Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.07.2012, 21:40   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-3201387291-1446790065-2731534718-1000\..\SearchScopes\{65BA7062-55D7-4444-A17D-436DE624FF9D}: "URL" = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.7
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.7
FF - user.js - File not found
[2012.05.27 22:24:03 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3201387291-1446790065-2731534718-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3201387291-1446790065-2731534718-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.05.07 15:29:48 | 000,000,046 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6efda3e9-e5ac-11df-ac3b-406186996cf4}\Shell - "" = AutoRun
O33 - MountPoints2\{6efda3e9-e5ac-11df-ac3b-406186996cf4}\Shell\AutoRun\command - "" = L:\start.exe /checksection
O33 - MountPoints2\{d688c972-7d23-11df-9f96-406186996cf4}\Shell - "" = AutoRun
O33 - MountPoints2\{d688c972-7d23-11df-9f96-406186996cf4}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- [2007.05.07 15:29:48 | 000,073,224 | R--- | M] ()
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.07.2012, 22:19   #17
magand
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Hallo Arne,

habe den Fix gemacht. System wurde danach neu gestartet.

Logdatei:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3201387291-1446790065-2731534718-1000\Software\Microsoft\Internet Explorer\SearchScopes\{65BA7062-55D7-4444-A17D-436DE624FF9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65BA7062-55D7-4444-A17D-436DE624FF9D}\ not found.
Prefs.js: "Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: pdfforge@mybrowserbar.com:4.7 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.7 removed from extensions.enabledItems
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\tests folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\lib folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\data folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\windows folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\utils folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\traits folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\events folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\dom folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\content folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\data folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\lib folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\data folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\locale folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults\preferences folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3201387291-1446790065-2731534718-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3201387291-1446790065-2731534718-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6efda3e9-e5ac-11df-ac3b-406186996cf4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6efda3e9-e5ac-11df-ac3b-406186996cf4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6efda3e9-e5ac-11df-ac3b-406186996cf4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6efda3e9-e5ac-11df-ac3b-406186996cf4}\ not found.
File L:\start.exe /checksection not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d688c972-7d23-11df-9f96-406186996cf4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d688c972-7d23-11df-9f96-406186996cf4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d688c972-7d23-11df-9f96-406186996cf4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d688c972-7d23-11df-9f96-406186996cf4}\ not found.
File L:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File move failed. F:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\LaunchU3.exe -a not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Folger
->Temp folder emptied: 8205652 bytes
->Temporary Internet Files folder emptied: 28699132 bytes
->Java cache emptied: 4559802 bytes
->FireFox cache emptied: 562437066 bytes
->Flash cache emptied: 3334 bytes
 
User: Gast
->Temp folder emptied: 588364222 bytes
->Temporary Internet Files folder emptied: 4356895 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 89047723 bytes
->Flash cache emptied: 5136 bytes
 
User: Public
 
User: yanstolko
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119769485 bytes
RecycleBin emptied: 42325157051 bytes
 
Total Files Cleaned = 41.705,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Folger
->Flash cache emptied: 0 bytes
 
User: Gast
->Flash cache emptied: 0 bytes
 
User: Public
 
User: yanstolko
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.1 log created on 07262012_231216

Files\Folders moved on Reboot...
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\Setup.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2007.05.07 15:29:48 | 000,000,046 | R--- | M] () F:\autorun.inf : MD5=64F409024277631A689B2714C8070273
[2007.05.07 15:29:48 | 000,073,224 | R--- | M] () F:\Setup.exe : MD5=6BFE243798C3E805BADBD333E89D7B77

Registry entries deleted on Reboot...
         
LG Andreas
__________________


Alt 26.07.2012, 23:13   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
__________________

Alt 27.07.2012, 07:08   #19
magand
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Code:
ATTFilter
08:02:12.0971 6264	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
08:02:13.0085 6264	============================================================
08:02:13.0085 6264	Current date / time: 2012/07/27 08:02:13.0085
08:02:13.0085 6264	SystemInfo:
08:02:13.0085 6264	
08:02:13.0085 6264	OS Version: 6.1.7601 ServicePack: 1.0
08:02:13.0085 6264	Product type: Workstation
08:02:13.0085 6264	ComputerName: FOLGER-PC
08:02:13.0085 6264	UserName: Folger
08:02:13.0085 6264	Windows directory: C:\Windows
08:02:13.0085 6264	System windows directory: C:\Windows
08:02:13.0085 6264	Processor architecture: Intel x86
08:02:13.0085 6264	Number of processors: 4
08:02:13.0085 6264	Page size: 0x1000
08:02:13.0085 6264	Boot type: Normal boot
08:02:13.0085 6264	============================================================
08:02:14.0621 6264	Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:02:21.0443 6264	Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:02:21.0451 6264	============================================================
08:02:21.0451 6264	\Device\Harddisk0\DR0:
08:02:21.0451 6264	MBR partitions:
08:02:21.0451 6264	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:02:21.0451 6264	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAC053000
08:02:21.0451 6264	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAC086000, BlocksNum 0x2800000
08:02:21.0451 6264	\Device\Harddisk1\DR1:
08:02:21.0452 6264	MBR partitions:
08:02:21.0452 6264	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
08:02:21.0452 6264	============================================================
08:02:21.0483 6264	C: <-> \Device\Harddisk0\DR0\Partition1
08:02:21.0497 6264	D: <-> \Device\Harddisk1\DR1\Partition0
08:02:21.0542 6264	E: <-> \Device\Harddisk0\DR0\Partition2
08:02:21.0543 6264	============================================================
08:02:21.0543 6264	Initialize success
08:02:21.0543 6264	============================================================
08:03:28.0402 8540	============================================================
08:03:28.0402 8540	Scan started
08:03:28.0402 8540	Mode: Manual; SigCheck; TDLFS; 
08:03:28.0402 8540	============================================================
08:03:29.0429 8540	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
08:03:29.0519 8540	1394ohci - ok
08:03:29.0557 8540	61883           (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
08:03:29.0643 8540	61883 - ok
08:03:29.0697 8540	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
08:03:29.0710 8540	ACPI - ok
08:03:29.0737 8540	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
08:03:29.0815 8540	AcpiPmi - ok
08:03:29.0925 8540	Ad-Aware Service (af9658974154c3b6a333d86dc2e0aac8) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
08:03:29.0948 8540	Ad-Aware Service - ok
08:03:30.0055 8540	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:03:30.0065 8540	AdobeARMservice - ok
08:03:30.0171 8540	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:03:30.0181 8540	AdobeFlashPlayerUpdateSvc - ok
08:03:30.0221 8540	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
08:03:30.0257 8540	adp94xx - ok
08:03:30.0295 8540	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
08:03:30.0330 8540	adpahci - ok
08:03:30.0359 8540	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
08:03:30.0372 8540	adpu320 - ok
08:03:30.0394 8540	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
08:03:30.0439 8540	AeLookupSvc - ok
08:03:30.0504 8540	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
08:03:30.0585 8540	AFD - ok
08:03:30.0604 8540	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
08:03:30.0618 8540	agp440 - ok
08:03:30.0648 8540	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
08:03:30.0678 8540	aic78xx - ok
08:03:30.0709 8540	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
08:03:30.0761 8540	ALG - ok
08:03:30.0769 8540	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
08:03:30.0789 8540	aliide - ok
08:03:30.0815 8540	AMD External Events Utility (48f5be5035e6a49cf9287e0d857e7f6c) C:\Windows\system32\atiesrxx.exe
08:03:30.0857 8540	AMD External Events Utility - ok
08:03:30.0884 8540	AMD FUEL Service - ok
08:03:30.0893 8540	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
08:03:30.0913 8540	amdagp - ok
08:03:30.0952 8540	amdide          (211fce336502911ec03fc15a91344c98) C:\Windows\system32\DRIVERS\amdide.sys
08:03:30.0976 8540	amdide - ok
08:03:30.0996 8540	amdiox86 - ok
08:03:31.0015 8540	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
08:03:31.0051 8540	AmdK8 - ok
08:03:31.0249 8540	amdkmdag        (22a83ed0b7823237bdc28fce014d294b) C:\Windows\system32\DRIVERS\atipmdag.sys
08:03:31.0401 8540	amdkmdag - ok
08:03:31.0498 8540	amdkmdap        (b75ef4747cad1bfa5653ffcd768901aa) C:\Windows\system32\DRIVERS\atikmpag.sys
08:03:31.0512 8540	amdkmdap - ok
08:03:31.0537 8540	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
08:03:31.0565 8540	AmdPPM - ok
08:03:31.0584 8540	amdsata         (6f64c768a9a48fab7c6d6cee1b30f97f) C:\Windows\system32\DRIVERS\amdsata.sys
08:03:31.0607 8540	amdsata - ok
08:03:31.0645 8540	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
08:03:31.0659 8540	amdsbs - ok
08:03:31.0668 8540	amdxata         (e27866684780606bcce640a57937d88a) C:\Windows\system32\DRIVERS\amdxata.sys
08:03:31.0678 8540	amdxata - ok
08:03:31.0760 8540	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:03:31.0771 8540	AntiVirSchedulerService - ok
08:03:31.0826 8540	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:03:31.0835 8540	AntiVirService - ok
08:03:31.0873 8540	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
08:03:31.0954 8540	AppID - ok
08:03:31.0976 8540	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
08:03:32.0032 8540	AppIDSvc - ok
08:03:32.0057 8540	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
08:03:32.0092 8540	Appinfo - ok
08:03:32.0145 8540	Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:03:32.0169 8540	Apple Mobile Device - ok
08:03:32.0203 8540	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
08:03:32.0229 8540	arc - ok
08:03:32.0250 8540	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
08:03:32.0275 8540	arcsas - ok
08:03:32.0345 8540	ASPI            (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
08:03:32.0379 8540	ASPI ( UnsignedFile.Multi.Generic ) - warning
08:03:32.0379 8540	ASPI - detected UnsignedFile.Multi.Generic (1)
08:03:32.0463 8540	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:03:32.0524 8540	aspnet_state - ok
08:03:32.0558 8540	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:03:32.0652 8540	AsyncMac - ok
08:03:32.0692 8540	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
08:03:32.0702 8540	atapi - ok
08:03:32.0754 8540	AtiHdmiService  (430449d04b05348879244c9090d405b4) C:\Windows\system32\drivers\AtiHdmi.sys
08:03:32.0773 8540	AtiHdmiService ( UnsignedFile.Multi.Generic ) - warning
08:03:32.0773 8540	AtiHdmiService - detected UnsignedFile.Multi.Generic (1)
08:03:32.0802 8540	AtiPcie         (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
08:03:32.0827 8540	AtiPcie - ok
08:03:32.0870 8540	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
08:03:32.0908 8540	AudioEndpointBuilder - ok
08:03:32.0912 8540	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
08:03:32.0936 8540	Audiosrv - ok
08:03:32.0973 8540	Avc             (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
08:03:33.0001 8540	Avc - ok
08:03:33.0037 8540	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
08:03:33.0050 8540	avgntflt - ok
08:03:33.0081 8540	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
08:03:33.0106 8540	avipbb - ok
08:03:33.0143 8540	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
08:03:33.0162 8540	avkmgr - ok
08:03:33.0185 8540	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
08:03:33.0238 8540	AxInstSV - ok
08:03:33.0268 8540	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
08:03:33.0322 8540	b06bdrv - ok
08:03:33.0345 8540	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:03:33.0368 8540	b57nd60x - ok
08:03:33.0420 8540	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
08:03:33.0443 8540	BDESVC - ok
08:03:33.0458 8540	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:03:33.0512 8540	Beep - ok
08:03:33.0561 8540	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
08:03:33.0594 8540	BFE - ok
08:03:33.0638 8540	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
08:03:33.0724 8540	BITS - ok
08:03:33.0727 8540	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:03:33.0762 8540	blbdrive - ok
08:03:33.0873 8540	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:03:33.0884 8540	Bonjour Service - ok
08:03:33.0907 8540	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
08:03:33.0958 8540	bowser - ok
08:03:33.0961 8540	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:03:33.0987 8540	BrFiltLo - ok
08:03:34.0004 8540	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:03:34.0033 8540	BrFiltUp - ok
08:03:34.0066 8540	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
08:03:34.0087 8540	Browser - ok
08:03:34.0109 8540	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:03:34.0150 8540	Brserid - ok
08:03:34.0158 8540	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:03:34.0197 8540	BrSerWdm - ok
08:03:34.0225 8540	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:03:34.0261 8540	BrUsbMdm - ok
08:03:34.0279 8540	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:03:34.0311 8540	BrUsbSer - ok
08:03:34.0328 8540	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
08:03:34.0357 8540	BTHMODEM - ok
08:03:34.0364 8540	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
08:03:34.0398 8540	bthserv - ok
08:03:34.0425 8540	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:03:34.0470 8540	cdfs - ok
08:03:34.0517 8540	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
08:03:34.0563 8540	cdrom - ok
08:03:34.0604 8540	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
08:03:34.0639 8540	CertPropSvc - ok
08:03:34.0651 8540	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
08:03:34.0684 8540	circlass - ok
08:03:34.0722 8540	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:03:34.0735 8540	CLFS - ok
08:03:34.0799 8540	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:03:34.0825 8540	clr_optimization_v2.0.50727_32 - ok
08:03:34.0909 8540	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:03:34.0945 8540	clr_optimization_v4.0.30319_32 - ok
08:03:34.0962 8540	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
08:03:34.0975 8540	CmBatt - ok
08:03:35.0005 8540	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
08:03:35.0017 8540	cmdide - ok
08:03:35.0051 8540	CNG             (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
08:03:35.0075 8540	CNG - ok
08:03:35.0084 8540	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
08:03:35.0094 8540	Compbatt - ok
08:03:35.0135 8540	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
08:03:35.0151 8540	CompositeBus - ok
08:03:35.0154 8540	COMSysApp - ok
08:03:35.0162 8540	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
08:03:35.0191 8540	crcdisk - ok
08:03:35.0239 8540	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
08:03:35.0278 8540	CryptSvc - ok
08:03:35.0318 8540	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
08:03:35.0342 8540	DcomLaunch - ok
08:03:35.0352 8540	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
08:03:35.0397 8540	defragsvc - ok
08:03:35.0427 8540	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
08:03:35.0464 8540	DfsC - ok
08:03:35.0509 8540	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
08:03:35.0532 8540	Dhcp - ok
08:03:35.0544 8540	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:03:35.0567 8540	discache - ok
08:03:35.0598 8540	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
08:03:35.0608 8540	Disk - ok
08:03:35.0643 8540	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
08:03:35.0690 8540	Dnscache - ok
08:03:35.0715 8540	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
08:03:35.0754 8540	dot3svc - ok
08:03:35.0798 8540	Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
08:03:35.0814 8540	Dot4 - ok
08:03:35.0859 8540	Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
08:03:35.0899 8540	Dot4Print - ok
08:03:35.0931 8540	dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
08:03:35.0969 8540	dot4usb - ok
08:03:36.0003 8540	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
08:03:36.0038 8540	DPS - ok
08:03:36.0063 8540	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:03:36.0077 8540	drmkaud - ok
08:03:36.0134 8540	DSI_SiUSBXp_3_1 (bc9c2ef22ee0320c079e3ff9b4d29951) C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys
08:03:36.0332 8540	DSI_SiUSBXp_3_1 - ok
08:03:36.0390 8540	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
08:03:36.0428 8540	DXGKrnl - ok
08:03:36.0445 8540	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
08:03:36.0478 8540	EapHost - ok
08:03:36.0633 8540	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
08:03:36.0759 8540	ebdrv - ok
08:03:36.0858 8540	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
08:03:36.0875 8540	EFS - ok
08:03:36.0941 8540	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
08:03:37.0003 8540	ehRecvr - ok
08:03:37.0029 8540	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
08:03:37.0048 8540	ehSched - ok
08:03:37.0110 8540	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
08:03:37.0130 8540	elxstor - ok
08:03:37.0157 8540	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
08:03:37.0185 8540	ErrDev - ok
08:03:37.0232 8540	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
08:03:37.0270 8540	EventSystem - ok
08:03:37.0293 8540	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:03:37.0345 8540	exfat - ok
08:03:37.0360 8540	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:03:37.0396 8540	fastfat - ok
08:03:37.0488 8540	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
08:03:37.0533 8540	Fax - ok
08:03:37.0554 8540	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
08:03:37.0579 8540	fdc - ok
08:03:37.0602 8540	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
08:03:37.0655 8540	fdPHost - ok
08:03:37.0680 8540	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
08:03:37.0716 8540	FDResPub - ok
08:03:37.0720 8540	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:03:37.0733 8540	FileInfo - ok
08:03:37.0749 8540	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:03:37.0783 8540	Filetrace - ok
08:03:37.0801 8540	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
08:03:37.0825 8540	flpydisk - ok
08:03:37.0853 8540	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:03:37.0886 8540	FltMgr - ok
08:03:37.0955 8540	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
08:03:37.0986 8540	FontCache - ok
08:03:38.0034 8540	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:03:38.0062 8540	FontCache3.0.0.0 - ok
08:03:38.0188 8540	Freemake Improver (565619f1b6da86e3c7ba75a1e60ecfcd) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
08:03:38.0193 8540	Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
08:03:38.0193 8540	Freemake Improver - detected UnsignedFile.Multi.Generic (1)
08:03:38.0214 8540	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:03:38.0225 8540	FsDepends - ok
08:03:38.0253 8540	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
08:03:38.0265 8540	Fs_Rec - ok
08:03:38.0300 8540	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
08:03:38.0317 8540	fvevol - ok
08:03:38.0352 8540	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:03:38.0373 8540	gagp30kx - ok
08:03:38.0424 8540	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:03:38.0434 8540	GEARAspiWDM - ok
08:03:38.0490 8540	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
08:03:38.0532 8540	gpsvc - ok
08:03:38.0568 8540	grmnusb         (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
08:03:38.0586 8540	grmnusb - ok
08:03:38.0668 8540	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:03:38.0677 8540	gupdate - ok
08:03:38.0686 8540	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:03:38.0695 8540	gupdatem - ok
08:03:38.0734 8540	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:03:38.0744 8540	gusvc - ok
08:03:38.0770 8540	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:03:38.0823 8540	hcw85cir - ok
08:03:38.0863 8540	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
08:03:38.0902 8540	HdAudAddService - ok
08:03:38.0952 8540	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
08:03:38.0982 8540	HDAudBus - ok
08:03:39.0003 8540	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
08:03:39.0038 8540	HidBatt - ok
08:03:39.0083 8540	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
08:03:39.0108 8540	HidBth - ok
08:03:39.0141 8540	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
08:03:39.0173 8540	HidIr - ok
08:03:39.0191 8540	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
08:03:39.0231 8540	hidserv - ok
08:03:39.0277 8540	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
08:03:39.0289 8540	HidUsb - ok
08:03:39.0320 8540	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
08:03:39.0356 8540	hkmsvc - ok
08:03:39.0381 8540	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
08:03:39.0420 8540	HomeGroupListener - ok
08:03:39.0465 8540	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
08:03:39.0478 8540	HomeGroupProvider - ok
08:03:39.0576 8540	hpqcxs08        (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
08:03:39.0596 8540	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
08:03:39.0596 8540	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
08:03:39.0625 8540	hpqddsvc        (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
08:03:39.0639 8540	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
08:03:39.0639 8540	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
08:03:39.0656 8540	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
08:03:39.0680 8540	HpSAMD - ok
08:03:39.0725 8540	HPSLPSVC        (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
08:03:39.0736 8540	HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
08:03:39.0736 8540	HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
08:03:39.0799 8540	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
08:03:39.0830 8540	HTTP - ok
08:03:39.0856 8540	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
08:03:39.0867 8540	hwpolicy - ok
08:03:39.0906 8540	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
08:03:39.0926 8540	i8042prt - ok
08:03:39.0959 8540	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
08:03:39.0990 8540	iaStorV - ok
08:03:40.0068 8540	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:03:40.0075 8540	IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:03:40.0075 8540	IDriverT - detected UnsignedFile.Multi.Generic (1)
08:03:40.0156 8540	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:03:40.0207 8540	idsvc - ok
08:03:40.0288 8540	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
08:03:40.0310 8540	iirsp - ok
08:03:40.0356 8540	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
08:03:40.0383 8540	IKEEXT - ok
08:03:40.0529 8540	IntcAzAudAddService (97fa95e4f486f37d60ad3744d86f3d7e) C:\Windows\system32\drivers\RTKVHDA.sys
08:03:40.0634 8540	IntcAzAudAddService - ok
08:03:40.0695 8540	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
08:03:40.0724 8540	intelide - ok
08:03:40.0755 8540	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:03:40.0786 8540	intelppm - ok
08:03:40.0818 8540	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
08:03:40.0857 8540	IPBusEnum - ok
08:03:40.0882 8540	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:03:40.0928 8540	IpFilterDriver - ok
08:03:40.0978 8540	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
08:03:41.0003 8540	iphlpsvc - ok
08:03:41.0015 8540	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
08:03:41.0059 8540	IPMIDRV - ok
08:03:41.0080 8540	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:03:41.0127 8540	IPNAT - ok
08:03:41.0217 8540	iPod Service    (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
08:03:41.0233 8540	iPod Service - ok
08:03:41.0253 8540	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:03:41.0307 8540	IRENUM - ok
08:03:41.0339 8540	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
08:03:41.0368 8540	isapnp - ok
08:03:41.0398 8540	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
08:03:41.0427 8540	iScsiPrt - ok
08:03:41.0453 8540	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
08:03:41.0482 8540	kbdclass - ok
08:03:41.0511 8540	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
08:03:41.0533 8540	kbdhid - ok
08:03:41.0550 8540	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:03:41.0561 8540	KeyIso - ok
08:03:41.0584 8540	KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
08:03:41.0613 8540	KSecDD - ok
08:03:41.0662 8540	KSecPkg         (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
08:03:41.0688 8540	KSecPkg - ok
08:03:41.0737 8540	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
08:03:41.0775 8540	KtmRm - ok
08:03:41.0805 8540	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
08:03:41.0845 8540	LanmanServer - ok
08:03:41.0871 8540	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
08:03:41.0909 8540	LanmanWorkstation - ok
08:03:41.0911 8540	Lbd - ok
08:03:41.0942 8540	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:03:41.0981 8540	lltdio - ok
08:03:42.0018 8540	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
08:03:42.0044 8540	lltdsvc - ok
08:03:42.0071 8540	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
08:03:42.0093 8540	lmhosts - ok
08:03:42.0132 8540	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:03:42.0159 8540	LSI_FC - ok
08:03:42.0184 8540	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:03:42.0207 8540	LSI_SAS - ok
08:03:42.0240 8540	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:03:42.0262 8540	LSI_SAS2 - ok
08:03:42.0297 8540	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:03:42.0311 8540	LSI_SCSI - ok
08:03:42.0321 8540	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:03:42.0363 8540	luafv - ok
08:03:42.0435 8540	MBAMProtector   (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
08:03:42.0444 8540	MBAMProtector - ok
08:03:42.0495 8540	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:03:42.0510 8540	MBAMService - ok
08:03:42.0578 8540	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
08:03:42.0593 8540	Mcx2Svc - ok
08:03:42.0605 8540	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
08:03:42.0633 8540	megasas - ok
08:03:42.0661 8540	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
08:03:42.0678 8540	MegaSR - ok
08:03:42.0749 8540	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:03:42.0760 8540	Microsoft Office Groove Audit Service - ok
08:03:42.0776 8540	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
08:03:42.0809 8540	MMCSS - ok
08:03:42.0824 8540	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:03:42.0864 8540	Modem - ok
08:03:42.0901 8540	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:03:42.0929 8540	monitor - ok
08:03:42.0962 8540	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:03:42.0983 8540	mouclass - ok
08:03:43.0008 8540	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:03:43.0029 8540	mouhid - ok
08:03:43.0058 8540	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
08:03:43.0080 8540	mountmgr - ok
08:03:43.0141 8540	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:03:43.0151 8540	MozillaMaintenance - ok
08:03:43.0174 8540	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
08:03:43.0189 8540	mpio - ok
08:03:43.0198 8540	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:03:43.0244 8540	mpsdrv - ok
08:03:43.0294 8540	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
08:03:43.0340 8540	MpsSvc - ok
08:03:43.0375 8540	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
08:03:43.0406 8540	MRxDAV - ok
08:03:43.0445 8540	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:03:43.0501 8540	mrxsmb - ok
08:03:43.0539 8540	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:03:43.0572 8540	mrxsmb10 - ok
08:03:43.0606 8540	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:03:43.0628 8540	mrxsmb20 - ok
08:03:43.0650 8540	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\DRIVERS\msahci.sys
08:03:43.0673 8540	msahci - ok
08:03:43.0699 8540	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
08:03:43.0726 8540	msdsm - ok
08:03:43.0760 8540	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
08:03:43.0789 8540	MSDTC - ok
08:03:43.0835 8540	MSDV            (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
08:03:43.0867 8540	MSDV - ok
08:03:43.0880 8540	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:03:43.0916 8540	Msfs - ok
08:03:43.0924 8540	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:03:43.0967 8540	mshidkmdf - ok
08:03:43.0981 8540	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
08:03:43.0990 8540	msisadrv - ok
08:03:44.0013 8540	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
08:03:44.0036 8540	MSiSCSI - ok
08:03:44.0039 8540	msiserver - ok
08:03:44.0054 8540	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:03:44.0094 8540	MSKSSRV - ok
08:03:44.0117 8540	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:03:44.0165 8540	MSPCLOCK - ok
08:03:44.0179 8540	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:03:44.0201 8540	MSPQM - ok
08:03:44.0221 8540	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:03:44.0245 8540	MsRPC - ok
08:03:44.0265 8540	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
08:03:44.0274 8540	mssmbios - ok
08:03:44.0277 8540	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:03:44.0301 8540	MSTEE - ok
08:03:44.0321 8540	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
08:03:44.0347 8540	MTConfig - ok
08:03:44.0364 8540	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:03:44.0387 8540	Mup - ok
08:03:44.0413 8540	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
08:03:44.0451 8540	napagent - ok
08:03:44.0489 8540	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:03:44.0526 8540	NativeWifiP - ok
08:03:44.0609 8540	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
08:03:44.0626 8540	NDIS - ok
08:03:44.0647 8540	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:03:44.0678 8540	NdisCap - ok
08:03:44.0698 8540	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:03:44.0728 8540	NdisTapi - ok
08:03:44.0781 8540	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
08:03:44.0804 8540	Ndisuio - ok
08:03:44.0831 8540	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
08:03:44.0864 8540	NdisWan - ok
08:03:44.0895 8540	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
08:03:44.0930 8540	NDProxy - ok
08:03:45.0067 8540	Nero BackItUp Scheduler 3 (a0101e836d2a39682e134c47b1565256) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
08:03:45.0145 8540	Nero BackItUp Scheduler 3 - ok
08:03:45.0188 8540	Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
08:03:45.0212 8540	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:03:45.0212 8540	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:03:45.0224 8540	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:03:45.0248 8540	NetBIOS - ok
08:03:45.0293 8540	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
08:03:45.0341 8540	NetBT - ok
08:03:45.0366 8540	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:03:45.0377 8540	Netlogon - ok
08:03:45.0424 8540	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
08:03:45.0462 8540	Netman - ok
08:03:45.0542 8540	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:03:45.0574 8540	NetMsmqActivator - ok
08:03:45.0590 8540	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:03:45.0600 8540	NetPipeActivator - ok
08:03:45.0615 8540	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
08:03:45.0640 8540	netprofm - ok
08:03:45.0643 8540	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:03:45.0652 8540	NetTcpActivator - ok
08:03:45.0655 8540	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:03:45.0664 8540	NetTcpPortSharing - ok
08:03:45.0693 8540	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
08:03:45.0718 8540	nfrd960 - ok
08:03:45.0738 8540	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
08:03:45.0761 8540	NlaSvc - ok
08:03:45.0820 8540	NMIndexingService (6ef0506ce1f553e9bd085645933c8686) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
08:03:45.0855 8540	NMIndexingService - ok
08:03:45.0870 8540	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:03:45.0905 8540	Npfs - ok
08:03:45.0919 8540	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
08:03:45.0942 8540	nsi - ok
08:03:45.0956 8540	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:03:45.0992 8540	nsiproxy - ok
08:03:46.0070 8540	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
08:03:46.0134 8540	Ntfs - ok
08:03:46.0205 8540	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:03:46.0258 8540	Null - ok
08:03:46.0298 8540	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
08:03:46.0310 8540	nvraid - ok
08:03:46.0340 8540	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
08:03:46.0362 8540	nvstor - ok
08:03:46.0383 8540	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
08:03:46.0413 8540	nv_agp - ok
08:03:46.0476 8540	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:03:46.0489 8540	odserv - ok
08:03:46.0526 8540	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
08:03:46.0561 8540	ohci1394 - ok
08:03:46.0622 8540	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:03:46.0649 8540	ose - ok
08:03:46.0690 8540	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
08:03:46.0752 8540	p2pimsvc - ok
08:03:46.0782 8540	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
08:03:46.0814 8540	p2psvc - ok
08:03:46.0840 8540	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:03:46.0868 8540	Parport - ok
08:03:46.0903 8540	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
08:03:46.0916 8540	partmgr - ok
08:03:46.0932 8540	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:03:46.0954 8540	Parvdm - ok
08:03:46.0980 8540	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
08:03:46.0995 8540	PcaSvc - ok
08:03:47.0007 8540	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
08:03:47.0018 8540	pci - ok
08:03:47.0040 8540	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
08:03:47.0049 8540	pciide - ok
08:03:47.0072 8540	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
08:03:47.0100 8540	pcmcia - ok
08:03:47.0161 8540	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:03:47.0174 8540	pcw - ok
08:03:47.0214 8540	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:03:47.0280 8540	PEAUTH - ok
08:03:47.0365 8540	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
08:03:47.0450 8540	pla - ok
08:03:47.0571 8540	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
08:03:47.0619 8540	PlugPlay - ok
08:03:47.0667 8540	Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
08:03:47.0673 8540	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:03:47.0673 8540	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:03:47.0706 8540	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
08:03:47.0734 8540	PNRPAutoReg - ok
08:03:47.0746 8540	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
08:03:47.0759 8540	PNRPsvc - ok
08:03:47.0807 8540	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
08:03:47.0848 8540	PolicyAgent - ok
08:03:47.0903 8540	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
08:03:47.0926 8540	Power - ok
08:03:47.0959 8540	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:03:48.0008 8540	PptpMiniport - ok
08:03:48.0039 8540	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
08:03:48.0077 8540	Processor - ok
08:03:48.0109 8540	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
08:03:48.0122 8540	ProfSvc - ok
08:03:48.0150 8540	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:03:48.0161 8540	ProtectedStorage - ok
08:03:48.0186 8540	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:03:48.0223 8540	Psched - ok
08:03:48.0296 8540	PSI_SVC_2       (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
08:03:48.0308 8540	PSI_SVC_2 - ok
08:03:48.0399 8540	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
08:03:48.0460 8540	ql2300 - ok
08:03:48.0533 8540	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
08:03:48.0555 8540	ql40xx - ok
08:03:48.0566 8540	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
08:03:48.0585 8540	QWAVE - ok
08:03:48.0605 8540	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:03:48.0632 8540	QWAVEdrv - ok
08:03:48.0723 8540	RapiMgr         (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
08:03:48.0751 8540	RapiMgr - ok
08:03:48.0764 8540	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:03:48.0798 8540	RasAcd - ok
08:03:48.0813 8540	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:03:48.0852 8540	RasAgileVpn - ok
08:03:48.0875 8540	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
08:03:48.0901 8540	RasAuto - ok
08:03:48.0916 8540	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:03:48.0958 8540	Rasl2tp - ok
08:03:48.0994 8540	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
08:03:49.0035 8540	RasMan - ok
08:03:49.0053 8540	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:03:49.0085 8540	RasPppoe - ok
08:03:49.0100 8540	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:03:49.0139 8540	RasSstp - ok
08:03:49.0171 8540	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
08:03:49.0198 8540	rdbss - ok
08:03:49.0215 8540	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:03:49.0230 8540	rdpbus - ok
08:03:49.0260 8540	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:03:49.0301 8540	RDPCDD - ok
08:03:49.0324 8540	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:03:49.0346 8540	RDPENCDD - ok
08:03:49.0357 8540	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:03:49.0378 8540	RDPREFMP - ok
08:03:49.0407 8540	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
08:03:49.0454 8540	RDPWD - ok
08:03:49.0476 8540	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
08:03:49.0501 8540	rdyboost - ok
08:03:49.0523 8540	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
08:03:49.0565 8540	RemoteAccess - ok
08:03:49.0610 8540	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
08:03:49.0646 8540	RemoteRegistry - ok
08:03:49.0668 8540	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
08:03:49.0693 8540	RpcEptMapper - ok
08:03:49.0711 8540	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
08:03:49.0739 8540	RpcLocator - ok
08:03:49.0778 8540	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
08:03:49.0802 8540	RpcSs - ok
08:03:49.0807 8540	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:03:49.0844 8540	rspndr - ok
08:03:49.0902 8540	RTL8167         (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
08:03:49.0917 8540	RTL8167 - ok
08:03:49.0970 8540	RTL8192su       (9ce8deffaffccbf473015d76ae8ee514) C:\Windows\system32\DRIVERS\RTL8192su.sys
08:03:50.0028 8540	RTL8192su - ok
08:03:50.0046 8540	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:03:50.0057 8540	SamSs - ok
08:03:50.0099 8540	SANDRA - ok
08:03:50.0274 8540	SBAMSvc         (bce943896289a91ad75cc5652620b1c6) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
08:03:50.0326 8540	SBAMSvc - ok
08:03:50.0424 8540	sbapifs         (3fff8cda4d2f29ca06f1557e85163c30) C:\Windows\system32\DRIVERS\sbapifs.sys
08:03:50.0435 8540	sbapifs - ok
08:03:50.0485 8540	SbFw            (bcf3ba30c1cfa2942cf26c31384b37c7) C:\Windows\system32\drivers\SbFw.sys
08:03:50.0513 8540	SbFw - ok
08:03:50.0533 8540	SBFWIMCL        (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\sbfwim.sys
08:03:50.0541 8540	SBFWIMCL - ok
08:03:50.0544 8540	SBFWIMCLMP      (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\SBFWIM.sys
08:03:50.0553 8540	SBFWIMCLMP - ok
08:03:50.0571 8540	sbhips          (1afd7178ab9c4fce2d332da7aa474fa6) C:\Windows\system32\drivers\sbhips.sys
08:03:50.0583 8540	sbhips - ok
08:03:50.0634 8540	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
08:03:50.0660 8540	sbp2port - ok
08:03:50.0686 8540	SBRE            (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
08:03:50.0697 8540	SBRE - ok
08:03:50.0718 8540	sbwtis          (9bdf801a6c78e3f1e6fa1c5ca90baa8a) C:\Windows\system32\DRIVERS\sbwtis.sys
08:03:50.0726 8540	sbwtis - ok
08:03:50.0762 8540	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
08:03:50.0795 8540	SCardSvr - ok
08:03:50.0823 8540	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
08:03:50.0867 8540	scfilter - ok
08:03:50.0926 8540	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
08:03:50.0983 8540	Schedule - ok
08:03:50.0998 8540	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
08:03:51.0019 8540	SCPolicySvc - ok
08:03:51.0047 8540	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
08:03:51.0092 8540	SDRSVC - ok
08:03:51.0147 8540	SeaPort         (331e7bde228914574fc9ae6cd520dafa) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
08:03:51.0162 8540	SeaPort - ok
08:03:51.0188 8540	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:03:51.0212 8540	secdrv - ok
08:03:51.0219 8540	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
08:03:51.0265 8540	seclogon - ok
08:03:51.0298 8540	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
08:03:51.0339 8540	SENS - ok
08:03:51.0351 8540	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
08:03:51.0398 8540	SensrSvc - ok
08:03:51.0421 8540	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:03:51.0463 8540	Serenum - ok
08:03:51.0490 8540	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:03:51.0516 8540	Serial - ok
08:03:51.0536 8540	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
08:03:51.0570 8540	sermouse - ok
08:03:51.0598 8540	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
08:03:51.0630 8540	SessionEnv - ok
08:03:51.0654 8540	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
08:03:51.0685 8540	sffdisk - ok
08:03:51.0697 8540	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
08:03:51.0720 8540	sffp_mmc - ok
08:03:51.0737 8540	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
08:03:51.0765 8540	sffp_sd - ok
08:03:51.0792 8540	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
08:03:51.0821 8540	sfloppy - ok
08:03:51.0868 8540	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
08:03:51.0898 8540	SharedAccess - ok
08:03:51.0921 8540	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
08:03:51.0946 8540	ShellHWDetection - ok
08:03:51.0965 8540	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
08:03:51.0985 8540	sisagp - ok
08:03:52.0022 8540	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:03:52.0046 8540	SiSRaid2 - ok
08:03:52.0078 8540	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
08:03:52.0106 8540	SiSRaid4 - ok
08:03:52.0139 8540	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:03:52.0179 8540	Smb - ok
08:03:52.0200 8540	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
08:03:52.0214 8540	SNMPTRAP - ok
08:03:52.0217 8540	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:03:52.0228 8540	spldr - ok
08:03:52.0259 8540	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
08:03:52.0293 8540	Spooler - ok
08:03:52.0431 8540	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
08:03:52.0485 8540	sppsvc - ok
08:03:52.0579 8540	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
08:03:52.0615 8540	sppuinotify - ok
08:03:52.0705 8540	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
08:03:52.0713 8540	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
08:03:52.0714 8540	sptd ( LockedFile.Multi.Generic ) - warning
08:03:52.0714 8540	sptd - detected LockedFile.Multi.Generic (1)
08:03:52.0789 8540	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
08:03:52.0832 8540	srv - ok
08:03:52.0860 8540	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
08:03:52.0900 8540	srv2 - ok
08:03:52.0926 8540	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
08:03:52.0952 8540	srvnet - ok
08:03:52.0979 8540	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
08:03:53.0021 8540	SSDPSRV - ok
08:03:53.0054 8540	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
08:03:53.0078 8540	ssmdrv - ok
08:03:53.0084 8540	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
08:03:53.0114 8540	SstpSvc - ok
08:03:53.0139 8540	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
08:03:53.0151 8540	stexstor - ok
08:03:53.0185 8540	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
08:03:53.0251 8540	StiSvc - ok
08:03:53.0265 8540	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
08:03:53.0294 8540	swenum - ok
08:03:53.0326 8540	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
08:03:53.0357 8540	swprv - ok
08:03:53.0392 8540	synasusb        (af9a16163545685856ffd8b17aaa5e0b) C:\Windows\system32\Drivers\synasusb.sys
08:03:53.0407 8540	synasusb - ok
08:03:53.0486 8540	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
08:03:53.0510 8540	SysMain - ok
08:03:53.0530 8540	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
08:03:53.0557 8540	TabletInputService - ok
08:03:53.0584 8540	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
08:03:53.0607 8540	TapiSrv - ok
08:03:53.0662 8540	TASCAM_US122144 (be3d9cddd7f607b8990353cf06b0c0df) C:\Windows\system32\Drivers\tascusb2.sys
08:03:53.0781 8540	TASCAM_US122144 - ok
08:03:53.0797 8540	TASCAM_US144_MIDI (e606debbf2c7f59e043db01dc60f4299) C:\Windows\system32\drivers\tscusb2m.sys
08:03:53.0878 8540	TASCAM_US144_MIDI - ok
08:03:53.0899 8540	TASCAM_US144_WDM (b3e1e0b03d54900ed877cdf285079082) C:\Windows\system32\drivers\tscusb2a.sys
08:03:53.0990 8540	TASCAM_US144_WDM - ok
08:03:54.0018 8540	tbhsd           (d7f411c5af992bb44e86083a6aa7b045) C:\Windows\system32\drivers\tbhsd.sys
08:03:54.0041 8540	tbhsd - ok
08:03:54.0063 8540	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
08:03:54.0101 8540	TBS - ok
08:03:54.0169 8540	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
08:03:54.0216 8540	Tcpip - ok
08:03:54.0314 8540	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
08:03:54.0357 8540	TCPIP6 - ok
08:03:54.0431 8540	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
08:03:54.0487 8540	tcpipreg - ok
08:03:54.0514 8540	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
08:03:54.0568 8540	TDPIPE - ok
08:03:54.0605 8540	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
08:03:54.0617 8540	TDTCP - ok
08:03:54.0634 8540	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
08:03:54.0657 8540	tdx - ok
08:03:54.0672 8540	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
08:03:54.0684 8540	TermDD - ok
08:03:54.0727 8540	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
08:03:54.0753 8540	TermService - ok
08:03:54.0766 8540	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
08:03:54.0780 8540	Themes - ok
08:03:54.0799 8540	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
08:03:54.0821 8540	THREADORDER - ok
08:03:54.0836 8540	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
08:03:54.0878 8540	TrkWks - ok
08:03:54.0907 8540	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
08:03:54.0943 8540	TrustedInstaller - ok
08:03:54.0959 8540	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:03:54.0981 8540	tssecsrv - ok
08:03:55.0008 8540	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
08:03:55.0032 8540	TsUsbFlt - ok
08:03:55.0164 8540	TuneUp.UtilitiesSvc (af5f31156ee89d35ad6ec3179a805d23) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
08:03:55.0188 8540	TuneUp.UtilitiesSvc - ok
08:03:55.0213 8540	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
08:03:55.0233 8540	TuneUpUtilitiesDrv - ok
08:03:55.0294 8540	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
08:03:55.0329 8540	tunnel - ok
08:03:55.0359 8540	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
08:03:55.0382 8540	uagp35 - ok
08:03:55.0414 8540	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
08:03:55.0453 8540	udfs - ok
08:03:55.0470 8540	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
08:03:55.0499 8540	UI0Detect - ok
08:03:55.0520 8540	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
08:03:55.0545 8540	uliagpkx - ok
08:03:55.0575 8540	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
08:03:55.0589 8540	umbus - ok
08:03:55.0612 8540	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
08:03:55.0635 8540	UmPass - ok
08:03:55.0678 8540	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
08:03:55.0702 8540	upnphost - ok
08:03:55.0727 8540	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
08:03:55.0778 8540	USBAAPL - ok
08:03:55.0809 8540	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
08:03:55.0839 8540	usbccgp - ok
08:03:55.0866 8540	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
08:03:55.0905 8540	usbcir - ok
08:03:55.0932 8540	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
08:03:55.0972 8540	usbehci - ok
08:03:56.0013 8540	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
08:03:56.0030 8540	usbhub - ok
08:03:56.0057 8540	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
08:03:56.0086 8540	usbohci - ok
08:03:56.0132 8540	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
08:03:56.0162 8540	usbprint - ok
08:03:56.0197 8540	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
08:03:56.0219 8540	usbscan - ok
08:03:56.0243 8540	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:03:56.0275 8540	USBSTOR - ok
08:03:56.0297 8540	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
08:03:56.0326 8540	usbuhci - ok
08:03:56.0345 8540	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
08:03:56.0367 8540	UxSms - ok
08:03:56.0393 8540	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:03:56.0404 8540	VaultSvc - ok
08:03:56.0416 8540	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
08:03:56.0445 8540	vdrvroot - ok
08:03:56.0484 8540	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
08:03:56.0532 8540	vds - ok
08:03:56.0552 8540	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:03:56.0574 8540	vga - ok
08:03:56.0590 8540	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:03:56.0613 8540	VgaSave - ok
08:03:56.0633 8540	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
08:03:56.0648 8540	vhdmp - ok
08:03:56.0665 8540	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
08:03:56.0678 8540	viaagp - ok
08:03:56.0690 8540	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
08:03:56.0720 8540	ViaC7 - ok
08:03:56.0735 8540	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
08:03:56.0765 8540	viaide - ok
08:03:56.0789 8540	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
08:03:56.0810 8540	volmgr - ok
08:03:56.0841 8540	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:03:56.0858 8540	volmgrx - ok
08:03:56.0920 8540	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
08:03:56.0932 8540	volsnap - ok
08:03:56.0955 8540	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
08:03:56.0969 8540	vsmraid - ok
08:03:57.0043 8540	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
08:03:57.0088 8540	VSS - ok
08:03:57.0099 8540	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
08:03:57.0121 8540	vwifibus - ok
08:03:57.0147 8540	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
08:03:57.0162 8540	vwififlt - ok
08:03:57.0179 8540	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
08:03:57.0192 8540	vwifimp - ok
08:03:57.0220 8540	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
08:03:57.0245 8540	W32Time - ok
08:03:57.0257 8540	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
08:03:57.0282 8540	WacomPen - ok
08:03:57.0310 8540	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:03:57.0362 8540	WANARP - ok
08:03:57.0364 8540	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:03:57.0384 8540	Wanarpv6 - ok
08:03:57.0505 8540	WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
08:03:57.0559 8540	WatAdminSvc - ok
08:03:57.0683 8540	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
08:03:57.0763 8540	wbengine - ok
08:03:57.0799 8540	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
08:03:57.0836 8540	WbioSrvc - ok
08:03:57.0921 8540	WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
08:03:57.0934 8540	WcesComm - ok
08:03:58.0009 8540	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
08:03:58.0038 8540	wcncsvc - ok
08:03:58.0059 8540	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
08:03:58.0115 8540	WcsPlugInService - ok
08:03:58.0140 8540	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
08:03:58.0152 8540	Wd - ok
08:03:58.0182 8540	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:03:58.0203 8540	Wdf01000 - ok
08:03:58.0229 8540	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
08:03:58.0286 8540	WdiServiceHost - ok
08:03:58.0288 8540	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
08:03:58.0302 8540	WdiSystemHost - ok
08:03:58.0333 8540	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
08:03:58.0373 8540	WebClient - ok
08:03:58.0398 8540	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
08:03:58.0442 8540	Wecsvc - ok
08:03:58.0455 8540	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
08:03:58.0477 8540	wercplsupport - ok
08:03:58.0504 8540	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
08:03:58.0527 8540	WerSvc - ok
08:03:58.0552 8540	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:03:58.0575 8540	WfpLwf - ok
08:03:58.0581 8540	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:03:58.0593 8540	WIMMount - ok
08:03:58.0675 8540	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
08:03:58.0707 8540	WinDefend - ok
08:03:58.0713 8540	WinHttpAutoProxySvc - ok
08:03:58.0806 8540	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
08:03:58.0839 8540	Winmgmt - ok
08:03:58.0906 8540	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
08:03:58.0952 8540	WinRM - ok
08:03:59.0032 8540	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
08:03:59.0065 8540	WinUsb - ok
08:03:59.0110 8540	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
08:03:59.0132 8540	Wlansvc - ok
08:03:59.0268 8540	wlidsvc         (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:03:59.0300 8540	wlidsvc - ok
08:03:59.0383 8540	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
08:03:59.0407 8540	WmiAcpi - ok
08:03:59.0428 8540	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
08:03:59.0464 8540	wmiApSrv - ok
08:03:59.0537 8540	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:03:59.0582 8540	WMPNetworkSvc - ok
08:03:59.0628 8540	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
08:03:59.0666 8540	WPCSvc - ok
08:03:59.0707 8540	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
08:03:59.0736 8540	WPDBusEnum - ok
08:03:59.0749 8540	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:03:59.0785 8540	ws2ifsl - ok
08:03:59.0808 8540	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
08:03:59.0823 8540	wscsvc - ok
08:03:59.0826 8540	WSearch - ok
08:03:59.0927 8540	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
08:03:59.0960 8540	wuauserv - ok
08:04:00.0020 8540	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
08:04:00.0056 8540	WudfPf - ok
08:04:00.0110 8540	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:04:00.0134 8540	WUDFRd - ok
08:04:00.0168 8540	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
08:04:00.0200 8540	wudfsvc - ok
08:04:00.0221 8540	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
08:04:00.0281 8540	WwanSvc - ok
08:04:00.0299 8540	MBR (0x1B8)     (6f053ce44510d4ba204afc85893bc5c5) \Device\Harddisk0\DR0
08:04:02.0780 8540	\Device\Harddisk0\DR0 - ok
08:04:02.0783 8540	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
08:04:02.0848 8540	\Device\Harddisk1\DR1 - ok
08:04:02.0851 8540	Boot (0x1200)   (d54e6db3af62b6122077c9bcf9f40e05) \Device\Harddisk0\DR0\Partition0
08:04:02.0852 8540	\Device\Harddisk0\DR0\Partition0 - ok
08:04:02.0880 8540	Boot (0x1200)   (118ef768e6a4e9cd7612bce8785179fb) \Device\Harddisk0\DR0\Partition1
08:04:02.0881 8540	\Device\Harddisk0\DR0\Partition1 - ok
08:04:02.0904 8540	Boot (0x1200)   (e3d44a51b61605b1fb6375050a87cc54) \Device\Harddisk0\DR0\Partition2
08:04:02.0905 8540	\Device\Harddisk0\DR0\Partition2 - ok
08:04:02.0907 8540	Boot (0x1200)   (f0c4719006c9477ee56985c359594e65) \Device\Harddisk1\DR1\Partition0
08:04:02.0908 8540	\Device\Harddisk1\DR1\Partition0 - ok
08:04:02.0909 8540	============================================================
08:04:02.0909 8540	Scan finished
08:04:02.0909 8540	============================================================
08:04:02.0916 8532	Detected object count: 10
08:04:02.0916 8532	Actual detected object count: 10
08:04:35.0006 8532	ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0006 8532	ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:04:35.0007 8532	AtiHdmiService ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0007 8532	AtiHdmiService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:04:35.0008 8532	Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0008 8532	Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:04:35.0009 8532	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0009 8532	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:04:35.0010 8532	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0010 8532	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:04:35.0011 8532	HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0011 8532	HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:04:35.0012 8532	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0012 8532	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:04:35.0013 8532	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0013 8532	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:04:35.0014 8532	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0014 8532	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:04:35.0015 8532	sptd ( LockedFile.Multi.Generic ) - skipped by user
08:04:35.0015 8532	sptd ( LockedFile.Multi.Generic ) - User select action: Skip
         

Alt 27.07.2012, 11:45   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.07.2012, 15:15   #21
magand
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Hallo Arne,

nachstehend die Logdatei von ComboFix:
[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-27.03 - Folger 27.07.2012  15:54:23.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3326.2129 [GMT 2:00]
ausgeführt von:: c:\users\Folger\Downloads\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml3717.tmp
c:\programdata\xml388E.tmp
c:\programdata\xml3989.tmp
c:\windows\system32\rnaph.dll
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-27 bis 2012-07-27  ))))))))))))))))))))))))))))))
.
.
2012-07-27 09:20 . 2012-07-27 09:20	--------	d-----w-	c:\users\Folger\AppData\Roaming\pdfforge
2012-07-26 21:12 . 2012-07-26 21:12	--------	d-----w-	C:\_OTL
2012-07-24 15:46 . 2012-07-24 15:46	--------	d-----w-	c:\program files\Hosts_Anti_Adwares_PUPs
2012-07-21 20:18 . 2012-07-24 15:24	--------	d-----w-	C:\PoW24
2012-07-21 20:11 . 2012-07-21 20:11	--------	d-----w-	c:\program files\Recuva
2012-07-21 18:24 . 2012-07-21 18:24	--------	d-----w-	c:\users\Folger\AppData\Local\PictureConverter
2012-07-21 17:14 . 2012-07-21 17:14	--------	d-----w-	c:\users\Folger\AppData\Roaming\inkscape
2012-07-21 17:06 . 2012-07-21 17:11	--------	d-----w-	c:\program files\Inkscape
2012-07-20 20:17 . 2012-07-20 20:17	--------	d-----w-	c:\program files\ESET
2012-07-19 19:53 . 2012-07-19 19:53	--------	d-----w-	c:\users\Folger\AppData\Local\adaware
2012-07-19 19:53 . 2012-07-19 19:53	--------	d-----w-	c:\windows\system32\drivers\VDD
2012-07-17 17:05 . 2012-07-17 17:05	--------	d-----w-	c:\users\Folger\AppData\Roaming\Malwarebytes
2012-07-17 17:05 . 2012-07-17 17:05	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-17 17:05 . 2012-07-17 17:05	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-17 17:05 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-11 21:27 . 2012-06-12 02:40	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-09 20:28 . 2012-07-05 11:02	81920	----a-w-	c:\windows\system32\pdfcmon.dll
2012-07-09 20:28 . 2004-03-08 23:00	662288	----a-w-	c:\windows\system32\MSCOMCT2.OCX
2012-07-09 20:28 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2012-07-09 20:28 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2012-07-09 20:28 . 1998-06-23 23:00	137000	----a-w-	c:\windows\system32\MSMAPI32.OCX
2012-07-09 20:28 . 1998-07-05 23:00	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2012-07-08 20:19 . 2012-07-08 20:19	--------	d-----w-	c:\program files\Bonjour Print Services
2012-07-07 19:22 . 2012-06-09 17:21	178688	----a-w-	c:\windows\system32\unrar.dll
2012-07-07 19:22 . 2012-07-07 19:22	--------	d-----w-	c:\program files\K-Lite Codec Pack
2012-07-07 15:56 . 2012-07-14 14:53	--------	d-----w-	c:\users\Folger\AppData\Roaming\vlc
2012-07-07 14:18 . 2012-05-29 11:09	31584	----a-w-	c:\windows\system32\TURegOpt.exe
2012-07-07 14:18 . 2012-05-29 11:09	21344	----a-w-	c:\windows\system32\authuitu.dll
2012-07-07 14:17 . 2012-07-07 14:18	--------	d-----w-	c:\program files\TuneUp Utilities 2012
2012-07-07 14:16 . 2012-07-07 14:16	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-07 14:16 . 2012-07-07 14:16	--------	d--h--w-	c:\programdata\Common Files
2012-07-07 14:00 . 2012-07-07 14:10	--------	d-----w-	c:\users\Folger\AppData\Roaming\PerformerSoft
2012-07-07 13:55 . 2012-07-07 13:55	--------	d-----w-	c:\program files\RegCleaner
2012-07-07 13:50 . 2012-07-07 13:50	--------	d-----w-	c:\program files\CCleaner
2012-07-01 09:56 . 2012-07-01 09:56	--------	d-----w-	c:\users\Folger\AppData\Roaming\Media Player Classic
2012-07-01 09:46 . 2012-07-06 20:12	--------	d-----w-	c:\users\Folger\.DVDslideshowGUI
2012-07-01 09:02 . 2012-07-01 09:02	--------	d-----w-	c:\users\Folger\AppData\Roaming\FastStone
2012-07-01 07:12 . 2012-07-01 07:12	--------	d-----w-	c:\users\Folger\AppData\Roaming\simplitec
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 18:24 . 2012-04-02 16:40	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-12 18:24 . 2011-11-23 17:07	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 14:32 . 2012-05-28 17:02	405144	----a-w-	c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-06-02 22:19 . 2012-06-23 15:32	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 15:32	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 15:31	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 15:31	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 15:32	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 15:32	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 15:31	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 15:31	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-23 15:31	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-15 03:03 . 2012-06-13 14:51	981504	----a-w-	c:\windows\system32\wininet.dll
2012-05-08 16:59 . 2012-02-10 14:01	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:59 . 2012-02-10 14:01	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-08 16:40 . 2012-05-26 17:59	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B899219C-7B85-4246-ADC2-BBAFE26F9A3D}\mpengine.dll
2012-05-01 04:44 . 2012-06-13 14:50	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-07-17 20:56 . 2011-12-08 21:31	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANT Agent"="c:\program files\Garmin\ANT Agent\ANT Agent.exe" [2011-11-07 14767976]
"ZoomIt"="c:\users\Folger\Downloads\ZoomIt43\ZoomIt.exe" [2012-07-21 568432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Folger^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT Agent]
2011-11-07 15:16	14767976	----a-w-	c:\program files\Garmin\ANT Agent\ANT Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 23:52	59240	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-03 11:51	202024	----a-w-	c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 08:25	1828136	----a-w-	c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57	153136	----a-w-	c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"ANT Agent"=c:\program files\Garmin\ANT Agent\ANT Agent.exe
"MobileDocuments"=c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
"Tele2 LiveUpdate"=c:\program files\Tele2\LiveUpdate\LiveupdateClient.exe
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe"
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [x]
R3 synasusb;eLicenser;c:\windows\system32\Drivers\synasusb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [x]
S3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [x]
S3 TASCAM_US144_WDM;TASCAM US-144 WDM;c:\windows\system32\drivers\tscusb2a.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:24]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 17:09]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 17:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uLocal Page = 
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Folger\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\Folger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MIF5BA~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Folger\AppData\Roaming\Mozilla\Firefox\Profiles\k6ftdilp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-27  16:10:26
ComboFix-quarantined-files.txt  2012-07-27 14:10
.
Vor Suchlauf: 13 Verzeichnis(se), 1.267.418.304.512 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 1.267.076.005.888 Bytes frei
.
- - End Of File - - 414A89984C6249F6A31A32F2B592B6C5
         
--- --- ---


Keine besonderen Vorkomnisse vor, während oder nach der Ausführung des Programms.
Inzwischen wieder einmal vielen Dank für deine Mühe und dein Engagement!!!!

LG Andreas

Alt 27.07.2012, 15:34   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.07.2012, 12:25   #23
magand
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Hallo Arne,

hat heut ein bisserl gedauert bis ich alles zusammen hatte.

Zuerst der GMER-Log. Verlief alles problemlos.
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-28 11:07:03
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD15EARS-00Z5B1 rev.80.00A80
Running: 3kiv5szq.exe; Driver: C:\Users\Folger\AppData\Local\Temp\uxriipod.sys


---- System - GMER 1.0.15 ----

SSDT            915F13CE                                                                                                                                     ZwCreateSection
SSDT            915F13D8                                                                                                                                     ZwRequestWaitReplyPort
SSDT            915F13D3                                                                                                                                     ZwSetContextThread
SSDT            915F13DD                                                                                                                                     ZwSetSecurityObject
SSDT            915F13E2                                                                                                                                     ZwSystemDebugControl
SSDT            915F136F                                                                                                                                     ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                     830403C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                       83079D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                          83080EAC 4 Bytes  [CE, 13, 5F, 91] {INTO ; ADC EBX, [EDI-0x6f]}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                          83081208 4 Bytes  [D8, 13, 5F, 91] {FCOM DWORD [EBX]; POP EDI; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                          8308124C 4 Bytes  [D3, 13, 5F, 91] {RCL DWORD [EBX], CL; POP EDI; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                          830812C8 4 Bytes  [DD, 13, 5F, 91] {FST QWORD [EBX]; POP EDI; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                          8308131C 4 Bytes  [E2, 13, 5F, 91] {LOOP 0x15; POP EDI; XCHG ECX, EAX}
.text           ...                                                                                                                                          
?               System32\Drivers\spop.sys                                                                                                                    Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\atipmdag.sys                                                                                                     section is writeable [0x92605000, 0x2D1F8A, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                                        91F46DB9 5 Bytes  JMP 879D04E0 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                     [8BE0C042] \SystemRoot\System32\Drivers\spop.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                    [8BE0C6D6] \SystemRoot\System32\Drivers\spop.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                             [8BE0C800] \SystemRoot\System32\Drivers\spop.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                              [8BE0C13E] \SystemRoot\System32\Drivers\spop.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                              [73C124CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                         [73BF562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                        [73BF56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                               [73C12546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                     [73C085AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                       [73C04D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                      [73C05105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                     [73C051DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                            [73C06707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                      [73C08301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                 [73C08850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                               [73C090B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                     [73C0E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                         [73C04C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                       868201F8
Device          \FileSystem\fastfat \FatCdrom                                                                                                                87A20500
Device          \Driver\volmgr \Device\VolMgrControl                                                                                                         8681A1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{EDFCCC55-28F1-44AA-8A94-2551AC6EEE4E}                                                                     876E6500
Device          \Driver\usbohci \Device\USBPDO-0                                                                                                             879D5500
Device          \Driver\usbohci \Device\USBPDO-1                                                                                                             879D5500
Device          \Driver\usbehci \Device\USBPDO-2                                                                                                             879DA500
Device          \Driver\usbohci \Device\USBPDO-3                                                                                                             879D5500
Device          \Driver\usbohci \Device\USBPDO-4                                                                                                             879D5500

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                      SbFw.sys (GFI Firewall SDK TDI Firewall Driver/GFI Software)

Device          \Driver\usbehci \Device\USBPDO-5                                                                                                             879DA500
Device          \Driver\usbohci \Device\USBPDO-6                                                                                                             879D5500
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                                       8681A1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                       fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                                       8681A1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                       fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                                                 876B21F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                                  8681C1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                           8681C1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                           8681C1F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                           8681C1F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                           8681C1F8
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                                           8681C1F8
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                                           8681C1F8
Device          \Driver\atapi \Device\Ide\IdePort6                                                                                                           8681C1F8
Device          \Driver\atapi \Device\Ide\IdePort7                                                                                                           8681C1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                                                                  8681C1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-5                                                                                                  8681C1F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel0                                                                                                   8681D1F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel1                                                                                                   8681D1F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel2                                                                                                   8681D1F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel3                                                                                                   8681D1F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel4                                                                                                   8681D1F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel5                                                                                                   8681D1F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                                       8681A1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                       fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                                       8681A1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                       fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume5                                                                                                       8681A1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                       fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume6                                                                                                       8681A1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                                       fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume7                                                                                                       8681A1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                                       fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                      876E6500
Device          \Driver\volmgr \Device\HarddiskVolume8                                                                                                       8681A1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                                                       fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000005a                                                                                                            halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\NetBT \Device\NetBT_Tcpip_{63BA4981-9B68-4EA4-A3D2-2693FBD1B57B}                                                                     876E6500

AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                      SbFw.sys (GFI Firewall SDK TDI Firewall Driver/GFI Software)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                                    SbFw.sys (GFI Firewall SDK TDI Firewall Driver/GFI Software)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{CD1D9DD5-1A56-4FD4-98AA-6542B801A20A}                                                                     876E6500
Device          \Driver\usbohci \Device\USBFDO-0                                                                                                             879D5500
Device          \Driver\usbohci \Device\USBFDO-1                                                                                                             879D5500
Device          \Driver\usbehci \Device\USBFDO-2                                                                                                             879DA500
Device          \Driver\USBSTOR \Device\0000007c                                                                                                             88EBD500
Device          \Driver\usbohci \Device\USBFDO-3                                                                                                             879D5500
Device          \Driver\USBSTOR \Device\0000007d                                                                                                             88EBD500
Device          \Driver\usbohci \Device\USBFDO-4                                                                                                             879D5500
Device          \Driver\USBSTOR \Device\0000007e                                                                                                             88EBD500
Device          \Driver\usbehci \Device\USBFDO-5                                                                                                             879DA500
Device          \Driver\USBSTOR \Device\0000007f                                                                                                             88EBD500
Device          \Driver\usbohci \Device\USBFDO-6                                                                                                             879D5500
Device          \FileSystem\fastfat \Fat                                                                                                                     87A20500

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                     fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \FileSystem\cdfs \Cdfs                                                                                                                       88EC0500

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{ACAF2497-EFB8-458B-97A7-7D5BA359D206}\Connection@Name  isatap.{EDFCCC55-28F1-44AA-8A94-2551AC6EEE4E}
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind     \Device\{C5019702-769C-4E2B-B6B3-21D5A81EEE11}?\Device\{ACAF2497-EFB8-458B-97A7-7D5BA359D206}?\Device\{07F2250C-9B73-46F1-ABD8-24668488E31C}?\Device\{8B9CA000-082B-4E3A-863E-9763B6310D6C}?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route    "{C5019702-769C-4E2B-B6B3-21D5A81EEE11}"?"{ACAF2497-EFB8-458B-97A7-7D5BA359D206}"?"{07F2250C-9B73-46F1-ABD8-24668488E31C}"?"{8B9CA000-082B-4E3A-863E-9763B6310D6C}"?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export   \Device\TCPIP6TUNNEL_{C5019702-769C-4E2B-B6B3-21D5A81EEE11}?\Device\TCPIP6TUNNEL_{ACAF2497-EFB8-458B-97A7-7D5BA359D206}?\Device\TCPIP6TUNNEL_{07F2250C-9B73-46F1-ABD8-24668488E31C}?\Device\TCPIP6TUNNEL_{8B9CA000-082B-4E3A-863E-9763B6310D6C}?
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{ACAF2497-EFB8-458B-97A7-7D5BA359D206}@InterfaceName                       isatap.{EDFCCC55-28F1-44AA-8A94-2551AC6EEE4E}
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{ACAF2497-EFB8-458B-97A7-7D5BA359D206}@ReusableType                        0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                           771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                           285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                           1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                             
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                          0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                          0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                       0xB6 0xF0 0xC3 0x33 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                         
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                              0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                              0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                           0xB6 0xF0 0xC3 0x33 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---



OSAM brachte mir dann nachstehende Fehlermeldung: "Unfortunately there are some files that has not yet been alalyzed by our lab." Dabei handelt es sich offensichtlich um die Dateien "GrabPro.DLL", "orbitcth.DLL", "TuneUpUtilitiesService32.exe" und "ZoomIt.exe". Aber der Scan selbst verlief ebenfalls ohne Probleme.
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:21:59 on 28.07.2012
OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
 Rootkits detection (hidden registry)
 Rootkits detection (hidden files)
 Retrieve files information
 Check Microsoft signatures

Filters
 Trusted entries
 Empty entries
 Hidden registry entries (rootkit activity)
 Exclusively opened files
 Not found files
 Files without detailed information
 Existing files
 Non-startable services
 Non-startable drivers
 Active entries
 Disabled entries
 	Risk	Name	Publisher	Full Path	Status
Common
%SystemRoot%\Tasks
 	||||  	"GoogleUpdateTaskMachineCore.job"	"Google Inc."	C:\Program Files\Google\Update\GoogleUpdate.exe	File exists
 	||||  	"GoogleUpdateTaskMachineUA.job"	"Google Inc."	C:\Program Files\Google\Update\GoogleUpdate.exe	File exists
 	      	"Adobe Flash Player Updater.job"	"Adobe Systems Incorporated"	C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe	File exists
Control Panel Objects
%SystemRoot%\system32
 	      	"FlashPlayerCPLApp.cpl"	"Adobe Systems Incorporated"	C:\Windows\system32\FlashPlayerCPLApp.cpl	File exists
 	||    	"US-122_MKII_US-144_MKII.CPL"	"TASCAM"	C:\Windows\system32\US-122_MKII_US-144_MKII.CPL	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
 	      	"mlcfg32.cpl"	"Microsoft Corporation"	C:\PROGRA~1\MIF5BA~1\Office12\MLCFG32.CPL	File exists
 	||||||	"Nero BurnRights"	"Nero AG"	C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl	File exists
 	      	"QuickTime"	"Apple Inc."	C:\Program Files\QuickTime\QTSystem\QuickTime.cpl	File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
 	||||||	"Advanced SCSI Programming Interface Driver" (ASPI)		C:\Windows\System32\DRIVERS\ASPI32.sys	File exists
 	      	"AMD IO Driver" (amdiox86)		C:\Windows\System32\DRIVERS\amdiox86.sys	File not found
 	||||||	"amdide" (amdide)	"Advanced Micro Devices Inc."	C:\Windows\System32\DRIVERS\amdide.sys	File exists
 	||||||	"amdsata" (amdsata)	"Advanced Micro Devices"	C:\Windows\System32\DRIVERS\amdsata.sys	File exists
 	||||||	"amdxata" (amdxata)	"Advanced Micro Devices"	C:\Windows\System32\DRIVERS\amdxata.sys	File exists
 	||||||	"ATI Function Driver for High Definition Audio Service" (AtiHdmiService)	"ATI Technologies, Inc."	C:\Windows\System32\drivers\AtiHdmi.sys	File exists
 	      	"avgntflt" (avgntflt)	"Avira GmbH"	C:\Windows\System32\DRIVERS\avgntflt.sys	File exists
 	      	"avipbb" (avipbb)	"Avira GmbH"	C:\Windows\System32\DRIVERS\avipbb.sys	File exists
 	||||||	"avkmgr" (avkmgr)	"Avira GmbH"	C:\Windows\System32\DRIVERS\avkmgr.sys	File exists
 	      	"catchme" (catchme)		C:\Users\Folger\AppData\Local\Temp\catchme.sys	File not found
 	      	"Lbd" (Lbd)		C:\Windows\System32\DRIVERS\Lbd.sys	File not found
 	      	"MBAMProtector" (MBAMProtector)	"Malwarebytes Corporation"	C:\Windows\system32\drivers\mbam.sys	File exists
 	      	"SANDRA" (SANDRA)		C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\Sandra.sys	File not found
 	      	"sbapifs" (sbapifs)	"GFI Software"	C:\Windows\System32\DRIVERS\sbapifs.sys	File exists
 	      	"SbFw" (SbFw)	"GFI Software"	C:\Windows\System32\drivers\SbFw.sys	File exists
 	      	"sbhips" (sbhips)	"GFI Software"	C:\Windows\System32\drivers\sbhips.sys	File exists
 	      	"SBRE" (SBRE)	"GFI Software"	C:\Windows\system32\drivers\SBREdrv.sys	File exists
 	      	"sbwtis" (sbwtis)	"GFI Software"	C:\Windows\System32\DRIVERS\sbwtis.sys	File exists
 	||||||	"sptd" (sptd)	"Duplex Secure Ltd."	C:\Windows\System32\Drivers\sptd.sys	File is exclusively opened, access blocked
 	||||||	"ssmdrv" (ssmdrv)	"Avira GmbH"	C:\Windows\System32\DRIVERS\ssmdrv.sys	File exists
 	||||||	"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv)	"TuneUp Software"	C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys	File exists
 	      	"uxriipod" (uxriipod)		C:\Users\Folger\AppData\Local\Temp\uxriipod.sys	Hidden registry entry, rootkit activity | File not found
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
 	      	{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"	"Adobe Systems, Inc."	C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll	File exists
HKLM\Software\Classes\Protocols\Filter
 	||||||	{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter"	"Microsoft Corporation"	C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL	File exists
HKLM\Software\Classes\Protocols\Handler
 	||||||	{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface"	"Microsoft Corporation"	C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll	File exists
 	||||||	{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class"	"Microsoft Corporation"	C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll	File exists
 	||||||	{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll	File exists
 	||||||	{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0"	"Microsoft Corporation"	C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
 	||||||	{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
 	||||||	{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension"	"Igor Pavlov"	C:\Program Files\7-Zip\7-zip.dll	File exists
 	||||||	{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class"	"Advanced Micro Devices, Inc."	C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll	File exists
 	||||||	{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	File exists
 	||||||	{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	File exists
 	||||||	{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	File exists
 	||||||	{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	File exists
 	||||||	{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	File exists
 	||||||	{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	File exists
 	||||||	{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	File exists
 	||||||	{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	File exists
 	||||||	{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	File exists
 	||||||	{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	File exists
 	||||||	{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	File exists
 	      	{c5aec3ec-e812-4677-a9a7-4fee1f9aa000} "Icaros Thumbnail Provider"	"Tabibito Technology"	C:\Program Files\K-Lite Codec Pack\Icaros\IcarosThumbnailProvider.dll	File exists
 	      	{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes"	"Apple Inc."	C:\Program Files\iTunes\iTunesMiniPlayer.dll	File exists
 	||||||	{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\msohevi.dll	File exists
 	||||||	{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler"	"Microsoft Corporation"	C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll	File exists
 	||||||	{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"	"Microsoft Corporation"	C:\PROGRA~1\MIF5BA~1\Office12\ONFILTER.DLL	File exists
 	||||||	{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook"	"Microsoft Corporation"	C:\PROGRA~1\MIF5BA~1\Office12\MLSHEXT.DLL	File exists
 	||||||	{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler"	"Microsoft Corporation"	C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll	File exists
 	||||||	{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class"	"Nero AG"	C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll	File exists
 	      	{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension"	"Microsoft Corporation"	C:\PROGRA~1\MIF5BA~1\Office12\OLKFSTUB.DLL	File exists
 	      	{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning"	"Avira Operations GmbH & Co. KG"	C:\Program Files\Avira\AntiVir Desktop\shlext.dll	File exists
 	||||||	{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class"	"Advanced Micro Devices, Inc."	C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll	File exists
 	      	{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension"	"TuneUp Software"	C:\Program Files\TuneUp Utilities 2012\DseShExt-x86.dll	File exists
 	      	{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension"	"TuneUp Software"	C:\Program Files\TuneUp Utilities 2012\SDShelEx-win32.dll	File exists
 	||||||	{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner"	"Microsoft Corporation"	C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL	File exists
 	||||||	{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target"	"Microsoft Corporation"	C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe	File exists
 	||||||	{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target"	"Microsoft Corporation"	C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe	File exists
 	||||||	{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim"	"Microsoft Corporation"	C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll	File exists
 	||||||	{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim"	"Microsoft Corporation"	C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll	File exists
 	||||||	{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim"	"Microsoft Corporation"	C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll	File exists
 	||||||	{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target"	"Microsoft Corporation"	C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe	File exists
 	||||||	{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim"	"Microsoft Corporation"	C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll	File exists
 	||||||	{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}"	"Microsoft Corporation"	C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe	File exists
Internet Explorer
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
 	||||  	{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing"	"Hewlett-Packard Co."	C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll	File exists
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
 	      	"Grab Pro"		C:\Program Files\Orbitdownloader\GrabPro.dll	File exists
 	      	ITBar7Height "ITBar7Height"			File not found | COM-object registry key not found
 	      	"ITBar7Layout"			File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
 	||||  	{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\jp2iexp.dll	File exists
 	||||  	{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\jp2iexp.dll	File exists
 	||||  	{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\npjpi160_30.dll	File exists
 	||    	{7030CC6C-1A88-4591-BB5A-651B9F7F0C30} "WMVHDRatingCtrl Class"
file:///F:/components/wmvhdrating.ocx		C:\Windows\Downloaded Program Files\wmvhdrating.ocx	File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
 	||||  	{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222"	"Microsoft Corporation"	C:\Windows\WindowsMobile\INetRepl.dll	File exists
 	||||  	{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden"	"Microsoft Corporation"	C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll	File exists
 	||||  	{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension"	"Microsoft Corporation"	C:\Windows\WindowsMobile\INetRepl.dll	File exists
 	||||  	{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden"	"Hewlett-Packard Co."	C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll	File exists
 	||    	"PokerStars"	"PokerStars"	C:\Program Files\PokerStars\PokerStarsUpdate.exe	File exists
 	||    	{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research"	"Microsoft Corporation"	C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL	File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
 	      	"Grab Pro"		C:\Program Files\Orbitdownloader\GrabPro.dll	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
 	      	{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper"	"Adobe Systems Incorporated"	C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll	File exists
 	||||||	{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	File exists
 	||||  	{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer"	"Hewlett-Packard Co."	C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll	File exists
 	||||  	{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class"	"Hewlett-Packard Co."	C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll	File exists
 	||||  	{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\jp2ssv.dll	File exists
 	||||  	{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper"	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\ssv.dll	File exists
 	      	{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class"	"Orbitdownloader.com"	C:\Program Files\Orbitdownloader\orbitcth.dll	File exists
 	||    	{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper"	"Microsoft Corporation"	C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll	File exists
 	||||||	{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper"	"Microsoft Corp."	C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll	File exists
LSA Providers
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
 	||||||	"Security Packages"	"Microsoft Corp."	C:\Windows\system32\livessp.dll	File exists
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
 	||||||	"desktop.ini"		C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
 	||||||	"desktop.ini"		C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	File exists
 	||||  	"HP Digital Imaging Monitor.lnk"	"Hewlett-Packard Co."	C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe	Shortcut exists | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 	      	"ANT Agent"	"GARMIN Corp."	C:\Program Files\Garmin\ANT Agent\ANT Agent.exe	File exists
 	      	"ZoomIt"	"Sysinternals - www.sysinternals.com"	C:\Users\Folger\Downloads\ZoomIt43\ZoomIt.exe	File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
 	      	"StartupPrograms"		rdpclip	File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
 	      	"Ad-Aware Antivirus"	"Lavasoft Limited"	"C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run	File exists
 	      	"Ad-Aware Browsing Protection"	"Lavasoft"	"C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"	File exists
 	      	"AppleSyncNotifier"	"Apple Inc."	C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe	File exists
 	      	"avgnt"	"Avira Operations GmbH & Co. KG"	"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min	File exists
 	      	"Malwarebytes' Anti-Malware"	"Malwarebytes Corporation"	"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray	File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
 	      	"pdfcmon"	"pdfforge GbR"	C:\Windows\system32\pdfcmon.dll	File exists
 	||||||	"Redirected Port"		C:\Windows\system32\redmonnt.dll	File found, but it contains no detailed information
 	||||||	"Send To Microsoft OneNote Monitor"	"Microsoft Corporation"	C:\Windows\system32\msonpmon.dll	File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
 	      	"Ad-Aware" (SBAMSvc)	"GFI Software"	C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe	File exists
 	      	"Ad-Aware Service" (Ad-Aware Service)	"Lavasoft Limited"	C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe	File exists
 	||    	"Adobe Acrobat Update Service" (AdobeARMservice)	"Adobe Systems Incorporated"	C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe	File exists
 	      	"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc)	"Adobe Systems Incorporated"	C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe	File exists
 	      	"AMD FUEL Service" (AMD FUEL Service)		C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService	File not found
 	      	"Apple Mobile Device" (Apple Mobile Device)	"Apple Inc."	C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe	File exists
 	||||||	"ASP.NET-Zustandsdienst" (aspnet_state)	"Microsoft Corporation"	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe	File exists
 	      	"Avira Echtzeit Scanner" (AntiVirService)	"Avira Operations GmbH & Co. KG"	C:\Program Files\Avira\AntiVir Desktop\avguard.exe	File exists
 	      	"Avira Planer" (AntiVirSchedulerService)	"Avira Operations GmbH & Co. KG"	C:\Program Files\Avira\AntiVir Desktop\sched.exe	File exists
 	||||||	"Dienst "Bonjour"" (Bonjour Service)	"Apple Inc."	C:\Program Files\Bonjour\mDNSResponder.exe	File exists
 	      	"Freemake Improver" (Freemake Improver)	"Freemake"	C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe	File exists
 	||||  	"Google Update Service (gupdate)" (gupdate)	"Google Inc."	C:\Program Files\Google\Update\GoogleUpdate.exe	File exists
 	||||  	"Google Update-Dienst (gupdatem)" (gupdatem)	"Google Inc."	C:\Program Files\Google\Update\GoogleUpdate.exe	File exists
 	||||  	"Google Updater Service" (gusvc)	"Google"	C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe	File exists
 	||||||	"HP CUE DeviceDiscovery Service" (hpqddsvc)	"Hewlett-Packard Co."	C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll	File exists
 	||||||	"HP Network Devices Support" (HPSLPSVC)	"Hewlett-Packard Co."	C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL	File exists
 	||||||	"hpqcxs08" (hpqcxs08)	"Hewlett-Packard Co."	C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll	File exists
 	||||  	"InstallDriver Table Manager" (IDriverT)	"Macrovision Corporation"	C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe	File exists
 	      	"iPod-Dienst" (iPod Service)	"Apple Inc."	C:\Program Files\iPod\bin\iPodService.exe	File exists
 	      	"MBAMService" (MBAMService)	"Malwarebytes Corporation"	C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe	File exists
 	||||||	"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32)	"Microsoft Corporation"	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File exists
 	||||||	"Microsoft Office Diagnostics Service" (odserv)	"Microsoft Corporation"	C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE	File exists
 	||||||	"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service)	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe	File exists
 	      	"Mozilla Maintenance Service" (MozillaMaintenance)	"Mozilla Foundation"	C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe	File exists
 	||||||	"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3)	"Nero AG"	C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe	File exists
 	||||||	"Net Driver HPZ12" (Net Driver HPZ12)	"Hewlett-Packard"	C:\Windows\system32\HPZinw12.dll	File exists
 	||||||	"NMIndexingService" (NMIndexingService)	"Nero AG"	C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe	File exists
 	||||||	"Office Source Engine" (ose)	"Microsoft Corporation"	C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	File exists
 	||||||	"Pml Driver HPZ12" (Pml Driver HPZ12)	"Hewlett-Packard"	C:\Windows\system32\HPZipm12.dll	File exists
 	||||||	"Protexis Licensing V2" (PSI_SVC_2)	"Protexis Inc."	c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe	File exists
 	||||||	"SeaPort" (SeaPort)	"Microsoft Corporation"	C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe	File exists
 	      	"TuneUp Utilities Service" (TuneUp.UtilitiesSvc)	"TuneUp Software"	C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe	File exists
 	||||||	"Windows Live ID Sign-in Assistant" (wlidsvc)	"Microsoft Corp."	C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE	File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
 	||||||	"mdnsNSP"	"Apple Inc."	C:\Program Files\Bonjour\mdnsNSP.dll	File exists
 	||||||	"WindowsLive Local NSP"	"Microsoft Corp."	C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL	File exists
 	||||||	"WindowsLive NSP"	"Microsoft Corp."	C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL	File exists
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
Abschließend die aswMBR-Logdatei:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-28 12:44:39
-----------------------------
12:44:39.668    OS Version: Windows 6.1.7601 Service Pack 1
12:44:39.669    Number of processors: 4 586 0x402
12:44:39.671    ComputerName: FOLGER-PC  UserName: Folger
12:45:16.577    Initialize success
12:45:25.672    AVAST engine defs: 12072800
12:45:55.280    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:45:55.280    Disk 0 Vendor: WDC_WD15EARS-00Z5B1 80.00A80 Size: 1430799MB BusType: 11
12:45:55.280    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
12:45:55.280    Disk 1 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 11
12:45:55.296    Disk 0 MBR read successfully
12:45:55.296    Disk 0 MBR scan
12:45:55.312    Disk 0 unknown MBR code
12:45:55.312    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
12:45:55.327    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1409190 MB offset 206848
12:45:55.343    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        20480 MB offset 2886230016
12:45:55.374    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 2928173056
12:45:55.374    Disk 0 scanning sectors +2930275120
12:45:55.421    Disk 0 scanning C:\Windows\system32\drivers
12:46:03.673    Service scanning
12:46:18.088    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
12:46:22.627    Modules scanning
12:46:26.153    Disk 0 trace - called modules:
12:46:26.184    ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8681c1f8]<<
12:46:26.184    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a47030]
12:46:26.200    3 CLASSPNP.SYS[8c5a559e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86a0f030]
12:46:26.200    \Driver\atapi[0x86852c28] -> IRP_MJ_CREATE -> 0x8681c1f8
12:46:28.711    AVAST engine scan C:\Windows
12:46:32.830    AVAST engine scan C:\Windows\system32
12:48:53.620    AVAST engine scan C:\Windows\system32\drivers
12:49:04.400    AVAST engine scan C:\Users\Folger
13:03:09.469    AVAST engine scan C:\ProgramData
13:04:42.835    Scan finished successfully
13:12:18.762    Disk 0 MBR has been saved successfully to "C:\Users\Folger\Desktop\MBR.dat"
13:12:18.778    The log file has been saved successfully to "C:\Users\Folger\Desktop\aswMBR.txt"
         
LG Andreas

Alt 28.07.2012, 23:52   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.07.2012, 19:07   #25
magand
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Hallo Arne,

habe nach der Datensicherung einen MBR-Fix gemacht. Irgendwie war das System anschließend extrem langsam, kann aber sein, dass ich Programme gestartet habe, bevor der PC ganz hochgefahren war. Hier ist jedenfalls die aswMBR-Logdatei:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-29 18:48:18
-----------------------------
18:48:18.834    OS Version: Windows 6.1.7601 Service Pack 1
18:48:18.834    Number of processors: 4 586 0x402
18:48:18.834    ComputerName: FOLGER-PC  UserName: Folger
18:48:20.799    Initialize success
18:48:27.289    AVAST engine defs: 12072800
18:48:32.234    The log file has been saved successfully to "C:\Users\Folger\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-29 18:48:18
-----------------------------
18:48:18.834    OS Version: Windows 6.1.7601 Service Pack 1
18:48:18.834    Number of processors: 4 586 0x402
18:48:18.834    ComputerName: FOLGER-PC  UserName: Folger
18:48:20.799    Initialize success
18:48:27.289    AVAST engine defs: 12072800
18:48:32.234    The log file has been saved successfully to "C:\Users\Folger\Desktop\aswMBR.txt"
18:48:57.031    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:48:57.031    Disk 0 Vendor: WDC_WD15EARS-00Z5B1 80.00A80 Size: 1430799MB BusType: 11
18:48:57.047    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
18:48:57.047    Disk 1 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 11
18:48:57.094    Disk 0 MBR read successfully
18:48:57.094    Disk 0 MBR scan
18:48:57.094    Disk 0 Windows 7 default MBR code
18:48:57.109    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:48:57.125    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1409190 MB offset 206848
18:48:57.156    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        20480 MB offset 2886230016
18:48:57.172    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 2928173056
18:48:57.203    Disk 0 scanning sectors +2930275120
18:48:57.281    Disk 0 scanning C:\Windows\system32\drivers
18:49:11.149    Service scanning
18:49:23.598    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:49:28.200    Modules scanning
18:49:32.365    Disk 0 trace - called modules:
18:49:32.381    ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x868201f8]<<
18:49:32.381    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a2cac8]
18:49:32.397    3 CLASSPNP.SYS[8c64a59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86a0f908]
18:49:32.397    \Driver\atapi[0x86884ee8] -> IRP_MJ_CREATE -> 0x868201f8
18:49:34.799    AVAST engine scan C:\Windows
18:49:44.034    AVAST engine scan C:\Windows\system32
18:52:21.657    AVAST engine scan C:\Windows\system32\drivers
18:52:33.154    AVAST engine scan C:\Users\Folger
19:42:06.316    AVAST engine scan C:\ProgramData
19:49:47.858    Scan finished successfully
19:54:25.275    Disk 0 MBR has been saved successfully to "C:\Users\Folger\Desktop\MBR.dat"
19:54:25.275    The log file has been saved successfully to "C:\Users\Folger\Desktop\aswMBR.txt"
         
LG Andreas

Alt 29.07.2012, 20:17   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.07.2012, 15:20   #27
magand
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Hallo Arne,

einmal die Logdatei von Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.29.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Folger :: FOLGER-PC [Administrator]

Schutz: Aktiviert

29.07.2012 22:39:02
mbam-log-2012-07-29 (22-39-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 466438
Laufzeit: 56 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

... und die Logdatei von SuperAntiSpyware:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/30/2012 at 08:19 AM

Application Version : 5.5.1012

Core Rules Database Version : 8977
Trace Rules Database Version: 6789

Scan type       : Complete Scan
Total Scan Time : 00:49:21

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 694
Memory threats detected   : 0
Registry items scanned    : 38493
Registry threats detected : 0
File items scanned        : 68809
File threats detected     : 45

Adware.Tracking Cookie
	C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\2WL4SDUX.txt [ /doubleclick.net ]
	C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\HOJDLL44.txt [ /apmebf.com ]
	C:\USERS\FOLGER\Cookies\2WL4SDUX.txt [ Cookie:folger@doubleclick.net/ ]
	.doubleclick.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.eaeacom.112.2o7.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.tacoda.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.tacoda.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.tacoda.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.at.atwola.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	ad.adition.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.content.yieldmanager.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Small
	D:\DOWNLOADS\MP3DC206.EXE
	C:\USERS\FOLGER\DOWNLOADS\MP3DC206.EXE
         
LG Andreas

Alt 30.07.2012, 19:36   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Code:
ATTFilter
UAC On - Limited User
         
Wie hast du SUPERAntiSpyware gestartet? Einfach per Doppelklick?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.07.2012, 20:11   #29
magand
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Ich bilde mir zwar ein, ich hätte es als Admin gestartet - sieht aber eher nicht danach aus - mach ich gleich ;-).

Hallo Arne,

jetzt habe ich 100%ig als Admin gestartet und den gleichen Eintrag fabriziert :

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/30/2012 at 10:22 PM

Application Version : 5.5.1012

Core Rules Database Version : 8981
Trace Rules Database Version: 6793

Scan type       : Complete Scan
Total Scan Time : 01:09:26

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 734
Memory threats detected   : 0
Registry items scanned    : 38502
Registry threats detected : 0
File items scanned        : 69044
File threats detected     : 7

Adware.Tracking Cookie
	C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\B9RG49HL.txt [ /ad.zanox.com ]
	C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\MG1218CQ.txt [ /fastclick.net ]
	C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\GKRPCXW1.txt [ /zanox.com ]
	C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\7PR3235E.txt [ /mediaplex.com ]
	C:\USERS\FOLGER\Cookies\MG1218CQ.txt [ Cookie:folger@fastclick.net/ ]
	C:\USERS\FOLGER\Cookies\GKRPCXW1.txt [ Cookie:folger@zanox.com/ ]
	C:\USERS\FOLGER\Cookies\7PR3235E.txt [ Cookie:folger@mediaplex.com/ ]
         
Was tun?
LG

Hallo Arne.

die Logdatei, nachdem ich das System neu gestartet habe und das Programm wiederum als Admin ausgeführt habe:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/31/2012 at 00:09 AM

Application Version : 5.5.1012

Core Rules Database Version : 8981
Trace Rules Database Version: 6793

Scan type       : Complete Scan
Total Scan Time : 01:38:15

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 770
Memory threats detected   : 0
Registry items scanned    : 38613
Registry threats detected : 0
File items scanned        : 69057
File threats detected     : 7

Adware.Tracking Cookie
	C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\B9RG49HL.txt [ /ad.zanox.com ]
	C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\MG1218CQ.txt [ /fastclick.net ]
	C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\GKRPCXW1.txt [ /zanox.com ]
	C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\7PR3235E.txt [ /mediaplex.com ]
	C:\USERS\FOLGER\Cookies\MG1218CQ.txt [ Cookie:folger@fastclick.net/ ]
	C:\USERS\FOLGER\Cookies\GKRPCXW1.txt [ Cookie:folger@zanox.com/ ]
	C:\USERS\FOLGER\Cookies\7PR3235E.txt [ Cookie:folger@mediaplex.com/ ]
         
LG Andreas

Alt 03.08.2012, 19:44   #30
magand
 
E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Standard

E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.



Hallo Arne,

sind wir jetzt durch?

LG Andreas

Antwort

Themen zu E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.
abgebrochen, ad-aware, antivirus, besser, computer, dateien, e-mail, erhalte, fehler, forum, fund, heuristiks/extra, heuristiks/shuriken, infizierte, kein fund, laufzeit, löschen, malwarebytes, meldung, neustart, nichts, problem, programm, quarantäne, report, scan, scannt, unerwünschtes programm, was tun?, zip-datei



Ähnliche Themen: E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.


  1. Trojaner durch Fake- Deutsche Post Mail eingefangen
    Log-Analyse und Auswertung - 10.01.2015 (14)
  2. E-Mail Deutsche Post - ein Fehler in der Lieferanschrift
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (4)
  3. Deutsche Post Trojaner - Fehler in der Lieferanschrift
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (10)
  4. Misteriöse e-mail von: Deutsche Post !
    Diskussionsforum - 12.02.2013 (11)
  5. Deutsche Post Mail
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (17)
  6. Deutsche Post E-Mail
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (5)
  7. deutsche post fehler in der lieferanschrift - aber keine zip datei
    Plagegeister aller Art und deren Bekämpfung - 04.02.2013 (13)
  8. Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)
    Log-Analyse und Auswertung - 22.01.2013 (19)
  9. Deutsche Post Trojaner
    Log-Analyse und Auswertung - 05.01.2013 (18)
  10. Vermutlich Deutsche Post Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (19)
  11. Deutsche Post-mail mit Rogue.PCDefenderPlus
    Plagegeister aller Art und deren Bekämpfung - 25.12.2012 (20)
  12. Trojaner durch Deutsche Post E-Mail
    Log-Analyse und Auswertung - 14.11.2012 (3)
  13. Trojaner aus Deutsche Post Fake Mail
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (22)
  14. Email von Deutscher Post- Fehlerhafte Lieferanschrift
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (27)
  15. Deutsche Post Mail-Attacke - Live Platinum Trojaner + Kazy Trojaner
    Log-Analyse und Auswertung - 02.10.2012 (5)
  16. Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (10)
  17. Trojaner nach falscher Deutsche-Post e-mail.
    Log-Analyse und Auswertung - 13.06.2012 (1)

Zum Thema E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. - Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert - E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift....
Archiv
Du betrachtest: E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.