Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
mspd Trojaner o.ä.

mspd Trojaner o.ä.


Plagegeister aller Art und deren Bekämpfung: mspd Trojaner o.ä.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 20.07.2012, 15:52   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.07.2012, 20:16   #17
Bodolino
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Hey Arne,

hier ist der log

Code:
ATTFilter
21:10:37.0767 3504	TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
21:10:39.0795 3504	============================================================
21:10:39.0795 3504	Current date / time: 2012/07/20 21:10:39.0795
21:10:39.0795 3504	SystemInfo:
21:10:39.0795 3504	
21:10:39.0795 3504	OS Version: 6.1.7601 ServicePack: 1.0
21:10:39.0795 3504	Product type: Workstation
21:10:39.0795 3504	ComputerName: BODO-PC
21:10:39.0795 3504	UserName: Bodo
21:10:39.0795 3504	Windows directory: C:\Windows
21:10:39.0795 3504	System windows directory: C:\Windows
21:10:39.0795 3504	Processor architecture: Intel x86
21:10:39.0795 3504	Number of processors: 2
21:10:39.0795 3504	Page size: 0x1000
21:10:39.0795 3504	Boot type: Normal boot
21:10:39.0795 3504	============================================================
21:10:42.0135 3504	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:10:42.0167 3504	Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:10:42.0167 3504	============================================================
21:10:42.0167 3504	\Device\Harddisk0\DR0:
21:10:42.0167 3504	MBR partitions:
21:10:42.0167 3504	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x18600000
21:10:42.0167 3504	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18600800, BlocksNum 0x18600000
21:10:42.0167 3504	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x30C00800, BlocksNum 0x9784800
21:10:42.0167 3504	\Device\Harddisk1\DR1:
21:10:42.0167 3504	MBR partitions:
21:10:42.0167 3504	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
21:10:42.0167 3504	\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0x7801800
21:10:42.0167 3504	\Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x14002000, BlocksNum 0x7800000
21:10:42.0198 3504	\Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x1B802800, BlocksNum 0x9A01000
21:10:42.0213 3504	\Device\Harddisk1\DR1\Partition4: MBR, Type 0xB, StartLBA 0x25204000, BlocksNum 0x22A000
21:10:42.0213 3504	============================================================
21:10:42.0323 3504	C: <-> \Device\Harddisk1\DR1\Partition0
21:10:42.0369 3504	D: <-> \Device\Harddisk1\DR1\Partition1
21:10:42.0416 3504	F: <-> \Device\Harddisk1\DR1\Partition3
21:10:42.0479 3504	E: <-> \Device\Harddisk1\DR1\Partition2
21:10:42.0494 3504	G: <-> \Device\Harddisk1\DR1\Partition4
21:10:42.0978 3504	H: <-> \Device\Harddisk0\DR0\Partition0
21:10:43.0009 3504	I: <-> \Device\Harddisk0\DR0\Partition1
21:10:43.0056 3504	J: <-> \Device\Harddisk0\DR0\Partition2
21:10:43.0056 3504	============================================================
21:10:43.0056 3504	Initialize success
21:10:43.0056 3504	============================================================
21:11:06.0830 3284	============================================================
21:11:06.0830 3284	Scan started
21:11:06.0830 3284	Mode: Manual; SigCheck; TDLFS; 
21:11:06.0830 3284	============================================================
21:11:07.0345 3284	!SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:11:07.0423 3284	!SASCORE - ok
21:11:07.0626 3284	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:11:07.0657 3284	1394ohci - ok
21:11:07.0719 3284	AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
21:11:07.0735 3284	AAV UpdateService - ok
21:11:07.0797 3284	acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
21:11:07.0829 3284	acedrv11 - ok
21:11:07.0860 3284	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:11:07.0891 3284	ACPI - ok
21:11:07.0938 3284	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:11:07.0953 3284	AcpiPmi - ok
21:11:08.0063 3284	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:11:08.0078 3284	AdobeFlashPlayerUpdateSvc - ok
21:11:08.0141 3284	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:11:08.0172 3284	adp94xx - ok
21:11:08.0219 3284	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:11:08.0250 3284	adpahci - ok
21:11:08.0281 3284	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:11:08.0312 3284	adpu320 - ok
21:11:08.0343 3284	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:11:08.0375 3284	AeLookupSvc - ok
21:11:08.0421 3284	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:11:08.0437 3284	AFD - ok
21:11:08.0562 3284	AgereSoftModem  (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
21:11:08.0609 3284	AgereSoftModem - ok
21:11:08.0640 3284	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:11:08.0655 3284	agp440 - ok
21:11:08.0687 3284	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:11:08.0702 3284	aic78xx - ok
21:11:08.0749 3284	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:11:08.0765 3284	ALG - ok
21:11:08.0780 3284	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:11:08.0796 3284	aliide - ok
21:11:08.0827 3284	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:11:08.0843 3284	amdagp - ok
21:11:08.0858 3284	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:11:08.0874 3284	amdide - ok
21:11:08.0905 3284	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:11:08.0921 3284	AmdK8 - ok
21:11:08.0952 3284	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:11:08.0967 3284	AmdPPM - ok
21:11:08.0983 3284	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:11:09.0014 3284	amdsata - ok
21:11:09.0045 3284	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:11:09.0077 3284	amdsbs - ok
21:11:09.0092 3284	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:11:09.0108 3284	amdxata - ok
21:11:09.0217 3284	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:11:09.0233 3284	AntiVirSchedulerService - ok
21:11:09.0279 3284	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:11:09.0295 3284	AntiVirService - ok
21:11:09.0342 3284	ApfiltrService  (3477e796ed9c9aace83eab276e4a92b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:11:09.0357 3284	ApfiltrService - ok
21:11:09.0389 3284	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:11:09.0435 3284	AppID - ok
21:11:09.0467 3284	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:11:09.0498 3284	AppIDSvc - ok
21:11:09.0545 3284	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:11:09.0576 3284	Appinfo - ok
21:11:09.0607 3284	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:11:09.0638 3284	arc - ok
21:11:09.0638 3284	archlp - ok
21:11:09.0669 3284	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:11:09.0701 3284	arcsas - ok
21:11:09.0716 3284	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:11:09.0763 3284	AsyncMac - ok
21:11:09.0794 3284	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:11:09.0810 3284	atapi - ok
21:11:09.0857 3284	AthBTPort       (197f4b57b4ea30661330dc8ffe0ee161) C:\Windows\system32\DRIVERS\btath_flt.sys
21:11:09.0872 3284	AthBTPort - ok
21:11:09.0888 3284	ATHDFU          (99925b8ec4fccdb3992292fbcb31069e) C:\Windows\system32\Drivers\AthDfu.sys
21:11:09.0903 3284	ATHDFU - ok
21:11:09.0997 3284	AtherosSvc      (72dd61bb00496ec94e6da09437bc8901) D:\Bluetooth Suite\adminservice.exe
21:11:09.0997 3284	AtherosSvc - ok
21:11:10.0075 3284	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:11:10.0122 3284	AudioEndpointBuilder - ok
21:11:10.0137 3284	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:11:10.0184 3284	Audiosrv - ok
21:11:10.0247 3284	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
21:11:10.0278 3284	avgntflt - ok
21:11:10.0325 3284	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
21:11:10.0340 3284	avipbb - ok
21:11:10.0356 3284	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
21:11:10.0371 3284	avkmgr - ok
21:11:10.0418 3284	avmaudio        (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaudio.sys
21:11:10.0449 3284	avmaudio - ok
21:11:10.0481 3284	avmaura         (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaura.sys
21:11:10.0496 3284	avmaura - ok
21:11:10.0527 3284	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:11:10.0559 3284	AxInstSV - ok
21:11:10.0621 3284	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:11:10.0652 3284	b06bdrv - ok
21:11:10.0683 3284	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:11:10.0715 3284	b57nd60x - ok
21:11:10.0761 3284	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:11:10.0777 3284	BDESVC - ok
21:11:10.0793 3284	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:11:10.0839 3284	Beep - ok
21:11:10.0917 3284	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:11:10.0980 3284	BFE - ok
21:11:11.0042 3284	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
21:11:11.0105 3284	BITS - ok
21:11:11.0136 3284	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:11:11.0151 3284	blbdrive - ok
21:11:11.0183 3284	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:11:11.0214 3284	bowser - ok
21:11:11.0229 3284	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:11:11.0245 3284	BrFiltLo - ok
21:11:11.0261 3284	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:11:11.0292 3284	BrFiltUp - ok
21:11:11.0339 3284	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:11:11.0370 3284	Browser - ok
21:11:11.0417 3284	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:11:11.0448 3284	Brserid - ok
21:11:11.0463 3284	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:11:11.0495 3284	BrSerWdm - ok
21:11:11.0510 3284	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:11:11.0526 3284	BrUsbMdm - ok
21:11:11.0541 3284	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:11:11.0557 3284	BrUsbSer - ok
21:11:11.0619 3284	BTATH_A2DP      (ff5542b83a41eb789f87a724874e7a3a) C:\Windows\system32\drivers\btath_a2dp.sys
21:11:11.0635 3284	BTATH_A2DP - ok
21:11:11.0666 3284	btath_avdt      (5e573c8f0985b6e2ccdb765986e3cc1c) C:\Windows\system32\drivers\btath_avdt.sys
21:11:11.0682 3284	btath_avdt - ok
21:11:11.0713 3284	BTATH_BUS       (9d605dbd544dc5654cdd9274a1ff5750) C:\Windows\system32\DRIVERS\btath_bus.sys
21:11:11.0729 3284	BTATH_BUS - ok
21:11:11.0760 3284	BTATH_HCRP      (4d5f0b263c75e17b5c73fda06117e3b0) C:\Windows\system32\DRIVERS\btath_hcrp.sys
21:11:11.0775 3284	BTATH_HCRP - ok
21:11:11.0791 3284	BTATH_LWFLT     (c05318684959d8990eb64c8b8aebc8a1) C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:11:11.0807 3284	BTATH_LWFLT - ok
21:11:11.0838 3284	BTATH_RCP       (cffc4ad2da60565394d191f32c4b7ef7) C:\Windows\system32\DRIVERS\btath_rcp.sys
21:11:11.0869 3284	BTATH_RCP - ok
21:11:11.0931 3284	BtFilter        (910146ea960ac76648d99ad321130014) C:\Windows\system32\DRIVERS\btfilter.sys
21:11:11.0947 3284	BtFilter - ok
21:11:11.0963 3284	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
21:11:11.0978 3284	BthEnum - ok
21:11:12.0009 3284	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:11:12.0041 3284	BTHMODEM - ok
21:11:12.0072 3284	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:11:12.0103 3284	BthPan - ok
21:11:12.0150 3284	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
21:11:12.0181 3284	BTHPORT - ok
21:11:12.0197 3284	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:11:12.0243 3284	bthserv - ok
21:11:12.0259 3284	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
21:11:12.0290 3284	BTHUSB - ok
21:11:12.0306 3284	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:11:12.0353 3284	cdfs - ok
21:11:12.0384 3284	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
21:11:12.0399 3284	cdrom - ok
21:11:12.0431 3284	ce6230          (ed49c07c591298e546545ef79b529f41) C:\Windows\system32\DRIVERS\CE6230StandaloneDriver.sys
21:11:12.0446 3284	ce6230 ( UnsignedFile.Multi.Generic ) - warning
21:11:12.0446 3284	ce6230 - detected UnsignedFile.Multi.Generic (1)
21:11:12.0462 3284	ce6230BDACAP    (21bcea4a57d7818a252f51674e2605dd) C:\Windows\system32\DRIVERS\CE6230BDA.sys
21:11:12.0462 3284	ce6230BDACAP ( UnsignedFile.Multi.Generic ) - warning
21:11:12.0462 3284	ce6230BDACAP - detected UnsignedFile.Multi.Generic (1)
21:11:12.0493 3284	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:11:12.0540 3284	CertPropSvc - ok
21:11:12.0555 3284	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:11:12.0587 3284	circlass - ok
21:11:12.0633 3284	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:11:12.0665 3284	CLFS - ok
21:11:12.0727 3284	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:11:12.0758 3284	clr_optimization_v2.0.50727_32 - ok
21:11:12.0852 3284	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:11:12.0867 3284	clr_optimization_v4.0.30319_32 - ok
21:11:12.0899 3284	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:11:12.0914 3284	CmBatt - ok
21:11:12.0961 3284	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:11:12.0977 3284	cmdide - ok
21:11:13.0055 3284	CNG             (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
21:11:13.0086 3284	CNG - ok
21:11:13.0117 3284	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:11:13.0133 3284	Compbatt - ok
21:11:13.0164 3284	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:11:13.0195 3284	CompositeBus - ok
21:11:13.0195 3284	COMSysApp - ok
21:11:13.0226 3284	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:11:13.0242 3284	crcdisk - ok
21:11:13.0289 3284	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
21:11:13.0320 3284	CryptSvc - ok
21:11:13.0382 3284	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:11:13.0445 3284	DcomLaunch - ok
21:11:13.0491 3284	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:11:13.0554 3284	defragsvc - ok
21:11:13.0585 3284	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:11:13.0632 3284	DfsC - ok
21:11:13.0679 3284	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:11:13.0741 3284	Dhcp - ok
21:11:13.0757 3284	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:11:13.0803 3284	discache - ok
21:11:13.0819 3284	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:11:13.0850 3284	Disk - ok
21:11:13.0881 3284	DKbFltr         (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
21:11:13.0897 3284	DKbFltr - ok
21:11:13.0944 3284	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:11:13.0975 3284	Dnscache - ok
21:11:14.0022 3284	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:11:14.0069 3284	dot3svc - ok
21:11:14.0115 3284	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:11:14.0162 3284	DPS - ok
21:11:14.0209 3284	DritekPortIO    (5c918d413f5837e67a85775c9873775e) C:\Program Files\Launch Manager\DPortIO.sys
21:11:14.0225 3284	DritekPortIO - ok
21:11:14.0256 3284	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:11:14.0287 3284	drmkaud - ok
21:11:14.0318 3284	dsiarhwprog     (f35b5d0cc142b87e687fc504baa69d82) C:\Windows\system32\Drivers\dsiarhwprog.sys
21:11:14.0334 3284	dsiarhwprog - ok
21:11:14.0427 3284	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:11:14.0474 3284	DXGKrnl - ok
21:11:14.0505 3284	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:11:14.0552 3284	EapHost - ok
21:11:14.0849 3284	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:11:14.0927 3284	ebdrv - ok
21:11:15.0067 3284	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:11:15.0083 3284	EFS - ok
21:11:15.0161 3284	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:11:15.0192 3284	ehRecvr - ok
21:11:15.0239 3284	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:11:15.0254 3284	ehSched - ok
21:11:15.0317 3284	ElbyCDIO        (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:11:15.0332 3284	ElbyCDIO - ok
21:11:15.0395 3284	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:11:15.0426 3284	elxstor - ok
21:11:15.0473 3284	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:11:15.0488 3284	ErrDev - ok
21:11:15.0566 3284	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:11:15.0613 3284	EventSystem - ok
21:11:15.0644 3284	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:11:15.0691 3284	exfat - ok
21:11:15.0722 3284	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:11:15.0769 3284	fastfat - ok
21:11:15.0847 3284	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:11:15.0878 3284	Fax - ok
21:11:15.0909 3284	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:11:15.0941 3284	fdc - ok
21:11:15.0972 3284	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:11:16.0019 3284	fdPHost - ok
21:11:16.0034 3284	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:11:16.0081 3284	FDResPub - ok
21:11:16.0097 3284	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:11:16.0112 3284	FileInfo - ok
21:11:16.0128 3284	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:11:16.0175 3284	Filetrace - ok
21:11:16.0190 3284	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:11:16.0221 3284	flpydisk - ok
21:11:16.0253 3284	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:11:16.0284 3284	FltMgr - ok
21:11:16.0393 3284	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:11:16.0424 3284	FontCache - ok
21:11:16.0502 3284	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:11:16.0518 3284	FontCache3.0.0.0 - ok
21:11:16.0549 3284	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:11:16.0580 3284	FsDepends - ok
21:11:16.0611 3284	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:11:16.0627 3284	Fs_Rec - ok
21:11:16.0689 3284	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:11:16.0705 3284	fvevol - ok
21:11:16.0736 3284	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:11:16.0752 3284	gagp30kx - ok
21:11:16.0799 3284	GigasetGenericUSB (997527391dec418dc62d784d848d73be) C:\Windows\system32\DRIVERS\GigasetGenericUSB.sys
21:11:16.0814 3284	GigasetGenericUSB - ok
21:11:16.0908 3284	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:11:16.0955 3284	gpsvc - ok
21:11:17.0048 3284	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:11:17.0079 3284	gusvc - ok
21:11:17.0095 3284	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:11:17.0111 3284	hcw85cir - ok
21:11:17.0157 3284	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:11:17.0189 3284	HdAudAddService - ok
21:11:17.0220 3284	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:11:17.0251 3284	HDAudBus - ok
21:11:17.0267 3284	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:11:17.0282 3284	HidBatt - ok
21:11:17.0329 3284	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:11:17.0345 3284	HidBth - ok
21:11:17.0376 3284	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:11:17.0407 3284	HidIr - ok
21:11:17.0423 3284	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:11:17.0469 3284	hidserv - ok
21:11:17.0501 3284	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:11:17.0516 3284	HidUsb - ok
21:11:17.0563 3284	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:11:17.0610 3284	hkmsvc - ok
21:11:17.0657 3284	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:11:17.0672 3284	HomeGroupListener - ok
21:11:17.0719 3284	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:11:17.0750 3284	HomeGroupProvider - ok
21:11:17.0781 3284	hotcore3        (67e058c7c9620acb257342bb6ea26475) C:\Windows\system32\DRIVERS\hotcore3.sys
21:11:17.0797 3284	hotcore3 - ok
21:11:17.0828 3284	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:11:17.0844 3284	HpSAMD - ok
21:11:17.0922 3284	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:11:17.0984 3284	HTTP - ok
21:11:18.0015 3284	hwdatacard      (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:11:18.0031 3284	hwdatacard - ok
21:11:18.0047 3284	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:11:18.0078 3284	hwpolicy - ok
21:11:18.0093 3284	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:11:18.0125 3284	i8042prt - ok
21:11:18.0218 3284	IAANTMON        (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:11:18.0249 3284	IAANTMON - ok
21:11:18.0312 3284	iaStor          (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
21:11:18.0327 3284	iaStor - ok
21:11:18.0390 3284	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:11:18.0421 3284	iaStorV - ok
21:11:18.0593 3284	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:11:18.0624 3284	idsvc - ok
21:11:18.0983 3284	IGBASVC         (f4ae2183b7f4e69c65c20d19d5862915) C:\Program Files\Acer Bio Protection\BASVC.exe
21:11:19.0061 3284	IGBASVC ( UnsignedFile.Multi.Generic ) - warning
21:11:19.0061 3284	IGBASVC - detected UnsignedFile.Multi.Generic (1)
21:11:19.0107 3284	IGDCTRL         (506801c7d47be8cd1cf342bf28eb17ec) D:\Fritzbox\FRITZ!DSL\IGDCTRL.EXE
21:11:19.0123 3284	IGDCTRL - ok
21:11:19.0263 3284	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:11:19.0295 3284	iirsp - ok
21:11:19.0388 3284	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:11:19.0451 3284	IKEEXT - ok
21:11:19.0482 3284	int15           (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
21:11:19.0482 3284	int15 ( UnsignedFile.Multi.Generic ) - warning
21:11:19.0482 3284	int15 - detected UnsignedFile.Multi.Generic (1)
21:11:19.0778 3284	IntcAzAudAddService (82c6cc8ef3494884aed412c127f36ea9) C:\Windows\system32\drivers\RTKVHDA.sys
21:11:19.0856 3284	IntcAzAudAddService - ok
21:11:20.0012 3284	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:11:20.0028 3284	intelide - ok
21:11:20.0059 3284	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:11:20.0090 3284	intelppm - ok
21:11:20.0121 3284	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:11:20.0168 3284	IPBusEnum - ok
21:11:20.0184 3284	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:11:20.0231 3284	IpFilterDriver - ok
21:11:20.0309 3284	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:11:20.0371 3284	iphlpsvc - ok
21:11:20.0402 3284	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:11:20.0433 3284	IPMIDRV - ok
21:11:20.0465 3284	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:11:20.0511 3284	IPNAT - ok
21:11:20.0527 3284	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:11:20.0558 3284	IRENUM - ok
21:11:20.0574 3284	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:11:20.0605 3284	isapnp - ok
21:11:20.0636 3284	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:11:20.0667 3284	iScsiPrt - ok
21:11:20.0699 3284	itecir          (15f737ceda08fe6501c930682616db79) C:\Windows\system32\DRIVERS\itecir.sys
21:11:20.0714 3284	itecir - ok
21:11:20.0745 3284	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:11:20.0777 3284	kbdclass - ok
21:11:20.0808 3284	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:11:20.0839 3284	kbdhid - ok
21:11:20.0855 3284	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:20.0886 3284	KeyIso - ok
21:11:20.0917 3284	KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
21:11:20.0933 3284	KSecDD - ok
21:11:20.0979 3284	KSecPkg         (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
21:11:21.0011 3284	KSecPkg - ok
21:11:21.0057 3284	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:11:21.0120 3284	KtmRm - ok
21:11:21.0135 3284	L1E             (f7cdaba15c7e853f0a11af6d77fca990) C:\Windows\system32\DRIVERS\L1E62x86.sys
21:11:21.0151 3284	L1E - ok
21:11:21.0198 3284	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
21:11:21.0245 3284	LanmanServer - ok
21:11:21.0291 3284	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:11:21.0338 3284	LanmanWorkstation - ok
21:11:21.0541 3284	Lavasoft Ad-Aware Service (c48b0f913c944d736a455191ecd8ff45) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
21:11:21.0603 3284	Lavasoft Ad-Aware Service - ok
21:11:21.0650 3284	Lbd             (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
21:11:21.0681 3284	Lbd - ok
21:11:21.0744 3284	LBTServ         (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
21:11:21.0775 3284	LBTServ - ok
21:11:21.0791 3284	LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:11:21.0806 3284	LHidFilt - ok
21:11:21.0853 3284	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:11:21.0900 3284	lltdio - ok
21:11:21.0931 3284	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:11:21.0978 3284	lltdsvc - ok
21:11:21.0993 3284	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:11:22.0040 3284	lmhosts - ok
21:11:22.0056 3284	LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:11:22.0071 3284	LMouFilt - ok
21:11:22.0103 3284	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:11:22.0118 3284	LSI_FC - ok
21:11:22.0134 3284	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:11:22.0165 3284	LSI_SAS - ok
21:11:22.0181 3284	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:11:22.0196 3284	LSI_SAS2 - ok
21:11:22.0227 3284	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:11:22.0243 3284	LSI_SCSI - ok
21:11:22.0274 3284	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:11:22.0321 3284	luafv - ok
21:11:22.0352 3284	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:11:22.0383 3284	Mcx2Svc - ok
21:11:22.0399 3284	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:11:22.0430 3284	megasas - ok
21:11:22.0446 3284	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:11:22.0477 3284	MegaSR - ok
21:11:22.0508 3284	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:11:22.0555 3284	MMCSS - ok
21:11:22.0571 3284	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:11:22.0617 3284	Modem - ok
21:11:22.0633 3284	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:11:22.0649 3284	monitor - ok
21:11:22.0680 3284	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:11:22.0695 3284	mouclass - ok
21:11:22.0727 3284	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:11:22.0758 3284	mouhid - ok
21:11:22.0805 3284	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:11:22.0820 3284	mountmgr - ok
21:11:22.0867 3284	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:11:22.0883 3284	mpio - ok
21:11:22.0898 3284	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:11:22.0945 3284	mpsdrv - ok
21:11:23.0039 3284	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:11:23.0085 3284	MpsSvc - ok
21:11:23.0132 3284	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:11:23.0148 3284	MRxDAV - ok
21:11:23.0195 3284	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:11:23.0226 3284	mrxsmb - ok
21:11:23.0273 3284	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:11:23.0288 3284	mrxsmb10 - ok
21:11:23.0319 3284	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:11:23.0335 3284	mrxsmb20 - ok
21:11:23.0366 3284	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:11:23.0397 3284	msahci - ok
21:11:23.0444 3284	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:11:23.0475 3284	msdsm - ok
21:11:23.0507 3284	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:11:23.0538 3284	MSDTC - ok
21:11:23.0569 3284	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:11:23.0616 3284	Msfs - ok
21:11:23.0631 3284	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:11:23.0678 3284	mshidkmdf - ok
21:11:23.0694 3284	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:11:23.0725 3284	msisadrv - ok
21:11:23.0756 3284	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:11:23.0803 3284	MSiSCSI - ok
21:11:23.0819 3284	msiserver - ok
21:11:23.0834 3284	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:11:23.0881 3284	MSKSSRV - ok
21:11:23.0897 3284	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:11:23.0943 3284	MSPCLOCK - ok
21:11:23.0959 3284	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:11:24.0006 3284	MSPQM - ok
21:11:24.0037 3284	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:11:24.0053 3284	MsRPC - ok
21:11:24.0099 3284	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:11:24.0131 3284	mssmbios - ok
21:11:24.0131 3284	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:11:24.0177 3284	MSTEE - ok
21:11:24.0193 3284	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:11:24.0224 3284	MTConfig - ok
21:11:24.0240 3284	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:11:24.0271 3284	Mup - ok
21:11:24.0333 3284	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:11:24.0380 3284	napagent - ok
21:11:24.0443 3284	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:11:24.0474 3284	NativeWifiP - ok
21:11:24.0552 3284	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:11:24.0583 3284	NDIS - ok
21:11:24.0599 3284	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:11:24.0645 3284	NdisCap - ok
21:11:24.0661 3284	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:11:24.0708 3284	NdisTapi - ok
21:11:24.0755 3284	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:11:24.0801 3284	Ndisuio - ok
21:11:24.0848 3284	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:11:24.0895 3284	NdisWan - ok
21:11:24.0926 3284	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:11:24.0973 3284	NDProxy - ok
21:11:24.0989 3284	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:11:25.0035 3284	NetBIOS - ok
21:11:25.0113 3284	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:11:25.0160 3284	NetBT - ok
21:11:25.0191 3284	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:25.0223 3284	Netlogon - ok
21:11:25.0285 3284	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:11:25.0332 3284	Netman - ok
21:11:25.0379 3284	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:11:25.0425 3284	netprofm - ok
21:11:25.0519 3284	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:11:25.0535 3284	NetTcpPortSharing - ok
21:11:26.0127 3284	NETw5s32        (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
21:11:26.0252 3284	NETw5s32 - ok
21:11:26.0829 3284	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
21:11:26.0939 3284	netw5v32 - ok
21:11:27.0157 3284	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:11:27.0188 3284	nfrd960 - ok
21:11:27.0235 3284	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:11:27.0282 3284	NlaSvc - ok
21:11:27.0344 3284	NMSAccessU      (fd306fbcce7adb1077b709742e7148e9) D:\CDBurnerXP\NMSAccessU.exe
21:11:27.0360 3284	NMSAccessU - ok
21:11:27.0391 3284	NPF             (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\drivers\npf.sys
21:11:27.0407 3284	NPF - ok
21:11:27.0422 3284	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:11:27.0469 3284	Npfs - ok
21:11:27.0485 3284	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:11:27.0547 3284	nsi - ok
21:11:27.0563 3284	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:11:27.0609 3284	nsiproxy - ok
21:11:27.0750 3284	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:11:27.0812 3284	Ntfs - ok
21:11:27.0812 3284	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:11:27.0859 3284	Null - ok
21:11:27.0890 3284	NVHDA           (8571011b62ce0207fa1dc95d88308f1d) C:\Windows\system32\drivers\nvhda32v.sys
21:11:27.0906 3284	NVHDA - ok
21:11:29.0013 3284	nvlddmkm        (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:11:29.0325 3284	nvlddmkm - ok
21:11:29.0481 3284	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:11:29.0513 3284	nvraid - ok
21:11:29.0544 3284	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:11:29.0559 3284	nvstor - ok
21:11:29.0606 3284	nvsvc           (7a68320fa236ed0479eff93540391568) C:\Windows\system32\nvvsvc.exe
21:11:29.0622 3284	nvsvc - ok
21:11:29.0653 3284	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:11:29.0669 3284	nv_agp - ok
21:11:29.0700 3284	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:11:29.0715 3284	ohci1394 - ok
21:11:29.0778 3284	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:11:29.0809 3284	p2pimsvc - ok
21:11:29.0856 3284	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:11:29.0887 3284	p2psvc - ok
21:11:29.0934 3284	Paragon System Backup Dienst (f9aeb9655b5e1440c2d8ee4b2b5eb263) D:\Paragon Software\Paragon Backup and Recovery 10 Suite\program\dbhservice.exe
21:11:29.0949 3284	Paragon System Backup Dienst - ok
21:11:29.0996 3284	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:11:30.0012 3284	Parport - ok
21:11:30.0059 3284	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:11:30.0074 3284	partmgr - ok
21:11:30.0090 3284	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:11:30.0121 3284	Parvdm - ok
21:11:30.0152 3284	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:11:30.0183 3284	PcaSvc - ok
21:11:30.0230 3284	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:11:30.0246 3284	pci - ok
21:11:30.0261 3284	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:11:30.0293 3284	pciide - ok
21:11:30.0324 3284	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:11:30.0355 3284	pcmcia - ok
21:11:30.0371 3284	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:11:30.0386 3284	pcw - ok
21:11:30.0449 3284	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:11:30.0511 3284	PEAUTH - ok
21:11:30.0714 3284	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:11:30.0792 3284	pla - ok
21:11:30.0948 3284	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:11:30.0979 3284	PlugPlay - ok
21:11:31.0010 3284	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:11:31.0026 3284	PNRPAutoReg - ok
21:11:31.0073 3284	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:11:31.0088 3284	PNRPsvc - ok
21:11:31.0166 3284	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:11:31.0213 3284	PolicyAgent - ok
21:11:31.0275 3284	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:11:31.0322 3284	Power - ok
21:11:31.0369 3284	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:11:31.0416 3284	PptpMiniport - ok
21:11:31.0431 3284	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:11:31.0447 3284	Processor - ok
21:11:31.0509 3284	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
21:11:31.0541 3284	ProfSvc - ok
21:11:31.0572 3284	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:31.0603 3284	ProtectedStorage - ok
21:11:31.0619 3284	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:11:31.0665 3284	Psched - ok
21:11:31.0806 3284	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:11:31.0868 3284	ql2300 - ok
21:11:32.0009 3284	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:11:32.0040 3284	ql40xx - ok
21:11:32.0071 3284	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:11:32.0102 3284	QWAVE - ok
21:11:32.0118 3284	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:11:32.0149 3284	QWAVEdrv - ok
21:11:32.0165 3284	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:11:32.0211 3284	RasAcd - ok
21:11:32.0227 3284	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:11:32.0274 3284	RasAgileVpn - ok
21:11:32.0305 3284	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:11:32.0352 3284	RasAuto - ok
21:11:32.0383 3284	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:11:32.0430 3284	Rasl2tp - ok
21:11:32.0508 3284	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:11:32.0555 3284	RasMan - ok
21:11:32.0586 3284	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:11:32.0633 3284	RasPppoe - ok
21:11:32.0648 3284	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:11:32.0695 3284	RasSstp - ok
21:11:32.0726 3284	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:11:32.0773 3284	rdbss - ok
21:11:32.0804 3284	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:11:32.0835 3284	rdpbus - ok
21:11:32.0867 3284	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:11:32.0898 3284	RDPCDD - ok
21:11:32.0913 3284	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:11:32.0960 3284	RDPENCDD - ok
21:11:32.0976 3284	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:11:33.0023 3284	RDPREFMP - ok
21:11:33.0069 3284	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
21:11:33.0085 3284	RDPWD - ok
21:11:33.0147 3284	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:11:33.0163 3284	rdyboost - ok
21:11:33.0194 3284	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:11:33.0257 3284	RemoteAccess - ok
21:11:33.0288 3284	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:11:33.0335 3284	RemoteRegistry - ok
21:11:33.0381 3284	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:11:33.0413 3284	RFCOMM - ok
21:11:33.0475 3284	rpcapd          (e51a8d02b4bd33eba1f7a5b76c3766ed) C:\Program Files\WinPcap\rpcapd.exe
21:11:33.0491 3284	rpcapd - ok
21:11:33.0506 3284	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:11:33.0569 3284	RpcEptMapper - ok
21:11:33.0584 3284	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:11:33.0615 3284	RpcLocator - ok
21:11:33.0678 3284	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:11:33.0725 3284	RpcSs - ok
21:11:33.0756 3284	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:11:33.0803 3284	rspndr - ok
21:11:33.0849 3284	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:33.0881 3284	SamSs - ok
21:11:33.0959 3284	SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:11:33.0990 3284	SASDIFSV - ok
21:11:34.0021 3284	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:11:34.0037 3284	SASKUTIL - ok
21:11:34.0083 3284	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:11:34.0115 3284	sbp2port - ok
21:11:34.0146 3284	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:11:34.0193 3284	SCardSvr - ok
21:11:34.0224 3284	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:11:34.0271 3284	scfilter - ok
21:11:34.0380 3284	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:11:34.0442 3284	Schedule - ok
21:11:34.0473 3284	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:11:34.0520 3284	SCPolicySvc - ok
21:11:34.0551 3284	sdbus           (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:11:34.0583 3284	sdbus - ok
21:11:34.0614 3284	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:11:34.0629 3284	SDRSVC - ok
21:11:34.0676 3284	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:11:34.0723 3284	secdrv - ok
21:11:34.0739 3284	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:11:34.0785 3284	seclogon - ok
21:11:34.0817 3284	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:11:34.0863 3284	SENS - ok
21:11:34.0895 3284	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:11:34.0910 3284	SensrSvc - ok
21:11:34.0926 3284	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:11:34.0957 3284	Serenum - ok
21:11:34.0973 3284	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:11:35.0004 3284	Serial - ok
21:11:35.0035 3284	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:11:35.0051 3284	sermouse - ok
21:11:35.0113 3284	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:11:35.0160 3284	SessionEnv - ok
21:11:35.0191 3284	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
21:11:35.0207 3284	sffdisk - ok
21:11:35.0238 3284	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:11:35.0253 3284	sffp_mmc - ok
21:11:35.0269 3284	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:11:35.0300 3284	sffp_sd - ok
21:11:35.0331 3284	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:11:35.0363 3284	sfloppy - ok
21:11:35.0425 3284	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:11:35.0487 3284	SharedAccess - ok
21:11:35.0565 3284	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:11:35.0612 3284	ShellHWDetection - ok
21:11:35.0659 3284	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:11:35.0675 3284	sisagp - ok
21:11:35.0721 3284	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:11:35.0737 3284	SiSRaid2 - ok
21:11:35.0768 3284	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:11:35.0784 3284	SiSRaid4 - ok
21:11:35.0799 3284	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:11:35.0846 3284	Smb - ok
21:11:35.0877 3284	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:11:35.0909 3284	SNMPTRAP - ok
21:11:35.0909 3284	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:11:35.0940 3284	spldr - ok
21:11:36.0002 3284	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:11:36.0049 3284	Spooler - ok
21:11:36.0392 3284	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:11:36.0486 3284	sppsvc - ok
21:11:36.0642 3284	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:11:36.0689 3284	sppuinotify - ok
21:11:36.0767 3284	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:11:36.0782 3284	srv - ok
21:11:36.0845 3284	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:11:36.0860 3284	srv2 - ok
21:11:36.0891 3284	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:11:36.0907 3284	srvnet - ok
21:11:36.0969 3284	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:11:37.0016 3284	SSDPSRV - ok
21:11:37.0063 3284	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:11:37.0079 3284	ssmdrv - ok
21:11:37.0110 3284	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:11:37.0157 3284	SstpSvc - ok
21:11:37.0188 3284	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
21:11:37.0188 3284	StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:11:37.0188 3284	StarOpen - detected UnsignedFile.Multi.Generic (1)
21:11:37.0219 3284	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:11:37.0235 3284	stexstor - ok
21:11:37.0328 3284	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:11:37.0359 3284	StiSvc - ok
21:11:37.0406 3284	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:11:37.0422 3284	swenum - ok
21:11:37.0500 3284	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:11:37.0547 3284	swprv - ok
21:11:37.0609 3284	SynTP           (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys
21:11:37.0625 3284	SynTP - ok
21:11:37.0781 3284	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:11:37.0827 3284	SysMain - ok
21:11:37.0874 3284	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:11:37.0905 3284	TabletInputService - ok
21:11:37.0968 3284	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:11:38.0015 3284	TapiSrv - ok
21:11:38.0046 3284	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:11:38.0093 3284	TBS - ok
21:11:38.0295 3284	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
21:11:38.0342 3284	Tcpip - ok
21:11:38.0373 3284	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
21:11:38.0420 3284	TCPIP6 - ok
21:11:38.0514 3284	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:11:38.0561 3284	tcpipreg - ok
21:11:38.0607 3284	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:11:38.0623 3284	TDPIPE - ok
21:11:38.0654 3284	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:11:38.0685 3284	TDTCP - ok
21:11:38.0717 3284	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:11:38.0763 3284	tdx - ok
21:11:38.0795 3284	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:11:38.0826 3284	TermDD - ok
21:11:38.0904 3284	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:11:38.0966 3284	TermService - ok
21:11:38.0997 3284	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:11:39.0029 3284	Themes - ok
21:11:39.0060 3284	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:11:39.0107 3284	THREADORDER - ok
21:11:39.0122 3284	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:11:39.0169 3284	TrkWks - ok
21:11:39.0247 3284	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:11:39.0294 3284	TrustedInstaller - ok
21:11:39.0309 3284	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:11:39.0356 3284	tssecsrv - ok
21:11:39.0387 3284	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:11:39.0419 3284	TsUsbFlt - ok
21:11:39.0450 3284	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:11:39.0497 3284	tunnel - ok
21:11:39.0528 3284	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:11:39.0543 3284	uagp35 - ok
21:11:39.0606 3284	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:11:39.0653 3284	udfs - ok
21:11:39.0699 3284	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:11:39.0731 3284	UI0Detect - ok
21:11:39.0762 3284	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:11:39.0777 3284	uliagpkx - ok
21:11:39.0809 3284	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:11:39.0824 3284	umbus - ok
21:11:39.0855 3284	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:11:39.0887 3284	UmPass - ok
21:11:39.0933 3284	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:11:39.0980 3284	upnphost - ok
21:11:39.0996 3284	usbbus - ok
21:11:40.0011 3284	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:11:40.0043 3284	usbccgp - ok
21:11:40.0089 3284	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:11:40.0105 3284	usbcir - ok
21:11:40.0121 3284	UsbDiag - ok
21:11:40.0136 3284	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:11:40.0167 3284	usbehci - ok
21:11:40.0199 3284	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:11:40.0277 3284	usbhub - ok
21:11:40.0277 3284	USBModem - ok
21:11:40.0292 3284	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:11:40.0323 3284	usbohci - ok
21:11:40.0339 3284	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:11:40.0370 3284	usbprint - ok
21:11:40.0401 3284	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:11:40.0433 3284	usbscan - ok
21:11:40.0448 3284	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:11:40.0479 3284	USBSTOR - ok
21:11:40.0511 3284	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:11:40.0542 3284	usbuhci - ok
21:11:40.0557 3284	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
21:11:40.0589 3284	usbvideo - ok
21:11:40.0620 3284	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:11:40.0667 3284	UxSms - ok
21:11:40.0698 3284	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:40.0729 3284	VaultSvc - ok
21:11:40.0760 3284	VClone          (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
21:11:40.0776 3284	VClone - ok
21:11:40.0823 3284	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:11:40.0838 3284	vdrvroot - ok
21:11:40.0916 3284	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:11:40.0979 3284	vds - ok
21:11:41.0057 3284	vfsFPService    (eb611abe69d6b4086fd2d5dcdc98c8d0) C:\Windows\system32\vfsFPService.exe
21:11:41.0088 3284	vfsFPService - ok
21:11:41.0103 3284	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:11:41.0135 3284	vga - ok
21:11:41.0150 3284	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:11:41.0197 3284	VgaSave - ok
21:11:41.0244 3284	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:11:41.0275 3284	vhdmp - ok
21:11:41.0306 3284	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:11:41.0322 3284	viaagp - ok
21:11:41.0353 3284	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:11:41.0369 3284	ViaC7 - ok
21:11:41.0384 3284	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:11:41.0415 3284	viaide - ok
21:11:41.0431 3284	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:11:41.0462 3284	volmgr - ok
21:11:41.0509 3284	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:11:41.0540 3284	volmgrx - ok
21:11:41.0571 3284	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:11:41.0603 3284	volsnap - ok
21:11:41.0634 3284	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:11:41.0649 3284	vsmraid - ok
21:11:41.0790 3284	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:11:41.0852 3284	VSS - ok
21:11:41.0868 3284	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:11:41.0899 3284	vwifibus - ok
21:11:41.0930 3284	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:11:41.0961 3284	vwififlt - ok
21:11:41.0961 3284	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
21:11:41.0993 3284	vwifimp - ok
21:11:42.0055 3284	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:11:42.0117 3284	W32Time - ok
21:11:42.0133 3284	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:11:42.0149 3284	WacomPen - ok
21:11:42.0195 3284	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:11:42.0242 3284	WANARP - ok
21:11:42.0242 3284	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:11:42.0289 3284	Wanarpv6 - ok
21:11:42.0445 3284	WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:11:42.0507 3284	WatAdminSvc - ok
21:11:42.0663 3284	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:11:42.0710 3284	wbengine - ok
21:11:42.0757 3284	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:11:42.0788 3284	WbioSrvc - ok
21:11:42.0851 3284	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:11:42.0882 3284	wcncsvc - ok
21:11:42.0913 3284	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:11:42.0929 3284	WcsPlugInService - ok
21:11:42.0975 3284	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:11:43.0007 3284	Wd - ok
21:11:43.0069 3284	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:11:43.0100 3284	Wdf01000 - ok
21:11:43.0131 3284	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:11:43.0163 3284	WdiServiceHost - ok
21:11:43.0163 3284	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:11:43.0194 3284	WdiSystemHost - ok
21:11:43.0256 3284	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:11:43.0287 3284	WebClient - ok
21:11:43.0319 3284	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:11:43.0365 3284	Wecsvc - ok
21:11:43.0381 3284	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:11:43.0443 3284	wercplsupport - ok
21:11:43.0459 3284	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:11:43.0506 3284	WerSvc - ok
21:11:43.0537 3284	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:11:43.0584 3284	WfpLwf - ok
21:11:43.0599 3284	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:11:43.0615 3284	WIMMount - ok
21:11:43.0740 3284	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:11:43.0771 3284	WinDefend - ok
21:11:43.0787 3284	WinHttpAutoProxySvc - ok
21:11:43.0865 3284	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:11:43.0911 3284	Winmgmt - ok
21:11:44.0067 3284	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:11:44.0130 3284	WinRM - ok
21:11:44.0223 3284	WinUSB          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
21:11:44.0255 3284	WinUSB - ok
21:11:44.0348 3284	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:11:44.0395 3284	Wlansvc - ok
21:11:44.0395 3284	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:11:44.0426 3284	WmiAcpi - ok
21:11:44.0504 3284	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:11:44.0535 3284	wmiApSrv - ok
21:11:44.0707 3284	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:11:44.0738 3284	WMPNetworkSvc - ok
21:11:44.0769 3284	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:11:44.0801 3284	WPCSvc - ok
21:11:44.0847 3284	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:11:44.0879 3284	WPDBusEnum - ok
21:11:44.0925 3284	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:11:44.0972 3284	ws2ifsl - ok
21:11:44.0988 3284	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
21:11:45.0019 3284	wscsvc - ok
21:11:45.0050 3284	WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:11:45.0081 3284	WSDPrintDevice - ok
21:11:45.0081 3284	WSearch - ok
21:11:45.0300 3284	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:11:45.0378 3284	wuauserv - ok
21:11:45.0534 3284	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:11:45.0581 3284	WudfPf - ok
21:11:45.0612 3284	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:11:45.0659 3284	WUDFRd - ok
21:11:45.0705 3284	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:11:45.0752 3284	wudfsvc - ok
21:11:45.0799 3284	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:11:45.0830 3284	WwanSvc - ok
21:11:45.0924 3284	{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (74ec37b9eaf9fca015b933a526825c7a) D:\CyberLink\PowerDVD8\PowerDVD8\000.fcl
21:11:45.0939 3284	{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
21:11:45.0955 3284	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:11:46.0002 3284	\Device\Harddisk0\DR0 - ok
21:11:46.0017 3284	MBR (0x1B8)     (8ddf737397eb2d09985691aeeb11731b) \Device\Harddisk1\DR1
21:11:46.0127 3284	\Device\Harddisk1\DR1 - ok
21:11:46.0142 3284	Boot (0x1200)   (dc4c5d3f6ad379009f6e1c6713060f5f) \Device\Harddisk0\DR0\Partition0
21:11:46.0142 3284	\Device\Harddisk0\DR0\Partition0 - ok
21:11:46.0142 3284	Boot (0x1200)   (814ba6653bcef432bdfe29eaf4e44692) \Device\Harddisk0\DR0\Partition1
21:11:46.0158 3284	\Device\Harddisk0\DR0\Partition1 - ok
21:11:46.0173 3284	Boot (0x1200)   (b4c196ad7db3063542d0b683d282e47a) \Device\Harddisk0\DR0\Partition2
21:11:46.0173 3284	\Device\Harddisk0\DR0\Partition2 - ok
21:11:46.0205 3284	Boot (0x1200)   (0b6dce2a0372650655720edf928aacc7) \Device\Harddisk1\DR1\Partition0
21:11:46.0205 3284	\Device\Harddisk1\DR1\Partition0 - ok
21:11:46.0220 3284	Boot (0x1200)   (b6d47442ab71bbd3608f7ecec7401b7b) \Device\Harddisk1\DR1\Partition1
21:11:46.0220 3284	\Device\Harddisk1\DR1\Partition1 - ok
21:11:46.0251 3284	Boot (0x1200)   (e5ca43e037295daaa6245eb34a2bb117) \Device\Harddisk1\DR1\Partition2
21:11:46.0251 3284	\Device\Harddisk1\DR1\Partition2 - ok
21:11:46.0267 3284	Boot (0x1200)   (865d1745d9838ce9c507d6d43ce114c5) \Device\Harddisk1\DR1\Partition3
21:11:46.0267 3284	\Device\Harddisk1\DR1\Partition3 - ok
21:11:46.0298 3284	Boot (0x1200)   (aee1167a15a3bbabd6f246cea6e4409e) \Device\Harddisk1\DR1\Partition4
21:11:46.0298 3284	\Device\Harddisk1\DR1\Partition4 - ok
21:11:46.0298 3284	============================================================
21:11:46.0298 3284	Scan finished
21:11:46.0298 3284	============================================================
21:11:46.0314 3668	Detected object count: 5
21:11:46.0314 3668	Actual detected object count: 5
21:11:47.0811 3668	ce6230 ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:47.0811 3668	ce6230 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:11:47.0811 3668	ce6230BDACAP ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:47.0811 3668	ce6230BDACAP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:11:47.0827 3668	IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:47.0827 3668	IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:11:47.0843 3668	int15 ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:47.0843 3668	int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:11:47.0843 3668	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:47.0843 3668	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
Danke schön nochmal für Deine Mühe,
bin echt froh, das es solche wie euch gibt.

Schöne Grüße und bis dann
Bodo

Hey Arne,

sag mal,
ist die Größe oder die Menge der ganzen log´s eigentlich normal, oder bin ich wirklich so arg zugemüllt?

Schönen Gruß
Bodo
__________________
Alt 21.07.2012, 15:36   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
__________________
Alt 21.07.2012, 22:04   #19
Bodolino
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Hey Arne,

hier ist der log von Combo

Code:
ATTFilter
ComboFix 12-07-21.01 - Bodo 21.07.2012  22:36:02.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3069.1988 [GMT 2:00]
ausgeführt von:: c:\users\Bodo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-21 bis 2012-07-21  ))))))))))))))))))))))))))))))
.
.
2012-07-20 23:19 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE0D253A-F7F1-4975-87A4-929AB0BF73F9}\mpengine.dll
2012-07-20 04:36 . 2012-07-20 04:36	--------	d-----w-	C:\_OTL
2012-07-15 16:45 . 2012-07-15 16:45	--------	d-----w-	c:\users\Bodo\AppData\Roaming\SUPERAntiSpyware.com
2012-07-15 16:44 . 2012-07-15 16:45	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-07-15 16:44 . 2012-07-15 16:44	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-07-15 14:20 . 2012-07-15 14:20	--------	d-----w-	c:\program files\ESET
2012-07-12 21:02 . 2012-07-12 21:02	--------	d-----w-	c:\program files\Common Files\Java
2012-07-12 21:02 . 2012-07-12 21:02	--------	d-----w-	c:\program files\Oracle
2012-07-11 21:38 . 2012-06-12 02:40	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-09 21:11 . 2012-07-09 21:11	--------	d-----w-	c:\users\Bodo\AppData\Roaming\Malwarebytes
2012-07-09 21:11 . 2012-07-09 21:11	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-09 21:11 . 2012-07-15 07:50	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-09 21:11 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-09 20:56 . 2012-07-09 20:56	476936	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-07-09 20:56 . 2012-07-12 21:01	--------	d-----w-	c:\program files\Java
2012-06-23 22:16 . 2012-06-23 22:16	--------	d-----w-	c:\users\Bodo\AppData\Local\Macromedia
2012-06-23 21:05 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-23 21:05 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-23 21:05 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-23 21:05 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-23 21:05 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-23 21:05 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-23 21:05 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-23 21:04 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-23 21:04 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 14:23 . 2012-03-29 16:32	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-12 14:23 . 2011-06-07 04:21	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 20:06 . 2010-05-31 19:10	687544	----a-w-	c:\windows\system32\deployJava1.dll
2012-05-31 10:25 . 2009-11-17 22:14	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-15 03:03 . 2012-06-13 20:52	981504	----a-w-	c:\windows\system32\wininet.dll
2012-05-09 04:27 . 2012-01-04 23:58	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-09 04:27 . 2009-11-17 22:11	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-01 04:44 . 2012-06-13 20:52	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 20:52	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 20:52	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 20:52	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 20:52	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-13 20:52	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 20:52	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 20:52	103936	----a-w-	c:\windows\system32\cryptnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\Bodo\AppData\Local\Apps\2.0\8C4DLC30.M1O\BW4CZV7Q.50A\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2010-11-22 147456]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 3906432]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-05-19 743584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-08-07 225280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-04 7731744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"AtherosBtStack"="d:\bluetooth suite\BtvStack.exe" [2011-03-31 605344]
"AthBtTray"="d:\bluetooth suite\AthBtTray.exe" [2011-03-31 519328]
"PDFPrint"="d:\pdf24 (pdf kreieren)\pdf24.exe" [2012-05-07 160840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - d:\fritzbox\FRITZ!DSL\FwebProt.exe [2009-4-9 1061688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\maus\Logitech\SetPoint\SetPoint.exe [2009-11-18 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28	72208	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	c:\program files\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Bodo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMUSBFernanschluss
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-09-01 16:00	75048	------w-	c:\program files\Cyberlink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-06-16 09:58	809480	----a-w-	c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspd]
2003-08-27 22:22	389632	----a-w-	c:\windows\System32\mspd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2009-04-15 22:54	50472	------w-	d:\cyberlink\PowerDVD8\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2009-04-15 22:52	91432	------w-	d:\cyberlink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31	85160	----a-w-	d:\virtualclonedrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VitaKeyPdtWzd]
2009-09-05 08:16	3622912	----a-w-	c:\program files\Acer Bio Protection\PdtWzd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DBHAgent"=d:\paragon software\Paragon Backup and Recovery 10 Suite\program\dbhagent.exe
.
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\system32\DRIVERS\CE6230StandaloneDriver.sys [x]
R3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\system32\DRIVERS\CE6230BDA.sys [x]
R3 dsiarhwprog;dsiarhwprog;c:\windows\system32\Drivers\dsiarhwprog.sys [x]
R3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\DRIVERS\GigasetGenericUSB.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 Paragon System Backup Dienst;Paragon System Backup Dienst;d:\paragon software\Paragon Backup and Recovery 10 Suite\program\dbhservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/01/06 23:51];d:\cyberlink\PowerDVD8\PowerDVD8\000.fcl [x]
S2 AAV UpdateService;AAV UpdateService;d:\homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;d:\bluetooth suite\adminservice.exe [x]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;d:\fritzbox\FRITZ!DSL\IGDCTRL.EXE [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-21 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 05:21]
.
2012-07-21 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 05:21]
.
2012-07-21 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 05:21]
.
2012-07-21 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 05:21]
.
2012-07-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 05:21]
.
2012-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:23]
.
2012-07-21 c:\windows\Tasks\GlaryInitialize.job
- d:\glary utilities (systemoptimierung)\initialize.exe [2009-11-18 06:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.online-translator.com/Default.aspx?prmtlang=de
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: d:\fritzbox\FRITZ!DSL\\sarah.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-3D Ultra MiniGolf Deluxe - c:\windows\IsUn0407.exe
AddRemove-Deer Hunter - Extended Season - g:\deer hunter\Uninst.isu
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\cyberlink\PowerDVD8\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*2*r*a*u*m*Ç=X@**€y*ding a new MRL to recent ones: i:\album\Top 100 2010\041-mehrzad_marashi_und_mark_medlock_-_sweat_(a_la_la_la_la_long).mp3]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*2*r*a*u*m*Ç=X@**€y*ding a new MRL to recent ones: i:\album\Top 100 2010\041-mehrzad_marashi_und_mark_medlock_-_sweat_(a_la_la_la_la_long).mp3\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*b*r*u*n*o*_*m*a*r*s*_*-*_*n*o*t*=X\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*s*n*o*o*p*_*d*o*g*g*_*-*=X\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*_*2*r*a*u*m*Ç=X@**€y*ding a new MRL to recent ones: i:\album\Top 100 2010\041-mehrzad_marashi_und_mark_medlock_-_sweat_(a_la_la_la_la_long).mp3]
"0"=hex:49,3a,5c,41,6c,62,75,6d,5c,54,6f,70,20,31,30,30,20,32,30,31,30,5c,30,
   35,31,2d,75,6e,68,65,69,6c,69,67,5f,2d,5f,66,75,65,72,5f,69,6d,6d,65,72,2e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91AE4577-AFD4-690D-A343-5C8E3C82B1F6}*]
@Allowed: (Read) (RestrictedCode)
"pakejmagabfdeieggdbnmnhhpdkkkkgn"=hex:61,62,70,69,67,69,66,61,6a,6b,67,6f,64,
   6a,69,62,62,64,6e,6b,6b,6f,64,70,67,64,61,6f,68,69,62,66,6b,6d,00,77
.
[HKEY_USERS\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}*]
@Allowed: (Read) (RestrictedCode)
"pahkcmcamhdadjfkagekbgbhjjogehob"=hex:61,62,6d,6f,69,66,6f,69,61,67,66,6d,70,
   70,6c,6a,66,61,62,65,6c,63,69,65,62,67,62,66,68,6c,70,6b,6a,6c,00,77
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(692)
c:\program files\Acer Bio Protection\PwdFilter.DLL
.
- - - - - - - > 'Explorer.exe'(6080)
d:\maus\Logitech\SetPoint\lgscroll.dll
d:\bluetooth suite\AthCopyHook.dll
d:\bluetooth suite\FolderViewImpl.dll
d:\bluetooth suite\athr_debug.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Acer Bio Protection\CompPtcVUI.exe
d:\cdburnerxp\NMSAccessU.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\NOTEPAD.EXE
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-21  22:57:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-21 20:57
.
Vor Suchlauf: 14 Verzeichnis(se), 75.843.272.704 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 75.498.749.952 Bytes frei
.
- - End Of File - - 4F5C2A4452ED25C05E176B227EE230CE
Schönen Gruß und bis dann
Bodo

Alt 23.07.2012, 14:14   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.07.2012, 16:29   #21
Bodolino
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Hey Arne,

hier das log von gmer

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-23 17:23:09
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 Hitachi_ rev.FB4O
Running: ijp3ojbf.exe; Driver: C:\Users\Bodo\AppData\Local\Temp\kwtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT            915E3076                                                                                                                                          ZwCreateSection
SSDT            915E3080                                                                                                                                          ZwRequestWaitReplyPort
SSDT            915E307B                                                                                                                                          ZwSetContextThread
SSDT            915E3085                                                                                                                                          ZwSetSecurityObject
SSDT            915E308A                                                                                                                                          ZwSystemDebugControl
SSDT            915E3017                                                                                                                                          ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                          830513C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                            8308AD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                               83091EAC 4 Bytes  [76, 30, 5E, 91] {JBE 0x32; POP ESI; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                               83092208 4 Bytes  [80, 30, 5E, 91] {XOR BYTE [EAX], 0x5e; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                               8309224C 4 Bytes  [7B, 30, 5E, 91] {JNP 0x32; POP ESI; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                               830922C8 4 Bytes  [85, 30, 5E, 91] {TEST [EAX], ESI; POP ESI; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                               8309231C 4 Bytes  [8A, 30, 5E, 91] {MOV DH, [EAX]; POP ESI; XCHG ECX, EAX}
.text           ...                                                                                                                                               
.vmp2           C:\Windows\system32\drivers\acedrv11.sys                                                                                                          entry point in ".vmp2" section [0x9EC9369D]
.text           D:\CyberLink\PowerDVD8\PowerDVD8\000.fcl                                                                                                          section is writeable [0x9ED8E000, 0x2892, 0xE8000020]
.vmp2           D:\CyberLink\PowerDVD8\PowerDVD8\000.fcl                                                                                                          entry point in ".vmp2" section [0x9EDB1050]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[672] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]   [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[672] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]    [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[672] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]      [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[672] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]     [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[672] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]    [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[672] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]    [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                           Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                           Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                           Lbd.sys (Boot Driver/Lavasoft AB)

Device          \Driver\ACPI_HAL \Device\00000057                                                                                                                 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                          fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b2235d                                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b2235d@0016b84829a2                                                          0x05 0xF2 0x21 0xB1 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b2235d@b0ec7109bdb9                                                          0xD4 0x5C 0x86 0x72 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b2235d (not active ControlSet)                                                   
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b2235d@0016b84829a2                                                              0x05 0xF2 0x21 0xB1 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b2235d@b0ec7109bdb9                                                              0xD4 0x5C 0x86 0x72 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91AE4577-AFD4-690D-A343-5C8E3C82B1F6}                                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91AE4577-AFD4-690D-A343-5C8E3C82B1F6}@pakejmagabfdeieggdbnmnhhpdkkkkgn  0x61 0x62 0x70 0x69 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}                                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}@pahkcmcamhdadjfkagekbgbhjjogehob  0x61 0x62 0x6D 0x6F ...

---- EOF - GMER 1.0.15 ----
Osam folgt gleich

Danke und Gruß
Bodo

und hier ist das log von Osam,
den onlinescan hab ich ja nicht machen sollen?

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:09:12 on 23.07.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"GlaryInitialize.job" - "Glarysoft Ltd" - D:\Glary Utilities (Systemoptimierung)\initialize.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"archlp" (archlp) - ? - C:\Windows\System32\drivers\archlp.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Bodo\AppData\Local\Temp\catchme.sys  (File not found)
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\Program Files\Launch Manager\DPortIO.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"hc3ServiceName" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\DRIVERS\hotcore3.sys
"int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys  (File found, but it contains no detailed information)
"Intel CE6230 Standalone USB Driver" (ce6230) - "Intel Corporation (UK)" - C:\Windows\System32\DRIVERS\CE6230StandaloneDriver.sys
"LGE Mobile Composite USB Device" (usbbus) - ? - C:\Windows\System32\DRIVERS\lgusbbus.sys  (File not found)
"LGE Mobile USB Modem" (USBModem) - ? - C:\Windows\System32\DRIVERS\lgusbmodem.sys  (File not found)
"LGE Mobile USB Serial Port" (UsbDiag) - ? - C:\Windows\System32\DRIVERS\lgusbdiag.sys  (File not found)
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies" - C:\Windows\System32\drivers\npf.sys
"Realfine CE6230 BDA Driver" (ce6230BDACAP) - "Intel Corporation (UK)" - C:\Windows\System32\DRIVERS\CE6230BDA.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - D:\PDF XChange Viewer\Shell Extensions\XCShInfo.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{B8952421-0E55-400B-94A6-FA858FC0A39F} "AppShellPage Class" - "Atheros Commnucations" - D:\Bluetooth Suite\BtvAppExt.dll
{C865E0A2-40BF-4ca7-B3F3-162290A67572} "ContextMenu Class" - "Atheros Commnucations" - D:\Bluetooth Suite\BtContextMenu.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - D:\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - D:\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\FPLaunchCache.dll
{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} "FTShellContext Class" - "Atheros Commnucations" - D:\Bluetooth Suite\ShellContextExt.dll
{72923739-5A47-40A3-9895-25AF0DFBB9E4} "Glary Utilities Context Menu Shell Extension" - "Glarysoft Ltd" - D:\GLARYU~1\CONTEX~1.DLL
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - D:\IZARC(~1\IZArcCM.dll
{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - D:\IZARC(~1\IZArcCM.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - D:\Maus\Logitech\SetPoint\kbcplext.dll
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - D:\Maus\Logitech\SetPoint\mcplext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - D:\MICROS~1\Office\OLKFSTUB.DLL
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - D:\PDF XChange Viewer\Shell Extensions\XCShInfo.dll
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - D:\PDF XChange Viewer\Shell Extensions\XCShInfo.dll
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - D:\PDF XChange Viewer\Shell Extensions\XCShInfo.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - D:\VirtualCloneDrive\ElbyVCDShell.dll
{A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} "XnViewShell Class" - ? - D:\Foto Film und Audio\XnView\ShellEx\XnViewShellExt.dll
XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "ClsidExtension" - "Atheros Commnucations" - D:\Bluetooth Suite\IEPlugIn.dll
"Quick-Launch Area" - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\PwdBank.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "CIESpeechBHO Class" - "Atheros Commnucations" - D:\Bluetooth Suite\IEPlugIn.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\PwdFilter.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"FRITZ!DSL Protect.lnk" - "AVM Berlin" - D:\Fritzbox\FRITZ!DSL\FwebProt.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - D:\Maus\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AVMUSBFernanschluss" - "AVM Berlin" - "C:\Users\Bodo\AppData\Local\Apps\2.0\82CB73C4.JW0\4EA2NR75.5TN\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe"
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"AutoLaunch" - ? - C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly  (File found, but it contains no detailed information)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AthBtTray" - "Atheros Commnucations" - "D:\Bluetooth Suite\AthBtTray.exe"
"AtherosBtStack" - "Atheros Commnucations" - "D:\Bluetooth Suite\BtvStack.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"PDFPrint" - "Geek Software GmbH" - D:\pdf24 (PDF kreieren)\pdf24.exe
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"FRITZ!fax Color Monitor" - "AVM Berlin" - C:\Windows\system32\FritzVistaColorMon.dll
"FRITZ!fax Port Monitor" - "AVM Berlin" - C:\Windows\system32\FritzVistaMon.dll
"hpf3l70v.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l70v.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AAV UpdateService" (AAV UpdateService) - ? - D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"AtherosSvc" (AtherosSvc) - "Atheros Commnucations" - D:\Bluetooth Suite\adminservice.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - D:\Fritzbox\FRITZ!DSL\IGDCTRL.EXE
"EgisTec Service" (IGBASVC) - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\BASVC.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NMSAccessU" (NMSAccessU) - ? - D:\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Paragon System Backup Dienst" (Paragon System Backup Dienst) - "Paragon Software Group" - D:\Paragon Software\Paragon Backup and Recovery 10 Suite\program\dbhservice.exe
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies" - C:\Program Files\WinPcap\rpcapd.exe
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"Validity Fingerprint Service" (vfsFPService) - "Validity Sensors, Inc." - C:\Windows\system32\vfsFPService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"Sarah NSP" - "AVM Berlin" - D:\Fritzbox\FRITZ!DSL\sarah.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"SARAH LSP" - "AVM Berlin" - D:\Fritzbox\FRITZ!DSL\sarah.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Jetzt lass ich noch aswMBR laufen.
Folgt dann sogleich.

Gruß Bodo

So, hier noch das log aswMBR

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-23 18:21:47
-----------------------------
18:21:47.309    OS Version: Windows 6.1.7601 Service Pack 1
18:21:47.309    Number of processors: 2 586 0x170A
18:21:47.324    ComputerName: BODO-PC  UserName: Bodo
18:22:17.027    Initialize success
18:24:09.221    AVAST engine defs: 12072301
18:24:33.744    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:24:33.744    Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
18:24:33.744    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
18:24:33.759    Disk 1 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
18:24:33.775    Disk 1 MBR read successfully
18:24:33.775    Disk 1 MBR scan
18:24:33.806    Disk 1 unknown MBR code
18:24:33.822    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS       102400 MB offset 2048
18:24:33.853    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS        61443 MB offset 209717248
18:24:33.884    Disk 1 Partition 3 00     07    HPFS/NTFS NTFS        61440 MB offset 335552512
18:24:33.884    Disk 1 Partition - 00     0F Extended LBA             79960 MB offset 461381632
18:24:33.931    Disk 1 Partition 4 00     07    HPFS/NTFS NTFS        78850 MB offset 461383680
18:24:33.947    Disk 1 Partition - 00     05     Extended              1109 MB offset 622868480
18:24:34.493    Disk 1 Partition 5 00     0B        FAT32 MSDOS5.0     1108 MB offset 622870528
18:24:34.508    Disk 1 scanning sectors +625139712
18:24:34.571    Disk 1 scanning C:\Windows\system32\drivers
18:24:53.649    Service scanning
18:25:34.771    Modules scanning
18:25:44.521    Disk 1 trace - called modules:
18:25:44.552    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
18:25:44.568    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86eec030]
18:25:44.568    3 CLASSPNP.SYS[8ba7559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x86460028]
18:25:45.582    AVAST engine scan C:\Windows
18:25:50.714    AVAST engine scan C:\Windows\system32
18:30:54.369    AVAST engine scan C:\Windows\system32\drivers
18:31:15.335    AVAST engine scan C:\Users\Bodo
18:34:47.730    AVAST engine scan C:\ProgramData
18:36:59.675    Scan finished successfully
18:37:29.814    Disk 1 MBR has been saved successfully to "C:\Users\Bodo\Desktop\MBR.dat"
18:37:29.830    The log file has been saved successfully to "C:\Users\Bodo\Desktop\aswMBR.txt"
Bis dann
Gruß Bodo

Alt 24.07.2012, 10:47   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.07.2012, 17:28   #23
Bodolino
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Hey Arne,

sorry die Datensicherung hat etwas gedauert, ich hoff, ich hab alles.
MBR-Fix hab ich durchgeführt.

Hier einmal das log vor dem Neustart

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-26 18:03:18
-----------------------------
18:03:18.540    OS Version: Windows 6.1.7601 Service Pack 1
18:03:18.540    Number of processors: 2 586 0x170A
18:03:18.540    ComputerName: BODO-PC  UserName: Bodo
18:03:20.194    Initialize success
18:04:50.774    AVAST engine defs: 12072601
18:05:13.394    Verifying
18:05:23.425    Disk 1 Windows 601 MBR fixed successfully
18:12:28.073    Disk 1 MBR has been saved successfully to "C:\Users\Bodo\Desktop\MBR.dat"
18:12:28.073    The log file has been saved successfully to "C:\Users\Bodo\Desktop\aswMBR2.txt"
und nach dem Neustart

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-26 18:21:51
-----------------------------
18:21:51.160    OS Version: Windows 6.1.7601 Service Pack 1
18:21:51.160    Number of processors: 2 586 0x170A
18:21:51.160    ComputerName: BODO-PC  UserName: Bodo
18:21:52.081    Initialize success
18:22:05.200    AVAST engine defs: 12072601
18:23:45.633    The log file has been saved successfully to "C:\Users\Bodo\Desktop\aswMBR3.txt"
Oder hätte ich erst nochmal einen neuen Scan machen sollen und dann das Log?

Danke und bis dann
Gruß Bodo

Alt 26.07.2012, 22:16   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Einen ganz neuen Scan mit aswMBR solltest du machen wie beim ersten Start des Tools
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.07.2012, 22:39   #25
Bodolino
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Hey Arne,

hier ist der neue Log nach dem neuen Scan

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-26 23:27:09
-----------------------------
23:27:09.803    OS Version: Windows 6.1.7601 Service Pack 1
23:27:09.803    Number of processors: 2 586 0x170A
23:27:09.818    ComputerName: BODO-PC  UserName: Bodo
23:27:10.723    Initialize success
23:27:22.704    AVAST engine defs: 12072601
23:27:35.278    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:27:35.278    Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
23:27:35.278    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
23:27:35.293    Disk 1 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
23:27:35.309    Disk 1 MBR read successfully
23:27:35.309    Disk 1 MBR scan
23:27:35.324    Disk 1 Windows 7 default MBR code
23:27:35.340    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS       102400 MB offset 2048
23:27:35.371    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS        61443 MB offset 209717248
23:27:35.402    Disk 1 Partition 3 00     07    HPFS/NTFS NTFS        61440 MB offset 335552512
23:27:35.418    Disk 1 Partition - 00     0F Extended LBA             79960 MB offset 461381632
23:27:35.449    Disk 1 Partition 4 00     07    HPFS/NTFS NTFS        78850 MB offset 461383680
23:27:35.465    Disk 1 Partition - 00     05     Extended              1109 MB offset 622868480
23:27:36.042    Disk 1 Partition 5 00     0B        FAT32 MSDOS5.0     1108 MB offset 622870528
23:27:36.089    Disk 1 scanning sectors +625139712
23:27:36.182    Disk 1 scanning C:\Windows\system32\drivers
23:27:51.502    Service scanning
23:28:30.720    Modules scanning
23:28:40.876    Disk 1 trace - called modules:
23:28:40.907    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
23:28:40.922    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86eed030]
23:28:40.922    3 CLASSPNP.SYS[8b98059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x857bd028]
23:28:41.640    AVAST engine scan C:\Windows
23:28:45.431    AVAST engine scan C:\Windows\system32
23:32:09.245    AVAST engine scan C:\Windows\system32\drivers
23:32:25.095    AVAST engine scan C:\Users\Bodo
23:34:37.898    AVAST engine scan C:\ProgramData
23:36:30.592    Scan finished successfully
23:36:46.302    Disk 1 MBR has been saved successfully to "C:\Users\Bodo\Desktop\MBR.dat"
23:36:46.317    The log file has been saved successfully to "C:\Users\Bodo\Desktop\aswMBR4.txt"
Beim ersten mal kam der blue screen mit der Meldung Drivers IRQL NOT_LESS........?????
Mehr hab ich nicht mehr mitschreiben können.
Weiss nicht ob das auch was zu sagen hat.

Danke und schöne Grüße
Bodo

Alt 26.07.2012, 23:32   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.07.2012, 13:36   #27
Bodolino
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Hey Arne,

hier das Log von Malwarebytes.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.27.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Bodo :: BODO-PC [Administrator]

27.07.2012 05:38:27
mbam-log-2012-07-27 (05-38-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 385438
Laufzeit: 1 Stunde(n), 55 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\winsxs\x86_netfx-debugging_msdia70_b03f5f7f11d50a3a_6.1.7600.16385_none_a5658c87d101b1b3\diasymreader.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Das andere folgt noch.

Gruß Bodo

Alt 27.07.2012, 14:49   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Hm, der eine Fund scheint mir eher ein Fehlalarm zu sein
Naja du hast ja die Qurantäne, man löscht ja nie alles endgültig über Malwarebytes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.07.2012, 16:56   #29
Bodolino
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Hey Arne,

so, jetzt halt Dich fest.
Jetzt kommt der log von SuperAnti

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/27/2012 at 05:22 PM

Application Version : 5.5.1012

Core Rules Database Version : 8970
Trace Rules Database Version: 6782

Scan type       : Complete Scan
Total Scan Time : 02:34:23

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 751
Memory threats detected   : 0
Registry items scanned    : 35084
Registry threats detected : 0
File items scanned        : 160972
File threats detected     : 74

Adware.Tracking Cookie
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\WAL1C7OF.txt [ /imrworldwide.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\0PLMWB5S.txt [ /fastclick.net ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\2R6DBYQ5.txt [ /tracking.quisma.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\Y52Z0CY5.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\NQ88TGZZ.txt [ /mediaplex.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\PHU12GIR.txt [ /ad.zanox.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\VW01H9LA.txt [ /atdmt.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\OH10EEPB.txt [ /doubleclick.net ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\830B0ROW.txt [ /zanox-affiliate.de ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\KM3SFH0T.txt [ /adfarm1.adition.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\A895P47F.txt [ /track.adform.net ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\2VWOKTHE.txt [ /adbrite.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\IVEVKVXA.txt [ /apmebf.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\EUBMUWQB.txt [ /zanox.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\7321EY1D.txt [ /pro-market.net ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\Y4O0SJCM.txt [ /www.zanox-affiliate.de ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\7DIEBN46.txt [ /dyntracker.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\GESDBPFI.txt [ /smartadserver.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\EY669TVU.txt [ /adform.net ]
	C:\USERS\BODO\AppData\Roaming\Microsoft\Windows\Cookies\Low\bodo@atdmt[2].txt [ Cookie:bodo@atdmt.com/ ]
	C:\USERS\BODO\Cookies\WAL1C7OF.txt [ Cookie:bodo@imrworldwide.com/cgi-bin ]
	C:\USERS\BODO\Cookies\0PLMWB5S.txt [ Cookie:bodo@fastclick.net/ ]
	C:\USERS\BODO\Cookies\VW01H9LA.txt [ Cookie:bodo@atdmt.com/ ]
	C:\USERS\BODO\Cookies\OH10EEPB.txt [ Cookie:bodo@doubleclick.net/ ]
	C:\USERS\BODO\Cookies\2VWOKTHE.txt [ Cookie:bodo@adbrite.com/ ]
	C:\USERS\BODO\Cookies\IVEVKVXA.txt [ Cookie:bodo@apmebf.com/ ]
	C:\USERS\BODO\Cookies\EUBMUWQB.txt [ Cookie:bodo@zanox.com/ ]
	C:\USERS\BODO\Cookies\7321EY1D.txt [ Cookie:bodo@pro-market.net/ ]
	C:\USERS\BODO\Cookies\Y4O0SJCM.txt [ Cookie:bodo@www.zanox-affiliate.de/ ]
	C:\USERS\BODO\Cookies\7DIEBN46.txt [ Cookie:bodo@dyntracker.com/ ]
	C:\USERS\BODO\Cookies\GESDBPFI.txt [ Cookie:bodo@smartadserver.com/ ]
	C:\USERS\BODO\Cookies\EY669TVU.txt [ Cookie:bodo@adform.net/ ]
	C:\USERS\BODO\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BODO@WW251.SMARTADSERVER[1].TXT [ /WW251.SMARTADSERVER ]
	.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	beacons.hottraffic.nl [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Krpytik
	E:\SIERRA\UPBALL3\L0.DLL
	E:\SIERRA\UPBALL3\L1.DLL
	E:\SIERRA\UPBALL3\L4.DLL
	E:\SIERRA\UPBALL3\L5.DLL
	E:\SIERRA\UPBALL3\T0.DLL
	E:\SIERRA\UPBALL3\T2.DLL
	E:\SIERRA\UPBALL3\T3.DLL
	E:\SIERRA\UPBALL3\T4.DLL
	E:\SIERRA\UPBALL3\T5.DLL
	E:\SIERRA\UPBALL3\V0.DLL
	E:\SIERRA\UPBALL3\V1.DLL
	E:\SIERRA\UPBALL3\V2.DLL
	E:\SIERRA\UPBALL3\V3.DLL
	E:\SIERRA\UPBALL3\V4.DLL
	E:\SIERRA\UPBALL3\V5.DLL

Trojan.Agent/Gen-Malagent
	C:\WINDOWS\SYSTEM32\MSPD.EXE
Ich hab jetzt noch nichts gelöscht etc.
Und die liebe MSPD ist auch wieder dabei.

Schöne Grüße
Bodo

Alt 27.07.2012, 20:54   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mspd Trojaner o.ä. - Standard

mspd Trojaner o.ä.


Code:
ATTFilter
C:\WINDOWS\SYSTEM32\MSPD.EXE
Ach mist die hab ich schon in den OTL-Logs übersehen
Lade sie mal bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html

Der Rest besteht aber aus Cookies und Fehlalarmen
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu mspd Trojaner o.ä.
administrator, autostart, boot, dateien, detected, explorer, firefox, flash player, harddisk, heuristiks/extra, heuristiks/shuriken, home, hängt, internet, locker, log, mozilla, ordner, problem, registry, scan, sierra, software, super, superantispyware, system, system32, tcp, temp, trojaner


« RKIT/agent.depg.1 in BAcroIEHelpe171.dll gefunden - was tun? | Bundespolizei-Trojaner 26.7. »


Ähnliche Themen: mspd Trojaner o.ä.


  1. mspd.exe
    Plagegeister aller Art und deren Bekämpfung - 02.08.2008 (3)
  2. mspd + agrsmmsg Trojaner?
    Log-Analyse und Auswertung - 03.03.2006 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema mspd Trojaner o.ä. - Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis : Bitte den Virenscanner abstellen bevor du den - mspd Trojaner o.ä....
Archiv
Du betrachtest: mspd Trojaner o.ä. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132