Dann mach es so, aber auch den Haken bei alle Benutzer setzen!

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

Langsam verzweifel ich, auch wenn ich run scan machen kommt die Fehlermeldung " Out of Memory" nach ca. 15 Minuten.
Hab alles gemacht wie gesagt, also Häkchen bei alle Benutzer, den Text eingefügt und Use Safe List bei Extra Registrierung.

Dann nehm ich dein letztes OTL-Log als Grundlage

Zitat:

O2 - BHO: (DivX Plus Web Player HTML5 <video>)

Sagmal, gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschauen?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!

Ja, nach den Erfahrungen jetzt lasse ich das echt besser sein, bin viel zu sehr auf einen funktionierenden Computer angewiesen.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 2A 2E 24 5C 7C CC 01  [binary data]
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1"
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&q="
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
:Commands
[emptytemp]
[resethosts]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hier ist das Log zum Fix.

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://startsear.ch/?aff=1" removed from browser.startup.homepage
Prefs.js: "hxxp://startsear.ch/?aff=1&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-2191024634-1259103323-1375288803-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-2191024634-1259103323-1375288803-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2191024634-1259103323-1375288803-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\ not found.
File E:\Autorun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Felix
->Temp folder emptied: 250481759 bytes
->Temporary Internet Files folder emptied: 1307364 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50050738 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 657 bytes
 
User: JFGR
->Temp folder emptied: 180224 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44761331 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 126866 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 331,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.32.0 log created on 02222012_094956
         

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

hier kommt der Log zum TDSSKiller

Code: Alles auswählenAufklappen

ATTFilter

11:30:02.0027 3156	TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
11:30:02.0217 3156	============================================================
11:30:02.0217 3156	Current date / time: 2012/02/22 11:30:02.0217
11:30:02.0217 3156	SystemInfo:
11:30:02.0217 3156	
11:30:02.0217 3156	OS Version: 6.1.7600 ServicePack: 0.0
11:30:02.0217 3156	Product type: Workstation
11:30:02.0217 3156	ComputerName: JFGR-PC
11:30:02.0217 3156	UserName: JFGR
11:30:02.0217 3156	Windows directory: C:\Windows
11:30:02.0217 3156	System windows directory: C:\Windows
11:30:02.0217 3156	Running under WOW64
11:30:02.0217 3156	Processor architecture: Intel x64
11:30:02.0217 3156	Number of processors: 2
11:30:02.0217 3156	Page size: 0x1000
11:30:02.0217 3156	Boot type: Normal boot
11:30:02.0217 3156	============================================================
11:30:03.0489 3156	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:30:03.0489 3156	\Device\Harddisk0\DR0:
11:30:03.0489 3156	MBR used
11:30:03.0489 3156	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0x12A14C00
11:30:03.0519 3156	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141859B9, BlocksNum 0x112A7D08
11:30:03.0589 3156	Initialize success
11:30:03.0589 3156	============================================================
11:31:26.0243 4516	============================================================
11:31:26.0243 4516	Scan started
11:31:26.0243 4516	Mode: Manual; SigCheck; TDLFS; 
11:31:26.0243 4516	============================================================
11:31:26.0923 4516	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:31:27.0153 4516	1394ohci - ok
11:31:27.0303 4516	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:31:27.0333 4516	ACPI - ok
11:31:27.0453 4516	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:31:27.0543 4516	AcpiPmi - ok
11:31:27.0723 4516	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:31:27.0763 4516	adp94xx - ok
11:31:27.0913 4516	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:31:27.0943 4516	adpahci - ok
11:31:28.0093 4516	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:31:28.0113 4516	adpu320 - ok
11:31:28.0283 4516	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
11:31:28.0373 4516	AFD - ok
11:31:28.0593 4516	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:31:28.0613 4516	agp440 - ok
11:31:28.0723 4516	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:31:28.0743 4516	aliide - ok
11:31:28.0893 4516	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:31:28.0913 4516	amdide - ok
11:31:29.0053 4516	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:31:29.0113 4516	AmdK8 - ok
11:31:29.0495 4516	amdkmdag        (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys
11:31:29.0935 4516	amdkmdag - ok
11:31:30.0067 4516	amdkmdap        (8c493027d9b2399283e724e9862ebb42) C:\Windows\system32\DRIVERS\atikmpag.sys
11:31:30.0127 4516	amdkmdap - ok
11:31:30.0257 4516	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:31:30.0307 4516	AmdPPM - ok
11:31:30.0467 4516	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
11:31:30.0497 4516	amdsata - ok
11:31:30.0637 4516	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:31:30.0657 4516	amdsbs - ok
11:31:30.0807 4516	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
11:31:30.0827 4516	amdxata - ok
11:31:31.0047 4516	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:31:31.0147 4516	AppID - ok
11:31:31.0337 4516	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:31:31.0357 4516	arc - ok
11:31:31.0507 4516	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:31:31.0527 4516	arcsas - ok
11:31:31.0637 4516	ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
11:31:43.0419 4516	ASMMAP64 - ok
11:31:43.0559 4516	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:31:43.0709 4516	AsyncMac - ok
11:31:43.0829 4516	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:31:43.0849 4516	atapi - ok
11:31:44.0041 4516	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
11:31:44.0131 4516	athr - ok
11:31:44.0301 4516	AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
11:31:44.0321 4516	AtiHDAudioService - ok
11:31:44.0739 4516	atikmdag        (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys
11:31:44.0963 4516	atikmdag - ok
11:31:45.0183 4516	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
11:31:45.0203 4516	avgntflt - ok
11:31:45.0293 4516	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
11:31:45.0313 4516	avipbb - ok
11:31:45.0333 4516	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
11:31:45.0353 4516	avkmgr - ok
11:31:45.0443 4516	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:31:45.0523 4516	b06bdrv - ok
11:31:45.0663 4516	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:31:45.0713 4516	b57nd60a - ok
11:31:45.0873 4516	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:31:45.0963 4516	Beep - ok
11:31:46.0133 4516	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:31:46.0173 4516	blbdrive - ok
11:31:46.0333 4516	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:31:46.0403 4516	bowser - ok
11:31:46.0483 4516	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:31:46.0533 4516	BrFiltLo - ok
11:31:46.0573 4516	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:31:46.0603 4516	BrFiltUp - ok
11:31:46.0643 4516	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:31:46.0703 4516	Brserid - ok
11:31:46.0843 4516	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:31:46.0893 4516	BrSerWdm - ok
11:31:47.0035 4516	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:31:47.0095 4516	BrUsbMdm - ok
11:31:47.0225 4516	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:31:47.0265 4516	BrUsbSer - ok
11:31:47.0405 4516	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:31:47.0445 4516	BTHMODEM - ok
11:31:47.0605 4516	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:31:47.0685 4516	cdfs - ok
11:31:47.0845 4516	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:31:47.0885 4516	cdrom - ok
11:31:48.0035 4516	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:31:48.0075 4516	circlass - ok
11:31:48.0165 4516	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:31:48.0195 4516	CLFS - ok
11:31:48.0395 4516	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:31:48.0435 4516	CmBatt - ok
11:31:48.0555 4516	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:31:48.0575 4516	cmdide - ok
11:31:48.0715 4516	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
11:31:48.0765 4516	CNG - ok
11:31:48.0905 4516	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:31:48.0925 4516	Compbatt - ok
11:31:49.0055 4516	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:31:49.0105 4516	CompositeBus - ok
11:31:49.0245 4516	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:31:49.0265 4516	crcdisk - ok
11:31:49.0435 4516	CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
11:31:49.0505 4516	CSC - ok
11:31:49.0705 4516	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:31:49.0765 4516	DfsC - ok
11:31:49.0895 4516	DgiVecp         (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys
11:31:49.0915 4516	DgiVecp - ok
11:31:50.0045 4516	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:31:50.0145 4516	discache - ok
11:31:50.0315 4516	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:31:50.0345 4516	Disk - ok
11:31:50.0507 4516	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:31:50.0557 4516	drmkaud - ok
11:31:50.0717 4516	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:31:50.0767 4516	DXGKrnl - ok
11:31:50.0987 4516	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:31:51.0149 4516	ebdrv - ok
11:31:51.0331 4516	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:31:51.0361 4516	elxstor - ok
11:31:51.0491 4516	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:31:51.0531 4516	ErrDev - ok
11:31:51.0691 4516	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:31:51.0771 4516	exfat - ok
11:31:51.0911 4516	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:31:51.0991 4516	fastfat - ok
11:31:52.0141 4516	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:31:52.0161 4516	fdc - ok
11:31:52.0321 4516	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:31:52.0341 4516	FileInfo - ok
11:31:52.0481 4516	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:31:52.0561 4516	Filetrace - ok
11:31:52.0691 4516	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:31:52.0731 4516	flpydisk - ok
11:31:52.0891 4516	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:31:52.0921 4516	FltMgr - ok
11:31:53.0061 4516	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:31:53.0091 4516	FsDepends - ok
11:31:53.0211 4516	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:31:53.0241 4516	Fs_Rec - ok
11:31:53.0381 4516	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:31:53.0421 4516	fvevol - ok
11:31:53.0561 4516	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:31:53.0581 4516	gagp30kx - ok
11:31:53.0721 4516	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:31:53.0741 4516	GEARAspiWDM - ok
11:31:53.0941 4516	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:31:53.0981 4516	hamachi - ok
11:31:54.0193 4516	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:31:54.0253 4516	hcw85cir - ok
11:31:54.0403 4516	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:31:54.0464 4516	HdAudAddService - ok
11:31:54.0605 4516	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:31:54.0670 4516	HDAudBus - ok
11:31:54.0807 4516	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:31:54.0857 4516	HidBatt - ok
11:31:54.0999 4516	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:31:55.0059 4516	HidBth - ok
11:31:55.0251 4516	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:31:55.0301 4516	HidIr - ok
11:31:55.0464 4516	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:31:55.0547 4516	HidUsb - ok
11:31:55.0747 4516	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:31:55.0767 4516	HpSAMD - ok
11:31:55.0957 4516	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:31:56.0047 4516	HTTP - ok
11:31:56.0167 4516	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:31:56.0197 4516	hwpolicy - ok
11:31:56.0347 4516	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:31:56.0367 4516	i8042prt - ok
11:31:56.0527 4516	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
11:31:56.0557 4516	iaStorV - ok
11:31:56.0707 4516	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:31:56.0727 4516	iirsp - ok
11:31:56.0867 4516	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:31:56.0887 4516	intelide - ok
11:31:57.0027 4516	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:31:57.0057 4516	intelppm - ok
11:31:57.0197 4516	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:31:57.0277 4516	IpFilterDriver - ok
11:31:57.0417 4516	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:31:57.0457 4516	IPMIDRV - ok
11:31:57.0597 4516	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:31:57.0697 4516	IPNAT - ok
11:31:57.0869 4516	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:31:57.0959 4516	IRENUM - ok
11:31:58.0089 4516	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:31:58.0119 4516	isapnp - ok
11:31:58.0259 4516	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:31:58.0279 4516	iScsiPrt - ok
11:31:58.0379 4516	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:31:58.0399 4516	kbdclass - ok
11:31:58.0459 4516	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:31:58.0499 4516	kbdhid - ok
11:31:58.0649 4516	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
11:31:58.0669 4516	KSecDD - ok
11:31:58.0809 4516	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
11:31:58.0839 4516	KSecPkg - ok
11:31:58.0979 4516	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:31:59.0059 4516	ksthunk - ok
11:31:59.0239 4516	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:31:59.0319 4516	lltdio - ok
11:31:59.0479 4516	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:31:59.0509 4516	LSI_FC - ok
11:31:59.0639 4516	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:31:59.0659 4516	LSI_SAS - ok
11:31:59.0789 4516	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:31:59.0819 4516	LSI_SAS2 - ok
11:31:59.0971 4516	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:31:59.0991 4516	LSI_SCSI - ok
11:32:00.0121 4516	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:32:00.0211 4516	luafv - ok
11:32:00.0381 4516	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:32:00.0391 4516	MBAMProtector - ok
11:32:00.0541 4516	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:32:00.0561 4516	megasas - ok
11:32:00.0701 4516	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:32:00.0731 4516	MegaSR - ok
11:32:00.0871 4516	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:32:00.0951 4516	Modem - ok
11:32:01.0101 4516	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:32:01.0151 4516	monitor - ok
11:32:01.0281 4516	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:32:01.0301 4516	mouclass - ok
11:32:01.0441 4516	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:32:01.0481 4516	mouhid - ok
11:32:01.0621 4516	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:32:01.0641 4516	mountmgr - ok
11:32:01.0781 4516	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:32:01.0801 4516	mpio - ok
11:32:01.0941 4516	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:32:02.0041 4516	mpsdrv - ok
11:32:02.0191 4516	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:32:02.0231 4516	MRxDAV - ok
11:32:02.0381 4516	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:32:02.0411 4516	mrxsmb - ok
11:32:02.0571 4516	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:32:02.0621 4516	mrxsmb10 - ok
11:32:02.0751 4516	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:32:02.0791 4516	mrxsmb20 - ok
11:32:02.0921 4516	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:32:02.0941 4516	msahci - ok
11:32:03.0071 4516	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:32:03.0101 4516	msdsm - ok
11:32:03.0271 4516	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:32:03.0341 4516	Msfs - ok
11:32:03.0491 4516	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:32:03.0571 4516	mshidkmdf - ok
11:32:03.0701 4516	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:32:03.0721 4516	msisadrv - ok
11:32:03.0881 4516	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:32:03.0961 4516	MSKSSRV - ok
11:32:04.0103 4516	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:32:04.0183 4516	MSPCLOCK - ok
11:32:04.0323 4516	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:32:04.0413 4516	MSPQM - ok
11:32:04.0573 4516	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:32:04.0603 4516	MsRPC - ok
11:32:04.0733 4516	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:32:04.0753 4516	mssmbios - ok
11:32:04.0893 4516	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:32:04.0973 4516	MSTEE - ok
11:32:05.0103 4516	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:32:05.0143 4516	MTConfig - ok
11:32:05.0293 4516	MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
11:32:05.0313 4516	MTsensor - ok
11:32:05.0453 4516	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:32:05.0473 4516	Mup - ok
11:32:05.0643 4516	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:32:05.0703 4516	NativeWifiP - ok
11:32:05.0873 4516	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:32:05.0923 4516	NDIS - ok
11:32:06.0053 4516	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:32:06.0151 4516	NdisCap - ok
11:32:06.0285 4516	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:32:06.0365 4516	NdisTapi - ok
11:32:06.0507 4516	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:32:06.0577 4516	Ndisuio - ok
11:32:06.0719 4516	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:32:06.0789 4516	NdisWan - ok
11:32:06.0919 4516	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:32:07.0009 4516	NDProxy - ok
11:32:07.0191 4516	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:32:07.0271 4516	NetBIOS - ok
11:32:07.0411 4516	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:32:07.0501 4516	NetBT - ok
11:32:07.0671 4516	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:32:07.0701 4516	nfrd960 - ok
11:32:07.0841 4516	nmwcd           (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys
11:32:07.0911 4516	nmwcd - ok
11:32:08.0061 4516	nmwcdc          (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys
11:32:08.0111 4516	nmwcdc - ok
11:32:08.0281 4516	nmwcdnsucx64    (697ca586209e022d15dd0c838b235d6a) C:\Windows\system32\drivers\nmwcdnsucx64.sys
11:32:08.0331 4516	nmwcdnsucx64 - ok
11:32:08.0491 4516	nmwcdnsux64     (292ddf13f91f2cb2482b57aacd6aeb9b) C:\Windows\system32\drivers\nmwcdnsux64.sys
11:32:08.0561 4516	nmwcdnsux64 - ok
11:32:08.0701 4516	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:32:08.0771 4516	Npfs - ok
11:32:08.0921 4516	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:32:09.0001 4516	nsiproxy - ok
11:32:09.0201 4516	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
11:32:09.0281 4516	Ntfs - ok
11:32:09.0421 4516	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:32:09.0501 4516	Null - ok
11:32:09.0641 4516	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
11:32:09.0671 4516	nvraid - ok
11:32:09.0811 4516	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
11:32:09.0831 4516	nvstor - ok
11:32:09.0971 4516	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:32:09.0991 4516	nv_agp - ok
11:32:10.0131 4516	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:32:10.0171 4516	ohci1394 - ok
11:32:10.0351 4516	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:32:10.0381 4516	Parport - ok
11:32:10.0523 4516	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:32:10.0543 4516	partmgr - ok
11:32:10.0723 4516	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
11:32:10.0753 4516	pccsmcfd - ok
11:32:10.0883 4516	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:32:10.0913 4516	pci - ok
11:32:11.0043 4516	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:32:11.0063 4516	pciide - ok
11:32:11.0223 4516	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:32:11.0243 4516	pcmcia - ok
11:32:11.0373 4516	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:32:11.0403 4516	pcw - ok
11:32:11.0553 4516	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:32:11.0650 4516	PEAUTH - ok
11:32:11.0915 4516	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:32:11.0995 4516	PptpMiniport - ok
11:32:12.0135 4516	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:32:12.0175 4516	Processor - ok
11:32:12.0345 4516	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:32:12.0415 4516	Psched - ok
11:32:12.0555 4516	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:32:12.0636 4516	ql2300 - ok
11:32:12.0777 4516	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:32:12.0797 4516	ql40xx - ok
11:32:12.0947 4516	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:32:12.0997 4516	QWAVEdrv - ok
11:32:13.0127 4516	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:32:13.0207 4516	RasAcd - ok
11:32:13.0357 4516	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:32:13.0437 4516	RasAgileVpn - ok
11:32:13.0567 4516	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:32:13.0657 4516	Rasl2tp - ok
11:32:13.0797 4516	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:32:13.0887 4516	RasPppoe - ok
11:32:14.0017 4516	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:32:14.0097 4516	RasSstp - ok
11:32:14.0237 4516	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:32:14.0327 4516	rdbss - ok
11:32:14.0457 4516	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:32:14.0497 4516	rdpbus - ok
11:32:14.0637 4516	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:32:14.0727 4516	RDPCDD - ok
11:32:14.0877 4516	RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
11:32:14.0927 4516	RDPDR - ok
11:32:15.0067 4516	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:32:15.0147 4516	RDPENCDD - ok
11:32:15.0277 4516	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:32:15.0347 4516	RDPREFMP - ok
11:32:15.0477 4516	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
11:32:15.0567 4516	RDPWD - ok
11:32:15.0737 4516	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:32:15.0757 4516	rdyboost - ok
11:32:15.0937 4516	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:32:16.0017 4516	rspndr - ok
11:32:16.0157 4516	s3cap           (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
11:32:16.0217 4516	s3cap - ok
11:32:16.0357 4516	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:32:16.0377 4516	sbp2port - ok
11:32:16.0527 4516	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:32:16.0607 4516	scfilter - ok
11:32:16.0777 4516	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:32:16.0857 4516	secdrv - ok
11:32:17.0007 4516	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:32:17.0027 4516	Serenum - ok
11:32:17.0167 4516	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:32:17.0207 4516	Serial - ok
11:32:17.0337 4516	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:32:17.0367 4516	sermouse - ok
11:32:17.0547 4516	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:32:17.0587 4516	sffdisk - ok
11:32:17.0717 4516	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:32:17.0757 4516	sffp_mmc - ok
11:32:17.0897 4516	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:32:17.0937 4516	sffp_sd - ok
11:32:18.0077 4516	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:32:18.0117 4516	sfloppy - ok
11:32:18.0267 4516	SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
11:32:18.0317 4516	SiSGbeLH - ok
11:32:18.0467 4516	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:32:18.0487 4516	SiSRaid2 - ok
11:32:18.0637 4516	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:32:18.0657 4516	SiSRaid4 - ok
11:32:18.0797 4516	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:32:18.0889 4516	Smb - ok
11:32:19.0059 4516	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:32:19.0079 4516	spldr - ok
11:32:19.0319 4516	sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
11:32:19.0319 4516	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
11:32:19.0339 4516	sptd ( LockedFile.Multi.Generic ) - warning
11:32:19.0339 4516	sptd - detected LockedFile.Multi.Generic (1)
11:32:19.0479 4516	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:32:19.0549 4516	srv - ok
11:32:19.0699 4516	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:32:19.0729 4516	srv2 - ok
11:32:19.0869 4516	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:32:19.0909 4516	srvnet - ok
11:32:20.0049 4516	SSPORT          (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
11:32:20.0069 4516	SSPORT - ok
11:32:20.0209 4516	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:32:20.0229 4516	stexstor - ok
11:32:20.0369 4516	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
11:32:20.0419 4516	StillCam - ok
11:32:20.0569 4516	storflt         (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
11:32:20.0589 4516	storflt - ok
11:32:20.0741 4516	storvsc         (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
11:32:20.0761 4516	storvsc - ok
11:32:20.0881 4516	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:32:20.0901 4516	swenum - ok
11:32:21.0063 4516	tap0901         (024adc7f69d1776d72cc5d031b41ce4f) C:\Windows\system32\DRIVERS\tap0901.sys
11:32:21.0113 4516	tap0901 - ok
11:32:21.0263 4516	tap0901t        (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
11:32:21.0303 4516	tap0901t ( UnsignedFile.Multi.Generic ) - warning
11:32:21.0303 4516	tap0901t - detected UnsignedFile.Multi.Generic (1)
11:32:21.0513 4516	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
11:32:21.0603 4516	Tcpip - ok
11:32:21.0813 4516	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
11:32:21.0883 4516	TCPIP6 - ok
11:32:22.0023 4516	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:32:22.0103 4516	tcpipreg - ok
11:32:22.0263 4516	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:32:22.0333 4516	TDPIPE - ok
11:32:22.0483 4516	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:32:22.0573 4516	TDTCP - ok
11:32:22.0713 4516	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:32:22.0803 4516	tdx - ok
11:32:22.0943 4516	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:32:22.0973 4516	TermDD - ok
11:32:23.0143 4516	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:32:23.0213 4516	tssecsrv - ok
11:32:23.0383 4516	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:32:23.0463 4516	tunnel - ok
11:32:23.0613 4516	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:32:23.0633 4516	uagp35 - ok
11:32:23.0783 4516	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:32:23.0873 4516	udfs - ok
11:32:24.0033 4516	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:32:24.0053 4516	uliagpkx - ok
11:32:24.0193 4516	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:32:24.0233 4516	umbus - ok
11:32:24.0353 4516	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:32:24.0393 4516	UmPass - ok
11:32:24.0565 4516	upperdev        (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
11:32:24.0625 4516	upperdev - ok
11:32:24.0785 4516	USBAAPL64       (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
11:32:24.0835 4516	USBAAPL64 - ok
11:32:24.0975 4516	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
11:32:25.0035 4516	usbccgp - ok
11:32:25.0165 4516	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:32:25.0215 4516	usbcir - ok
11:32:25.0357 4516	usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
11:32:25.0397 4516	usbehci - ok
11:32:25.0557 4516	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
11:32:25.0607 4516	usbhub - ok
11:32:25.0749 4516	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
11:32:25.0789 4516	usbohci - ok
11:32:25.0919 4516	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:32:25.0969 4516	usbprint - ok
11:32:26.0099 4516	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:32:26.0129 4516	usbscan - ok
11:32:26.0289 4516	usbser          (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
11:32:26.0339 4516	usbser - ok
11:32:26.0449 4516	UsbserFilt      (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
11:32:26.0499 4516	UsbserFilt - ok
11:32:26.0539 4516	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:32:26.0599 4516	USBSTOR - ok
11:32:26.0739 4516	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
11:32:26.0779 4516	usbuhci - ok
11:32:26.0939 4516	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
11:32:26.0999 4516	usbvideo - ok
11:32:27.0171 4516	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:32:27.0191 4516	vdrvroot - ok
11:32:27.0363 4516	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:32:27.0393 4516	vga - ok
11:32:27.0523 4516	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:32:27.0613 4516	VgaSave - ok
11:32:27.0743 4516	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:32:27.0763 4516	vhdmp - ok
11:32:27.0903 4516	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:32:27.0923 4516	viaide - ok
11:32:28.0043 4516	vmbus           (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
11:32:28.0073 4516	vmbus - ok
11:32:28.0193 4516	VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
11:32:28.0233 4516	VMBusHID - ok
11:32:28.0353 4516	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:32:28.0383 4516	volmgr - ok
11:32:28.0503 4516	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:32:28.0533 4516	volmgrx - ok
11:32:28.0683 4516	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:32:28.0713 4516	volsnap - ok
11:32:28.0843 4516	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:32:28.0873 4516	vsmraid - ok
11:32:29.0003 4516	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:32:29.0033 4516	vwifibus - ok
11:32:29.0153 4516	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:32:29.0203 4516	vwififlt - ok
11:32:29.0343 4516	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:32:29.0373 4516	vwifimp - ok
11:32:29.0515 4516	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:32:29.0555 4516	WacomPen - ok
11:32:29.0715 4516	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:32:29.0795 4516	WANARP - ok
11:32:29.0825 4516	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:32:29.0895 4516	Wanarpv6 - ok
11:32:30.0045 4516	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:32:30.0065 4516	Wd - ok
11:32:30.0205 4516	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:32:30.0255 4516	Wdf01000 - ok
11:32:30.0437 4516	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:32:30.0497 4516	WfpLwf - ok
11:32:30.0627 4516	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:32:30.0647 4516	WIMMount - ok
11:32:30.0887 4516	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
11:32:30.0917 4516	WinUsb - ok
11:32:31.0057 4516	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:32:31.0107 4516	WmiAcpi - ok
11:32:31.0269 4516	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:32:31.0349 4516	ws2ifsl - ok
11:32:31.0519 4516	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:32:31.0556 4516	WSDPrintDevice - ok
11:32:31.0691 4516	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:32:31.0771 4516	WudfPf - ok
11:32:31.0921 4516	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:32:31.0991 4516	WUDFRd - ok
11:32:32.0081 4516	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:32:32.0231 4516	\Device\Harddisk0\DR0 - ok
11:32:32.0241 4516	Boot (0x1200)   (a054ea219235462a3cd6f74bf46aff6d) \Device\Harddisk0\DR0\Partition0
11:32:32.0241 4516	\Device\Harddisk0\DR0\Partition0 - ok
11:32:32.0251 4516	Boot (0x1200)   (a9ec316e4ae1cd7b1cb8e1cb4e7f9ef6) \Device\Harddisk0\DR0\Partition1
11:32:32.0251 4516	\Device\Harddisk0\DR0\Partition1 - ok
11:32:32.0261 4516	============================================================
11:32:32.0261 4516	Scan finished
11:32:32.0261 4516	============================================================
11:32:32.0281 4836	Detected object count: 2
11:32:32.0281 4836	Actual detected object count: 2
11:38:22.0814 4836	sptd ( LockedFile.Multi.Generic ) - skipped by user
11:38:22.0814 4836	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
11:38:22.0814 4836	tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
11:38:22.0814 4836	tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hier das Log von ComboFix!

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-02-22.01 - JFGR 22.02.2012  13:41:44.1.2 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4095.2871 [GMT 1:00]
ausgeführt von:: c:\users\Felix\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-22 bis 2012-02-22  ))))))))))))))))))))))))))))))
.
.
2012-02-22 13:02 . 2012-02-22 13:02	--------	d-----w-	c:\users\JFGR\AppData\Roaming\PC Suite
2012-02-22 12:52 . 2012-02-22 13:03	--------	d-----w-	c:\users\JFGR\AppData\Local\temp
2012-02-22 12:52 . 2012-02-22 12:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-21 09:38 . 2012-02-08 07:13	8643640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DFF0251-5B3E-4D11-A17F-779BCAA9FA27}\mpengine.dll
2012-02-20 09:16 . 2012-02-20 09:16	--------	d-----w-	c:\program files\Defraggler
2012-02-19 19:17 . 2012-02-19 19:17	--------	d-----w-	c:\program files (x86)\ESET
2012-02-18 17:17 . 2012-02-18 17:17	--------	d-----w-	c:\users\Felix\AppData\Roaming\Malwarebytes
2012-02-18 16:24 . 2012-02-18 16:24	--------	d-----w-	C:\_OTL
2012-02-18 16:21 . 2012-02-18 16:21	--------	d-----w-	c:\users\JFGR\AppData\Roaming\Malwarebytes
2012-02-18 16:21 . 2012-02-18 16:21	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-18 16:21 . 2012-02-18 16:21	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-18 16:21 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-10 22:35 . 2012-02-10 22:35	--------	d-----w-	c:\users\Felix\AppData\Local\DDMSettings
2012-02-07 21:26 . 2012-02-07 21:26	--------	d-----w-	c:\users\Felix\AppData\Roaming\Nokia
2012-02-07 21:26 . 2012-02-07 21:26	--------	d-----w-	c:\users\Felix\AppData\Local\Nokia
2012-02-07 21:26 . 2012-02-22 13:02	--------	d-----w-	c:\users\JFGR\AppData\Local\Nokia
2012-02-07 21:26 . 2012-02-07 21:26	--------	d-----w-	c:\users\JFGR\AppData\Roaming\Nokia
2012-02-07 21:26 . 2012-02-07 21:27	--------	d-----w-	c:\programdata\PC Suite
2012-02-07 21:26 . 2012-02-07 21:28	--------	d-----w-	c:\users\Felix\AppData\Roaming\PC Suite
2012-02-07 21:25 . 2012-02-07 21:25	--------	d-----w-	c:\program files (x86)\Common Files\Nokia
2012-02-07 21:25 . 2012-02-07 21:25	--------	d-----w-	c:\programdata\Nokia
2012-02-07 21:24 . 2012-02-07 21:24	--------	d-----w-	c:\program files\DIFX
2012-02-07 21:24 . 2008-08-28 10:44	25600	----a-w-	c:\windows\system32\drivers\pccsmcfdx64.sys
2012-02-07 21:24 . 2012-02-07 21:24	--------	d-----w-	c:\program files (x86)\PC Connectivity Solution
2012-02-07 21:21 . 2012-02-07 21:25	--------	d-----w-	c:\program files (x86)\Nokia
2012-02-04 17:56 . 2012-02-04 17:56	--------	d-----w-	c:\users\JFGR\AppData\Roaming\Avira
2012-02-04 17:52 . 2012-02-04 17:52	--------	d-----w-	c:\users\JFGR\AppData\Local\Diagnostics
2012-02-03 20:35 . 2010-03-08 04:38	41984	----a-w-	c:\windows\system32\Spool\prtprocs\x64\KOAZCA_P.DLL
2012-02-03 20:23 . 2009-10-01 08:08	15360	----a-w-	c:\windows\system32\KOAZCA_L.DLL
2012-01-29 11:00 . 2012-01-29 11:00	--------	d-----w-	c:\users\JFGR\AppData\Roaming\HP
2012-01-29 10:57 . 2012-01-29 10:57	--------	d-----w-	c:\program files (x86)\MSN Toolbar
2012-01-29 10:57 . 2012-01-29 10:57	--------	d-----w-	c:\program files (x86)\Bing Bar Installer
2012-01-29 10:56 . 2012-01-29 10:56	--------	d-----w-	c:\program files (x86)\Common Files\HP
2012-01-29 10:56 . 2012-01-29 10:56	--------	d-----w-	c:\program files (x86)\Common Files\Hewlett-Packard
2012-01-29 10:54 . 2012-01-29 10:55	--------	d-----w-	c:\program files (x86)\HP
2012-01-29 10:53 . 2012-01-29 10:55	--------	d-----w-	c:\programdata\HP
2012-01-29 10:52 . 2010-05-13 10:25	906240	----a-w-	c:\windows\system32\hpwwiax5.dll
2012-01-29 10:52 . 2010-05-13 10:25	1422848	----a-w-	c:\windows\system32\hpwtiop4.dll
2012-01-29 10:52 . 2010-05-13 10:29	553472	----a-w-	c:\windows\system32\hppldcoi.dll
2012-01-29 10:52 . 2010-02-01 06:54	488960	----a-w-	c:\windows\system32\hpovst11.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 20:48 . 2011-10-16 21:06	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-29 04:10 . 2010-08-08 20:02	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-04 00:48 . 2012-01-04 00:48	354176	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-12 18:19 . 2011-07-05 18:04	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-03-06 552960]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"LogMeIn Hamachi Ui"="d:\programme\Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\JFGR\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programme\Hamachi\hamachi-2.exe [2012-02-07 2343816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TunngleService;TunngleService;d:\programme\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SiSGbeLH;NDIS 6.0-Treiber für SiS191/SiS190-Ethernet-Gerät;c:\windows\system32\DRIVERS\SiSG664.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 12:09]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 12:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll
TCP: DhcpNameServer = 134.130.4.1 134.130.5.1
FF - ProfilePath - c:\users\JFGR\AppData\Roaming\Mozilla\Firefox\Profiles\16dfcxuc.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - 
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-S3 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2191024634-1259103323-1375288803-1001\Software\SecuROM\License information*]
"datasecu"=hex:a9,bd,a5,56,e9,5c,5b,c2,eb,72,d9,dc,e7,b9,9a,86,36,82,c4,10,cb,
   e9,03,9d,a3,9c,6f,59,6b,7f,01,e1,90,93,52,ea,aa,0f,0b,22,73,22,97,80,84,df,\
"rkeysecu"=hex:18,21,db,9b,42,82,55,92,68,34,1c,ef,81,9b,0e,e3
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-22  14:20:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-22 13:20
.
Vor Suchlauf: 15 Verzeichnis(se), 96.625.496.064 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 96.261.509.120 Bytes frei
.
- - End Of File - - E7761A2DB5128DF3AA66E17A5BA1C623
         

--- --- ---

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

• Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Hier kommt die aswMBR.txt!

Code: Alles auswählenAufklappen

ATTFilter

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-22 19:33:53
-----------------------------
19:33:53.083    OS Version: Windows x64 6.1.7600 
19:33:53.083    Number of processors: 2 586 0x170A
19:33:53.083    ComputerName: JFGR-PC  UserName: JFGR
19:33:53.645    Initialize success
19:34:00.993    AVAST engine defs: 12022200
19:35:14.718    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
19:35:14.718    Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3
19:35:14.749    Disk 0 MBR read successfully
19:35:14.749    Disk 0 MBR scan
19:35:14.765    Disk 0 Windows 7 default MBR code
19:35:14.781    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    12001 MB offset 63
19:35:14.781    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       152617 MB offset 24579450
19:35:14.796    Disk 0 Partition - 00     0F Extended LBA            140623 MB offset 337140090
19:35:14.827    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       140623 MB offset 337140153
19:35:14.859    Disk 0 scanning C:\Windows\system32\drivers
19:35:23.797    Service scanning
19:35:49.038    Modules scanning
19:35:49.038    Disk 0 trace - called modules:
19:35:49.070    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
19:35:49.085    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bb2060]
19:35:49.085    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8004a1b530]
19:35:49.085    5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8004a21680]
19:35:49.616    AVAST engine scan C:\Windows
19:35:52.049    AVAST engine scan C:\Windows\system32
19:39:20.075    AVAST engine scan C:\Windows\system32\drivers
19:39:30.777    AVAST engine scan C:\Users\JFGR
19:39:53.382    AVAST engine scan C:\ProgramData
19:41:22.785    Scan finished successfully
19:41:38.510    Disk 0 MBR has been saved successfully to "C:\Users\Felix\Desktop\MBR.dat"
19:41:38.510    The log file has been saved successfully to "C:\Users\Felix\Desktop\aswMBR.txt"
         

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

SASW-Log:

Code: Alles auswählenAufklappen

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/23/2012 at 11:26 AM

Application Version : 5.0.1144

Core Rules Database Version : 8268
Trace Rules Database Version: 6080

Scan type       : Complete Scan
Total Scan Time : 01:40:09

Operating System Information
Windows 7 Professional 64-bit (Build 6.01.7600)
UAC Off - Limited User

Memory items scanned      : 673
Memory threats detected   : 0
Registry items scanned    : 70055
Registry threats detected : 6
File items scanned        : 120669
File threats detected     : 140

Adware.Tracking Cookie
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@adbrite[2].txt [ /adbrite ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@ads.adk2[2].txt [ /ads.adk2 ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@adtech[1].txt [ /adtech ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@apmebf[1].txt [ /apmebf ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@atdmt.combing[2].txt [ /atdmt.combing ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@atwola[2].txt [ /atwola ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@bs.serving-sys[1].txt [ /bs.serving-sys ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@content.yieldmanager[1].txt [ /content.yieldmanager ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@content.yieldmanager[3].txt [ /content.yieldmanager ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@doubleclick[1].txt [ /doubleclick ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@fastclick[1].txt [ /fastclick ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@revsci[2].txt [ /revsci ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@serving-sys[1].txt [ /serving-sys ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@tradedoubler[2].txt [ /tradedoubler ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@weborama[2].txt [ /weborama ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@www.active-tracking[1].txt [ /www.active-tracking ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@yadro[2].txt [ /yadro ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\VUOTFSHH.txt [ /ad.yieldmanager.com ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\SR9FY4ZW.txt [ /mediaplex.com ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\HWLNKYR5.txt [ /adserver.adtechus.com ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\QQ7D8LLO.txt [ /imrworldwide.com ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\MACUO8S4.txt [ /smartadserver.com ]
	C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\GI6BNT0I.txt [ /adbrite.com ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@statcounter[2].txt [ Cookie:felix@statcounter.com/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@ad.yieldmanager[2].txt [ Cookie:felix@ad.yieldmanager.com/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@traffictrack[2].txt [ Cookie:felix@traffictrack.de/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@mediaplex[2].txt [ Cookie:felix@mediaplex.com/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@tradedoubler[1].txt [ Cookie:felix@tradedoubler.com/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@fastclick[1].txt [ Cookie:felix@fastclick.net/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@www.active-tracking[2].txt [ Cookie:felix@www.active-tracking.de/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@doubleclick[1].txt [ Cookie:felix@doubleclick.net/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@interclick[1].txt [ Cookie:felix@interclick.com/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@adfarm1.adition[1].txt [ Cookie:felix@adfarm1.adition.com/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@ad.zanox[1].txt [ Cookie:felix@ad.zanox.com/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@statse.webtrendslive[2].txt [ Cookie:felix@statse.webtrendslive.com/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@tracking.mlsat02[1].txt [ Cookie:felix@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@zanox[2].txt [ Cookie:felix@zanox.com/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@serving-sys[1].txt [ Cookie:felix@serving-sys.com/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@www.zanox-affiliate[1].txt [ Cookie:felix@www.zanox-affiliate.de/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@ad2.adfarm1.adition[1].txt [ Cookie:felix@ad2.adfarm1.adition.com/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@tracking.quisma[1].txt [ Cookie:felix@tracking.quisma.com/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@apmebf[1].txt [ Cookie:felix@apmebf.com/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\R770M2KS.txt [ Cookie:felix@atdmt.com/ ]
	C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@zanox-affiliate[1].txt [ Cookie:felix@zanox-affiliate.de/ ]
	C:\USERS\FELIX\Cookies\felix@atdmt.combing[2].txt [ Cookie:felix@atdmt.combing.com/ ]
	C:\USERS\FELIX\Cookies\VUOTFSHH.txt [ Cookie:felix@ad.yieldmanager.com/ ]
	C:\USERS\FELIX\Cookies\felix@content.yieldmanager[3].txt [ Cookie:felix@content.yieldmanager.com/ak/ ]
	C:\USERS\FELIX\Cookies\SR9FY4ZW.txt [ Cookie:felix@mediaplex.com/ ]
	C:\USERS\FELIX\Cookies\felix@tradedoubler[2].txt [ Cookie:felix@tradedoubler.com/ ]
	C:\USERS\FELIX\Cookies\felix@content.yieldmanager[1].txt [ Cookie:felix@content.yieldmanager.com/ ]
	C:\USERS\FELIX\Cookies\felix@www.active-tracking[1].txt [ Cookie:felix@www.active-tracking.de/ ]
	C:\USERS\FELIX\Cookies\felix@fastclick[1].txt [ Cookie:felix@fastclick.net/ ]
	C:\USERS\FELIX\Cookies\felix@doubleclick[1].txt [ Cookie:felix@doubleclick.net/ ]
	C:\USERS\FELIX\Cookies\HWLNKYR5.txt [ Cookie:felix@adserver.adtechus.com/ ]
	C:\USERS\FELIX\Cookies\felix@serving-sys[1].txt [ Cookie:felix@serving-sys.com/ ]
	C:\USERS\FELIX\Cookies\QQ7D8LLO.txt [ Cookie:felix@imrworldwide.com/cgi-bin ]
	C:\USERS\FELIX\Cookies\felix@weborama[2].txt [ Cookie:felix@weborama.fr/ ]
	C:\USERS\FELIX\Cookies\MACUO8S4.txt [ Cookie:felix@smartadserver.com/ ]
	C:\USERS\FELIX\Cookies\felix@apmebf[1].txt [ Cookie:felix@apmebf.com/ ]
	C:\USERS\FELIX\Cookies\felix@atwola[2].txt [ Cookie:felix@atwola.com/ ]
	C:\USERS\FELIX\Cookies\felix@adtech[1].txt [ Cookie:felix@adtech.de/ ]
	C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\HRMZ2LBQ.txt [ Cookie:jfgr@apmebf.com/ ]
	C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\OS0RDG6S.txt [ Cookie:jfgr@smartadserver.com/ ]
	C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\jfgr@doubleclick[2].txt [ Cookie:jfgr@doubleclick.net/ ]
	C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\7FNK7BED.txt [ Cookie:jfgr@ad.yieldmanager.com/ ]
	C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\V0W3NCMJ.txt [ Cookie:jfgr@mediaplex.com/ ]
	C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\jfgr@atdmt[2].txt [ Cookie:jfgr@atdmt.com/ ]
	C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\jfgr@adbrite[1].txt [ Cookie:jfgr@adbrite.com/ ]
	C:\USERS\JFGR\Cookies\HRMZ2LBQ.txt [ Cookie:jfgr@apmebf.com/ ]
	C:\USERS\JFGR\Cookies\OS0RDG6S.txt [ Cookie:jfgr@smartadserver.com/ ]
	C:\USERS\JFGR\Cookies\jfgr@doubleclick[2].txt [ Cookie:jfgr@doubleclick.net/ ]
	C:\USERS\JFGR\Cookies\7FNK7BED.txt [ Cookie:jfgr@ad.yieldmanager.com/ ]
	C:\USERS\JFGR\Cookies\V0W3NCMJ.txt [ Cookie:jfgr@mediaplex.com/ ]
	C:\USERS\JFGR\Cookies\jfgr@atdmt[2].txt [ Cookie:jfgr@atdmt.com/ ]
	C:\USERS\JFGR\Cookies\jfgr@adbrite[1].txt [ Cookie:jfgr@adbrite.com/ ]
	statse.webtrendslive.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.divx.112.2o7.net [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.content.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	rgadvert.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	1.bfugmedia.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	rgadvert.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	rgadvert.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.gostats.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	tracking.mlsat02.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
	C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JFGR@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
	C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JFGR@STATSE.WEBTRENDSLIVE[2].TXT [ /STATSE.WEBTRENDSLIVE ]
	.adtech.de [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-UsrMgr
	(x86) HKLM\System\ControlSet001\Services\OPENVPNSERVICE
	C:\PROGRAM FILES (X86)\RWTH OPENVPN CLIENT\BIN\OPENVPNSERV.EXE
	(x86) HKLM\System\ControlSet001\Enum\Root\LEGACY_OPENVPNSERVICE
	(x86) HKLM\System\ControlSet002\Services\OPENVPNSERVICE
	(x86) HKLM\System\ControlSet002\Enum\Root\LEGACY_OPENVPNSERVICE
	(x86) HKLM\System\CurrentControlSet\Services\OPENVPNSERVICE
	(x86) HKLM\System\CurrentControlSet\Enum\Root\LEGACY_OPENVPNSERVICE

Trojan.Agent/Gen-SoftonicDownloader
	C:\USERS\FELIX\DESKTOP\DOWNLOADS\SOFTONICDOWNLOADER_FUER_CODEC-PACK-ALL-IN-ONE.EXE
	C:\USERS\FELIX\DESKTOP\DOWNLOADS\SOFTONICDOWNLOADER_FUER_GSPOT.EXE
         

Der Malware-Log:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.22.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Felix :: JFGR-PC [limitiert]

Schutz: Aktiviert

22.02.2012 20:52:00
mbam-log-2012-02-22 (20-52-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 450217
Laufzeit: 3 Stunde(n), 9 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)