Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Guten morgen Cosinus,
anbei der Log.

Code: Alles auswählenAufklappen

ATTFilter

09:43:51.0030 2544  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
09:43:52.0652 2544  ============================================================
09:43:52.0652 2544  Current date / time: 2012/09/07 09:43:52.0652
09:43:52.0652 2544  SystemInfo:
09:43:52.0652 2544  
09:43:52.0652 2544  OS Version: 6.1.7601 ServicePack: 1.0
09:43:52.0652 2544  Product type: Workstation
09:43:52.0652 2544  ComputerName: SYLKE-PC
09:43:52.0652 2544  UserName: Sylke
09:43:52.0652 2544  Windows directory: C:\Windows
09:43:52.0652 2544  System windows directory: C:\Windows
09:43:52.0652 2544  Processor architecture: Intel x86
09:43:52.0652 2544  Number of processors: 2
09:43:52.0652 2544  Page size: 0x1000
09:43:52.0652 2544  Boot type: Normal boot
09:43:52.0652 2544  ============================================================
09:43:53.0463 2544  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:43:53.0463 2544  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:43:53.0479 2544  ============================================================
09:43:53.0479 2544  \Device\Harddisk0\DR0:
09:43:53.0479 2544  MBR partitions:
09:43:53.0479 2544  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:43:53.0479 2544  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
09:43:53.0479 2544  \Device\Harddisk1\DR1:
09:43:53.0479 2544  MBR partitions:
09:43:53.0479 2544  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
09:43:53.0479 2544  ============================================================
09:43:53.0510 2544  C: <-> \Device\Harddisk0\DR0\Partition2
09:43:53.0510 2544  F: <-> \Device\Harddisk1\DR1\Partition1
09:43:53.0510 2544  ============================================================
09:43:53.0510 2544  Initialize success
09:43:53.0510 2544  ============================================================
09:44:02.0059 1868  ============================================================
09:44:02.0059 1868  Scan started
09:44:02.0059 1868  Mode: Manual; SigCheck; TDLFS; 
09:44:02.0059 1868  ============================================================
09:44:02.0714 1868  ================ Scan system memory ========================
09:44:02.0714 1868  System memory - ok
09:44:02.0714 1868  ================ Scan services =============================
09:44:02.0855 1868  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:44:02.0901 1868  1394ohci - ok
09:44:02.0917 1868  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:44:02.0933 1868  ACPI - ok
09:44:02.0948 1868  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:44:02.0948 1868  AcpiPmi - ok
09:44:03.0011 1868  [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
09:44:03.0026 1868  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
09:44:03.0026 1868  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
09:44:03.0073 1868  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:44:03.0089 1868  AdobeARMservice - ok
09:44:03.0135 1868  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
09:44:03.0151 1868  adp94xx - ok
09:44:03.0167 1868  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
09:44:03.0182 1868  adpahci - ok
09:44:03.0182 1868  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
09:44:03.0198 1868  adpu320 - ok
09:44:03.0213 1868  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:44:03.0229 1868  AeLookupSvc - ok
09:44:03.0260 1868  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
09:44:03.0260 1868  AFD - ok
09:44:03.0291 1868  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
09:44:03.0307 1868  agp440 - ok
09:44:03.0323 1868  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
09:44:03.0323 1868  aic78xx - ok
09:44:03.0354 1868  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
09:44:03.0354 1868  ALG - ok
09:44:03.0369 1868  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:44:03.0385 1868  aliide - ok
09:44:03.0401 1868  [ F1635C21B484713BCA63182BCD5DC498 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:44:03.0416 1868  AMD External Events Utility - ok
09:44:03.0432 1868  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:44:03.0447 1868  amdagp - ok
09:44:03.0447 1868  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:44:03.0463 1868  amdide - ok
09:44:03.0494 1868  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:44:03.0494 1868  AmdK8 - ok
09:44:03.0572 1868  [ 8331BF867EFEA8067026394B26A045BA ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
09:44:03.0619 1868  amdkmdag - ok
09:44:03.0650 1868  [ 5F9D49DF02E2DDE0A962A0DD8FF2B405 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
09:44:03.0666 1868  amdkmdap - ok
09:44:03.0681 1868  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:44:03.0697 1868  AmdPPM - ok
09:44:03.0728 1868  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:44:03.0744 1868  amdsata - ok
09:44:03.0759 1868  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:44:03.0775 1868  amdsbs - ok
09:44:03.0791 1868  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:44:03.0791 1868  amdxata - ok
09:44:03.0822 1868  [ 6ACC11E9D2F01C88251123D26C1C5489 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
09:44:03.0837 1868  AntiVirFirewallService - ok
09:44:03.0853 1868  [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
09:44:03.0869 1868  AntiVirMailService - ok
09:44:03.0869 1868  [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
09:44:03.0884 1868  AntiVirSchedulerService - ok
09:44:03.0884 1868  [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
09:44:03.0900 1868  AntiVirService - ok
09:44:03.0915 1868  [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
09:44:03.0931 1868  AntiVirWebService - ok
09:44:03.0962 1868  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
09:44:03.0978 1868  AppID - ok
09:44:04.0009 1868  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:44:04.0025 1868  AppIDSvc - ok
09:44:04.0056 1868  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
09:44:04.0087 1868  Appinfo - ok
09:44:04.0103 1868  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
09:44:04.0118 1868  arc - ok
09:44:04.0118 1868  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:44:04.0134 1868  arcsas - ok
09:44:04.0149 1868  [ 9D8CB58B9A9E177DDD599791A58A654D ] AsIO            C:\Windows\system32\drivers\AsIO.sys
09:44:04.0165 1868  AsIO - ok
09:44:04.0181 1868  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:44:04.0196 1868  AsyncMac - ok
09:44:04.0227 1868  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
09:44:04.0243 1868  atapi - ok
09:44:04.0337 1868  [ 8331BF867EFEA8067026394B26A045BA ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:44:04.0383 1868  atikmdag - ok
09:44:04.0415 1868  [ ACA01C43D065E546C6DC88EA669CECA6 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
09:44:04.0415 1868  AtiPcie - ok
09:44:04.0461 1868  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:44:04.0477 1868  AudioEndpointBuilder - ok
09:44:04.0493 1868  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:44:04.0508 1868  Audiosrv - ok
09:44:04.0524 1868  [ E6263CDD0EF3B98CFA2A251A21D8BE2E ] avfwim          C:\Windows\system32\DRIVERS\avfwim.sys
09:44:04.0539 1868  avfwim - ok
09:44:04.0555 1868  [ 48929A52C039738C3193581F7FC483A5 ] avfwot          C:\Windows\system32\DRIVERS\avfwot.sys
09:44:04.0571 1868  avfwot - ok
09:44:04.0586 1868  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
09:44:04.0586 1868  avgntflt - ok
09:44:04.0617 1868  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
09:44:04.0617 1868  avipbb - ok
09:44:04.0633 1868  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
09:44:04.0633 1868  avkmgr - ok
09:44:04.0664 1868  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:44:04.0680 1868  AxInstSV - ok
09:44:04.0711 1868  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
09:44:04.0727 1868  b06bdrv - ok
09:44:04.0742 1868  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
09:44:04.0742 1868  b57nd60x - ok
09:44:04.0773 1868  [ 328E794278CC30CA7C06E346A18B1ABC ] BCUService      C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
09:44:04.0789 1868  BCUService - ok
09:44:04.0805 1868  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:44:04.0820 1868  BDESVC - ok
09:44:04.0836 1868  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:44:04.0851 1868  Beep - ok
09:44:04.0898 1868  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
09:44:04.0945 1868  BFE - ok
09:44:04.0976 1868  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
09:44:05.0007 1868  BITS - ok
09:44:05.0023 1868  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:44:05.0023 1868  blbdrive - ok
09:44:05.0054 1868  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:44:05.0054 1868  bowser - ok
09:44:05.0070 1868  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:44:05.0085 1868  BrFiltLo - ok
09:44:05.0085 1868  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:44:05.0101 1868  BrFiltUp - ok
09:44:05.0117 1868  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
09:44:05.0117 1868  Browser - ok
09:44:05.0148 1868  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:44:05.0163 1868  Brserid - ok
09:44:05.0163 1868  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:44:05.0179 1868  BrSerWdm - ok
09:44:05.0195 1868  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:44:05.0195 1868  BrUsbMdm - ok
09:44:05.0195 1868  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:44:05.0210 1868  BrUsbSer - ok
09:44:05.0226 1868  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:44:05.0241 1868  BTHMODEM - ok
09:44:05.0257 1868  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
09:44:05.0273 1868  bthserv - ok
09:44:05.0288 1868  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:44:05.0304 1868  cdfs - ok
09:44:05.0351 1868  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
09:44:05.0382 1868  cdrom - ok
09:44:05.0413 1868  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
09:44:05.0429 1868  CertPropSvc - ok
09:44:05.0444 1868  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:44:05.0444 1868  circlass - ok
09:44:05.0460 1868  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
09:44:05.0475 1868  CLFS - ok
09:44:05.0522 1868  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:44:05.0538 1868  clr_optimization_v2.0.50727_32 - ok
09:44:05.0600 1868  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:44:05.0631 1868  clr_optimization_v4.0.30319_32 - ok
09:44:05.0663 1868  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:44:05.0678 1868  CmBatt - ok
09:44:05.0694 1868  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:44:05.0694 1868  cmdide - ok
09:44:05.0741 1868  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
09:44:05.0787 1868  CNG - ok
09:44:05.0787 1868  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:44:05.0803 1868  Compbatt - ok
09:44:05.0819 1868  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:44:05.0834 1868  CompositeBus - ok
09:44:05.0834 1868  COMSysApp - ok
09:44:05.0834 1868  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
09:44:05.0850 1868  crcdisk - ok
09:44:05.0881 1868  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:44:05.0897 1868  CryptSvc - ok
09:44:05.0928 1868  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:44:05.0959 1868  DcomLaunch - ok
09:44:05.0975 1868  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:44:05.0990 1868  defragsvc - ok
09:44:06.0021 1868  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:44:06.0084 1868  DfsC - ok
09:44:06.0115 1868  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:44:06.0146 1868  Dhcp - ok
09:44:06.0177 1868  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
09:44:06.0193 1868  discache - ok
09:44:06.0209 1868  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:44:06.0224 1868  Disk - ok
09:44:06.0240 1868  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:44:06.0240 1868  Dnscache - ok
09:44:06.0287 1868  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:44:06.0302 1868  dot3svc - ok
09:44:06.0318 1868  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
09:44:06.0333 1868  DPS - ok
09:44:06.0349 1868  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:44:06.0365 1868  drmkaud - ok
09:44:06.0380 1868  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:44:06.0411 1868  DXGKrnl - ok
09:44:06.0427 1868  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
09:44:06.0443 1868  EapHost - ok
09:44:06.0521 1868  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
09:44:06.0552 1868  ebdrv - ok
09:44:06.0583 1868  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
09:44:06.0583 1868  EFS - ok
09:44:06.0645 1868  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:44:06.0692 1868  ehRecvr - ok
09:44:06.0708 1868  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
09:44:06.0723 1868  ehSched - ok
09:44:06.0755 1868  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
09:44:06.0770 1868  elxstor - ok
09:44:06.0801 1868  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:44:06.0817 1868  ErrDev - ok
09:44:06.0848 1868  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
09:44:06.0864 1868  EventSystem - ok
09:44:06.0879 1868  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
09:44:06.0911 1868  exfat - ok
09:44:06.0911 1868  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:44:06.0926 1868  fastfat - ok
09:44:06.0957 1868  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
09:44:06.0973 1868  Fax - ok
09:44:06.0989 1868  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:44:06.0989 1868  fdc - ok
09:44:07.0004 1868  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
09:44:07.0020 1868  fdPHost - ok
09:44:07.0035 1868  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
09:44:07.0051 1868  FDResPub - ok
09:44:07.0067 1868  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:44:07.0067 1868  FileInfo - ok
09:44:07.0082 1868  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:44:07.0098 1868  Filetrace - ok
09:44:07.0129 1868  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:44:07.0129 1868  flpydisk - ok
09:44:07.0145 1868  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:44:07.0160 1868  FltMgr - ok
09:44:07.0191 1868  [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache       C:\Windows\system32\FntCache.dll
09:44:07.0223 1868  FontCache - ok
09:44:07.0254 1868  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:44:07.0254 1868  FontCache3.0.0.0 - ok
09:44:07.0269 1868  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:44:07.0285 1868  FsDepends - ok
09:44:07.0301 1868  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:44:07.0316 1868  Fs_Rec - ok
09:44:07.0347 1868  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:44:07.0363 1868  fvevol - ok
09:44:07.0379 1868  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:44:07.0379 1868  gagp30kx - ok
09:44:07.0410 1868  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:44:07.0425 1868  gpsvc - ok
09:44:07.0441 1868  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:44:07.0457 1868  hcw85cir - ok
09:44:07.0488 1868  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:44:07.0535 1868  HdAudAddService - ok
09:44:07.0550 1868  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:44:07.0566 1868  HDAudBus - ok
09:44:07.0566 1868  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
09:44:07.0581 1868  HidBatt - ok
09:44:07.0581 1868  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:44:07.0597 1868  HidBth - ok
09:44:07.0613 1868  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:44:07.0628 1868  HidIr - ok
09:44:07.0644 1868  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
09:44:07.0675 1868  hidserv - ok
09:44:07.0691 1868  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
09:44:07.0691 1868  HidUsb - ok
09:44:07.0737 1868  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:44:07.0753 1868  hkmsvc - ok
09:44:07.0784 1868  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:44:07.0800 1868  HomeGroupListener - ok
09:44:07.0831 1868  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:44:07.0862 1868  HomeGroupProvider - ok
09:44:07.0878 1868  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:44:07.0893 1868  HpSAMD - ok
09:44:07.0940 1868  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:44:07.0971 1868  HTTP - ok
09:44:07.0987 1868  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:44:08.0003 1868  hwpolicy - ok
09:44:08.0034 1868  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:44:08.0034 1868  i8042prt - ok
09:44:08.0049 1868  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:44:08.0065 1868  iaStorV - ok
09:44:08.0096 1868  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:44:08.0112 1868  idsvc - ok
09:44:08.0127 1868  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
09:44:08.0143 1868  iirsp - ok
09:44:08.0159 1868  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
09:44:08.0190 1868  IKEEXT - ok
09:44:08.0252 1868  [ 5294F1C52A6D8C2A15FFD2945C552736 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:44:08.0299 1868  IntcAzAudAddService - ok
09:44:08.0330 1868  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:44:08.0330 1868  intelide - ok
09:44:08.0377 1868  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:44:08.0408 1868  intelppm - ok
09:44:08.0424 1868  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:44:08.0455 1868  IPBusEnum - ok
09:44:08.0471 1868  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:44:08.0502 1868  IpFilterDriver - ok
09:44:08.0533 1868  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:44:08.0549 1868  iphlpsvc - ok
09:44:08.0580 1868  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:44:08.0580 1868  IPMIDRV - ok
09:44:08.0595 1868  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:44:08.0611 1868  IPNAT - ok
09:44:08.0627 1868  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:44:08.0642 1868  IRENUM - ok
09:44:08.0658 1868  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:44:08.0658 1868  isapnp - ok
09:44:08.0673 1868  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:44:08.0689 1868  iScsiPrt - ok
09:44:08.0705 1868  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
09:44:08.0705 1868  kbdclass - ok
09:44:08.0720 1868  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
09:44:08.0736 1868  kbdhid - ok
09:44:08.0736 1868  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
09:44:08.0751 1868  KeyIso - ok
09:44:08.0767 1868  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:44:08.0783 1868  KSecDD - ok
09:44:08.0798 1868  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:44:08.0798 1868  KSecPkg - ok
09:44:08.0829 1868  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:44:08.0845 1868  KtmRm - ok
09:44:08.0861 1868  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:44:08.0876 1868  LanmanServer - ok
09:44:08.0892 1868  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:44:08.0907 1868  LanmanWorkstation - ok
09:44:08.0939 1868  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:44:08.0954 1868  lltdio - ok
09:44:08.0985 1868  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:44:09.0001 1868  lltdsvc - ok
09:44:09.0048 1868  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:44:09.0095 1868  lmhosts - ok
09:44:09.0173 1868  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:44:09.0204 1868  LSI_FC - ok
09:44:09.0219 1868  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
09:44:09.0235 1868  LSI_SAS - ok
09:44:09.0251 1868  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:44:09.0266 1868  LSI_SAS2 - ok
09:44:09.0266 1868  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:44:09.0282 1868  LSI_SCSI - ok
09:44:09.0282 1868  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
09:44:09.0297 1868  luafv - ok
09:44:09.0329 1868  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:44:09.0344 1868  Mcx2Svc - ok
09:44:09.0391 1868  [ 0FB32855D0F1774846455D1430A42337 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
09:44:09.0407 1868  MDM ( UnsignedFile.Multi.Generic ) - warning
09:44:09.0407 1868  MDM - detected UnsignedFile.Multi.Generic (1)
09:44:09.0422 1868  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
09:44:09.0438 1868  megasas - ok
09:44:09.0453 1868  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:44:09.0469 1868  MegaSR - ok
09:44:09.0469 1868  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
09:44:09.0485 1868  MMCSS - ok
09:44:09.0500 1868  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
09:44:09.0516 1868  Modem - ok
09:44:09.0531 1868  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:44:09.0547 1868  monitor - ok
09:44:09.0563 1868  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
09:44:09.0563 1868  mouclass - ok
09:44:09.0594 1868  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:44:09.0594 1868  mouhid - ok
09:44:09.0625 1868  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:44:09.0641 1868  mountmgr - ok
09:44:09.0672 1868  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:44:09.0672 1868  MozillaMaintenance - ok
09:44:09.0687 1868  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:44:09.0703 1868  mpio - ok
09:44:09.0719 1868  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:44:09.0734 1868  mpsdrv - ok
09:44:09.0781 1868  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:44:09.0828 1868  MpsSvc - ok
09:44:09.0843 1868  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:44:09.0843 1868  MRxDAV - ok
09:44:09.0875 1868  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:44:09.0890 1868  mrxsmb - ok
09:44:09.0890 1868  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:44:09.0906 1868  mrxsmb10 - ok
09:44:09.0921 1868  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:44:09.0921 1868  mrxsmb20 - ok
09:44:09.0937 1868  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
09:44:09.0937 1868  msahci - ok
09:44:09.0953 1868  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:44:09.0968 1868  msdsm - ok
09:44:09.0984 1868  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
09:44:09.0984 1868  MSDTC - ok
09:44:10.0015 1868  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:44:10.0031 1868  Msfs - ok
09:44:10.0046 1868  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:44:10.0077 1868  mshidkmdf - ok
09:44:10.0093 1868  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:44:10.0093 1868  msisadrv - ok
09:44:10.0124 1868  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:44:10.0155 1868  MSiSCSI - ok
09:44:10.0171 1868  msiserver - ok
09:44:10.0187 1868  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:44:10.0202 1868  MSKSSRV - ok
09:44:10.0218 1868  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:44:10.0249 1868  MSPCLOCK - ok
09:44:10.0249 1868  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:44:10.0265 1868  MSPQM - ok
09:44:10.0296 1868  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:44:10.0296 1868  MsRPC - ok
09:44:10.0343 1868  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:44:10.0343 1868  mssmbios - ok
09:44:10.0358 1868  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:44:10.0374 1868  MSTEE - ok
09:44:10.0389 1868  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:44:10.0389 1868  MTConfig - ok
09:44:10.0436 1868  [ CBE71C122434805CB73FFB6619F60598 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
09:44:10.0436 1868  MTsensor - ok
09:44:10.0452 1868  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:44:10.0467 1868  Mup - ok
09:44:10.0483 1868  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
09:44:10.0514 1868  napagent - ok
09:44:10.0530 1868  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:44:10.0545 1868  NativeWifiP - ok
09:44:10.0592 1868  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:44:10.0608 1868  NDIS - ok
09:44:10.0623 1868  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:44:10.0655 1868  NdisCap - ok
09:44:10.0670 1868  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:44:10.0686 1868  NdisTapi - ok
09:44:10.0717 1868  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:44:10.0748 1868  Ndisuio - ok
09:44:10.0764 1868  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:44:10.0795 1868  NdisWan - ok
09:44:10.0811 1868  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:44:10.0826 1868  NDProxy - ok
09:44:10.0842 1868  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:44:10.0857 1868  NetBIOS - ok
09:44:10.0889 1868  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:44:10.0951 1868  NetBT - ok
09:44:10.0967 1868  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
09:44:10.0982 1868  Netlogon - ok
09:44:11.0013 1868  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
09:44:11.0045 1868  Netman - ok
09:44:11.0045 1868  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
09:44:11.0076 1868  netprofm - ok
09:44:11.0091 1868  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:44:11.0107 1868  NetTcpPortSharing - ok
09:44:11.0123 1868  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
09:44:11.0123 1868  nfrd960 - ok
09:44:11.0154 1868  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:44:11.0185 1868  NlaSvc - ok
09:44:11.0185 1868  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:44:11.0201 1868  Npfs - ok
09:44:11.0216 1868  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
09:44:11.0232 1868  nsi - ok
09:44:11.0263 1868  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:44:11.0279 1868  nsiproxy - ok
09:44:11.0357 1868  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:44:11.0388 1868  Ntfs - ok
09:44:11.0403 1868  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
09:44:11.0419 1868  Null - ok
09:44:11.0435 1868  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:44:11.0450 1868  nvraid - ok
09:44:11.0466 1868  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:44:11.0481 1868  nvstor - ok
09:44:11.0497 1868  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:44:11.0497 1868  nv_agp - ok
09:44:11.0513 1868  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:44:11.0528 1868  ohci1394 - ok
09:44:11.0544 1868  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:44:11.0559 1868  p2pimsvc - ok
09:44:11.0575 1868  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:44:11.0591 1868  p2psvc - ok
09:44:11.0606 1868  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:44:11.0622 1868  Parport - ok
09:44:11.0637 1868  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:44:11.0653 1868  partmgr - ok
09:44:11.0669 1868  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
09:44:11.0669 1868  Parvdm - ok
09:44:11.0684 1868  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:44:11.0684 1868  PcaSvc - ok
09:44:11.0700 1868  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
09:44:11.0715 1868  pci - ok
09:44:11.0715 1868  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
09:44:11.0731 1868  pciide - ok
09:44:11.0747 1868  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:44:11.0762 1868  pcmcia - ok
09:44:11.0809 1868  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
09:44:11.0840 1868  pcw - ok
09:44:11.0856 1868  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:44:11.0903 1868  PEAUTH - ok
09:44:11.0965 1868  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
09:44:12.0012 1868  pla - ok
09:44:12.0027 1868  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:44:12.0043 1868  PlugPlay - ok
09:44:12.0059 1868  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:44:12.0059 1868  PNRPAutoReg - ok
09:44:12.0074 1868  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:44:12.0090 1868  PNRPsvc - ok
09:44:12.0105 1868  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:44:12.0121 1868  PolicyAgent - ok
09:44:12.0152 1868  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
09:44:12.0168 1868  Power - ok
09:44:12.0199 1868  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:44:12.0215 1868  PptpMiniport - ok
09:44:12.0215 1868  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:44:12.0230 1868  Processor - ok
09:44:12.0246 1868  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
09:44:12.0261 1868  ProfSvc - ok
09:44:12.0277 1868  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:44:12.0293 1868  ProtectedStorage - ok
09:44:12.0293 1868  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:44:12.0308 1868  Psched - ok
09:44:12.0324 1868  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:44:12.0355 1868  ql2300 - ok
09:44:12.0355 1868  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:44:12.0371 1868  ql40xx - ok
09:44:12.0386 1868  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
09:44:12.0402 1868  QWAVE - ok
09:44:12.0433 1868  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:44:12.0433 1868  QWAVEdrv - ok
09:44:12.0449 1868  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:44:12.0464 1868  RasAcd - ok
09:44:12.0495 1868  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:44:12.0511 1868  RasAgileVpn - ok
09:44:12.0527 1868  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
09:44:12.0542 1868  RasAuto - ok
09:44:12.0558 1868  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:44:12.0573 1868  Rasl2tp - ok
09:44:12.0589 1868  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
09:44:12.0620 1868  RasMan - ok
09:44:12.0636 1868  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:44:12.0651 1868  RasPppoe - ok
09:44:12.0667 1868  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:44:12.0683 1868  RasSstp - ok
09:44:12.0729 1868  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:44:12.0761 1868  rdbss - ok
09:44:12.0776 1868  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:44:12.0792 1868  rdpbus - ok
09:44:12.0823 1868  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:44:12.0839 1868  RDPCDD - ok
09:44:12.0854 1868  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:44:12.0870 1868  RDPENCDD - ok
09:44:12.0885 1868  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:44:12.0901 1868  RDPREFMP - ok
09:44:12.0917 1868  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:44:12.0932 1868  RDPWD - ok
09:44:12.0979 1868  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:44:12.0995 1868  rdyboost - ok
09:44:13.0010 1868  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:44:13.0026 1868  RemoteAccess - ok
09:44:13.0057 1868  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:44:13.0073 1868  RemoteRegistry - ok
09:44:13.0073 1868  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:44:13.0104 1868  RpcEptMapper - ok
09:44:13.0119 1868  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
09:44:13.0135 1868  RpcLocator - ok
09:44:13.0151 1868  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
09:44:13.0166 1868  RpcSs - ok
09:44:13.0182 1868  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:44:13.0213 1868  rspndr - ok
09:44:13.0244 1868  [ EFFD24B219C44F9044B8DBB95A54B7AB ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
09:44:13.0244 1868  RTL8167 - ok
09:44:13.0260 1868  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
09:44:13.0275 1868  SamSs - ok
09:44:13.0291 1868  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:44:13.0291 1868  sbp2port - ok
09:44:13.0307 1868  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:44:13.0322 1868  SCardSvr - ok
09:44:13.0353 1868  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:44:13.0369 1868  scfilter - ok
09:44:13.0416 1868  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
09:44:13.0463 1868  Schedule - ok
09:44:13.0478 1868  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:44:13.0494 1868  SCPolicySvc - ok
09:44:13.0541 1868  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:44:13.0572 1868  SDRSVC - ok
09:44:13.0587 1868  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:44:13.0619 1868  secdrv - ok
09:44:13.0634 1868  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
09:44:13.0650 1868  seclogon - ok
09:44:13.0665 1868  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
09:44:13.0681 1868  SENS - ok
09:44:13.0712 1868  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:44:13.0728 1868  SensrSvc - ok
09:44:13.0743 1868  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:44:13.0743 1868  Serenum - ok
09:44:13.0775 1868  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:44:13.0790 1868  Serial - ok
09:44:13.0806 1868  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:44:13.0821 1868  sermouse - ok
09:44:13.0837 1868  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:44:13.0853 1868  SessionEnv - ok
09:44:13.0868 1868  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:44:13.0868 1868  sffdisk - ok
09:44:13.0884 1868  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:44:13.0899 1868  sffp_mmc - ok
09:44:13.0899 1868  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:44:13.0915 1868  sffp_sd - ok
09:44:13.0915 1868  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
09:44:13.0931 1868  sfloppy - ok
09:44:13.0946 1868  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:44:13.0977 1868  SharedAccess - ok
09:44:13.0993 1868  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:44:14.0009 1868  ShellHWDetection - ok
09:44:14.0024 1868  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:44:14.0040 1868  sisagp - ok
09:44:14.0055 1868  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:44:14.0055 1868  SiSRaid2 - ok
09:44:14.0055 1868  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:44:14.0071 1868  SiSRaid4 - ok
09:44:14.0087 1868  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:44:14.0102 1868  Smb - ok
09:44:14.0133 1868  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:44:14.0149 1868  SNMPTRAP - ok
09:44:14.0149 1868  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:44:14.0165 1868  spldr - ok
09:44:14.0180 1868  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
09:44:14.0180 1868  Spooler - ok
09:44:14.0445 1868  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
09:44:14.0523 1868  sppsvc - ok
09:44:14.0555 1868  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:44:14.0570 1868  sppuinotify - ok
09:44:14.0601 1868  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:44:14.0601 1868  srv - ok
09:44:14.0617 1868  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:44:14.0617 1868  srv2 - ok
09:44:14.0633 1868  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:44:14.0648 1868  srvnet - ok
09:44:14.0664 1868  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:44:14.0695 1868  SSDPSRV - ok
09:44:14.0711 1868  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
09:44:14.0726 1868  ssmdrv - ok
09:44:14.0726 1868  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:44:14.0742 1868  SstpSvc - ok
09:44:14.0773 1868  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:44:14.0789 1868  stexstor - ok
09:44:14.0820 1868  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
09:44:14.0835 1868  StiSvc - ok
09:44:14.0867 1868  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:44:14.0882 1868  swenum - ok
09:44:14.0898 1868  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
09:44:14.0913 1868  swprv - ok
09:44:14.0960 1868  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
09:44:14.0976 1868  SysMain - ok
09:44:15.0007 1868  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:44:15.0023 1868  TabletInputService - ok
09:44:15.0054 1868  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:44:15.0085 1868  TapiSrv - ok
09:44:15.0085 1868  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
09:44:15.0116 1868  TBS - ok
09:44:15.0147 1868  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:44:15.0163 1868  Tcpip - ok
09:44:15.0194 1868  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:44:15.0210 1868  TCPIP6 - ok
09:44:15.0257 1868  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:44:15.0272 1868  tcpipreg - ok
09:44:15.0288 1868  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:44:15.0303 1868  TDPIPE - ok
09:44:15.0319 1868  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:44:15.0319 1868  TDTCP - ok
09:44:15.0350 1868  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:44:15.0366 1868  tdx - ok
09:44:15.0397 1868  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:44:15.0413 1868  TermDD - ok
09:44:15.0444 1868  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
09:44:15.0491 1868  TermService - ok
09:44:15.0522 1868  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
09:44:15.0537 1868  Themes - ok
09:44:15.0537 1868  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
09:44:15.0553 1868  THREADORDER - ok
09:44:15.0569 1868  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
09:44:15.0600 1868  TrkWks - ok
09:44:15.0615 1868  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:44:15.0631 1868  TrustedInstaller - ok
09:44:15.0662 1868  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:44:15.0678 1868  tssecsrv - ok
09:44:15.0725 1868  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:44:15.0740 1868  TsUsbFlt - ok
09:44:15.0787 1868  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:44:15.0818 1868  tunnel - ok
09:44:15.0834 1868  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:44:15.0849 1868  uagp35 - ok
09:44:15.0865 1868  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:44:15.0896 1868  udfs - ok
09:44:15.0912 1868  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:44:15.0912 1868  UI0Detect - ok
09:44:15.0927 1868  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:44:15.0943 1868  uliagpkx - ok
09:44:15.0943 1868  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
09:44:15.0959 1868  umbus - ok
09:44:15.0974 1868  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:44:15.0974 1868  UmPass - ok
09:44:15.0990 1868  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
09:44:16.0021 1868  upnphost - ok
09:44:16.0052 1868  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:44:16.0052 1868  usbccgp - ok
09:44:16.0083 1868  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:44:16.0099 1868  usbcir - ok
09:44:16.0099 1868  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:44:16.0115 1868  usbehci - ok
09:44:16.0130 1868  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:44:16.0130 1868  usbhub - ok
09:44:16.0146 1868  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
09:44:16.0146 1868  usbohci - ok
09:44:16.0177 1868  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:44:16.0177 1868  usbprint - ok
09:44:16.0208 1868  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:44:16.0208 1868  usbscan - ok
09:44:16.0224 1868  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
09:44:16.0224 1868  USBSTOR - ok
09:44:16.0239 1868  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:44:16.0239 1868  usbuhci - ok
09:44:16.0255 1868  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
09:44:16.0271 1868  UxSms - ok
09:44:16.0286 1868  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
09:44:16.0286 1868  VaultSvc - ok
09:44:16.0302 1868  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:44:16.0317 1868  vdrvroot - ok
09:44:16.0380 1868  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
09:44:16.0427 1868  vds - ok
09:44:16.0442 1868  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:44:16.0458 1868  vga - ok
09:44:16.0473 1868  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:44:16.0489 1868  VgaSave - ok
09:44:16.0489 1868  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:44:16.0505 1868  vhdmp - ok
09:44:16.0520 1868  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:44:16.0520 1868  viaagp - ok
09:44:16.0536 1868  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
09:44:16.0551 1868  ViaC7 - ok
09:44:16.0551 1868  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
09:44:16.0567 1868  viaide - ok
09:44:16.0567 1868  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:44:16.0583 1868  volmgr - ok
09:44:16.0598 1868  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:44:16.0598 1868  volmgrx - ok
09:44:16.0614 1868  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:44:16.0629 1868  volsnap - ok
09:44:16.0629 1868  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
09:44:16.0645 1868  vsmraid - ok
09:44:16.0692 1868  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
09:44:16.0739 1868  VSS - ok
09:44:16.0754 1868  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
09:44:16.0754 1868  vwifibus - ok
09:44:16.0785 1868  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
09:44:16.0817 1868  W32Time - ok
09:44:16.0832 1868  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:44:16.0848 1868  WacomPen - ok
09:44:16.0879 1868  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:44:16.0926 1868  WANARP - ok
09:44:16.0926 1868  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:44:16.0957 1868  Wanarpv6 - ok
09:44:16.0988 1868  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
09:44:17.0004 1868  wbengine - ok
09:44:17.0019 1868  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:44:17.0035 1868  WbioSrvc - ok
09:44:17.0082 1868  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:44:17.0113 1868  wcncsvc - ok
09:44:17.0129 1868  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:44:17.0144 1868  WcsPlugInService - ok
09:44:17.0144 1868  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:44:17.0160 1868  Wd - ok
09:44:17.0175 1868  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:44:17.0191 1868  Wdf01000 - ok
09:44:17.0191 1868  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:44:17.0207 1868  WdiServiceHost - ok
09:44:17.0207 1868  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:44:17.0222 1868  WdiSystemHost - ok
09:44:17.0253 1868  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
09:44:17.0269 1868  WebClient - ok
09:44:17.0269 1868  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:44:17.0300 1868  Wecsvc - ok
09:44:17.0300 1868  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:44:17.0316 1868  wercplsupport - ok
09:44:17.0331 1868  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:44:17.0347 1868  WerSvc - ok
09:44:17.0378 1868  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:44:17.0394 1868  WfpLwf - ok
09:44:17.0409 1868  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:44:17.0409 1868  WIMMount - ok
09:44:17.0456 1868  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
09:44:17.0472 1868  WinDefend - ok
09:44:17.0487 1868  WinHttpAutoProxySvc - ok
09:44:17.0503 1868  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:44:17.0534 1868  Winmgmt - ok
09:44:17.0550 1868  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
09:44:17.0581 1868  WinRM - ok
09:44:17.0597 1868  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:44:17.0628 1868  Wlansvc - ok
09:44:17.0628 1868  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:44:17.0643 1868  WmiAcpi - ok
09:44:17.0675 1868  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:44:17.0675 1868  wmiApSrv - ok
09:44:17.0737 1868  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
09:44:17.0784 1868  WMPNetworkSvc - ok
09:44:17.0799 1868  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:44:17.0799 1868  WPCSvc - ok
09:44:17.0831 1868  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:44:17.0846 1868  WPDBusEnum - ok
09:44:17.0877 1868  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:44:17.0893 1868  ws2ifsl - ok
09:44:17.0909 1868  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
09:44:17.0924 1868  wscsvc - ok
09:44:17.0924 1868  WSearch - ok
09:44:17.0971 1868  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
09:44:18.0002 1868  wuauserv - ok
09:44:18.0018 1868  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:44:18.0033 1868  WudfPf - ok
09:44:18.0080 1868  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:44:18.0096 1868  WUDFRd - ok
09:44:18.0096 1868  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:44:18.0127 1868  wudfsvc - ok
09:44:18.0143 1868  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:44:18.0158 1868  WwanSvc - ok
09:44:18.0158 1868  ================ Scan global ===============================
09:44:18.0189 1868  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:44:18.0221 1868  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:44:18.0236 1868  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:44:18.0252 1868  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:44:18.0283 1868  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:44:18.0283 1868  [Global] - ok
09:44:18.0283 1868  ================ Scan MBR ==================================
09:44:18.0299 1868  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:44:18.0548 1868  \Device\Harddisk0\DR0 - ok
09:44:18.0548 1868  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
09:44:18.0689 1868  \Device\Harddisk1\DR1 - ok
09:44:18.0689 1868  ================ Scan VBR ==================================
09:44:18.0704 1868  [ 2B7518FF064F9708B7EC1A67DB7DD23B ] \Device\Harddisk0\DR0\Partition1
09:44:18.0704 1868  \Device\Harddisk0\DR0\Partition1 - ok
09:44:18.0735 1868  [ B59431063986937F3CF6CF8EE1E92266 ] \Device\Harddisk0\DR0\Partition2
09:44:18.0735 1868  \Device\Harddisk0\DR0\Partition2 - ok
09:44:18.0735 1868  [ 8B6B74A29650D22E8B6B4C7A3F99BFEE ] \Device\Harddisk1\DR1\Partition1
09:44:18.0735 1868  \Device\Harddisk1\DR1\Partition1 - ok
09:44:18.0735 1868  ============================================================
09:44:18.0735 1868  Scan finished
09:44:18.0735 1868  ============================================================
09:44:18.0751 2612  Detected object count: 2
09:44:18.0751 2612  Actual detected object count: 2
09:44:30.0248 2612  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:44:30.0248 2612  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:44:30.0248 2612  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
09:44:30.0248 2612  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Guten Morgen Cosinus,
hier nun der Combofix-log.

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-09-07.03 - Sylke 08.09.2012   8:33.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3326.2351 [GMT 2:00]
ausgeführt von:: c:\users\Sylke\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-08 bis 2012-09-08  ))))))))))))))))))))))))))))))
.
.
2012-09-08 06:37 . 2012-09-08 06:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-06 19:12 . 2012-09-06 19:12	--------	d-----w-	C:\_OTL
2012-09-05 10:44 . 2012-09-05 10:44	--------	d-----w-	c:\windows\Sun
2012-09-05 09:02 . 2012-09-05 09:02	--------	d-----w-	c:\program files\ESET
2012-09-04 09:56 . 2012-09-04 09:56	--------	d-----w-	c:\program files\7-Zip
2012-09-04 06:11 . 2012-09-04 06:11	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-04 06:11 . 2012-09-04 06:11	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-04 06:11 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-29 06:31 . 2010-11-05 01:58	1130824	----a-w-	c:\windows\system32\dfshim.dll
2012-08-29 06:30 . 2010-11-20 12:21	626176	----a-w-	c:\windows\system32\usp10.dll
2012-08-29 06:29 . 2010-11-20 12:21	39936	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-08-29 06:28 . 2010-11-20 12:21	189952	----a-w-	c:\windows\system32\sqmapi.dll
2012-08-29 06:04 . 2011-03-25 02:58	258560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2012-08-29 06:04 . 2011-03-25 02:58	284672	----a-w-	c:\windows\system32\drivers\usbport.sys
2012-08-29 06:04 . 2011-03-25 02:58	75776	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2012-08-29 06:04 . 2011-03-25 02:57	43008	----a-w-	c:\windows\system32\drivers\usbehci.sys
2012-08-29 06:04 . 2011-03-25 02:57	20480	----a-w-	c:\windows\system32\drivers\usbohci.sys
2012-08-29 06:04 . 2011-03-25 02:57	24064	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2012-08-29 06:04 . 2011-03-25 02:57	5888	----a-w-	c:\windows\system32\drivers\usbd.sys
2012-08-29 06:03 . 2011-03-11 05:39	143744	----a-w-	c:\windows\system32\drivers\nvstor.sys
2012-08-29 06:03 . 2011-03-11 05:39	1211264	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-29 06:03 . 2011-03-11 05:33	1699328	----a-w-	c:\windows\system32\esent.dll
2012-08-29 06:03 . 2011-03-11 05:39	148864	----a-w-	c:\windows\system32\drivers\storport.sys
2012-08-29 06:03 . 2011-03-11 05:39	117120	----a-w-	c:\windows\system32\drivers\nvraid.sys
2012-08-29 06:03 . 2011-03-11 05:38	332160	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2012-08-29 06:03 . 2011-03-11 05:38	80256	----a-w-	c:\windows\system32\drivers\amdsata.sys
2012-08-29 06:03 . 2011-03-11 05:38	22400	----a-w-	c:\windows\system32\drivers\amdxata.sys
2012-08-29 06:03 . 2011-03-11 05:31	74240	----a-w-	c:\windows\system32\fsutil.exe
2012-08-29 01:01 . 2012-08-29 01:01	--------	d-----w-	c:\program files\Microsoft.NET
2012-08-28 16:54 . 2012-08-28 16:54	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 16:54 . 2012-08-28 16:54	--------	d-----w-	c:\windows\system32\Macromed
2012-08-28 14:24 . 2012-08-28 14:24	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-08-28 12:48 . 2012-03-01 05:46	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-08-28 12:48 . 2012-03-01 05:37	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-08-28 12:48 . 2012-03-01 05:33	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-08-28 12:48 . 2012-03-01 05:29	5120	----a-w-	c:\windows\system32\wmi.dll
2012-08-28 12:46 . 2010-02-11 07:10	293376	----a-w-	c:\windows\system32\browserchoice.exe
2012-08-28 09:37 . 2012-08-28 09:37	--------	d-----w-	c:\windows\Msagent
2012-08-28 07:51 . 2012-08-28 07:51	--------	d-----w-	c:\programdata\EPSON
2012-08-28 07:50 . 2004-09-10 20:12	49152	----a-w-	c:\windows\system32\E_DCINST.DLL
2012-08-28 07:50 . 2006-12-08 02:04	76800	----a-w-	c:\windows\system32\E_FLBCEE.DLL
2012-08-28 07:50 . 2006-04-19 02:00	62976	----a-w-	c:\windows\system32\E_FD4BCEE.DLL
2012-08-28 07:48 . 2012-08-28 07:50	--------	d-----w-	c:\program files\epson
2012-08-28 07:48 . 2007-04-17 22:00	67072	----a-w-	c:\windows\system32\escwiad.dll
2012-08-28 07:40 . 1998-10-29 14:45	306688	----a-w-	c:\windows\IsUninst.exe
2012-08-28 07:39 . 2012-08-28 07:39	--------	d-----w-	c:\program files\Steinberg
2012-08-28 07:39 . 2001-04-20 01:20	1052672	----a-w-	c:\windows\system32\CDDBControl.dll
2012-08-28 07:30 . 2012-08-28 07:30	--------	d-----w-	c:\programdata\Macrovision
2012-08-28 07:30 . 2012-08-28 07:30	--------	d-----w-	c:\program files\Common Files\Adobe Systems Shared
2012-08-28 06:09 . 2011-04-29 02:46	311808	----a-w-	c:\windows\system32\drivers\srv.sys
2012-08-28 06:09 . 2011-04-29 02:46	310272	----a-w-	c:\windows\system32\drivers\srv2.sys
2012-08-28 06:09 . 2011-04-29 02:46	114688	----a-w-	c:\windows\system32\drivers\srvnet.sys
2012-08-28 06:09 . 2011-04-25 02:18	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2012-08-28 06:09 . 2011-11-17 05:38	1288472	----a-w-	c:\windows\system32\ntdll.dll
2012-08-28 06:09 . 2011-02-18 05:39	31232	----a-w-	c:\windows\system32\prevhost.exe
2012-08-28 06:09 . 2011-02-19 06:30	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-08-28 06:09 . 2011-02-19 04:34	294912	----a-w-	c:\windows\system32\atmfd.dll
2012-08-28 06:09 . 2010-09-30 06:47	70656	----a-w-	c:\windows\system32\fontsub.dll
2012-08-28 06:09 . 2011-03-03 05:38	132608	----a-w-	c:\windows\system32\dnsrslvr.dll
2012-08-28 06:08 . 2012-05-05 07:46	400896	----a-w-	c:\windows\system32\srcore.dll
2012-08-28 06:08 . 2011-03-03 05:36	28672	----a-w-	c:\windows\system32\dnscacheugc.exe
2012-08-28 06:08 . 2010-11-20 12:17	262656	----a-w-	c:\windows\system32\rstrui.exe
2012-08-28 06:08 . 2011-10-01 04:37	708608	----a-w-	c:\program files\Common Files\System\wab32.dll
2012-08-28 06:08 . 2011-08-17 04:24	465408	----a-w-	c:\windows\system32\psisdecd.dll
2012-08-28 06:08 . 2011-08-17 04:19	75776	----a-w-	c:\windows\system32\psisrndr.ax
2012-08-28 06:08 . 2010-11-20 12:16	204288	----a-w-	c:\windows\system32\MSNP.ax
2012-08-28 06:08 . 2010-11-20 12:16	72704	----a-w-	c:\windows\system32\Mpeg2Data.ax
2012-08-28 06:08 . 2010-11-20 12:16	59904	----a-w-	c:\windows\system32\MSDvbNP.ax
2012-08-28 06:06 . 2012-03-30 10:23	1291632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-28 06:05 . 2012-04-26 04:45	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-08-28 06:04 . 2012-05-14 04:33	769024	----a-w-	c:\windows\system32\localspl.dll
2012-08-28 06:04 . 2010-11-20 12:21	30208	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\winprint.dll
2012-08-28 05:55 . 2011-03-11 05:33	1164288	----a-w-	c:\windows\system32\mfc42u.dll
2012-08-28 05:55 . 2011-03-11 05:33	1137664	----a-w-	c:\windows\system32\mfc42.dll
2012-08-28 05:55 . 2011-02-23 04:47	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2012-08-28 05:55 . 2011-04-09 05:56	123904	----a-w-	c:\windows\system32\poqexec.exe
2012-08-28 05:55 . 2011-04-22 19:14	27008	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2012-08-28 05:55 . 2012-04-24 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-08-28 05:55 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-08-28 05:55 . 2012-04-24 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-08-28 05:54 . 2011-02-03 05:54	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2012-08-28 05:54 . 2010-11-20 12:29	728448	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2012-08-28 05:54 . 2010-11-20 11:56	107520	----a-w-	c:\windows\system32\cdd.dll
2012-08-28 05:45 . 2012-02-17 05:34	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-08-28 05:45 . 2012-02-17 04:13	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-08-28 05:45 . 2010-11-20 10:21	18432	----a-w-	c:\windows\system32\drivers\tdpipe.sys
2012-08-28 05:43 . 2012-08-28 05:41	91968	----a-w-	c:\windows\system32\drivers\avfwim.sys
2012-08-28 05:43 . 2012-08-28 05:41	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-08-28 05:43 . 2012-08-28 05:41	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-08-28 05:43 . 2012-08-28 05:41	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-08-28 05:43 . 2012-08-28 05:41	112032	----a-w-	c:\windows\system32\drivers\avfwot.sys
2012-08-28 05:43 . 2012-08-28 05:44	--------	d-----w-	c:\programdata\Avira
2012-08-28 05:43 . 2012-08-28 05:43	--------	d-----w-	c:\program files\Avira
2012-08-28 05:37 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-08-28 05:37 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-08-28 05:37 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-08-28 05:37 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-08-28 05:37 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-08-28 05:37 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-08-28 05:37 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-08-28 05:37 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-08-28 05:37 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-08-27 21:37 . 2012-08-27 20:47	--------	d-----w-	c:\windows\Panther
2012-08-27 21:23 . 2012-08-27 21:23	--------	d-----w-	c:\program files\VideoLAN
2012-08-27 21:20 . 2012-08-28 07:29	--------	d-----w-	c:\program files\Common Files\Adobe
2012-08-27 21:19 . 2012-03-14 16:23	54784	----a-w-	c:\windows\system32\pdfcmon.dll
2012-08-27 21:19 . 2005-04-15 18:58	1071088	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2012-08-27 21:19 . 2004-03-08 23:00	662288	----a-w-	c:\windows\system32\MSCOMCT2.OCX
2012-08-27 21:19 . 1998-06-23 23:00	137000	----a-w-	c:\windows\system32\MSMAPI32.OCX
2012-08-27 21:19 . 2012-08-27 21:19	--------	d-----w-	c:\program files\PDFCreator
2012-08-27 21:19 . 1998-07-06 16:56	125712	----a-w-	c:\windows\system32\VB6DE.DLL
2012-08-27 21:19 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2012-08-27 21:19 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2012-08-27 21:19 . 1998-07-05 23:00	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2012-08-27 21:18 . 2012-08-27 21:18	--------	d-----w-	c:\program files\FileZilla FTP Client
2012-08-27 21:16 . 2012-08-31 18:20	--------	d-----w-	c:\program files\Mozilla Thunderbird
2012-08-27 21:15 . 2012-08-27 21:15	--------	d-----w-	c:\programdata\ATI
2012-08-27 21:11 . 2012-08-27 21:11	--------	d-----w-	c:\programdata\Symantec
2012-08-27 21:11 . 2012-08-29 05:57	--------	d-----w-	c:\programdata\Norton
2012-08-27 21:09 . 2012-08-27 21:09	--------	d-----w-	c:\programdata\DeviceVm
2012-08-27 21:09 . 2012-08-27 21:09	--------	d--h--w-	c:\program files\DeviceVM
2012-08-27 21:08 . 2009-09-30 03:33	24576	----a-r-	c:\windows\system32\AsIO.dll
2012-08-27 21:08 . 2009-08-04 02:28	11296	----a-r-	c:\windows\system32\drivers\AsIO.sys
2012-08-27 21:08 . 2012-08-27 21:08	--------	d-----w-	c:\program files\ASUS
2012-08-27 21:08 . 2008-01-04 11:34	11832	----a-w-	c:\windows\system32\drivers\AsInsHelp64.sys
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 19:56 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2012-09-07 06:34 . 2012-09-07 06:34	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 98304]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-28 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-8-28 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sylke\AppData\Roaming\Mozilla\Firefox\Profiles\wsuy2lde.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://maps.google.de/maps?hl=de&tab=wl
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-08  08:39:39
ComboFix-quarantined-files.txt  2012-09-08 06:39
.
Vor Suchlauf: 6 Verzeichnis(se), 410.060.595.200 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 410.279.231.488 Bytes frei
.
- - End Of File - - 490068DDD49FB4F3C4D13EA629C3E215
         

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS-Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hallo,

hier die 3 Logs, hoffentlich ist alles richtig gelaufen.

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-10 17:56:05
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721050DLE630 rev.MS1OA610
Running: g9zgm1ij.exe; Driver: C:\Users\Sylke\AppData\Local\Temp\ugloypoc.sys


---- System - GMER 1.0.15 ----

SSDT            90E88076                                                                                          ZwCreateSection
SSDT            90E8804E                                                                                          ZwCreateSymbolicLinkObject
SSDT            90E88053                                                                                          ZwLoadDriver
SSDT            90E88049                                                                                          ZwOpenSection
SSDT            90E88080                                                                                          ZwRequestWaitReplyPort
SSDT            90E8807B                                                                                          ZwSetContextThread
SSDT            90E88085                                                                                          ZwSetSecurityObject
SSDT            90E88058                                                                                          ZwSetSystemInformation
SSDT            90E8808A                                                                                          ZwSystemDebugControl
SSDT            90E88017                                                                                          ZwTerminateProcess
SSDT            90E88012                                                                                          ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                          82A423C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            82A7BD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                               82A82EAC 1 Byte  [76]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                               82A82EAC 4 Bytes  [76, 80, E8, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                               82A82EB4 4 Bytes  [4E, 80, E8, 90] {DEC ESI; SUB AL, 0x90}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                               82A82FC8 4 Bytes  [53, 80, E8, 90] {PUSH EBX; SUB AL, 0x90}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                               82A83064 4 Bytes  [49, 80, E8, 90] {DEC ECX; SUB AL, 0x90}
.text           ...                                                                                               
.text           C:\Windows\system32\DRIVERS\atipmdag.sys                                                          section is writeable [0x9143D000, 0x2E7C78, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[2032] ntdll.dll!LdrGetProcedureAddress + 26          777D2239 7 Bytes  JMP 632E0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2032] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D  760293D6 7 Bytes  JMP 63517B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2032] kernel32.dll!QueryPerformanceCounter + 13      7602C435 7 Bytes  JMP 63517B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2032] kernel32.dll!LoadAppInitDlls + 355             7602F4F6 7 Bytes  JMP 632E3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2032] GDI32.dll!GetViewportOrgEx + 26C               75F9884B 7 Bytes  JMP 63517AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume12                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                           avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004b                                                                 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                           avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                         avfwot.sys (TDI filtering kernel driver/Avira GmbH)

---- EOF - GMER 1.0.15 ----
         

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:08:40 on 10.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AsIO" (AsIO) - ? - C:\Windows\System32\drivers\AsIO.sys  (File found, but it contains no detailed information)
"avfwot" (avfwot) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avfwot.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Sylke\AppData\Local\Temp\catchme.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ugloypoc" (ugloypoc) - ? - C:\Users\Sylke\AppData\Local\Temp\ugloypoc.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} "SearchHook Class" - "DeviceVM, Inc." - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Sylke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BCU" - "DeviceVM, Inc." - "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe LM Service" (Adobe LM Service) - ? - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
"Avira FireWall" (AntiVirFirewallService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Browser Configuration Utility Service" (BCUService) - "DeviceVM, Inc." - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Code: Alles auswählenAufklappen

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-10 18:10:38
-----------------------------
18:10:38.895    OS Version: Windows 6.1.7601 Service Pack 1
18:10:38.895    Number of processors: 2 586 0x603
18:10:38.895    ComputerName: SYLKE-PC  UserName: Sylke
18:10:40.081    Initialize success
18:11:34.605    AVAST engine defs: 12091000
19:01:10.186    The log file has been saved successfully to "C:\Users\Sylke\Documents\Virus\aswMBR.txt"
         

aswMBR ist irgendwas nicht gelaufen bitte wiederholen

.... aber jetzt

Code: Alles auswählenAufklappen

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-10 18:10:38
-----------------------------
18:10:38.895    OS Version: Windows 6.1.7601 Service Pack 1
18:10:38.895    Number of processors: 2 586 0x603
18:10:38.895    ComputerName: SYLKE-PC  UserName: Sylke
18:10:40.081    Initialize success
18:11:34.605    AVAST engine defs: 12091000
19:01:10.186    The log file has been saved successfully to "C:\Users\Sylke\Documents\Virus\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-11 07:13:21
-----------------------------
07:13:21.997    OS Version: Windows 6.1.7601 Service Pack 1
07:13:21.997    Number of processors: 2 586 0x603
07:13:21.997    ComputerName: SYLKE-PC  UserName: Sylke
07:13:22.808    Initialize success
07:13:29.719    AVAST engine defs: 12091000
07:13:42.402    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:13:42.417    Disk 0 Vendor: Hitachi_HDS721050DLE630 MS1OA610 Size: 476940MB BusType: 3
07:13:42.464    Disk 0 MBR read successfully
07:13:42.480    Disk 0 MBR scan
07:13:42.480    Disk 0 Windows 7 default MBR code
07:13:42.480    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
07:13:42.526    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
07:13:42.558    Disk 0 scanning sectors +976771072
07:13:42.636    Disk 0 scanning C:\Windows\system32\drivers
07:14:19.608    Service scanning
07:14:35.332    Modules scanning
07:15:39.121    Disk 0 trace - called modules:
07:15:39.152    
07:15:39.776    AVAST engine scan C:\Windows
07:17:06.856    AVAST engine scan C:\Windows\system32
07:24:26.184    AVAST engine scan C:\Windows\system32\drivers
07:24:36.183    AVAST engine scan C:\Users\Sylke
07:25:50.892    AVAST engine scan C:\ProgramData
07:26:01.702    Scan finished successfully
07:28:15.691    Disk 0 MBR has been saved successfully to "C:\Users\Sylke\Documents\Virus\MBR.dat"
07:28:15.691    The log file has been saved successfully to "C:\Users\Sylke\Documents\Virus\aswMBR.txt"
         

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hilfe! sasspy ware läuft auf der FP immer im Kreis auf einem Verzeichnis und zeigt an, ohne Ende threats gefunden zu haben.
Stoppen und nochmal?
Was hab ich falsch gemacht????

Malwarebytes hatt nichts zu meckern, SAS Spyware hat alles mögliche (not harmful) gefunden. Muss ich mir Sorgen machen?

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.11.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sylke :: SYLKE-PC [Administrator]

11.09.2012 18:58:52
mbam-log-2012-09-11 (18-58-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 428990
Laufzeit: 58 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

hier nun die SAS Spyware log
Panik!

zur eigenen Beruhigung hab ich mir den Log angeschaut: fast alles ist auf der ext. FP in einigen wenigen uralt-datensicherungen - da wird aufgeräumt. Bleiben einige Cookies auf C, die er anmeckert, aber nicht als bösartig deklariert. Richtig interpretiert? Bis morgen

Warum ist das SUPERAntiSpyware Log im Anhang? Ist es zu groß? Ich mag Log im Anhang nicht

Zur Info:
SAS ist auf C durchgelaufen, hängt sich aber auf Ext. EP bei den Uraltsicherungen immer auf.
Wir werden die Sicherungen putzen und dann den scan nochmal drüberlaufen lassen. Die Altlasten sind Dir ja schon bekannt gewesen, also unproblematisch.

Code: Alles auswählenAufklappen

ATTFilter

SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 09/12/2012 bei 09:01 AM

Version der Applikation : 5.5.1016

Version der Kern-Datenbank : 9208
Version der Spur-Datenbank : 7020

Scan Art       : kompletter Scann
Totale Scann-Zeit : 00:48:46

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Gescannte Speicherelemente  : 774
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 34239
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 107434
Erfasste Datei-Elemente   : 0
         

Code: Alles auswählenAufklappen

ATTFilter

UAC On - Limited User
         

Wie hast du SUPERAntiSpyware gestartet? Per Doppelklick? Wie steht's in meiner Anleitung?