Bundespolizei Trojaner - PC befallen

cosinus · 17.06.2012, 21:09

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

alepos · 18.06.2012, 17:05

Hallo,

ich habe nun auch den TDSS Skan gemacht und hier wäre das Log:

Code:

ATTFilter

 17:54:57.0585 4264	TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
17:54:57.0928 4264	============================================================
17:54:57.0928 4264	Current date / time: 2012/06/18 17:54:57.0928
17:54:57.0928 4264	SystemInfo:
17:54:57.0928 4264	
17:54:57.0928 4264	OS Version: 6.0.6001 ServicePack: 1.0
17:54:57.0928 4264	Product type: Workstation
17:54:57.0928 4264	ComputerName: PAPA-PC
17:54:57.0928 4264	UserName: Papa
17:54:57.0928 4264	Windows directory: C:\Windows
17:54:57.0928 4264	System windows directory: C:\Windows
17:54:57.0928 4264	Processor architecture: Intel x86
17:54:57.0928 4264	Number of processors: 2
17:54:57.0928 4264	Page size: 0x1000
17:54:57.0928 4264	Boot type: Normal boot
17:54:57.0928 4264	============================================================
17:55:05.0447 4264	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:55:05.0447 4264	============================================================
17:55:05.0447 4264	\Device\Harddisk0\DR0:
17:55:05.0447 4264	MBR partitions:
17:55:05.0447 4264	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0xB869800
17:55:05.0447 4264	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCFDA000, BlocksNum 0x5A3F000
17:55:05.0447 4264	============================================================
17:55:05.0494 4264	C: <-> \Device\Harddisk0\DR0\Partition0
17:55:05.0884 4264	D: <-> \Device\Harddisk0\DR0\Partition1
17:55:05.0884 4264	============================================================
17:55:05.0884 4264	Initialize success
17:55:05.0884 4264	============================================================
17:56:12.0528 4952	============================================================
17:56:12.0528 4952	Scan started
17:56:12.0528 4952	Mode: Manual; SigCheck; TDLFS; 
17:56:12.0528 4952	============================================================
17:56:15.0789 4952	ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
17:56:16.0023 4952	ACPI - ok
17:56:16.0241 4952	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:56:16.0319 4952	adp94xx - ok
17:56:16.0397 4952	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:56:16.0460 4952	adpahci - ok
17:56:16.0491 4952	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:56:16.0506 4952	adpu160m - ok
17:56:17.0068 4952	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:56:17.0099 4952	adpu320 - ok
17:56:17.0162 4952	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:56:17.0396 4952	AeLookupSvc - ok
17:56:17.0489 4952	AFD             (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
17:56:17.0583 4952	AFD - ok
17:56:17.0645 4952	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:56:17.0676 4952	agp440 - ok
17:56:17.0723 4952	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:56:17.0739 4952	aic78xx - ok
17:56:17.0801 4952	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:56:17.0988 4952	ALG - ok
17:56:18.0035 4952	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
17:56:18.0051 4952	aliide - ok
17:56:18.0129 4952	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:56:18.0160 4952	amdagp - ok
17:56:18.0191 4952	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
17:56:18.0207 4952	amdide - ok
17:56:18.0269 4952	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:56:18.0566 4952	AmdK7 - ok
17:56:18.0722 4952	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
17:56:18.0831 4952	AmdK8 - ok
17:56:19.0174 4952	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:56:19.0205 4952	AntiVirSchedulerService - ok
17:56:19.0268 4952	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:56:19.0283 4952	AntiVirService - ok
17:56:19.0361 4952	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:56:19.0439 4952	Appinfo - ok
17:56:19.0658 4952	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:56:19.0673 4952	Apple Mobile Device - ok
17:56:19.0736 4952	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:56:19.0751 4952	arc - ok
17:56:19.0814 4952	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:56:19.0845 4952	arcsas - ok
17:56:19.0923 4952	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:56:20.0001 4952	AsyncMac - ok
17:56:20.0063 4952	atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
17:56:20.0079 4952	atapi - ok
17:56:20.0422 4952	athr            (dcdfc3a5a8b239055aab6bd975ada889) C:\Windows\system32\DRIVERS\athr.sys
17:56:20.0625 4952	athr - ok
17:56:20.0718 4952	Ati External Event Utility (adfd93663d3bae4fadc19ad1ae519ee4) C:\Windows\system32\Ati2evxx.exe
17:56:20.0859 4952	Ati External Event Utility - ok
17:56:22.0590 4952	atikmdag        (389a2668e0c0c6698a6b565632c7f43a) C:\Windows\system32\DRIVERS\atikmdag.sys
17:56:22.0965 4952	atikmdag - ok
17:56:23.0292 4952	AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
17:56:23.0417 4952	AudioEndpointBuilder - ok
17:56:23.0433 4952	Audiosrv        (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
17:56:23.0495 4952	Audiosrv - ok
17:56:24.0244 4952	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
17:56:24.0525 4952	avgntflt - ok
17:56:24.0603 4952	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
17:56:24.0618 4952	avipbb - ok
17:56:25.0539 4952	avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
17:56:25.0554 4952	avkmgr - ok
17:56:25.0664 4952	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:56:25.0742 4952	Beep - ok
17:56:25.0866 4952	BFE             (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
17:56:25.0991 4952	BFE - ok
17:56:26.0303 4952	BITS            (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
17:56:26.0412 4952	BITS - ok
17:56:26.0428 4952	blbdrive - ok
17:56:27.0348 4952	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:56:27.0489 4952	Bonjour Service - ok
17:56:28.0378 4952	bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
17:56:28.0472 4952	bowser - ok
17:56:28.0550 4952	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:56:28.0596 4952	BrFiltLo - ok
17:56:28.0784 4952	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:56:28.0846 4952	BrFiltUp - ok
17:56:28.0986 4952	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:56:29.0111 4952	Browser - ok
17:56:29.0205 4952	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:56:29.0330 4952	Brserid - ok
17:56:29.0392 4952	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:56:29.0532 4952	BrSerWdm - ok
17:56:29.0595 4952	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:56:29.0704 4952	BrUsbMdm - ok
17:56:29.0766 4952	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:56:29.0891 4952	BrUsbSer - ok
17:56:29.0985 4952	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:56:30.0110 4952	BTHMODEM - ok
17:56:30.0297 4952	catchme - ok
17:56:30.0578 4952	CCALib8         (5753532c476b83119d85aa43b1b10ab3) C:\Program Files\Canon\CAL\CALMAIN.exe
17:56:30.0640 4952	CCALib8 ( UnsignedFile.Multi.Generic ) - warning
17:56:30.0640 4952	CCALib8 - detected UnsignedFile.Multi.Generic (1)
17:56:30.0702 4952	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:56:30.0796 4952	cdfs - ok
17:56:30.0890 4952	cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
17:56:31.0014 4952	cdrom - ok
17:56:31.0124 4952	CertPropSvc     (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
17:56:31.0248 4952	CertPropSvc - ok
17:56:31.0607 4952	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
17:56:31.0685 4952	circlass - ok
17:56:31.0763 4952	CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
17:56:31.0794 4952	CLFS - ok
17:56:31.0904 4952	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:56:31.0935 4952	clr_optimization_v2.0.50727_32 - ok
17:56:32.0044 4952	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:56:32.0106 4952	clr_optimization_v4.0.30319_32 - ok
17:56:32.0231 4952	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:56:32.0294 4952	CmBatt - ok
17:56:32.0559 4952	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
17:56:32.0574 4952	cmdide - ok
17:56:32.0684 4952	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:56:32.0699 4952	Compbatt - ok
17:56:32.0715 4952	COMSysApp - ok
17:56:32.0730 4952	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:56:32.0746 4952	crcdisk - ok
17:56:32.0793 4952	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:56:32.0949 4952	Crusoe - ok
17:56:33.0074 4952	CryptSvc        (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
17:56:33.0183 4952	CryptSvc - ok
17:56:33.0370 4952	DcomLaunch      (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
17:56:33.0526 4952	DcomLaunch - ok
17:56:33.0588 4952	DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
17:56:33.0635 4952	DfsC - ok
17:56:33.0978 4952	DFSR            (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
17:56:34.0228 4952	DFSR - ok
17:56:34.0618 4952	Dhcp            (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
17:56:34.0680 4952	Dhcp - ok
17:56:35.0133 4952	disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
17:56:35.0164 4952	disk - ok
17:56:35.0195 4952	Dnscache        (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
17:56:35.0289 4952	Dnscache - ok
17:56:35.0632 4952	dot3svc         (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
17:56:35.0726 4952	dot3svc - ok
17:56:35.0788 4952	Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
17:56:35.0850 4952	Dot4 - ok
17:56:35.0897 4952	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:56:35.0960 4952	Dot4Print - ok
17:56:36.0038 4952	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
17:56:36.0147 4952	dot4usb - ok
17:56:36.0240 4952	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:56:36.0334 4952	DPS - ok
17:56:36.0381 4952	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:56:36.0443 4952	drmkaud - ok
17:56:36.0568 4952	DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
17:56:36.0677 4952	DXGKrnl - ok
17:56:36.0772 4952	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:56:36.0990 4952	E1G60 - ok
17:56:37.0099 4952	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:56:37.0193 4952	EapHost - ok
17:56:37.0302 4952	Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
17:56:37.0333 4952	Ecache - ok
17:56:37.0474 4952	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:56:37.0552 4952	ehRecvr - ok
17:56:37.0599 4952	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:56:37.0677 4952	ehSched - ok
17:56:37.0708 4952	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:56:37.0770 4952	ehstart - ok
17:56:37.0848 4952	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:56:37.0911 4952	elxstor - ok
17:56:38.0160 4952	EMDMgmt         (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
17:56:38.0269 4952	EMDMgmt - ok
17:56:38.0363 4952	EventSystem     (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
17:56:38.0441 4952	EventSystem - ok
17:56:38.0519 4952	exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
17:56:38.0644 4952	exfat - ok
17:56:38.0722 4952	fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
17:56:38.0815 4952	fastfat - ok
17:56:39.0377 4952	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:56:39.0533 4952	fdc - ok
17:56:39.0705 4952	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:56:39.0783 4952	fdPHost - ok
17:56:39.0907 4952	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:56:40.0126 4952	FDResPub - ok
17:56:40.0235 4952	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:56:40.0266 4952	FileInfo - ok
17:56:40.0313 4952	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:56:40.0375 4952	Filetrace - ok
17:56:40.0485 4952	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:56:40.0609 4952	flpydisk - ok
17:56:40.0687 4952	FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
17:56:40.0734 4952	FltMgr - ok
17:56:40.0843 4952	FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:56:40.0859 4952	FontCache3.0.0.0 - ok
17:56:40.0968 4952	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:56:41.0202 4952	Fs_Rec - ok
17:56:41.0296 4952	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:56:41.0327 4952	gagp30kx - ok
17:56:41.0374 4952	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:56:41.0389 4952	GEARAspiWDM - ok
17:56:41.0545 4952	gpsvc           (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
17:56:41.0655 4952	gpsvc - ok
17:56:41.0764 4952	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:56:41.0935 4952	HdAudAddService - ok
17:56:42.0169 4952	HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:56:42.0263 4952	HDAudBus - ok
17:56:42.0310 4952	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:56:42.0403 4952	HidBth - ok
17:56:42.0684 4952	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
17:56:42.0762 4952	HidIr - ok
17:56:43.0060 4952	hidserv         (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
17:56:43.0231 4952	hidserv - ok
17:56:43.0403 4952	HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
17:56:43.0590 4952	HidUsb - ok
17:56:43.0652 4952	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:56:43.0762 4952	hkmsvc - ok
17:56:43.0824 4952	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:56:43.0840 4952	HpCISSs - ok
17:56:44.0042 4952	hpqcxs08        (682358f730b84b63e09c6b4edc1de7ae) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:56:44.0089 4952	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
17:56:44.0089 4952	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
17:56:44.0136 4952	hpqddsvc        (2e7bee4aa776cf1c37836b26d1d29403) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:56:44.0198 4952	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
17:56:44.0198 4952	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
17:56:44.0276 4952	HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
17:56:44.0448 4952	HTTP - ok
17:56:44.0526 4952	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:56:44.0542 4952	i2omp - ok
17:56:44.0620 4952	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:56:44.0698 4952	i8042prt - ok
17:56:44.0822 4952	IAANTMON        (582f2d900a3ac34c98fbdc2c0abef6b9) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
17:56:44.0900 4952	IAANTMON - ok
17:56:45.0150 4952	iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
17:56:45.0181 4952	iaStor - ok
17:56:45.0353 4952	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:56:45.0431 4952	iaStorV - ok
17:56:45.0743 4952	idsvc           (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:56:45.0883 4952	idsvc - ok
17:56:46.0024 4952	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:56:46.0055 4952	iirsp - ok
17:56:46.0164 4952	IKEEXT          (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
17:56:46.0304 4952	IKEEXT - ok
17:56:46.0850 4952	IntcAzAudAddService (4fa59a84069d9d0991bae34cc4aff99c) C:\Windows\system32\drivers\RTKVHDA.sys
17:56:47.0006 4952	IntcAzAudAddService - ok
17:56:47.0818 4952	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:56:47.0833 4952	intelide - ok
17:56:47.0911 4952	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:56:48.0020 4952	intelppm - ok
17:56:48.0254 4952	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:56:48.0348 4952	IPBusEnum - ok
17:56:48.0395 4952	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:56:48.0504 4952	IpFilterDriver - ok
17:56:48.0598 4952	iphlpsvc        (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
17:56:48.0722 4952	iphlpsvc - ok
17:56:48.0722 4952	IpInIp - ok
17:56:48.0832 4952	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:56:48.0925 4952	IPMIDRV - ok
17:56:49.0346 4952	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:56:49.0440 4952	IPNAT - ok
17:56:49.0643 4952	iPod Service    (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
17:56:49.0783 4952	iPod Service - ok
17:56:49.0846 4952	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:56:49.0955 4952	IRENUM - ok
17:56:50.0407 4952	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:56:50.0548 4952	isapnp - ok
17:56:50.0938 4952	iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
17:56:50.0969 4952	iScsiPrt - ok
17:56:51.0296 4952	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:56:51.0328 4952	iteatapi - ok
17:56:51.0406 4952	itecir          (e4b04a0d8b237ecf026d849439f1bcce) C:\Windows\system32\DRIVERS\itecir.sys
17:56:51.0452 4952	itecir - ok
17:56:51.0484 4952	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:56:51.0515 4952	iteraid - ok
17:56:51.0562 4952	JRAID           (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
17:56:51.0624 4952	JRAID - ok
17:56:51.0671 4952	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:56:51.0702 4952	kbdclass - ok
17:56:51.0749 4952	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
17:56:51.0811 4952	kbdhid - ok
17:56:51.0936 4952	KeyIso          (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:56:51.0998 4952	KeyIso - ok
17:56:52.0108 4952	KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
17:56:52.0264 4952	KSecDD - ok
17:56:52.0342 4952	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:56:52.0466 4952	KtmRm - ok
17:56:52.0919 4952	LanmanServer    (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
17:56:53.0028 4952	LanmanServer - ok
17:56:53.0122 4952	LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
17:56:53.0153 4952	LanmanWorkstation - ok
17:56:54.0338 4952	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:56:54.0401 4952	lltdio - ok
17:56:54.0479 4952	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:56:54.0619 4952	lltdsvc - ok
17:56:54.0682 4952	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:56:54.0822 4952	lmhosts - ok
17:56:54.0869 4952	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:56:54.0900 4952	LSI_FC - ok
17:56:54.0931 4952	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:56:54.0962 4952	LSI_SAS - ok
17:56:55.0555 4952	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:56:55.0586 4952	LSI_SCSI - ok
17:56:55.0649 4952	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:56:55.0711 4952	luafv - ok
17:56:55.0867 4952	MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
17:56:55.0898 4952	MBAMSwissArmy - ok
17:56:56.0039 4952	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:56:56.0101 4952	Mcx2Svc - ok
17:56:56.0179 4952	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:56:56.0195 4952	megasas - ok
17:56:56.0242 4952	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:56:56.0366 4952	MMCSS - ok
17:56:57.0162 4952	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:56:57.0256 4952	Modem - ok
17:56:57.0349 4952	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:56:57.0412 4952	monitor - ok
17:56:57.0880 4952	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:56:57.0895 4952	mouclass - ok
17:56:57.0942 4952	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:56:58.0051 4952	mouhid - ok
17:56:58.0223 4952	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:56:58.0254 4952	MountMgr - ok
17:56:58.0348 4952	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:56:58.0379 4952	MozillaMaintenance - ok
17:56:58.0426 4952	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:56:58.0457 4952	mpio - ok
17:56:58.0504 4952	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:56:58.0566 4952	mpsdrv - ok
17:56:58.0660 4952	MpsSvc          (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
17:56:58.0753 4952	MpsSvc - ok
17:56:58.0816 4952	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:56:58.0831 4952	Mraid35x - ok
17:56:58.0894 4952	MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
17:56:58.0987 4952	MRxDAV - ok
17:56:59.0284 4952	mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:56:59.0362 4952	mrxsmb - ok
17:56:59.0549 4952	mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:56:59.0705 4952	mrxsmb10 - ok
17:56:59.0752 4952	mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:56:59.0830 4952	mrxsmb20 - ok
17:56:59.0908 4952	msahci          (a7df0c3adb40919f91b2917fbe07a370) C:\Windows\system32\drivers\msahci.sys
17:56:59.0923 4952	msahci - ok
17:56:59.0954 4952	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:56:59.0986 4952	msdsm - ok
17:57:00.0812 4952	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:57:00.0906 4952	MSDTC - ok
17:57:00.0953 4952	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:57:01.0046 4952	Msfs - ok
17:57:01.0280 4952	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:57:01.0343 4952	msisadrv - ok
17:57:01.0592 4952	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:57:01.0733 4952	MSiSCSI - ok
17:57:01.0733 4952	msiserver - ok
17:57:01.0811 4952	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:57:01.0936 4952	MSKSSRV - ok
17:57:02.0076 4952	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:57:02.0201 4952	MSPCLOCK - ok
17:57:02.0310 4952	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:57:02.0513 4952	MSPQM - ok
17:57:02.0606 4952	MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
17:57:02.0638 4952	MsRPC - ok
17:57:02.0809 4952	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:57:02.0840 4952	mssmbios - ok
17:57:02.0918 4952	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:57:02.0965 4952	MSTEE - ok
17:57:03.0028 4952	Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
17:57:03.0043 4952	Mup - ok
17:57:03.0418 4952	napagent        (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
17:57:03.0511 4952	napagent - ok
17:57:03.0589 4952	NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
17:57:03.0620 4952	NativeWifiP - ok
17:57:03.0714 4952	NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
17:57:03.0792 4952	NDIS - ok
17:57:03.0854 4952	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:57:03.0917 4952	NdisTapi - ok
17:57:03.0979 4952	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:57:04.0057 4952	Ndisuio - ok
17:57:04.0120 4952	NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
17:57:04.0213 4952	NdisWan - ok
17:57:04.0322 4952	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:57:04.0416 4952	NDProxy - ok
17:57:04.0510 4952	Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
17:57:04.0525 4952	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:57:04.0525 4952	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:57:04.0556 4952	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:57:04.0619 4952	NetBIOS - ok
17:57:04.0681 4952	netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
17:57:04.0837 4952	netbt - ok
17:57:04.0884 4952	Netlogon        (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:57:04.0915 4952	Netlogon - ok
17:57:05.0071 4952	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:57:05.0165 4952	Netman - ok
17:57:05.0399 4952	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:57:05.0477 4952	netprofm - ok
17:57:05.0539 4952	NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:57:05.0570 4952	NetTcpPortSharing - ok
17:57:05.0633 4952	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:57:05.0648 4952	nfrd960 - ok
17:57:06.0085 4952	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:57:06.0163 4952	NlaSvc - ok
17:57:06.0304 4952	NMIndexingService (7b273501c59d52978b761f82bebadb06) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
17:57:06.0366 4952	NMIndexingService - ok
17:57:06.0413 4952	Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
17:57:06.0522 4952	Npfs - ok
17:57:06.0584 4952	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:57:06.0678 4952	nsi - ok
17:57:06.0725 4952	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:57:06.0803 4952	nsiproxy - ok
17:57:06.0990 4952	Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
17:57:07.0318 4952	Ntfs - ok
17:57:07.0474 4952	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:57:07.0614 4952	ntrigdigi - ok
17:57:07.0754 4952	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:57:07.0832 4952	Null - ok
17:57:07.0879 4952	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:57:07.0910 4952	nvraid - ok
17:57:07.0973 4952	nvrd32          (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
17:57:08.0004 4952	nvrd32 - ok
17:57:08.0082 4952	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:57:08.0113 4952	nvstor - ok
17:57:08.0160 4952	nvstor32        (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
17:57:08.0176 4952	nvstor32 - ok
17:57:08.0222 4952	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:57:08.0254 4952	nv_agp - ok
17:57:08.0254 4952	NwlnkFlt - ok
17:57:08.0269 4952	NwlnkFwd - ok
17:57:08.0332 4952	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
17:57:08.0456 4952	ohci1394 - ok
17:57:08.0612 4952	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:57:08.0628 4952	ose - ok
17:57:08.0846 4952	p2pimsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:57:09.0002 4952	p2pimsvc - ok
17:57:09.0018 4952	p2psvc          (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:57:09.0080 4952	p2psvc - ok
17:57:09.0205 4952	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:57:09.0314 4952	Parport - ok
17:57:09.0408 4952	partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
17:57:09.0439 4952	partmgr - ok
17:57:09.0470 4952	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:57:09.0580 4952	Parvdm - ok
17:57:09.0673 4952	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:57:09.0720 4952	PcaSvc - ok
17:57:09.0767 4952	pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
17:57:09.0798 4952	pci - ok
17:57:09.0814 4952	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
17:57:09.0845 4952	pciide - ok
17:57:09.0907 4952	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:57:09.0938 4952	pcmcia - ok
17:57:10.0110 4952	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:57:10.0360 4952	PEAUTH - ok
17:57:11.0046 4952	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:57:11.0296 4952	pla - ok
17:57:11.0795 4952	PlugPlay        (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
17:57:11.0857 4952	PlugPlay - ok
17:57:11.0935 4952	Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
17:57:11.0951 4952	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:57:11.0951 4952	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:57:12.0060 4952	PNRPAutoReg     (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:57:12.0107 4952	PNRPAutoReg - ok
17:57:12.0122 4952	PNRPsvc         (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:57:12.0185 4952	PNRPsvc - ok
17:57:12.0278 4952	PolicyAgent     (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
17:57:12.0372 4952	PolicyAgent - ok
17:57:12.0512 4952	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:57:12.0606 4952	PptpMiniport - ok
17:57:12.0637 4952	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:57:12.0746 4952	Processor - ok
17:57:12.0840 4952	ProfSvc         (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
17:57:12.0902 4952	ProfSvc - ok
17:57:13.0136 4952	ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:57:13.0168 4952	ProtectedStorage - ok
17:57:13.0230 4952	PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
17:57:13.0324 4952	PSched - ok
17:57:13.0558 4952	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:57:13.0698 4952	ql2300 - ok
17:57:13.0870 4952	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:57:13.0885 4952	ql40xx - ok
17:57:13.0948 4952	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:57:14.0026 4952	QWAVE - ok
17:57:14.0119 4952	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:57:14.0166 4952	QWAVEdrv - ok
17:57:14.0213 4952	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:57:14.0275 4952	RasAcd - ok
17:57:14.0384 4952	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:57:14.0494 4952	RasAuto - ok
17:57:14.0587 4952	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:57:14.0650 4952	Rasl2tp - ok
17:57:14.0759 4952	RasMan          (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
17:57:14.0884 4952	RasMan - ok
17:57:15.0055 4952	RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
17:57:15.0149 4952	RasPppoe - ok
17:57:15.0196 4952	RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
17:57:15.0258 4952	RasSstp - ok
17:57:15.0320 4952	rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
17:57:15.0414 4952	rdbss - ok
17:57:15.0445 4952	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:57:15.0523 4952	RDPCDD - ok
17:57:15.0664 4952	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:57:15.0820 4952	rdpdr - ok
17:57:15.0882 4952	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:57:15.0976 4952	RDPENCDD - ok
17:57:16.0085 4952	RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
17:57:16.0210 4952	RDPWD - ok
17:57:16.0288 4952	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:57:16.0381 4952	RemoteAccess - ok
17:57:16.0584 4952	RemoteRegistry  (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
17:57:16.0693 4952	RemoteRegistry - ok
17:57:16.0818 4952	RichVideo       (c1c132455200ad4704142442c89d0fa4) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:57:16.0880 4952	RichVideo ( UnsignedFile.Multi.Generic ) - warning
17:57:16.0896 4952	RichVideo - detected UnsignedFile.Multi.Generic (1)
17:57:16.0927 4952	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:57:16.0990 4952	RpcLocator - ok
17:57:17.0130 4952	RpcSs           (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
17:57:17.0192 4952	RpcSs - ok
17:57:17.0270 4952	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:57:17.0333 4952	rspndr - ok
17:57:17.0411 4952	RTL8169         (904fd29ec1ff2709099ae2cd1c09a913) C:\Windows\system32\DRIVERS\Rtlh86.sys
17:57:17.0473 4952	RTL8169 - ok
17:57:17.0520 4952	SamSs           (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:57:17.0551 4952	SamSs - ok
17:57:17.0629 4952	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:57:17.0660 4952	sbp2port - ok
17:57:17.0723 4952	SCardSvr        (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
17:57:17.0816 4952	SCardSvr - ok
17:57:17.0926 4952	Schedule        (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
17:57:18.0050 4952	Schedule - ok
17:57:18.0175 4952	SCPolicySvc     (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
17:57:18.0238 4952	SCPolicySvc - ok
17:57:18.0316 4952	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:57:18.0456 4952	SDRSVC - ok
17:57:18.0503 4952	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:57:18.0612 4952	secdrv - ok
17:57:18.0659 4952	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:57:18.0721 4952	seclogon - ok
17:57:18.0768 4952	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
17:57:18.0830 4952	SENS - ok
17:57:18.0924 4952	Ser2pl          (cb3e852b818946f396e35a976ee6b552) C:\Windows\system32\DRIVERS\ser2pl.sys
17:57:18.0971 4952	Ser2pl - ok
17:57:18.0986 4952	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
17:57:19.0096 4952	Serenum - ok
17:57:19.0158 4952	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:57:19.0267 4952	Serial - ok
17:57:19.0314 4952	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:57:19.0392 4952	sermouse - ok
17:57:19.0486 4952	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:57:19.0595 4952	SessionEnv - ok
17:57:19.0626 4952	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:57:19.0735 4952	sffdisk - ok
17:57:19.0751 4952	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:57:19.0860 4952	sffp_mmc - ok
17:57:19.0891 4952	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:57:20.0016 4952	sffp_sd - ok
17:57:20.0125 4952	sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
17:57:20.0203 4952	sfloppy - ok
17:57:20.0344 4952	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:57:20.0437 4952	SharedAccess - ok
17:57:20.0593 4952	ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
17:57:20.0687 4952	ShellHWDetection - ok
17:57:20.0874 4952	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:57:20.0905 4952	sisagp - ok
17:57:20.0936 4952	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:57:20.0968 4952	SiSRaid2 - ok
17:57:22.0340 4952	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:57:22.0403 4952	SiSRaid4 - ok
17:57:26.0490 4952	slsvc           (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
17:57:26.0771 4952	slsvc - ok
17:57:27.0426 4952	SLUINotify      (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
17:57:27.0488 4952	SLUINotify - ok
17:57:27.0582 4952	Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
17:57:27.0707 4952	Smb - ok
17:57:29.0516 4952	smserial        (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
17:57:29.0688 4952	smserial - ok
17:57:29.0735 4952	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:57:29.0766 4952	SNMPTRAP - ok
17:57:30.0468 4952	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:57:30.0484 4952	spldr - ok
17:57:30.0546 4952	Spooler         (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
17:57:30.0593 4952	Spooler - ok
17:57:31.0451 4952	srv             (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
17:57:31.0576 4952	srv - ok
17:57:32.0496 4952	srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
17:57:32.0590 4952	srv2 - ok
17:57:32.0652 4952	srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
17:57:32.0714 4952	srvnet - ok
17:57:32.0777 4952	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:57:32.0855 4952	SSDPSRV - ok
17:57:32.0902 4952	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
17:57:32.0917 4952	ssmdrv - ok
17:57:32.0995 4952	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:57:33.0073 4952	SstpSvc - ok
17:57:33.0167 4952	stisvc          (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
17:57:33.0292 4952	stisvc - ok
17:57:33.0338 4952	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:57:33.0354 4952	swenum - ok
17:57:33.0448 4952	swprv           (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
17:57:33.0572 4952	swprv - ok
17:57:33.0619 4952	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:57:33.0650 4952	Symc8xx - ok
17:57:33.0682 4952	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:57:33.0697 4952	Sym_hi - ok
17:57:33.0744 4952	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:57:33.0760 4952	Sym_u3 - ok
17:57:33.0853 4952	SysMain         (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
17:57:33.0978 4952	SysMain - ok
17:57:34.0056 4952	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:57:34.0165 4952	TabletInputService - ok
17:57:34.0571 4952	TapiSrv         (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
17:57:34.0711 4952	TapiSrv - ok
17:57:35.0585 4952	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:57:35.0710 4952	TBS - ok
17:57:38.0658 4952	Tcpip           (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
17:57:38.0798 4952	Tcpip - ok
17:57:38.0830 4952	Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
17:57:38.0939 4952	Tcpip6 - ok
17:57:39.0594 4952	tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
17:57:39.0672 4952	tcpipreg - ok
17:57:39.0922 4952	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:57:40.0000 4952	TDPIPE - ok
17:57:40.0062 4952	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:57:40.0156 4952	TDTCP - ok
17:57:40.0265 4952	tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
17:57:40.0343 4952	tdx - ok
17:57:40.0390 4952	TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
17:57:40.0421 4952	TermDD - ok
17:57:40.0514 4952	TermService     (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
17:57:40.0655 4952	TermService - ok
17:57:40.0780 4952	TestHandler     (8c80a73a5d77b2208ca91e4fa269981d) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
17:57:40.0811 4952	TestHandler ( UnsignedFile.Multi.Generic ) - warning
17:57:40.0811 4952	TestHandler - detected UnsignedFile.Multi.Generic (1)
17:57:40.0889 4952	Themes          (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
17:57:40.0936 4952	Themes - ok
17:57:41.0606 4952	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:57:41.0669 4952	THREADORDER - ok
17:57:42.0714 4952	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:57:42.0808 4952	TrkWks - ok
17:57:43.0697 4952	TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
17:57:43.0790 4952	TrustedInstaller - ok
17:57:44.0726 4952	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:57:44.0789 4952	tssecsrv - ok
17:57:45.0101 4952	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:57:45.0304 4952	tunmp - ok
17:57:45.0444 4952	tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
17:57:45.0491 4952	tunnel - ok
17:57:45.0538 4952	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:57:45.0553 4952	uagp35 - ok
17:57:45.0647 4952	udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
17:57:45.0756 4952	udfs - ok
17:57:45.0818 4952	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:57:45.0943 4952	UI0Detect - ok
17:57:45.0974 4952	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:57:45.0990 4952	uliagpkx - ok
17:57:46.0052 4952	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:57:46.0084 4952	uliahci - ok
17:57:46.0130 4952	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:57:46.0146 4952	UlSata - ok
17:57:46.0193 4952	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:57:46.0208 4952	ulsata2 - ok
17:57:46.0286 4952	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:57:46.0349 4952	umbus - ok
17:57:46.0427 4952	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:57:46.0505 4952	upnphost - ok
17:57:46.0583 4952	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
17:57:46.0614 4952	USBAAPL - ok
17:57:46.0661 4952	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:57:46.0754 4952	usbccgp - ok
17:57:46.0817 4952	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:57:46.0910 4952	usbcir - ok
17:57:47.0004 4952	usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
17:57:47.0082 4952	usbehci - ok
17:57:47.0160 4952	usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
17:57:47.0222 4952	usbhub - ok
17:57:47.0238 4952	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:57:47.0347 4952	usbohci - ok
17:57:47.0394 4952	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:57:47.0456 4952	usbprint - ok
17:57:47.0519 4952	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:57:47.0566 4952	usbscan - ok
17:57:47.0612 4952	USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:57:47.0722 4952	USBSTOR - ok
17:57:47.0784 4952	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:57:47.0831 4952	usbuhci - ok
17:57:48.0158 4952	UxSms           (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
17:57:48.0221 4952	UxSms - ok
17:57:48.0611 4952	vds             (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
17:57:48.0845 4952	vds - ok
17:57:48.0892 4952	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:57:49.0001 4952	vga - ok
17:57:49.0079 4952	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:57:49.0157 4952	VgaSave - ok
17:57:49.0812 4952	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:57:49.0828 4952	viaagp - ok
17:57:50.0202 4952	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:57:50.0311 4952	ViaC7 - ok
17:57:51.0824 4952	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
17:57:51.0856 4952	viaide - ok
17:57:52.0776 4952	viamraid        (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
17:57:52.0838 4952	viamraid - ok
17:57:52.0994 4952	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:57:53.0010 4952	volmgr - ok
17:57:53.0088 4952	volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
17:57:53.0182 4952	volmgrx - ok
17:57:53.0275 4952	volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
17:57:53.0306 4952	volsnap - ok
17:57:53.0400 4952	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:57:53.0431 4952	vsmraid - ok
17:57:53.0743 4952	VSS             (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
17:57:53.0993 4952	VSS - ok
17:57:54.0866 4952	W32Time         (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
17:57:54.0944 4952	W32Time - ok
17:57:55.0334 4952	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:57:55.0444 4952	WacomPen - ok
17:57:56.0660 4952	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:57:56.0707 4952	Wanarp - ok
17:57:56.0707 4952	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:57:56.0770 4952	Wanarpv6 - ok
17:57:56.0926 4952	wcncsvc         (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
17:57:57.0144 4952	wcncsvc - ok
17:57:57.0191 4952	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:57:57.0238 4952	WcsPlugInService - ok
17:57:57.0284 4952	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:57:57.0300 4952	Wd - ok
17:57:57.0862 4952	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:57:57.0986 4952	Wdf01000 - ok
17:57:58.0158 4952	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:57:58.0220 4952	WdiServiceHost - ok
17:57:58.0236 4952	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:57:58.0298 4952	WdiSystemHost - ok
17:57:58.0345 4952	WebClient       (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
17:57:58.0392 4952	WebClient - ok
17:57:58.0439 4952	Wecsvc          (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
17:57:58.0548 4952	Wecsvc - ok
17:57:58.0626 4952	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:57:58.0673 4952	wercplsupport - ok
17:57:58.0720 4952	WerSvc          (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
17:57:58.0782 4952	WerSvc - ok
17:57:58.0907 4952	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:57:58.0954 4952	WinDefend - ok
17:57:58.0969 4952	WinHttpAutoProxySvc - ok
17:57:59.0172 4952	Winmgmt         (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
17:57:59.0281 4952	Winmgmt - ok
17:57:59.0422 4952	WinRM           (20fc93fdc916843cfdfcaa7a1b0db16f) C:\Windows\system32\WsmSvc.dll
17:57:59.0640 4952	WinRM - ok
17:57:59.0734 4952	Wlansvc         (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
17:57:59.0921 4952	Wlansvc - ok
17:58:00.0030 4952	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:58:00.0108 4952	WmiAcpi - ok
17:58:00.0186 4952	wmiApSrv        (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
17:58:00.0248 4952	wmiApSrv - ok
17:58:00.0514 4952	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:58:00.0654 4952	WMPNetworkSvc - ok
17:58:00.0748 4952	WPCSvc          (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
17:58:00.0826 4952	WPCSvc - ok
17:58:00.0888 4952	WPDBusEnum      (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
17:58:00.0966 4952	WPDBusEnum - ok
17:58:01.0091 4952	WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
17:58:01.0138 4952	WpdUsb - ok
17:58:01.0356 4952	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:58:01.0434 4952	WPFFontCache_v0400 - ok
17:58:01.0496 4952	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:58:01.0606 4952	ws2ifsl - ok
17:58:01.0652 4952	wscsvc          (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
17:58:01.0715 4952	wscsvc - ok
17:58:01.0730 4952	WSearch - ok
17:58:01.0964 4952	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:58:02.0214 4952	wuauserv - ok
17:58:02.0588 4952	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:58:02.0682 4952	WUDFRd - ok
17:58:02.0713 4952	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:58:02.0791 4952	wudfsvc - ok
17:58:02.0885 4952	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:58:03.0634 4952	\Device\Harddisk0\DR0 - ok
17:58:03.0696 4952	Boot (0x1200)   (7a5289be5ec0d4f23904d26fcf3cbac5) \Device\Harddisk0\DR0\Partition0
17:58:03.0696 4952	\Device\Harddisk0\DR0\Partition0 - ok
17:58:03.0790 4952	Boot (0x1200)   (17f6ba487b339b61417f6628c058e067) \Device\Harddisk0\DR0\Partition1
17:58:03.0790 4952	\Device\Harddisk0\DR0\Partition1 - ok
17:58:03.0790 4952	============================================================
17:58:03.0790 4952	Scan finished
17:58:03.0790 4952	============================================================
17:58:03.0805 4944	Detected object count: 7
17:58:03.0805 4944	Actual detected object count: 7
18:01:51.0302 4944	CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:51.0302 4944	CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:01:51.0302 4944	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:51.0302 4944	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:01:51.0302 4944	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:51.0302 4944	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:01:51.0318 4944	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:51.0318 4944	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:01:51.0318 4944	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:51.0318 4944	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:01:51.0318 4944	RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:51.0318 4944	RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:01:51.0318 4944	TestHandler ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:51.0318 4944	TestHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip

Viele Grüße
Alexander

cosinus · 18.06.2012, 21:01

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

alepos · 19.06.2012, 19:26

Hallo,

ich hab nun ComboFix ausgeführt, das Log ist angehängt.

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-19.01 - Papa 19.06.2012  20:06:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2046.789 [GMT 2:00]
ausgeführt von:: c:\users\Papa\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Papa\xobglu32.dll
c:\windows\PFRO.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-19 bis 2012-06-19  ))))))))))))))))))))))))))))))
.
.
2012-06-19 18:17 . 2012-06-19 18:17	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-06-19 18:17 . 2012-06-19 18:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-16 18:47 . 2012-06-16 18:47	--------	d-----w-	C:\_OTL
2012-06-12 19:32 . 2012-06-12 19:32	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-07 16:02 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-07 16:02 . 2012-06-11 17:44	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-07 16:02 . 2012-06-07 16:02	--------	d-----w-	c:\users\Papa\AppData\Roaming\Avira
2012-06-07 16:01 . 2012-04-27 08:20	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-06-07 16:01 . 2012-04-16 19:17	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-06-07 16:01 . 2012-06-07 16:01	--------	d-----w-	c:\programdata\Avira
2012-06-07 16:01 . 2012-06-07 16:01	--------	d-----w-	c:\program files\Avira
2012-06-06 14:07 . 2012-06-06 14:07	--------	d-----w-	c:\programdata\ckqmlplvzodpnbh
2012-06-05 19:12 . 2012-05-08 16:40	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD2A9013-E95F-4D0E-970E-5A3CAC06949F}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 22:32 . 2010-01-10 10:51	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-06-17 18:31 . 2012-06-17 18:31	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"recinfo363"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 71975924
*Deregistered* - 71975924
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{60FE2DD3-4745-4C3E-A773-A94B7E25C62A}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.236.1
FF - ProfilePath - c:\users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\7oss1r4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-19 20:18
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-06-19  20:23:03
ComboFix-quarantined-files.txt  2012-06-19 18:22
ComboFix2.txt  2011-06-30 15:29
.
Vor Suchlauf: 21 Verzeichnis(se), 30.912.520.192 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 30.061.985.792 Bytes frei
.
- - End Of File - - C1AA07F234D992E178F316D168AD2BF6

--- --- ---

cosinus · 19.06.2012, 23:21

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Folder::
c:\programdata\ckqmlplvzodpnbh

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

alepos · 20.06.2012, 15:03

Hallo zusammen,

anbei nun auch nochmals das Log des zweiten ComboFix Durchlaufs:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-19.03 - Papa 20.06.2012  14:49:55.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2046.1009 [GMT 2:00]
ausgeführt von:: c:\users\Papa\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Papa\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ckqmlplvzodpnbh
c:\programdata\ckqmlplvzodpnbh\btn-green.png
c:\programdata\ckqmlplvzodpnbh\corners-btn.png
c:\programdata\ckqmlplvzodpnbh\corners1.png
c:\programdata\ckqmlplvzodpnbh\corners2.png
c:\programdata\ckqmlplvzodpnbh\corners3.png
c:\programdata\ckqmlplvzodpnbh\corners4.png
c:\programdata\ckqmlplvzodpnbh\de-flag.png
c:\programdata\ckqmlplvzodpnbh\de-image.png
c:\programdata\ckqmlplvzodpnbh\ie6-7.css
c:\programdata\ckqmlplvzodpnbh\jquery.main.js
c:\programdata\ckqmlplvzodpnbh\main.html
c:\programdata\ckqmlplvzodpnbh\McAfee.png
c:\programdata\ckqmlplvzodpnbh\pays-de.png
c:\programdata\ckqmlplvzodpnbh\style.css
c:\programdata\ckqmlplvzodpnbh\ukash.png
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-20 bis 2012-06-20  ))))))))))))))))))))))))))))))
.
.
2012-06-20 13:27 . 2012-06-20 13:27	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-06-20 13:27 . 2012-06-20 13:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-16 18:47 . 2012-06-16 18:47	--------	d-----w-	C:\_OTL
2012-06-12 19:32 . 2012-06-12 19:32	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-07 16:02 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-07 16:02 . 2012-06-11 17:44	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-07 16:02 . 2012-06-07 16:02	--------	d-----w-	c:\users\Papa\AppData\Roaming\Avira
2012-06-07 16:01 . 2012-04-27 08:20	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-06-07 16:01 . 2012-04-16 19:17	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-06-07 16:01 . 2012-06-07 16:01	--------	d-----w-	c:\programdata\Avira
2012-06-07 16:01 . 2012-06-07 16:01	--------	d-----w-	c:\program files\Avira
2012-06-05 19:12 . 2012-05-08 16:40	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD2A9013-E95F-4D0E-970E-5A3CAC06949F}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 22:32 . 2010-01-10 10:51	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-06-17 18:31 . 2012-06-17 18:31	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"recinfo363"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 71975924
*Deregistered* - 71975924
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{60FE2DD3-4745-4C3E-A773-A94B7E25C62A}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.236.1
FF - ProfilePath - c:\users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\7oss1r4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-20 15:27
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-06-20  15:32:02
ComboFix-quarantined-files.txt  2012-06-20 13:31
ComboFix2.txt  2012-06-19 18:23
ComboFix3.txt  2011-06-30 15:29
.
Vor Suchlauf: 21 Verzeichnis(se), 29.864.742.912 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 29.846.441.984 Bytes frei
.
- - End Of File - - 76BACE979975E1C6281A55709BEB0A35

--- --- ---

Viele Grüße
Alexander

cosinus · 20.06.2012, 15:46

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

alepos · 20.06.2012, 18:27

Hallo Arne,

so, hier nun die weiteren Logs. Leider konnte ich GMER nicht erfolgreich ausführen, das Programm ist immer an einem bestimmten Step mitsamt Windows abgestürzt. Dafür jedoch das OSAM Log:
OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:06:41 on 20.06.2012

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Papa\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{7530BFB8-7293-4D34-9923-61A11451AFC5} "{7530BFB8-7293-4D34-9923-61A11451AFC5}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Garmin Lifetime Updater" - "Garmin" - C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
"HP Software Update" - "Hewlett-Packard Co." - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"recinfo363" - ? - c:\RecInfo\RecInfo.exe
"StartCCC" - ? - "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Program Files\Canon\CAL\CALMAIN.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

und das Log-File von aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-20 19:10:05
-----------------------------
19:10:05.143    OS Version: Windows 6.0.6001 Service Pack 1
19:10:05.143    Number of processors: 2 586 0xF0D
19:10:05.143    ComputerName: PAPA-PC  UserName: Papa
19:10:05.954    Initialize success
19:11:47.931    AVAST engine defs: 12062001
19:12:07.665    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:12:07.665    Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
19:12:07.712    Disk 0 MBR read successfully
19:12:07.712    Disk 0 MBR scan
19:12:07.727    Disk 0 Windows VISTA default MBR code
19:12:07.727    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12000 MB offset 2048
19:12:07.759    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        94419 MB offset 24578048
19:12:07.805    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        46206 MB offset 217948160
19:12:07.821    Disk 0 scanning sectors +312578048
19:12:07.899    Disk 0 scanning C:\Windows\system32\drivers
19:12:20.020    Service scanning
19:12:43.311    Modules scanning
19:12:47.882    Disk 0 trace - called modules:
19:12:48.443    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
19:12:48.443    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85429610]
19:12:48.443    3 CLASSPNP.SYS[807c0745] -> nt!IofCallDriver -> [0x84f72760]
19:12:48.443    5 acpi.sys[806926a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x849d2030]
19:12:49.145    AVAST engine scan C:\Windows
19:12:52.858    AVAST engine scan C:\Windows\system32
19:16:46.203    AVAST engine scan C:\Windows\system32\drivers
19:17:11.303    AVAST engine scan C:\Users\Papa
19:19:49.285    AVAST engine scan C:\ProgramData
19:21:38.407    Scan finished successfully
19:26:33.699    Disk 0 MBR has been saved successfully to "C:\Users\Papa\Desktop\MBR.dat"
19:26:33.715    The log file has been saved successfully to "C:\Users\Papa\Desktop\aswMBR.txt"

Viele Grüße
Alexander

cosinus · 21.06.2012, 09:50

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

alepos · 25.06.2012, 17:08

Hallo zusammen,

mein letzter Post ist leider nicht ins Forum gelangt... Deshalb hier nochmals die Logs.

Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.21.08

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Papa :: PAPA-PC [Administrator]

21.06.2012 20:41:35
mbam-log-2012-06-21 (20-41-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 326172
Laufzeit: 1 Stunde(n), 49 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

SUPERantiSpyware:

Code:

ATTFilter

 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/22/2012 at 06:59 PM

Application Version : 5.1.1002

Core Rules Database Version : 8781
Trace Rules Database Version: 6593

Scan type       : Quick Scan
Total Scan Time : 00:09:51

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Limited User (Administrator User)

Memory items scanned      : 843
Memory threats detected   : 0
Registry items scanned    : 27131
Registry threats detected : 0
File items scanned        : 6659
File threats detected     : 88

Adware.Tracking Cookie
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@ad1.adfarm1.adition[2].txt [ /ad1.adfarm1.adition ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@adfarm1.adition[1].txt [ /adfarm1.adition ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@adform[1].txt [ /adform ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@apmebf[1].txt [ /apmebf ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@atdmt[2].txt [ /atdmt ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@c.atdmt[2].txt [ /c.atdmt ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@collective-media[1].txt [ /collective-media ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@imrworldwide[2].txt [ /imrworldwide ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@interclick[1].txt [ /interclick ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@invitemedia[2].txt [ /invitemedia ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@lichtdiscount[1].txt [ /lichtdiscount ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@mediaplex[2].txt [ /mediaplex ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@revsci[1].txt [ /revsci ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@smartadserver[1].txt [ /smartadserver ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@statcounter[1].txt [ /statcounter ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@track.adform[2].txt [ /track.adform ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@imrworldwide[2].txt [ Cookie:papa@imrworldwide.com/cgi-bin ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@ru4[1].txt [ Cookie:papa@ru4.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@fastclick[1].txt [ Cookie:papa@fastclick.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.burstnet[1].txt [ Cookie:papa@www.burstnet.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@ad3.adfarm1.adition[1].txt [ Cookie:papa@ad3.adfarm1.adition.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@lichtdiscount[1].txt [ Cookie:papa@lichtdiscount.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@liveperson[2].txt [ Cookie:papa@liveperson.net/hc/34310144 ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@conrad.122.2o7[1].txt [ Cookie:papa@conrad.122.2o7.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@media6degrees[1].txt [ Cookie:papa@media6degrees.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@jibjab.112.2o7[1].txt [ Cookie:papa@jibjab.112.2o7.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@liveperson[4].txt [ Cookie:papa@liveperson.net/hc/54770292 ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@traffictrack[1].txt [ Cookie:papa@traffictrack.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@track.effiliation[3].txt [ Cookie:papa@track.effiliation.com/servlet/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@ad4.adfarm1.adition[1].txt [ Cookie:papa@ad4.adfarm1.adition.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@eas.apm.emediate[2].txt [ Cookie:papa@eas.apm.emediate.eu/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@atdmt[1].txt [ Cookie:papa@atdmt.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@doubleclick[1].txt [ Cookie:papa@doubleclick.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@ad.adition[1].txt [ Cookie:papa@ad.adition.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.sexshop-dildo-king[2].txt [ Cookie:papa@www.sexshop-dildo-king.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@de.sitestat[2].txt [ Cookie:papa@de.sitestat.com/ndr/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@bshg.122.2o7[1].txt [ Cookie:papa@bshg.122.2o7.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@collective-media[1].txt [ Cookie:papa@collective-media.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.pornoprofessor[1].txt [ Cookie:papa@www.pornoprofessor.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@guj.122.2o7[1].txt [ Cookie:papa@guj.122.2o7.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@amazon-adsystem[2].txt [ Cookie:papa@amazon-adsystem.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@adviva[1].txt [ Cookie:papa@adviva.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@tradedoubler[1].txt [ Cookie:papa@tradedoubler.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@track.effiliation[1].txt [ Cookie:papa@track.effiliation.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@xiti[1].txt [ Cookie:papa@xiti.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@ad1.dyntracker[1].txt [ Cookie:papa@ad1.dyntracker.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@mswmw7mobilemainprod.122.2o7[1].txt [ Cookie:papa@mswmw7mobilemainprod.122.2o7.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@apmebf[2].txt [ Cookie:papa@apmebf.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@ad2.adfarm1.adition[2].txt [ Cookie:papa@ad2.adfarm1.adition.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@zanox[1].txt [ Cookie:papa@zanox.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@statse.webtrendslive[1].txt [ Cookie:papa@statse.webtrendslive.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@tomtailor.dyntracker[1].txt [ Cookie:papa@tomtailor.dyntracker.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@partners.webmasterplan[2].txt [ Cookie:papa@partners.webmasterplan.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@keyword-advertising.gmx[2].txt [ Cookie:papa@keyword-advertising.gmx.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@liveperson[1].txt [ Cookie:papa@liveperson.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@clicks.pangora[2].txt [ Cookie:papa@clicks.pangora.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@google[6].txt [ Cookie:papa@google.com/accounts/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@sexshop-dildo-king[1].txt [ Cookie:papa@sexshop-dildo-king.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@statcounter[3].txt [ Cookie:papa@statcounter.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.etracker[2].txt [ Cookie:papa@www.etracker.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@smartadserver[2].txt [ Cookie:papa@smartadserver.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@adtech[2].txt [ Cookie:papa@adtech.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@unitymedia[1].txt [ Cookie:papa@unitymedia.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@advertising[2].txt [ Cookie:papa@advertising.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@server.iad.liveperson[2].txt [ Cookie:papa@server.iad.liveperson.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@adform[2].txt [ Cookie:papa@adform.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@2o7[1].txt [ Cookie:papa@2o7.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@a.revenuemax[1].txt [ Cookie:papa@a.revenuemax.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.googleadservices[1].txt [ Cookie:papa@www.googleadservices.com/pagead/conversion/1013329469/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@revsci[2].txt [ Cookie:papa@revsci.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@de.sitestat[1].txt [ Cookie:papa@de.sitestat.com/ndr/ndr/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.googleadservices[5].txt [ Cookie:papa@www.googleadservices.com/pagead/conversion/1013108498/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.googleadservices[2].txt [ Cookie:papa@www.googleadservices.com/pagead/conversion/1070954559/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.zanox-affiliate[1].txt [ Cookie:papa@www.zanox-affiliate.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@im.banner.t-online[2].txt [ Cookie:papa@im.banner.t-online.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@c.atdmt[2].txt [ Cookie:papa@c.atdmt.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@toplist[2].txt [ Cookie:papa@toplist.cz/ ]
	C:\USERS\PAPA\Cookies\papa@imrworldwide[2].txt [ Cookie:papa@imrworldwide.com/cgi-bin ]
	C:\USERS\PAPA\Cookies\papa@lichtdiscount[1].txt [ Cookie:papa@lichtdiscount.de/ ]
	C:\USERS\PAPA\Cookies\papa@revsci[1].txt [ Cookie:papa@revsci.net/ ]
	C:\USERS\PAPA\Cookies\papa@atdmt[2].txt [ Cookie:papa@atdmt.com/ ]
	C:\USERS\PAPA\Cookies\papa@collective-media[1].txt [ Cookie:papa@collective-media.net/ ]
	C:\USERS\PAPA\Cookies\papa@apmebf[1].txt [ Cookie:papa@apmebf.com/ ]
	C:\USERS\PAPA\Cookies\papa@statcounter[1].txt [ Cookie:papa@statcounter.com/ ]
	C:\USERS\PAPA\Cookies\papa@smartadserver[1].txt [ Cookie:papa@smartadserver.com/ ]
	C:\USERS\PAPA\Cookies\papa@c.atdmt[2].txt [ Cookie:papa@c.atdmt.com/ ]
	C:\USERS\PAPA\Cookies\papa@adform[1].txt [ Cookie:papa@adform.net/ ]

Ich hoffe diesmal klappt es.

Viele Grüße
Alexander

cosinus · 25.06.2012, 19:40

Zitat:

Scan type : Quick Scan
UAC On - Limited User (Administrator User)

1. hast du nur einen Quickscan mit SUPERAntiSpyware gemacht und 2. hast du vergessen das Tool per Rechtsklick als Admin auszuführen - ok, die Anleitung zu SUPERAntiSpyware muss ich mal überarbeiten

alepos · 26.06.2012, 07:50

Hallo,

ich habe nun sicherheitshalber als Admin noch einen Complete scan gemacht. Hier das Log:

Code:

ATTFilter

 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/26/2012 at 08:48 AM

Application Version : 5.1.1002

Core Rules Database Version : 8781
Trace Rules Database Version: 6593

Scan type       : Complete Scan
Total Scan Time : 01:00:59

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Limited User (Administrator User)

Memory items scanned      : 859
Memory threats detected   : 0
Registry items scanned    : 34085
Registry threats detected : 0
File items scanned        : 39340
File threats detected     : 97

Adware.Tracking Cookie
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@ad1.adfarm1.adition[2].txt [ /ad1.adfarm1.adition ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@adfarm1.adition[2].txt [ /adfarm1.adition ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@adform[1].txt [ /adform ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@apmebf[2].txt [ /apmebf ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@atdmt[2].txt [ /atdmt ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@c.atdmt[2].txt [ /c.atdmt ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@collective-media[1].txt [ /collective-media ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@fastclick[1].txt [ /fastclick ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@imrworldwide[2].txt [ /imrworldwide ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@interclick[1].txt [ /interclick ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@invitemedia[2].txt [ /invitemedia ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@lichtdiscount[1].txt [ /lichtdiscount ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@mediaplex[1].txt [ /mediaplex ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@revsci[1].txt [ /revsci ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@smartadserver[1].txt [ /smartadserver ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@statcounter[1].txt [ /statcounter ]
	C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Cookies\papa@track.adform[2].txt [ /track.adform ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@imrworldwide[2].txt [ Cookie:papa@imrworldwide.com/cgi-bin ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@ru4[1].txt [ Cookie:papa@ru4.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@fastclick[1].txt [ Cookie:papa@fastclick.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.burstnet[1].txt [ Cookie:papa@www.burstnet.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@ad3.adfarm1.adition[1].txt [ Cookie:papa@ad3.adfarm1.adition.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@lichtdiscount[1].txt [ Cookie:papa@lichtdiscount.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@liveperson[2].txt [ Cookie:papa@liveperson.net/hc/34310144 ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@conrad.122.2o7[1].txt [ Cookie:papa@conrad.122.2o7.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@media6degrees[1].txt [ Cookie:papa@media6degrees.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@jibjab.112.2o7[1].txt [ Cookie:papa@jibjab.112.2o7.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@liveperson[4].txt [ Cookie:papa@liveperson.net/hc/54770292 ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@traffictrack[1].txt [ Cookie:papa@traffictrack.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@track.effiliation[3].txt [ Cookie:papa@track.effiliation.com/servlet/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@ad4.adfarm1.adition[1].txt [ Cookie:papa@ad4.adfarm1.adition.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@eas.apm.emediate[2].txt [ Cookie:papa@eas.apm.emediate.eu/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@atdmt[1].txt [ Cookie:papa@atdmt.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@doubleclick[1].txt [ Cookie:papa@doubleclick.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@ad.adition[1].txt [ Cookie:papa@ad.adition.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.sexshop-dildo-king[2].txt [ Cookie:papa@www.sexshop-dildo-king.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@de.sitestat[2].txt [ Cookie:papa@de.sitestat.com/ndr/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@bshg.122.2o7[1].txt [ Cookie:papa@bshg.122.2o7.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@collective-media[1].txt [ Cookie:papa@collective-media.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.pornoprofessor[1].txt [ Cookie:papa@www.pornoprofessor.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@guj.122.2o7[1].txt [ Cookie:papa@guj.122.2o7.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@amazon-adsystem[2].txt [ Cookie:papa@amazon-adsystem.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@adviva[1].txt [ Cookie:papa@adviva.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@tradedoubler[1].txt [ Cookie:papa@tradedoubler.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@track.effiliation[1].txt [ Cookie:papa@track.effiliation.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@xiti[1].txt [ Cookie:papa@xiti.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@ad1.dyntracker[1].txt [ Cookie:papa@ad1.dyntracker.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@mswmw7mobilemainprod.122.2o7[1].txt [ Cookie:papa@mswmw7mobilemainprod.122.2o7.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@apmebf[2].txt [ Cookie:papa@apmebf.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@ad2.adfarm1.adition[2].txt [ Cookie:papa@ad2.adfarm1.adition.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@zanox[1].txt [ Cookie:papa@zanox.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@statse.webtrendslive[1].txt [ Cookie:papa@statse.webtrendslive.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@tomtailor.dyntracker[1].txt [ Cookie:papa@tomtailor.dyntracker.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@partners.webmasterplan[2].txt [ Cookie:papa@partners.webmasterplan.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@keyword-advertising.gmx[2].txt [ Cookie:papa@keyword-advertising.gmx.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@liveperson[1].txt [ Cookie:papa@liveperson.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@clicks.pangora[2].txt [ Cookie:papa@clicks.pangora.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@google[6].txt [ Cookie:papa@google.com/accounts/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@sexshop-dildo-king[1].txt [ Cookie:papa@sexshop-dildo-king.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@statcounter[3].txt [ Cookie:papa@statcounter.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.etracker[2].txt [ Cookie:papa@www.etracker.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@smartadserver[2].txt [ Cookie:papa@smartadserver.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@adtech[2].txt [ Cookie:papa@adtech.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@unitymedia[1].txt [ Cookie:papa@unitymedia.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@advertising[2].txt [ Cookie:papa@advertising.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@server.iad.liveperson[2].txt [ Cookie:papa@server.iad.liveperson.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@adform[2].txt [ Cookie:papa@adform.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@2o7[1].txt [ Cookie:papa@2o7.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@a.revenuemax[1].txt [ Cookie:papa@a.revenuemax.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.googleadservices[1].txt [ Cookie:papa@www.googleadservices.com/pagead/conversion/1013329469/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@revsci[2].txt [ Cookie:papa@revsci.net/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@de.sitestat[1].txt [ Cookie:papa@de.sitestat.com/ndr/ndr/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.googleadservices[5].txt [ Cookie:papa@www.googleadservices.com/pagead/conversion/1013108498/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.googleadservices[2].txt [ Cookie:papa@www.googleadservices.com/pagead/conversion/1070954559/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@www.zanox-affiliate[1].txt [ Cookie:papa@www.zanox-affiliate.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@im.banner.t-online[2].txt [ Cookie:papa@im.banner.t-online.de/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@c.atdmt[2].txt [ Cookie:papa@c.atdmt.com/ ]
	C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@toplist[2].txt [ Cookie:papa@toplist.cz/ ]
	C:\USERS\PAPA\Cookies\papa@imrworldwide[2].txt [ Cookie:papa@imrworldwide.com/cgi-bin ]
	C:\USERS\PAPA\Cookies\papa@fastclick[1].txt [ Cookie:papa@fastclick.net/ ]
	C:\USERS\PAPA\Cookies\papa@lichtdiscount[1].txt [ Cookie:papa@lichtdiscount.de/ ]
	C:\USERS\PAPA\Cookies\papa@revsci[1].txt [ Cookie:papa@revsci.net/ ]
	C:\USERS\PAPA\Cookies\papa@atdmt[2].txt [ Cookie:papa@atdmt.com/ ]
	C:\USERS\PAPA\Cookies\papa@collective-media[1].txt [ Cookie:papa@collective-media.net/ ]
	C:\USERS\PAPA\Cookies\papa@apmebf[2].txt [ Cookie:papa@apmebf.com/ ]
	C:\USERS\PAPA\Cookies\papa@statcounter[1].txt [ Cookie:papa@statcounter.com/ ]
	C:\USERS\PAPA\Cookies\papa@smartadserver[1].txt [ Cookie:papa@smartadserver.com/ ]
	C:\USERS\PAPA\Cookies\papa@c.atdmt[2].txt [ Cookie:papa@c.atdmt.com/ ]
	C:\USERS\PAPA\Cookies\papa@adform[1].txt [ Cookie:papa@adform.net/ ]
	C:\USERS\PAPA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PAPA@112.2O7[1].TXT [ /112.2O7 ]
	C:\USERS\PAPA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PAPA@AD.ZANOX[1].TXT [ /AD.ZANOX ]
	C:\USERS\PAPA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PAPA@CLICKFUSE[1].TXT [ /CLICKFUSE ]
	C:\USERS\PAPA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PAPA@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
	C:\USERS\PAPA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PAPA@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]
	C:\USERS\PAPA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PAPA@ZANOX-AFFILIATE[2].TXT [ /ZANOX-AFFILIATE ]

Adware.Zwangi
	C:\BIG FISH GAMES\UNINSTALL.EXE

Paßt das soweit?
Viele Grüße
Alexander

cosinus · 26.06.2012, 09:31

Code:

ATTFilter

Adware.Zwangi
	C:\BIG FISH GAMES\UNINSTALL.EXE

BigFish ist Adware-Müll, aber nichts Gefährliches

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

alepos · 26.06.2012, 12:47

Hallo zusammen,

vielen Dank für die Hilfe. Das System sieht jetzt wieder gut aus! Ich werde im Browser die Cookies deaktivieren, das scheint mit die hilfreichste Methode zu sein.

Ich hoffe, daß ich mir nicht nochmals so ein Teil einfange!

Vielen Dank nochmals für eure kompetente Hilfe!
Alexander

21.06.2012, 09:50	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Trojaner - PC befallen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolizei Trojaner - PC befallen

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner - PC befallen