3284        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:11:23.0881 3284        MSKSSRV - ok
21:11:23.0897 3284        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:11:23.0943 3284        MSPCLOCK - ok
21:11:23.0959 3284        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:11:24.0006 3284        MSPQM - ok
21:11:24.0037 3284        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:11:24.0053 3284        MsRPC - ok
21:11:24.0099 3284        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:11:24.0131 3284        mssmbios - ok
21:11:24.0131 3284        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:11:24.0177 3284        MSTEE - ok
21:11:24.0193 3284        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:11:24.0224 3284        MTConfig - ok
21:11:24.0240 3284        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:11:24.0271 3284        Mup - ok
21:11:24.0333 3284        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:11:24.0380 3284        napagent - ok
21:11:24.0443 3284        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:11:24.0474 3284        NativeWifiP - ok
21:11:24.0552 3284        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:11:24.0583 3284        NDIS - ok
21:11:24.0599 3284        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:11:24.0645 3284        NdisCap - ok
21:11:24.0661 3284        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:11:24.0708 3284        NdisTapi - ok
21:11:24.0755 3284        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:11:24.0801 3284        Ndisuio - ok
21:11:24.0848 3284        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:11:24.0895 3284        NdisWan - ok
21:11:24.0926 3284        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:11:24.0973 3284        NDProxy - ok
21:11:24.0989 3284        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:11:25.0035 3284        NetBIOS - ok
21:11:25.0113 3284        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:11:25.0160 3284        NetBT - ok
21:11:25.0191 3284        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:25.0223 3284        Netlogon - ok
21:11:25.0285 3284        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:11:25.0332 3284        Netman - ok
21:11:25.0379 3284        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:11:25.0425 3284        netprofm - ok
21:11:25.0519 3284        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:11:25.0535 3284        NetTcpPortSharing - ok
21:11:26.0127 3284        NETw5s32        (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
21:11:26.0252 3284        NETw5s32 - ok
21:11:26.0829 3284        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
21:11:26.0939 3284        netw5v32 - ok
21:11:27.0157 3284        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:11:27.0188 3284        nfrd960 - ok
21:11:27.0235 3284        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:11:27.0282 3284        NlaSvc - ok
21:11:27.0344 3284        NMSAccessU      (fd306fbcce7adb1077b709742e7148e9) D:\CDBurnerXP\NMSAccessU.exe
21:11:27.0360 3284        NMSAccessU - ok
21:11:27.0391 3284        NPF            (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\drivers\npf.sys
21:11:27.0407 3284        NPF - ok
21:11:27.0422 3284        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:11:27.0469 3284        Npfs - ok
21:11:27.0485 3284        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:11:27.0547 3284        nsi - ok
21:11:27.0563 3284        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:11:27.0609 3284        nsiproxy - ok
21:11:27.0750 3284        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:11:27.0812 3284        Ntfs - ok
21:11:27.0812 3284        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:11:27.0859 3284        Null - ok
21:11:27.0890 3284        NVHDA          (8571011b62ce0207fa1dc95d88308f1d) C:\Windows\system32\drivers\nvhda32v.sys
21:11:27.0906 3284        NVHDA - ok
21:11:29.0013 3284        nvlddmkm        (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:11:29.0325 3284        nvlddmkm - ok
21:11:29.0481 3284        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:11:29.0513 3284        nvraid - ok
21:11:29.0544 3284        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:11:29.0559 3284        nvstor - ok
21:11:29.0606 3284        nvsvc          (7a68320fa236ed0479eff93540391568) C:\Windows\system32\nvvsvc.exe
21:11:29.0622 3284        nvsvc - ok
21:11:29.0653 3284        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:11:29.0669 3284        nv_agp - ok
21:11:29.0700 3284        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:11:29.0715 3284        ohci1394 - ok
21:11:29.0778 3284        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:11:29.0809 3284        p2pimsvc - ok
21:11:29.0856 3284        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:11:29.0887 3284        p2psvc - ok
21:11:29.0934 3284        Paragon System Backup Dienst (f9aeb9655b5e1440c2d8ee4b2b5eb263) D:\Paragon Software\Paragon Backup and Recovery 10 Suite\program\dbhservice.exe
21:11:29.0949 3284        Paragon System Backup Dienst - ok
21:11:29.0996 3284        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:11:30.0012 3284        Parport - ok
21:11:30.0059 3284        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:11:30.0074 3284        partmgr - ok
21:11:30.0090 3284        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:11:30.0121 3284        Parvdm - ok
21:11:30.0152 3284        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:11:30.0183 3284        PcaSvc - ok
21:11:30.0230 3284        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:11:30.0246 3284        pci - ok
21:11:30.0261 3284        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:11:30.0293 3284        pciide - ok
21:11:30.0324 3284        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:11:30.0355 3284        pcmcia - ok
21:11:30.0371 3284        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:11:30.0386 3284        pcw - ok
21:11:30.0449 3284        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:11:30.0511 3284        PEAUTH - ok
21:11:30.0714 3284        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:11:30.0792 3284        pla - ok
21:11:30.0948 3284        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:11:30.0979 3284        PlugPlay - ok
21:11:31.0010 3284        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:11:31.0026 3284        PNRPAutoReg - ok
21:11:31.0073 3284        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:11:31.0088 3284        PNRPsvc - ok
21:11:31.0166 3284        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:11:31.0213 3284        PolicyAgent - ok
21:11:31.0275 3284        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:11:31.0322 3284        Power - ok
21:11:31.0369 3284        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:11:31.0416 3284        PptpMiniport - ok
21:11:31.0431 3284        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:11:31.0447 3284        Processor - ok
21:11:31.0509 3284        ProfSvc        (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
21:11:31.0541 3284        ProfSvc - ok
21:11:31.0572 3284        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:31.0603 3284        ProtectedStorage - ok
21:11:31.0619 3284        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:11:31.0665 3284        Psched - ok
21:11:31.0806 3284        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:11:31.0868 3284        ql2300 - ok
21:11:32.0009 3284        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:11:32.0040 3284        ql40xx - ok
21:11:32.0071 3284        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:11:32.0102 3284        QWAVE - ok
21:11:32.0118 3284        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:11:32.0149 3284        QWAVEdrv - ok
21:11:32.0165 3284        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:11:32.0211 3284        RasAcd - ok
21:11:32.0227 3284        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:11:32.0274 3284        RasAgileVpn - ok
21:11:32.0305 3284        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:11:32.0352 3284        RasAuto - ok
21:11:32.0383 3284        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:11:32.0430 3284        Rasl2tp - ok
21:11:32.0508 3284        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:11:32.0555 3284        RasMan - ok
21:11:32.0586 3284        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:11:32.0633 3284        RasPppoe - ok
21:11:32.0648 3284        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:11:32.0695 3284        RasSstp - ok
21:11:32.0726 3284        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:11:32.0773 3284        rdbss - ok
21:11:32.0804 3284        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:11:32.0835 3284        rdpbus - ok
21:11:32.0867 3284        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:11:32.0898 3284        RDPCDD - ok
21:11:32.0913 3284        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:11:32.0960 3284        RDPENCDD - ok
21:11:32.0976 3284        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:11:33.0023 3284        RDPREFMP - ok
21:11:33.0069 3284        RDPWD          (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
21:11:33.0085 3284        RDPWD - ok
21:11:33.0147 3284        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:11:33.0163 3284        rdyboost - ok
21:11:33.0194 3284        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:11:33.0257 3284        RemoteAccess - ok
21:11:33.0288 3284        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:11:33.0335 3284        RemoteRegistry - ok
21:11:33.0381 3284        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:11:33.0413 3284        RFCOMM - ok
21:11:33.0475 3284        rpcapd          (e51a8d02b4bd33eba1f7a5b76c3766ed) C:\Program Files\WinPcap\rpcapd.exe
21:11:33.0491 3284        rpcapd - ok
21:11:33.0506 3284        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:11:33.0569 3284        RpcEptMapper - ok
21:11:33.0584 3284        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:11:33.0615 3284        RpcLocator - ok
21:11:33.0678 3284        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:11:33.0725 3284        RpcSs - ok
21:11:33.0756 3284        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:11:33.0803 3284        rspndr - ok
21:11:33.0849 3284        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:33.0881 3284        SamSs - ok
21:11:33.0959 3284        SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:11:33.0990 3284        SASDIFSV - ok
21:11:34.0021 3284        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:11:34.0037 3284        SASKUTIL - ok
21:11:34.0083 3284        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:11:34.0115 3284        sbp2port - ok
21:11:34.0146 3284        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:11:34.0193 3284        SCardSvr - ok
21:11:34.0224 3284        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:11:34.0271 3284        scfilter - ok
21:11:34.0380 3284        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:11:34.0442 3284        Schedule - ok
21:11:34.0473 3284        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:11:34.0520 3284        SCPolicySvc - ok
21:11:34.0551 3284        sdbus          (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:11:34.0583 3284        sdbus - ok
21:11:34.0614 3284        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:11:34.0629 3284        SDRSVC - ok
21:11:34.0676 3284        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:11:34.0723 3284        secdrv - ok
21:11:34.0739 3284        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:11:34.0785 3284        seclogon - ok
21:11:34.0817 3284        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:11:34.0863 3284        SENS - ok
21:11:34.0895 3284        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:11:34.0910 3284        SensrSvc - ok
21:11:34.0926 3284        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:11:34.0957 3284        Serenum - ok
21:11:34.0973 3284        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:11:35.0004 3284        Serial - ok
21:11:35.0035 3284        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:11:35.0051 3284        sermouse - ok
21:11:35.0113 3284        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:11:35.0160 3284        SessionEnv - ok
21:11:35.0191 3284        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
21:11:35.0207 3284        sffdisk - ok
21:11:35.0238 3284        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:11:35.0253 3284        sffp_mmc - ok
21:11:35.0269 3284        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:11:35.0300 3284        sffp_sd - ok
21:11:35.0331 3284        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:11:35.0363 3284        sfloppy - ok
21:11:35.0425 3284        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:11:35.0487 3284        SharedAccess - ok
21:11:35.0565 3284        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:11:35.0612 3284        ShellHWDetection - ok
21:11:35.0659 3284        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:11:35.0675 3284        sisagp - ok
21:11:35.0721 3284        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:11:35.0737 3284        SiSRaid2 - ok
21:11:35.0768 3284        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:11:35.0784 3284        SiSRaid4 - ok
21:11:35.0799 3284        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:11:35.0846 3284        Smb - ok
21:11:35.0877 3284        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:11:35.0909 3284        SNMPTRAP - ok
21:11:35.0909 3284        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:11:35.0940 3284        spldr - ok
21:11:36.0002 3284        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:11:36.0049 3284        Spooler - ok
21:11:36.0392 3284        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:11:36.0486 3284        sppsvc - ok
21:11:36.0642 3284        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:11:36.0689 3284        sppuinotify - ok
21:11:36.0767 3284        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:11:36.0782 3284        srv - ok
21:11:36.0845 3284        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:11:36.0860 3284        srv2 - ok
21:11:36.0891 3284        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:11:36.0907 3284        srvnet - ok
21:11:36.0969 3284        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:11:37.0016 3284        SSDPSRV - ok
21:11:37.0063 3284        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:11:37.0079 3284        ssmdrv - ok
21:11:37.0110 3284        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:11:37.0157 3284        SstpSvc - ok
21:11:37.0188 3284        StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
21:11:37.0188 3284        StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:11:37.0188 3284        StarOpen - detected UnsignedFile.Multi.Generic (1)
21:11:37.0219 3284        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:11:37.0235 3284        stexstor - ok
21:11:37.0328 3284        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:11:37.0359 3284        StiSvc - ok
21:11:37.0406 3284        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:11:37.0422 3284        swenum - ok
21:11:37.0500 3284        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:11:37.0547 3284        swprv - ok
21:11:37.0609 3284        SynTP          (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys
21:11:37.0625 3284        SynTP - ok
21:11:37.0781 3284        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:11:37.0827 3284        SysMain - ok
21:11:37.0874 3284        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:11:37.0905 3284        TabletInputService - ok
21:11:37.0968 3284        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:11:38.0015 3284        TapiSrv - ok
21:11:38.0046 3284        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:11:38.0093 3284        TBS - ok
21:11:38.0295 3284        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
21:11:38.0342 3284        Tcpip - ok
21:11:38.0373 3284        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
21:11:38.0420 3284        TCPIP6 - ok
21:11:38.0514 3284        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:11:38.0561 3284        tcpipreg - ok
21:11:38.0607 3284        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:11:38.0623 3284        TDPIPE - ok
21:11:38.0654 3284        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:11:38.0685 3284        TDTCP - ok
21:11:38.0717 3284        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:11:38.0763 3284        tdx - ok
21:11:38.0795 3284        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:11:38.0826 3284        TermDD - ok
21:11:38.0904 3284        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:11:38.0966 3284        TermService - ok
21:11:38.0997 3284        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:11:39.0029 3284        Themes - ok
21:11:39.0060 3284        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:11:39.0107 3284        THREADORDER - ok
21:11:39.0122 3284        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:11:39.0169 3284        TrkWks - ok
21:11:39.0247 3284        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:11:39.0294 3284        TrustedInstaller - ok
21:11:39.0309 3284        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:11:39.0356 3284        tssecsrv - ok
21:11:39.0387 3284        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:11:39.0419 3284        TsUsbFlt - ok
21:11:39.0450 3284        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:11:39.0497 3284        tunnel - ok
21:11:39.0528 3284        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:11:39.0543 3284        uagp35 - ok
21:11:39.0606 3284        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:11:39.0653 3284        udfs - ok
21:11:39.0699 3284        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:11:39.0731 3284        UI0Detect - ok
21:11:39.0762 3284        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:11:39.0777 3284        uliagpkx - ok
21:11:39.0809 3284        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:11:39.0824 3284        umbus - ok
21:11:39.0855 3284        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:11:39.0887 3284        UmPass - ok
21:11:39.0933 3284        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:11:39.0980 3284        upnphost - ok
21:11:39.0996 3284        usbbus - ok
21:11:40.0011 3284        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:11:40.0043 3284        usbccgp - ok
21:11:40.0089 3284        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:11:40.0105 3284        usbcir - ok
21:11:40.0121 3284        UsbDiag - ok
21:11:40.0136 3284        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:11:40.0167 3284        usbehci - ok
21:11:40.0199 3284        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:11:40.0277 3284        usbhub - ok
21:11:40.0277 3284        USBModem - ok
21:11:40.0292 3284        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:11:40.0323 3284        usbohci - ok
21:11:40.0339 3284        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:11:40.0370 3284        usbprint - ok
21:11:40.0401 3284        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:11:40.0433 3284        usbscan - ok
21:11:40.0448 3284        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:11:40.0479 3284        USBSTOR - ok
21:11:40.0511 3284        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:11:40.0542 3284        usbuhci - ok
21:11:40.0557 3284        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
21:11:40.0589 3284        usbvideo - ok
21:11:40.0620 3284        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:11:40.0667 3284        UxSms - ok
21:11:40.0698 3284        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:40.0729 3284        VaultSvc - ok
21:11:40.0760 3284        VClone          (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
21:11:40.0776 3284        VClone - ok
21:11:40.0823 3284        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:11:40.0838 3284        vdrvroot - ok
21:11:40.0916 3284        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:11:40.0979 3284        vds - ok
21:11:41.0057 3284        vfsFPService    (eb611abe69d6b4086fd2d5dcdc98c8d0) C:\Windows\system32\vfsFPService.exe
21:11:41.0088 3284        vfsFPService - ok
21:11:41.0103 3284        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:11:41.0135 3284        vga - ok
21:11:41.0150 3284        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:11:41.0197 3284        VgaSave - ok
21:11:41.0244 3284        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:11:41.0275 3284        vhdmp - ok
21:11:41.0306 3284        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:11:41.0322 3284        viaagp - ok
21:11:41.0353 3284        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:11:41.0369 3284        ViaC7 - ok
21:11:41.0384 3284        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:11:41.0415 3284        viaide - ok
21:11:41.0431 3284        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:11:41.0462 3284        volmgr - ok
21:11:41.0509 3284        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:11:41.0540 3284        volmgrx - ok
21:11:41.0571 3284        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:11:41.0603 3284        volsnap - ok
21:11:41.0634 3284        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:11:41.0649 3284        vsmraid - ok
21:11:41.0790 3284        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:11:41.0852 3284        VSS - ok
21:11:41.0868 3284        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:11:41.0899 3284        vwifibus - ok
21:11:41.0930 3284        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:11:41.0961 3284        vwififlt - ok
21:11:41.0961 3284        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
21:11:41.0993 3284        vwifimp - ok
21:11:42.0055 3284        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:11:42.0117 3284        W32Time - ok
21:11:42.0133 3284        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:11:42.0149 3284        WacomPen - ok
21:11:42.0195 3284        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:11:42.0242 3284        WANARP - ok
21:11:42.0242 3284        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:11:42.0289 3284        Wanarpv6 - ok
21:11:42.0445 3284        WatAdminSvc    (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:11:42.0507 3284        WatAdminSvc - ok
21:11:42.0663 3284        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:11:42.0710 3284        wbengine - ok
21:11:42.0757 3284        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:11:42.0788 3284        WbioSrvc - ok
21:11:42.0851 3284        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:11:42.0882 3284        wcncsvc - ok
21:11:42.0913 3284        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:11:42.0929 3284        WcsPlugInService - ok
21:11:42.0975 3284        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:11:43.0007 3284        Wd - ok
21:11:43.0069 3284        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:11:43.0100 3284        Wdf01000 - ok
21:11:43.0131 3284        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:11:43.0163 3284        WdiServiceHost - ok
21:11:43.0163 3284        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:11:43.0194 3284        WdiSystemHost - ok
21:11:43.0256 3284        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:11:43.0287 3284        WebClient - ok
21:11:43.0319 3284        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:11:43.0365 3284        Wecsvc - ok
21:11:43.0381 3284        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:11:43.0443 3284        wercplsupport - ok
21:11:43.0459 3284        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:11:43.0506 3284        WerSvc - ok
21:11:43.0537 3284        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:11:43.0584 3284        WfpLwf - ok
21:11:43.0599 3284        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:11:43.0615 3284        WIMMount - ok
21:11:43.0740 3284        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:11:43.0771 3284        WinDefend - ok
21:11:43.0787 3284        WinHttpAutoProxySvc - ok
21:11:43.0865 3284        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:11:43.0911 3284        Winmgmt - ok
21:11:44.0067 3284        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:11:44.0130 3284        WinRM - ok
21:11:44.0223 3284        WinUSB          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
21:11:44.0255 3284        WinUSB - ok
21:11:44.0348 3284        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:11:44.0395 3284        Wlansvc - ok
21:11:44.0395 3284        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:11:44.0426 3284        WmiAcpi - ok
21:11:44.0504 3284        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:11:44.0535 3284        wmiApSrv - ok
21:11:44.0707 3284        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:11:44.0738 3284        WMPNetworkSvc - ok
21:11:44.0769 3284        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:11:44.0801 3284        WPCSvc - ok
21:11:44.0847 3284        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:11:44.0879 3284        WPDBusEnum - ok
21:11:44.0925 3284        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:11:44.0972 3284        ws2ifsl - ok
21:11:44.0988 3284        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
21:11:45.0019 3284        wscsvc - ok
21:11:45.0050 3284        WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:11:45.0081 3284        WSDPrintDevice - ok
21:11:45.0081 3284        WSearch - ok
21:11:45.0300 3284        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:11:45.0378 3284        wuauserv - ok
21:11:45.0534 3284        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:11:45.0581 3284        WudfPf - ok
21:11:45.0612 3284        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:11:45.0659 3284        WUDFRd - ok
21:11:45.0705 3284        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:11:45.0752 3284        wudfsvc - ok
21:11:45.0799 3284        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:11:45.0830 3284        WwanSvc - ok
21:11:45.0924 3284        {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (74ec37b9eaf9fca015b933a526825c7a) D:\CyberLink\PowerDVD8\PowerDVD8\000.fcl
21:11:45.0939 3284        {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
21:11:45.0955 3284        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:11:46.0002 3284        \Device\Harddisk0\DR0 - ok
21:11:46.0017 3284        MBR (0x1B8)    (8ddf737397eb2d09985691aeeb11731b) \Device\Harddisk1\DR1
21:11:46.0127 3284        \Device\Harddisk1\DR1 - ok
21:11:46.0142 3284        Boot (0x1200)  (dc4c5d3f6ad379009f6e1c6713060f5f) \Device\Harddisk0\DR0\Partition0
21:11:46.0142 3284        \Device\Harddisk0\DR0\Partition0 - ok
21:11:46.0142 3284        Boot (0x1200)  (814ba6653bcef432bdfe29eaf4e44692) \Device\Harddisk0\DR0\Partition1
21:11:46.0158 3284        \Device\Harddisk0\DR0\Partition1 - ok
21:11:46.0173 3284        Boot (0x1200)  (b4c196ad7db3063542d0b683d282e47a) \Device\Harddisk0\DR0\Partition2
21:11:46.0173 3284        \Device\Harddisk0\DR0\Partition2 - ok
21:11:46.0205 3284        Boot (0x1200)  (0b6dce2a0372650655720edf928aacc7) \Device\Harddisk1\DR1\Partition0
21:11:46.0205 3284        \Device\Harddisk1\DR1\Partition0 - ok
21:11:46.0220 3284        Boot (0x1200)  (b6d47442ab71bbd3608f7ecec7401b7b) \Device\Harddisk1\DR1\Partition1
21:11:46.0220 3284        \Device\Harddisk1\DR1\Partition1 - ok
21:11:46.0251 3284        Boot (0x1200)  (e5ca43e037295daaa6245eb34a2bb117) \Device\Harddisk1\DR1\Partition2
21:11:46.0251 3284        \Device\Harddisk1\DR1\Partition2 - ok
21:11:46.0267 3284        Boot (0x1200)  (865d1745d9838ce9c507d6d43ce114c5) \Device\Harddisk1\DR1\Partition3
21:11:46.0267 3284        \Device\Harddisk1\DR1\Partition3 - ok
21:11:46.0298 3284        Boot (0x1200)  (aee1167a15a3bbabd6f246cea6e4409e) \Device\Harddisk1\DR1\Partition4
21:11:46.0298 3284        \Device\Harddisk1\DR1\Partition4 - ok
21:11:46.0298 3284        ============================================================
21:11:46.0298 3284        Scan finished
21:11:46.0298 3284        ============================================================
21:11:46.0314 3668        Detected object count: 5
21:11:46.0314 3668        Actual detected object count: 5
21:11:47.0811 3668        ce6230 ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:47.0811 3668        ce6230 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:47.0811 3668        ce6230BDACAP ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:47.0811 3668        ce6230BDACAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:47.0827 3668        IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:47.0827 3668        IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:47.0843 3668        int15 ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:47.0843 3668        int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:47.0843 3668        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:47.0843 3668        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
Danke schön nochmal für Deine Mühe,
bin echt froh, das es solche wie euch gibt.

Schöne Grüße und bis dann
Bodo

Hey Arne,

sag mal,
ist die Größe oder die Menge der ganzen log´s eigentlich normal, oder bin ich wirklich so arg zugemüllt?

Schönen Gruß
Bodo

cosinus 21.07.2012 15:36
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Bodolino 21.07.2012 22:04
Hey Arne,

hier ist der log von Combo

Code:
ComboFix 12-07-21.01 - Bodo 21.07.2012  22:36:02.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3069.1988 [GMT 2:00]
ausgeführt von:: c:\users\Bodo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-21 bis 2012-07-21  ))))))))))))))))))))))))))))))
.
.
2012-07-20 23:19 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE0D253A-F7F1-4975-87A4-929AB0BF73F9}\mpengine.dll
2012-07-20 04:36 . 2012-07-20 04:36        --------        d-----w-        C:\_OTL
2012-07-15 16:45 . 2012-07-15 16:45        --------        d-----w-        c:\users\Bodo\AppData\Roaming\SUPERAntiSpyware.com
2012-07-15 16:44 . 2012-07-15 16:45        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-07-15 16:44 . 2012-07-15 16:44        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-07-15 14:20 . 2012-07-15 14:20        --------        d-----w-        c:\program files\ESET
2012-07-12 21:02 . 2012-07-12 21:02        --------        d-----w-        c:\program files\Common Files\Java
2012-07-12 21:02 . 2012-07-12 21:02        --------        d-----w-        c:\program files\Oracle
2012-07-11 21:38 . 2012-06-12 02:40        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-07-09 21:11 . 2012-07-09 21:11        --------        d-----w-        c:\users\Bodo\AppData\Roaming\Malwarebytes
2012-07-09 21:11 . 2012-07-09 21:11        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-09 21:11 . 2012-07-15 07:50        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-07-09 21:11 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-09 20:56 . 2012-07-09 20:56        476936        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-07-09 20:56 . 2012-07-12 21:01        --------        d-----w-        c:\program files\Java
2012-06-23 22:16 . 2012-06-23 22:16        --------        d-----w-        c:\users\Bodo\AppData\Local\Macromedia
2012-06-23 21:05 . 2012-06-02 22:19        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-23 21:05 . 2012-06-02 22:19        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-23 21:05 . 2012-06-02 22:12        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-23 21:05 . 2012-06-02 22:19        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-23 21:05 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-23 21:05 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-23 21:05 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-23 21:04 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-23 21:04 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 14:23 . 2012-03-29 16:32        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-12 14:23 . 2011-06-07 04:21        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 20:06 . 2010-05-31 19:10        687544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-05-31 10:25 . 2009-11-17 22:14        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-15 03:03 . 2012-06-13 20:52        981504        ----a-w-        c:\windows\system32\wininet.dll
2012-05-09 04:27 . 2012-01-04 23:58        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-09 04:27 . 2009-11-17 22:11        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-01 04:44 . 2012-06-13 20:52        164352        ----a-w-        c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 20:52        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 20:52        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 20:52        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 20:52        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-13 20:52        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 20:52        1158656        ----a-w-        c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 20:52        103936        ----a-w-        c:\windows\system32\cryptnet.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\Bodo\AppData\Local\Apps\2.0\8C4DLC30.M1O\BW4CZV7Q.50A\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2010-11-22 147456]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 3906432]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-05-19 743584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-08-07 225280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-04 7731744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"AtherosBtStack"="d:\bluetooth suite\BtvStack.exe" [2011-03-31 605344]
"AthBtTray"="d:\bluetooth suite\AthBtTray.exe" [2011-03-31 519328]
"PDFPrint"="d:\pdf24 (pdf kreieren)\pdf24.exe" [2012-05-07 160840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - d:\fritzbox\FRITZ!DSL\FwebProt.exe [2009-4-9 1061688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\maus\Logitech\SetPoint\SetPoint.exe [2009-11-18 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54        551296        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28        72208        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          c:\program files\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Bodo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMUSBFernanschluss
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-09-01 16:00        75048        ------w-        c:\program files\Cyberlink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-06-16 09:58        809480        ----a-w-        c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspd]
2003-08-27 22:22        389632        ----a-w-        c:\windows\System32\mspd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2009-04-15 22:54        50472        ------w-        d:\cyberlink\PowerDVD8\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2009-04-15 22:52        91432        ------w-        d:\cyberlink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31        85160        ----a-w-        d:\virtualclonedrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VitaKeyPdtWzd]
2009-09-05 08:16        3622912        ----a-w-        c:\program files\Acer Bio Protection\PdtWzd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DBHAgent"=d:\paragon software\Paragon Backup and Recovery 10 Suite\program\dbhagent.exe
.
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\system32\DRIVERS\CE6230StandaloneDriver.sys [x]
R3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\system32\DRIVERS\CE6230BDA.sys [x]
R3 dsiarhwprog;dsiarhwprog;c:\windows\system32\Drivers\dsiarhwprog.sys [x]
R3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\DRIVERS\GigasetGenericUSB.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 Paragon System Backup Dienst;Paragon System Backup Dienst;d:\paragon software\Paragon Backup and Recovery 10 Suite\program\dbhservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/01/06 23:51];d:\cyberlink\PowerDVD8\PowerDVD8\000.fcl [x]
S2 AAV UpdateService;AAV UpdateService;d:\homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;d:\bluetooth suite\adminservice.exe [x]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;d:\fritzbox\FRITZ!DSL\IGDCTRL.EXE [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-21 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 05:21]
.
2012-07-21 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 05:21]
.
2012-07-21 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 05:21]
.
2012-07-21 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 05:21]
.
2012-07-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 05:21]
.
2012-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:23]
.
2012-07-21 c:\windows\Tasks\GlaryInitialize.job
- d:\glary utilities (systemoptimierung)\initialize.exe [2009-11-18 06:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.online-translator.com/Default.aspx?prmtlang=de
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: d:\fritzbox\FRITZ!DSL\\sarah.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-3D Ultra MiniGolf Deluxe - c:\windows\IsUn0407.exe
AddRemove-Deer Hunter - Extended Season - g:\deer hunter\Uninst.isu
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\cyberlink\PowerDVD8\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*2*r*a*u*m*Ç=X@**€y*ding a new MRL to recent ones: i:\album\Top 100 2010\041-mehrzad_marashi_und_mark_medlock_-_sweat_(a_la_la_la_la_long).mp3]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*2*r*a*u*m*Ç=X@**€y*ding a new MRL to recent ones: i:\album\Top 100 2010\041-mehrzad_marashi_und_mark_medlock_-_sweat_(a_la_la_la_la_long).mp3\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*b*r*u*n*o*_*m*a*r*s*_*-*_*n*o*t*=X\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*s*n*o*o*p*_*d*o*g*g*_*-*=X\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*_*2*r*a*u*m*Ç=X@**€y*ding a new MRL to recent ones: i:\album\Top 100 2010\041-mehrzad_marashi_und_mark_medlock_-_sweat_(a_la_la_la_la_long).mp3]
"0"=hex:49,3a,5c,41,6c,62,75,6d,5c,54,6f,70,20,31,30,30,20,32,30,31,30,5c,30,
  35,31,2d,75,6e,68,65,69,6c,69,67,5f,2d,5f,66,75,65,72,5f,69,6d,6d,65,72,2e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91AE4577-AFD4-690D-A343-5C8E3C82B1F6}*]
@Allowed: (Read) (RestrictedCode)
"pakejmagabfdeieggdbnmnhhpdkkkkgn"=hex:61,62,70,69,67,69,66,61,6a,6b,67,6f,64,
  6a,69,62,62,64,6e,6b,6b,6f,64,70,67,64,61,6f,68,69,62,66,6b,6d,00,77
.
[HKEY_USERS\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}*]
@Allowed: (Read) (RestrictedCode)
"pahkcmcamhdadjfkagekbgbhjjogehob"=hex:61,62,6d,6f,69,66,6f,69,61,67,66,6d,70,
  70,6c,6a,66,61,62,65,6c,63,69,65,62,67,62,66,68,6c,70,6b,6a,6c,00,77
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(692)
c:\program files\Acer Bio Protection\PwdFilter.DLL
.
- - - - - - - > 'Explorer.exe'(6080)
d:\maus\Logitech\SetPoint\lgscroll.dll
d:\bluetooth suite\AthCopyHook.dll
d:\bluetooth suite\FolderViewImpl.dll
d:\bluetooth suite\athr_debug.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Acer Bio Protection\CompPtcVUI.exe
d:\cdburnerxp\NMSAccessU.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\NOTEPAD.EXE
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-21  22:57:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-21 20:57
.
Vor Suchlauf: 14 Verzeichnis(se), 75.843.272.704 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 75.498.749.952 Bytes frei
.
- - End Of File - - 4F5C2A4452ED25C05E176B227EE230CE
Schönen Gruß und bis dann
Bodo

cosinus 23.07.2012 14:14
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Bodolino 23.07.2012 16:29
Hey Arne,

hier das log von gmer

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-23 17:23:09
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 Hitachi_ rev.FB4O
Running: ijp3ojbf.exe; Driver: C:\Users\Bodo\AppData\Local\Temp\kwtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT            915E3076                                                                                                                                          ZwCreateSection
SSDT            915E3080                                                                                                                                          ZwRequestWaitReplyPort
SSDT            915E307B                                                                                                                                          ZwSetContextThread
SSDT            915E3085                                                                                                                                          ZwSetSecurityObject
SSDT            915E308A                                                                                                                                          ZwSystemDebugControl
SSDT            915E3017                                                                                                                                          ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                          830513C9 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                            8308AD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                              83091EAC 4 Bytes  [76, 30, 5E, 91] {JBE 0x32; POP ESI; XCHG ECX, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                              83092208 4 Bytes  [80, 30, 5E, 91] {XOR BYTE [EAX], 0x5e; XCHG ECX, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                              8309224C 4 Bytes  [7B, 30, 5E, 91] {JNP 0x32; POP ESI; XCHG ECX, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                              830922C8 4 Bytes  [85, 30, 5E, 91] {TEST [EAX], ESI; POP ESI; XCHG ECX, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                              8309231C 4 Bytes  [8A, 30, 5E, 91] {MOV DH, [EAX]; POP ESI; XCHG ECX, EAX}
.text          ...                                                                                                                                             
.vmp2          C:\Windows\system32\drivers\acedrv11.sys                                                                                                          entry point in ".vmp2" section [0x9EC9369D]
.text          D:\CyberLink\PowerDVD8\PowerDVD8\000.fcl                                                                                                          section is writeable [0x9ED8E000, 0x2892, 0xE8000020]
.vmp2          D:\CyberLink\PowerDVD8\PowerDVD8\000.fcl                                                                                                          entry point in ".vmp2" section [0x9EDB1050]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[672] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[672] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]    [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[672] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]      [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[672] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[672] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]    [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[672] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]    [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                          Lbd.sys (Boot Driver/Lavasoft AB)

Device          \Driver\ACPI_HAL \Device\00000057                                                                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                          fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b2235d                                                                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b2235d@0016b84829a2                                                          0x05 0xF2 0x21 0xB1 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b2235d@b0ec7109bdb9                                                          0xD4 0x5C 0x86 0x72 ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b2235d (not active ControlSet)                                                 
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b2235d@0016b84829a2                                                              0x05 0xF2 0x21 0xB1 ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b2235d@b0ec7109bdb9                                                              0xD4 0x5C 0x86 0x72 ...
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91AE4577-AFD4-690D-A343-5C8E3C82B1F6}                                 
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91AE4577-AFD4-690D-A343-5C8E3C82B1F6}@pakejmagabfdeieggdbnmnhhpdkkkkgn  0x61 0x62 0x70 0x69 ...
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}                                 
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}@pahkcmcamhdadjfkagekbgbhjjogehob  0x61 0x62 0x6D 0x6F ...

---- EOF - GMER 1.0.15 ----
Osam folgt gleich

Danke und Gruß
Bodo

und hier ist das log von Osam,
den onlinescan hab ich ja nicht machen sollen?

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:09:12 on 23.07.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"GlaryInitialize.job" - "Glarysoft Ltd" - D:\Glary Utilities (Systemoptimierung)\initialize.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"archlp" (archlp) - ? - C:\Windows\System32\drivers\archlp.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Bodo\AppData\Local\Temp\catchme.sys  (File not found)
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\Program Files\Launch Manager\DPortIO.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"hc3ServiceName" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\DRIVERS\hotcore3.sys
"int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys  (File found, but it contains no detailed information)
"Intel CE6230 Standalone USB Driver" (ce6230) - "Intel Corporation (UK)" - C:\Windows\System32\DRIVERS\CE6230StandaloneDriver.sys
"LGE Mobile Composite USB Device" (usbbus) - ? - C:\Windows\System32\DRIVERS\lgusbbus.sys  (File not found)
"LGE Mobile USB Modem" (USBModem) - ? - C:\Windows\System32\DRIVERS\lgusbmodem.sys  (File not found)
"LGE Mobile USB Serial Port" (UsbDiag) - ? - C:\Windows\System32\DRIVERS\lgusbdiag.sys  (File not found)
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies" - C:\Windows\System32\drivers\npf.sys
"Realfine CE6230 BDA Driver" (ce6230BDACAP) - "Intel Corporation (UK)" - C:\Windows\System32\DRIVERS\CE6230BDA.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - D:\PDF XChange Viewer\Shell Extensions\XCShInfo.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{B8952421-0E55-400B-94A6-FA858FC0A39F} "AppShellPage Class" - "Atheros Commnucations" - D:\Bluetooth Suite\BtvAppExt.dll
{C865E0A2-40BF-4ca7-B3F3-162290A67572} "ContextMenu Class" - "Atheros Commnucations" - D:\Bluetooth Suite\BtContextMenu.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - D:\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - D:\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\FPLaunchCache.dll
{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} "FTShellContext Class" - "Atheros Commnucations" - D:\Bluetooth Suite\ShellContextExt.dll
{72923739-5A47-40A3-9895-25AF0DFBB9E4} "Glary Utilities Context Menu Shell Extension" - "Glarysoft Ltd" - D:\GLARYU~1\CONTEX~1.DLL
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - D:\IZARC(~1\IZArcCM.dll
{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - D:\IZARC(~1\IZArcCM.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - D:\Maus\Logitech\SetPoint\kbcplext.dll
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - D:\Maus\Logitech\SetPoint\mcplext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - D:\MICROS~1\Office\OLKFSTUB.DLL
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - D:\PDF XChange Viewer\Shell Extensions\XCShInfo.dll
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - D:\PDF XChange Viewer\Shell Extensions\XCShInfo.dll
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - D:\PDF XChange Viewer\Shell Extensions\XCShInfo.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - D:\VirtualCloneDrive\ElbyVCDShell.dll
{A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} "XnViewShell Class" - ? - D:\Foto Film und Audio\XnView\ShellEx\XnViewShellExt.dll
XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "ClsidExtension" - "Atheros Commnucations" - D:\Bluetooth Suite\IEPlugIn.dll
"Quick-Launch Area" - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\PwdBank.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "CIESpeechBHO Class" - "Atheros Commnucations" - D:\Bluetooth Suite\IEPlugIn.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\PwdFilter.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"FRITZ!DSL Protect.lnk" - "AVM Berlin" - D:\Fritzbox\FRITZ!DSL\FwebProt.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - D:\Maus\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AVMUSBFernanschluss" - "AVM Berlin" - "C:\Users\Bodo\AppData\Local\Apps\2.0\82CB73C4.JW0\4EA2NR75.5TN\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe"
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"AutoLaunch" - ? - C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly  (File found, but it contains no detailed information)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AthBtTray" - "Atheros Commnucations" - "D:\Bluetooth Suite\AthBtTray.exe"
"AtherosBtStack" - "Atheros Commnucations" - "D:\Bluetooth Suite\BtvStack.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"PDFPrint" - "Geek Software GmbH" - D:\pdf24 (PDF kreieren)\pdf24.exe
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"FRITZ!fax Color Monitor" - "AVM Berlin" - C:\Windows\system32\FritzVistaColorMon.dll
"FRITZ!fax Port Monitor" - "AVM Berlin" - C:\Windows\system32\FritzVistaMon.dll
"hpf3l70v.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l70v.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AAV UpdateService" (AAV UpdateService) - ? - D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"AtherosSvc" (AtherosSvc) - "Atheros Commnucations" - D:\Bluetooth Suite\adminservice.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - D:\Fritzbox\FRITZ!DSL\IGDCTRL.EXE
"EgisTec Service" (IGBASVC) - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\BASVC.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NMSAccessU" (NMSAccessU) - ? - D:\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Paragon System Backup Dienst" (Paragon System Backup Dienst) - "Paragon Software Group" - D:\Paragon Software\Paragon Backup and Recovery 10 Suite\program\dbhservice.exe
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies" - C:\Program Files\WinPcap\rpcapd.exe
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"Validity Fingerprint Service" (vfsFPService) - "Validity Sensors, Inc." - C:\Windows\system32\vfsFPService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"Sarah NSP" - "AVM Berlin" - D:\Fritzbox\FRITZ!DSL\sarah.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"SARAH LSP" - "AVM Berlin" - D:\Fritzbox\FRITZ!DSL\sarah.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Jetzt lass ich noch aswMBR laufen.
Folgt dann sogleich.

Gruß Bodo

So, hier noch das log aswMBR

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-23 18:21:47
-----------------------------
18:21:47.309    OS Version: Windows 6.1.7601 Service Pack 1
18:21:47.309    Number of processors: 2 586 0x170A
18:21:47.324    ComputerName: BODO-PC  UserName: Bodo
18:22:17.027    Initialize success
18:24:09.221    AVAST engine defs: 12072301
18:24:33.744    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:24:33.744    Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
18:24:33.744    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
18:24:33.759    Disk 1 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
18:24:33.775    Disk 1 MBR read successfully
18:24:33.775    Disk 1 MBR scan
18:24:33.806    Disk 1 unknown MBR code
18:24:33.822    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS      102400 MB offset 2048
18:24:33.853    Disk 1 Partition 2 00    07    HPFS/NTFS NTFS        61443 MB offset 209717248
18:24:33.884    Disk 1 Partition 3 00    07    HPFS/NTFS NTFS        61440 MB offset 335552512
18:24:33.884    Disk 1 Partition - 00    0F Extended LBA            79960 MB offset 461381632
18:24:33.931    Disk 1 Partition 4 00    07    HPFS/NTFS NTFS        78850 MB offset 461383680
18:24:33.947    Disk 1 Partition - 00    05    Extended              1109 MB offset 622868480
18:24:34.493    Disk 1 Partition 5 00    0B        FAT32 MSDOS5.0    1108 MB offset 622870528
18:24:34.508    Disk 1 scanning sectors +625139712
18:24:34.571    Disk 1 scanning C:\Windows\system32\drivers
18:24:53.649    Service scanning
18:25:34.771    Modules scanning
18:25:44.521    Disk 1 trace - called modules:
18:25:44.552    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
18:25:44.568    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86eec030]
18:25:44.568    3 CLASSPNP.SYS[8ba7559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x86460028]
18:25:45.582    AVAST engine scan C:\Windows
18:25:50.714    AVAST engine scan C:\Windows\system32
18:30:54.369    AVAST engine scan C:\Windows\system32\drivers
18:31:15.335    AVAST engine scan C:\Users\Bodo
18:34:47.730    AVAST engine scan C:\ProgramData
18:36:59.675    Scan finished successfully
18:37:29.814    Disk 1 MBR has been saved successfully to "C:\Users\Bodo\Desktop\MBR.dat"
18:37:29.830    The log file has been saved successfully to "C:\Users\Bodo\Desktop\aswMBR.txt"
Bis dann
Gruß Bodo

cosinus 24.07.2012 10:47
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Bodolino 26.07.2012 17:28
Hey Arne,

sorry die Datensicherung hat etwas gedauert, ich hoff, ich hab alles.
MBR-Fix hab ich durchgeführt.

Hier einmal das log vor dem Neustart

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-26 18:03:18
-----------------------------
18:03:18.540    OS Version: Windows 6.1.7601 Service Pack 1
18:03:18.540    Number of processors: 2 586 0x170A
18:03:18.540    ComputerName: BODO-PC  UserName: Bodo
18:03:20.194    Initialize success
18:04:50.774    AVAST engine defs: 12072601
18:05:13.394    Verifying
18:05:23.425    Disk 1 Windows 601 MBR fixed successfully
18:12:28.073    Disk 1 MBR has been saved successfully to "C:\Users\Bodo\Desktop\MBR.dat"
18:12:28.073    The log file has been saved successfully to "C:\Users\Bodo\Desktop\aswMBR2.txt"
und nach dem Neustart

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-26 18:21:51
-----------------------------
18:21:51.160    OS Version: Windows 6.1.7601 Service Pack 1
18:21:51.160    Number of processors: 2 586 0x170A
18:21:51.160    ComputerName: BODO-PC  UserName: Bodo
18:21:52.081    Initialize success
18:22:05.200    AVAST engine defs: 12072601
18:23:45.633    The log file has been saved successfully to "C:\Users\Bodo\Desktop\aswMBR3.txt"
Oder hätte ich erst nochmal einen neuen Scan machen sollen und dann das Log?

Danke und bis dann
Gruß Bodo

cosinus 26.07.2012 22:16
Einen ganz neuen Scan mit aswMBR solltest du machen wie beim ersten Start des Tools

Bodolino 26.07.2012 22:39
Hey Arne,

hier ist der neue Log nach dem neuen Scan

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-26 23:27:09
-----------------------------
23:27:09.803    OS Version: Windows 6.1.7601 Service Pack 1
23:27:09.803    Number of processors: 2 586 0x170A
23:27:09.818    ComputerName: BODO-PC  UserName: Bodo
23:27:10.723    Initialize success
23:27:22.704    AVAST engine defs: 12072601
23:27:35.278    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:27:35.278    Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
23:27:35.278    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
23:27:35.293    Disk 1 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
23:27:35.309    Disk 1 MBR read successfully
23:27:35.309    Disk 1 MBR scan
23:27:35.324    Disk 1 Windows 7 default MBR code
23:27:35.340    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS      102400 MB offset 2048
23:27:35.371    Disk 1 Partition 2 00    07    HPFS/NTFS NTFS        61443 MB offset 209717248
23:27:35.402    Disk 1 Partition 3 00    07    HPFS/NTFS NTFS        61440 MB offset 335552512
23:27:35.418    Disk 1 Partition - 00    0F Extended LBA            79960 MB offset 461381632
23:27:35.449    Disk 1 Partition 4 00    07    HPFS/NTFS NTFS        78850 MB offset 461383680
23:27:35.465    Disk 1 Partition - 00    05    Extended              1109 MB offset 622868480
23:27:36.042    Disk 1 Partition 5 00    0B        FAT32 MSDOS5.0    1108 MB offset 622870528
23:27:36.089    Disk 1 scanning sectors +625139712
23:27:36.182    Disk 1 scanning C:\Windows\system32\drivers
23:27:51.502    Service scanning
23:28:30.720    Modules scanning
23:28:40.876    Disk 1 trace - called modules:
23:28:40.907    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
23:28:40.922    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86eed030]
23:28:40.922    3 CLASSPNP.SYS[8b98059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x857bd028]
23:28:41.640    AVAST engine scan C:\Windows
23:28:45.431    AVAST engine scan C:\Windows\system32
23:32:09.245    AVAST engine scan C:\Windows\system32\drivers
23:32:25.095    AVAST engine scan C:\Users\Bodo
23:34:37.898    AVAST engine scan C:\ProgramData
23:36:30.592    Scan finished successfully
23:36:46.302    Disk 1 MBR has been saved successfully to "C:\Users\Bodo\Desktop\MBR.dat"
23:36:46.317    The log file has been saved successfully to "C:\Users\Bodo\Desktop\aswMBR4.txt"
Beim ersten mal kam der blue screen mit der Meldung Drivers IRQL NOT_LESS........?????
Mehr hab ich nicht mehr mitschreiben können.
Weiss nicht ob das auch was zu sagen hat.

Danke und schöne Grüße
Bodo

cosinus 26.07.2012 23:32
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Bodolino 27.07.2012 13:36
Hey Arne,

hier das Log von Malwarebytes.

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.27.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Bodo :: BODO-PC [Administrator]

27.07.2012 05:38:27
mbam-log-2012-07-27 (05-38-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 385438
Laufzeit: 1 Stunde(n), 55 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\winsxs\x86_netfx-debugging_msdia70_b03f5f7f11d50a3a_6.1.7600.16385_none_a5658c87d101b1b3\diasymreader.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Das andere folgt noch.

Gruß Bodo

cosinus 27.07.2012 14:49
Hm, der eine Fund scheint mir eher ein Fehlalarm zu sein :wtf:
Naja du hast ja die Qurantäne, man löscht ja nie alles endgültig über Malwarebytes

Bodolino 27.07.2012 16:56
Hey Arne,

so, jetzt halt Dich fest.
Jetzt kommt der log von SuperAnti

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/27/2012 at 05:22 PM

Application Version : 5.5.1012

Core Rules Database Version : 8970
Trace Rules Database Version: 6782

Scan type      : Complete Scan
Total Scan Time : 02:34:23

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 751
Memory threats detected  : 0
Registry items scanned    : 35084
Registry threats detected : 0
File items scanned        : 160972
File threats detected    : 74

Adware.Tracking Cookie
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\WAL1C7OF.txt [ /imrworldwide.com ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\0PLMWB5S.txt [ /fastclick.net ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\2R6DBYQ5.txt [ /tracking.quisma.com ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\Y52Z0CY5.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\NQ88TGZZ.txt [ /mediaplex.com ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\PHU12GIR.txt [ /ad.zanox.com ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\VW01H9LA.txt [ /atdmt.com ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\OH10EEPB.txt [ /doubleclick.net ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\830B0ROW.txt [ /zanox-affiliate.de ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\KM3SFH0T.txt [ /adfarm1.adition.com ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\A895P47F.txt [ /track.adform.net ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\2VWOKTHE.txt [ /adbrite.com ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\IVEVKVXA.txt [ /apmebf.com ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\EUBMUWQB.txt [ /zanox.com ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\7321EY1D.txt [ /pro-market.net ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\Y4O0SJCM.txt [ /www.zanox-affiliate.de ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\7DIEBN46.txt [ /dyntracker.com ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\GESDBPFI.txt [ /smartadserver.com ]
        C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\EY669TVU.txt [ /adform.net ]
        C:\USERS\BODO\AppData\Roaming\Microsoft\Windows\Cookies\Low\bodo@atdmt[2].txt [ Cookie:bodo@atdmt.com/ ]
        C:\USERS\BODO\Cookies\WAL1C7OF.txt [ Cookie:bodo@imrworldwide.com/cgi-bin ]
        C:\USERS\BODO\Cookies\0PLMWB5S.txt [ Cookie:bodo@fastclick.net/ ]
        C:\USERS\BODO\Cookies\VW01H9LA.txt [ Cookie:bodo@atdmt.com/ ]
        C:\USERS\BODO\Cookies\OH10EEPB.txt [ Cookie:bodo@doubleclick.net/ ]
        C:\USERS\BODO\Cookies\2VWOKTHE.txt [ Cookie:bodo@adbrite.com/ ]
        C:\USERS\BODO\Cookies\IVEVKVXA.txt [ Cookie:bodo@apmebf.com/ ]
        C:\USERS\BODO\Cookies\EUBMUWQB.txt [ Cookie:bodo@zanox.com/ ]
        C:\USERS\BODO\Cookies\7321EY1D.txt [ Cookie:bodo@pro-market.net/ ]
        C:\USERS\BODO\Cookies\Y4O0SJCM.txt [ Cookie:bodo@www.zanox-affiliate.de/ ]
        C:\USERS\BODO\Cookies\7DIEBN46.txt [ Cookie:bodo@dyntracker.com/ ]
        C:\USERS\BODO\Cookies\GESDBPFI.txt [ Cookie:bodo@smartadserver.com/ ]
        C:\USERS\BODO\Cookies\EY669TVU.txt [ Cookie:bodo@adform.net/ ]
        C:\USERS\BODO\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BODO@WW251.SMARTADSERVER[1].TXT [ /WW251.SMARTADSERVER ]
        .serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        beacons.hottraffic.nl [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Krpytik
        E:\SIERRA\UPBALL3\L0.DLL
        E:\SIERRA\UPBALL3\L1.DLL
        E:\SIERRA\UPBALL3\L4.DLL
        E:\SIERRA\UPBALL3\L5.DLL
        E:\SIERRA\UPBALL3\T0.DLL
        E:\SIERRA\UPBALL3\T2.DLL
        E:\SIERRA\UPBALL3\T3.DLL
        E:\SIERRA\UPBALL3\T4.DLL
        E:\SIERRA\UPBALL3\T5.DLL
        E:\SIERRA\UPBALL3\V0.DLL
        E:\SIERRA\UPBALL3\V1.DLL
        E:\SIERRA\UPBALL3\V2.DLL
        E:\SIERRA\UPBALL3\V3.DLL
        E:\SIERRA\UPBALL3\V4.DLL
        E:\SIERRA\UPBALL3\V5.DLL

Trojan.Agent/Gen-Malagent
        C:\WINDOWS\SYSTEM32\MSPD.EXE
Ich hab jetzt noch nichts gelöscht etc.
Und die liebe MSPD ist auch wieder dabei.

Schöne Grüße
Bodo

cosinus 27.07.2012 20:54
Code:
C:\WINDOWS\SYSTEM32\MSPD.EXE
Ach mist :stirn: die hab ich schon in den OTL-Logs übersehen :o
Lade sie mal bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html

Der Rest besteht aber aus Cookies und Fehlalarmen


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:42 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131