Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 02.07.2012, 10:34   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Code:
ATTFilter
\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
         
Diesen Eintrag => TDSS File System <= bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.07.2012, 17:22   #17
danke
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



hi,

Ich bekomme imemrnoch redirects von google aus und beim start von windows muss ich rundll 32 im task manager schliessen um microsoft SE zum laufen zu bringen hier das Log


Code:
ATTFilter
 18:15:35.0646 4948	TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
18:15:35.0708 4948	============================================================
18:15:35.0708 4948	Current date / time: 2012/07/02 18:15:35.0708
18:15:35.0708 4948	SystemInfo:
18:15:35.0708 4948	
18:15:35.0708 4948	OS Version: 6.1.7601 ServicePack: 1.0
18:15:35.0708 4948	Product type: Workstation
18:15:35.0708 4948	ComputerName: FAB
18:15:35.0708 4948	UserName: Fab
18:15:35.0708 4948	Windows directory: C:\Windows
18:15:35.0708 4948	System windows directory: C:\Windows
18:15:35.0708 4948	Running under WOW64
18:15:35.0708 4948	Processor architecture: Intel x64
18:15:35.0708 4948	Number of processors: 2
18:15:35.0708 4948	Page size: 0x1000
18:15:35.0708 4948	Boot type: Normal boot
18:15:35.0708 4948	============================================================
18:15:40.0404 4948	Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:15:40.0562 4948	Drive \Device\Harddisk1\DR1 - Size: 0x3C3D12000 (15.06 Gb), SectorSize: 0x200, Cylinders: 0x7AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:15:40.0562 4948	============================================================
18:15:40.0562 4948	\Device\Harddisk0\DR0:
18:15:40.0594 4948	MBR partitions:
18:15:40.0594 4948	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:15:40.0594 4948	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192000
18:15:40.0594 4948	\Device\Harddisk1\DR1:
18:15:40.0594 4948	MBR partitions:
18:15:40.0594 4948	============================================================
18:15:40.0968 4948	C: <-> \Device\Harddisk0\DR0\Partition1
18:15:40.0999 4948	B: <-> \Device\Harddisk0\DR0\Partition0
18:15:40.0999 4948	============================================================
18:15:40.0999 4948	Initialize success
18:15:40.0999 4948	============================================================
18:15:51.0992 4520	============================================================
18:15:51.0992 4520	Scan started
18:15:51.0992 4520	Mode: Manual; SigCheck; TDLFS; 
18:15:51.0992 4520	============================================================
18:15:53.0939 4520	!SASCORE        (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:15:53.0969 4520	!SASCORE - ok
18:15:55.0064 4520	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:15:55.0111 4520	1394ohci - ok
18:15:55.0272 4520	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:15:55.0285 4520	ACPI - ok
18:15:55.0881 4520	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:15:56.0788 4520	AcpiPmi - ok
18:15:57.0031 4520	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:15:57.0044 4520	AdobeARMservice - ok
18:15:57.0456 4520	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:15:57.0491 4520	adp94xx - ok
18:15:57.0859 4520	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:15:57.0904 4520	adpahci - ok
18:15:57.0939 4520	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:15:57.0951 4520	adpu320 - ok
18:15:58.0044 4520	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:15:58.0336 4520	AeLookupSvc - ok
18:15:58.0524 4520	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:15:58.0777 4520	AFD - ok
18:15:58.0868 4520	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:15:58.0896 4520	agp440 - ok
18:15:58.0928 4520	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:15:59.0001 4520	ALG - ok
18:15:59.0023 4520	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:15:59.0033 4520	aliide - ok
18:15:59.0093 4520	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
18:15:59.0201 4520	AMD External Events Utility - ok
18:15:59.0303 4520	AMD FUEL Service - ok
18:15:59.0409 4520	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:15:59.0417 4520	amdide - ok
18:15:59.0482 4520	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:15:59.0494 4520	amdiox64 - ok
18:15:59.0778 4520	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:15:59.0858 4520	AmdK8 - ok
18:16:02.0181 4520	amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
18:16:02.0495 4520	amdkmdag - ok
18:16:02.0735 4520	amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
18:16:02.0795 4520	amdkmdap - ok
18:16:02.0860 4520	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:16:02.0907 4520	AmdPPM - ok
18:16:03.0147 4520	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:16:03.0180 4520	amdsata - ok
18:16:03.0293 4520	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:16:03.0311 4520	amdsbs - ok
18:16:03.0403 4520	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:16:03.0411 4520	amdxata - ok
18:16:03.0742 4520	AODDriver4.0    (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:16:03.0807 4520	AODDriver4.0 - ok
18:16:03.0997 4520	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:16:05.0020 4520	AppID - ok
18:16:05.0048 4520	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:16:05.0108 4520	AppIDSvc - ok
18:16:05.0190 4520	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:16:05.0222 4520	Appinfo - ok
18:16:05.0407 4520	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:16:05.0417 4520	Apple Mobile Device - ok
18:16:07.0170 4520	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:16:07.0250 4520	AppMgmt - ok
18:16:07.0307 4520	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:16:07.0322 4520	arc - ok
18:16:07.0392 4520	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:16:07.0402 4520	arcsas - ok
18:16:07.0797 4520	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:16:08.0002 4520	aspnet_state - ok
18:16:08.0067 4520	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:16:08.0185 4520	AsyncMac - ok
18:16:08.0287 4520	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:16:08.0297 4520	atapi - ok
18:16:09.0537 4520	atikmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
18:16:09.0655 4520	atikmdag - ok
18:16:10.0127 4520	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:16:10.0192 4520	AudioEndpointBuilder - ok
18:16:10.0197 4520	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:16:10.0230 4520	AudioSrv - ok
18:16:10.0282 4520	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:16:10.0577 4520	AxInstSV - ok
18:16:10.0695 4520	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:16:10.0790 4520	b06bdrv - ok
18:16:10.0827 4520	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:16:10.0870 4520	b57nd60a - ok
18:16:10.0915 4520	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:16:10.0970 4520	BDESVC - ok
18:16:10.0980 4520	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:16:11.0032 4520	Beep - ok
18:16:11.0120 4520	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:16:11.0167 4520	BFE - ok
18:16:11.0237 4520	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:16:11.0312 4520	BITS - ok
18:16:11.0375 4520	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:16:11.0402 4520	blbdrive - ok
18:16:11.0517 4520	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:16:11.0537 4520	Bonjour Service - ok
18:16:11.0602 4520	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:16:11.0655 4520	bowser - ok
18:16:11.0710 4520	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:16:11.0740 4520	BrFiltLo - ok
18:16:11.0757 4520	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:16:11.0770 4520	BrFiltUp - ok
18:16:11.0813 4520	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:16:11.0870 4520	Browser - ok
18:16:11.0903 4520	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:16:11.0968 4520	Brserid - ok
18:16:11.0985 4520	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:16:12.0020 4520	BrSerWdm - ok
18:16:12.0045 4520	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:16:12.0075 4520	BrUsbMdm - ok
18:16:12.0078 4520	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:16:12.0095 4520	BrUsbSer - ok
18:16:12.0158 4520	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:16:12.0203 4520	BthEnum - ok
18:16:12.0220 4520	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:16:12.0250 4520	BTHMODEM - ok
18:16:12.0283 4520	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:16:12.0305 4520	BthPan - ok
18:16:12.0364 4520	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:16:12.0406 4520	BTHPORT - ok
18:16:12.0431 4520	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:16:12.0484 4520	bthserv - ok
18:16:12.0504 4520	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:16:12.0526 4520	BTHUSB - ok
18:16:12.0564 4520	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:16:12.0626 4520	cdfs - ok
18:16:12.0699 4520	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:16:12.0739 4520	cdrom - ok
18:16:12.0806 4520	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:16:12.0861 4520	CertPropSvc - ok
18:16:12.0901 4520	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:16:12.0936 4520	circlass - ok
18:16:12.0976 4520	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:16:12.0996 4520	CLFS - ok
18:16:13.0051 4520	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:16:13.0061 4520	clr_optimization_v2.0.50727_32 - ok
18:16:13.0104 4520	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:16:13.0114 4520	clr_optimization_v2.0.50727_64 - ok
18:16:13.0224 4520	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:16:13.0287 4520	clr_optimization_v4.0.30319_32 - ok
18:16:13.0347 4520	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:16:13.0362 4520	clr_optimization_v4.0.30319_64 - ok
18:16:13.0384 4520	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:16:13.0412 4520	CmBatt - ok
18:16:13.0439 4520	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:16:13.0447 4520	cmdide - ok
18:16:13.0502 4520	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:16:13.0529 4520	CNG - ok
18:16:13.0567 4520	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:16:13.0574 4520	Compbatt - ok
18:16:13.0634 4520	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:16:13.0664 4520	CompositeBus - ok
18:16:13.0707 4520	COMSysApp - ok
18:16:13.0722 4520	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:16:13.0732 4520	crcdisk - ok
18:16:13.0787 4520	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:16:13.0834 4520	CryptSvc - ok
18:16:13.0882 4520	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:16:13.0962 4520	CSC - ok
18:16:13.0999 4520	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
18:16:14.0049 4520	CscService - ok
18:16:14.0122 4520	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:16:14.0194 4520	DcomLaunch - ok
18:16:14.0239 4520	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:16:14.0302 4520	defragsvc - ok
18:16:14.0382 4520	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:16:14.0434 4520	DfsC - ok
18:16:14.0504 4520	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:16:14.0567 4520	Dhcp - ok
18:16:14.0649 4520	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:16:14.0702 4520	discache - ok
18:16:14.0747 4520	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:16:14.0757 4520	Disk - ok
18:16:14.0839 4520	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:16:14.0914 4520	Dnscache - ok
18:16:14.0974 4520	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:16:15.0042 4520	dot3svc - ok
18:16:15.0097 4520	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:16:15.0157 4520	DPS - ok
18:16:15.0192 4520	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:16:15.0204 4520	drmkaud - ok
18:16:15.0247 4520	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:16:15.0257 4520	dtsoftbus01 - ok
18:16:15.0604 4520	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:16:15.0624 4520	DXGKrnl - ok
18:16:15.0674 4520	E1G60           (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:16:15.0722 4520	E1G60 - ok
18:16:15.0814 4520	EagleX64 - ok
18:16:15.0927 4520	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:16:15.0979 4520	EapHost - ok
18:16:16.0149 4520	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:16:16.0272 4520	ebdrv - ok
18:16:16.0389 4520	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:16:16.0437 4520	EFS - ok
18:16:16.0522 4520	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:16:16.0604 4520	ehRecvr - ok
18:16:16.0679 4520	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:16:16.0729 4520	ehSched - ok
18:16:16.0817 4520	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:16:16.0847 4520	elxstor - ok
18:16:16.0909 4520	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:16:16.0937 4520	ErrDev - ok
18:16:17.0027 4520	etdrv           (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
18:16:17.0034 4520	etdrv - ok
18:16:17.0067 4520	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:16:17.0124 4520	EventSystem - ok
18:16:17.0159 4520	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:16:17.0214 4520	exfat - ok
18:16:17.0239 4520	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:16:17.0289 4520	fastfat - ok
18:16:17.0449 4520	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:16:17.0522 4520	Fax - ok
18:16:17.0560 4520	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:16:17.0570 4520	fdc - ok
18:16:17.0605 4520	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:16:17.0660 4520	fdPHost - ok
18:16:17.0687 4520	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:16:17.0737 4520	FDResPub - ok
18:16:17.0855 4520	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:16:17.0865 4520	FileInfo - ok
18:16:17.0890 4520	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:16:17.0942 4520	Filetrace - ok
18:16:17.0982 4520	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:16:17.0992 4520	flpydisk - ok
18:16:18.0042 4520	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:16:18.0062 4520	FltMgr - ok
18:16:18.0125 4520	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:16:18.0205 4520	FontCache - ok
18:16:18.0292 4520	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:16:18.0300 4520	FontCache3.0.0.0 - ok
18:16:18.0350 4520	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:16:18.0362 4520	FsDepends - ok
18:16:18.0392 4520	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:16:18.0400 4520	Fs_Rec - ok
18:16:18.0455 4520	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:16:18.0472 4520	fvevol - ok
18:16:18.0497 4520	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:16:18.0507 4520	gagp30kx - ok
18:16:18.0557 4520	gdrv            (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
18:16:18.0562 4520	gdrv - ok
18:16:18.0642 4520	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:16:18.0647 4520	GEARAspiWDM - ok
18:16:18.0750 4520	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:16:18.0822 4520	gpsvc - ok
18:16:18.0887 4520	GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
18:16:18.0897 4520	GVTDrv64 - ok
18:16:18.0922 4520	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:16:18.0970 4520	hcw85cir - ok
18:16:19.0027 4520	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:16:19.0050 4520	HdAudAddService - ok
18:16:19.0082 4520	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:16:19.0122 4520	HDAudBus - ok
18:16:19.0155 4520	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:16:19.0187 4520	HidBatt - ok
18:16:19.0245 4520	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:16:19.0282 4520	HidBth - ok
18:16:19.0310 4520	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:16:19.0342 4520	HidIr - ok
18:16:19.0382 4520	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:16:19.0445 4520	hidserv - ok
18:16:19.0520 4520	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:16:19.0527 4520	HidUsb - ok
18:16:19.0585 4520	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:16:19.0642 4520	hkmsvc - ok
18:16:19.0695 4520	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:16:19.0755 4520	HomeGroupListener - ok
18:16:19.0805 4520	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:16:19.0827 4520	HomeGroupProvider - ok
18:16:19.0877 4520	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:16:19.0890 4520	HpSAMD - ok
18:16:19.0962 4520	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:16:20.0027 4520	HTTP - ok
18:16:20.0070 4520	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:16:20.0080 4520	hwpolicy - ok
18:16:20.0140 4520	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:16:20.0165 4520	i8042prt - ok
18:16:20.0230 4520	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:16:20.0250 4520	iaStorV - ok
18:16:20.0328 4520	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:16:20.0358 4520	IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:16:20.0358 4520	IDriverT - detected UnsignedFile.Multi.Generic (1)
18:16:20.0583 4520	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:16:20.0618 4520	idsvc - ok
18:16:20.0728 4520	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:16:20.0738 4520	iirsp - ok
18:16:20.0801 4520	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:16:20.0871 4520	IKEEXT - ok
18:16:20.0953 4520	IntcAzAudAddService (6bcd9505f0ab48edda1ee250987b0eb4) C:\Windows\system32\drivers\RTKVHD64.sys
18:16:20.0976 4520	IntcAzAudAddService - ok
18:16:21.0101 4520	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:16:21.0108 4520	intelide - ok
18:16:21.0146 4520	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:16:21.0176 4520	intelppm - ok
18:16:21.0206 4520	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:16:21.0256 4520	IPBusEnum - ok
18:16:21.0298 4520	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:16:21.0333 4520	IpFilterDriver - ok
18:16:21.0393 4520	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:16:21.0436 4520	iphlpsvc - ok
18:16:21.0478 4520	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:16:21.0508 4520	IPMIDRV - ok
18:16:21.0546 4520	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:16:21.0583 4520	IPNAT - ok
18:16:21.0700 4520	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
18:16:21.0732 4520	iPod Service - ok
18:16:21.0765 4520	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:16:21.0797 4520	IRENUM - ok
18:16:21.0855 4520	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:16:21.0865 4520	isapnp - ok
18:16:21.0923 4520	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:16:21.0943 4520	iScsiPrt - ok
18:16:21.0998 4520	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:16:22.0005 4520	kbdclass - ok
18:16:22.0030 4520	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:16:22.0038 4520	kbdhid - ok
18:16:22.0078 4520	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:22.0088 4520	KeyIso - ok
18:16:22.0098 4520	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:16:22.0113 4520	KSecDD - ok
18:16:22.0123 4520	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:16:22.0135 4520	KSecPkg - ok
18:16:22.0150 4520	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:16:22.0198 4520	ksthunk - ok
18:16:22.0233 4520	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:16:22.0306 4520	KtmRm - ok
18:16:22.0389 4520	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:16:22.0449 4520	LanmanServer - ok
18:16:22.0516 4520	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:16:22.0566 4520	LanmanWorkstation - ok
18:16:22.0634 4520	LGBusEnum       (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
18:16:22.0641 4520	LGBusEnum - ok
18:16:22.0691 4520	LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
18:16:22.0699 4520	LGVirHid - ok
18:16:22.0731 4520	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:16:22.0786 4520	lltdio - ok
18:16:22.0831 4520	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:16:22.0886 4520	lltdsvc - ok
18:16:22.0916 4520	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:16:22.0944 4520	lmhosts - ok
18:16:22.0979 4520	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:16:22.0994 4520	LSI_FC - ok
18:16:23.0011 4520	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:16:23.0026 4520	LSI_SAS - ok
18:16:23.0041 4520	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:16:23.0049 4520	LSI_SAS2 - ok
18:16:23.0084 4520	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:16:23.0101 4520	LSI_SCSI - ok
18:16:23.0124 4520	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:16:23.0184 4520	luafv - ok
18:16:23.0351 4520	McComponentHostService (485405de203e88b3fe4294a2ea48d7ee) C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe
18:16:23.0371 4520	McComponentHostService - ok
18:16:23.0409 4520	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:16:23.0444 4520	Mcx2Svc - ok
18:16:23.0476 4520	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:16:23.0486 4520	megasas - ok
18:16:23.0506 4520	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:16:23.0529 4520	MegaSR - ok
18:16:23.0554 4520	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:16:23.0604 4520	MMCSS - ok
18:16:23.0634 4520	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:16:23.0684 4520	Modem - ok
18:16:23.0711 4520	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:16:23.0746 4520	monitor - ok
18:16:23.0806 4520	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:16:23.0816 4520	mouclass - ok
18:16:23.0821 4520	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:16:23.0856 4520	mouhid - ok
18:16:23.0891 4520	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:16:23.0906 4520	mountmgr - ok
18:16:23.0961 4520	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:16:23.0976 4520	MpFilter - ok
18:16:24.0021 4520	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:16:24.0036 4520	mpio - ok
18:16:24.0066 4520	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:16:24.0094 4520	mpsdrv - ok
18:16:24.0159 4520	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:16:24.0216 4520	MpsSvc - ok
18:16:24.0256 4520	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:16:24.0299 4520	MRxDAV - ok
18:16:24.0336 4520	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:16:24.0389 4520	mrxsmb - ok
18:16:24.0441 4520	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:16:24.0479 4520	mrxsmb10 - ok
18:16:24.0506 4520	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:16:24.0544 4520	mrxsmb20 - ok
18:16:24.0589 4520	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:16:24.0596 4520	msahci - ok
18:16:24.0641 4520	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:16:24.0659 4520	msdsm - ok
18:16:24.0684 4520	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:16:24.0739 4520	MSDTC - ok
18:16:24.0779 4520	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:16:24.0816 4520	Msfs - ok
18:16:24.0831 4520	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:16:24.0881 4520	mshidkmdf - ok
18:16:24.0924 4520	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:16:24.0934 4520	msisadrv - ok
18:16:24.0961 4520	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:16:25.0014 4520	MSiSCSI - ok
18:16:25.0016 4520	msiserver - ok
18:16:25.0061 4520	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:16:25.0111 4520	MSKSSRV - ok
18:16:25.0226 4520	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:16:25.0236 4520	MsMpSvc - ok
18:16:25.0266 4520	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:16:25.0316 4520	MSPCLOCK - ok
18:16:25.0344 4520	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:16:25.0389 4520	MSPQM - ok
18:16:25.0456 4520	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:16:25.0476 4520	MsRPC - ok
18:16:25.0519 4520	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:16:25.0529 4520	mssmbios - ok
18:16:25.0559 4520	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:16:25.0609 4520	MSTEE - ok
18:16:25.0644 4520	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:16:25.0651 4520	MTConfig - ok
18:16:25.0671 4520	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:16:25.0681 4520	Mup - ok
18:16:25.0739 4520	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:16:25.0806 4520	napagent - ok
18:16:25.0849 4520	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:16:25.0899 4520	NativeWifiP - ok
18:16:25.0999 4520	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:16:26.0039 4520	NDIS - ok
18:16:26.0084 4520	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:16:26.0134 4520	NdisCap - ok
18:16:26.0169 4520	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:16:26.0214 4520	NdisTapi - ok
18:16:26.0261 4520	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:16:26.0309 4520	Ndisuio - ok
18:16:26.0361 4520	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:16:26.0394 4520	NdisWan - ok
18:16:26.0431 4520	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:16:26.0481 4520	NDProxy - ok
18:16:26.0509 4520	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:16:26.0557 4520	NetBIOS - ok
18:16:26.0612 4520	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:16:26.0667 4520	NetBT - ok
18:16:26.0719 4520	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:26.0727 4520	Netlogon - ok
18:16:26.0772 4520	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:16:26.0834 4520	Netman - ok
18:16:26.0967 4520	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:16:27.0012 4520	NetMsmqActivator - ok
18:16:27.0014 4520	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:16:27.0024 4520	NetPipeActivator - ok
18:16:27.0067 4520	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:16:27.0132 4520	netprofm - ok
18:16:27.0137 4520	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:16:27.0144 4520	NetTcpActivator - ok
18:16:27.0147 4520	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:16:27.0154 4520	NetTcpPortSharing - ok
18:16:27.0199 4520	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:16:27.0209 4520	nfrd960 - ok
18:16:27.0242 4520	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:16:27.0257 4520	NisDrv - ok
18:16:27.0359 4520	NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:16:27.0382 4520	NisSrv - ok
18:16:27.0449 4520	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:16:27.0509 4520	NlaSvc - ok
18:16:27.0547 4520	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:16:27.0574 4520	Npfs - ok
18:16:27.0594 4520	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:16:27.0639 4520	nsi - ok
18:16:27.0679 4520	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:16:27.0724 4520	nsiproxy - ok
18:16:27.0809 4520	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:16:27.0872 4520	Ntfs - ok
18:16:27.0962 4520	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:16:28.0007 4520	Null - ok
18:16:28.0072 4520	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:16:28.0087 4520	nvraid - ok
18:16:28.0117 4520	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:16:28.0129 4520	nvstor - ok
18:16:28.0184 4520	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:16:28.0199 4520	nv_agp - ok
18:16:28.0212 4520	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:16:28.0239 4520	ohci1394 - ok
18:16:28.0282 4520	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:16:28.0344 4520	p2pimsvc - ok
18:16:28.0367 4520	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:16:28.0387 4520	p2psvc - ok
18:16:28.0409 4520	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:16:28.0424 4520	Parport - ok
18:16:28.0464 4520	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:16:28.0472 4520	partmgr - ok
18:16:28.0504 4520	pavboot         (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
18:16:28.0512 4520	pavboot - ok
18:16:28.0534 4520	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:16:28.0574 4520	PcaSvc - ok
18:16:28.0614 4520	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:16:28.0627 4520	pci - ok
18:16:28.0639 4520	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:16:28.0649 4520	pciide - ok
18:16:28.0699 4520	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:16:28.0724 4520	pcmcia - ok
18:16:28.0739 4520	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:16:28.0747 4520	pcw - ok
18:16:28.0787 4520	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:16:28.0857 4520	PEAUTH - ok
18:16:28.0929 4520	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:16:29.0014 4520	PeerDistSvc - ok
18:16:29.0069 4520	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:16:29.0094 4520	PerfHost - ok
18:16:29.0225 4520	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:16:29.0315 4520	pla - ok
18:16:29.0411 4520	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:16:29.0446 4520	PlugPlay - ok
18:16:29.0474 4520	PnkBstrA - ok
18:16:29.0510 4520	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:16:29.0510 4520	PNRPAutoReg - ok
18:16:29.0540 4520	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:16:29.0555 4520	PNRPsvc - ok
18:16:29.0611 4520	Point64         (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
18:16:29.0618 4520	Point64 - ok
18:16:29.0729 4520	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:16:29.0817 4520	PolicyAgent - ok
18:16:29.0854 4520	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:16:29.0919 4520	Power - ok
18:16:29.0980 4520	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:16:30.0051 4520	PptpMiniport - ok
18:16:30.0081 4520	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:16:30.0114 4520	Processor - ok
18:16:30.0149 4520	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:16:30.0206 4520	ProfSvc - ok
18:16:30.0266 4520	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:30.0276 4520	ProtectedStorage - ok
18:16:30.0670 4520	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:16:30.0718 4520	Psched - ok
18:16:30.0790 4520	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:16:30.0836 4520	ql2300 - ok
18:16:30.0954 4520	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:16:30.0969 4520	ql40xx - ok
18:16:30.0992 4520	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:16:31.0039 4520	QWAVE - ok
18:16:31.0062 4520	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:16:31.0099 4520	QWAVEdrv - ok
18:16:31.0122 4520	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:16:31.0164 4520	RasAcd - ok
18:16:31.0207 4520	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:16:31.0234 4520	RasAgileVpn - ok
18:16:31.0257 4520	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:16:31.0309 4520	RasAuto - ok
18:16:31.0369 4520	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:16:31.0421 4520	Rasl2tp - ok
18:16:31.0464 4520	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:16:31.0504 4520	RasMan - ok
18:16:31.0551 4520	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:16:31.0604 4520	RasPppoe - ok
18:16:31.0641 4520	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:16:31.0676 4520	RasSstp - ok
18:16:31.0734 4520	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:16:31.0804 4520	rdbss - ok
18:16:31.0829 4520	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:16:31.0861 4520	rdpbus - ok
18:16:31.0889 4520	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:16:31.0931 4520	RDPCDD - ok
18:16:31.0971 4520	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:16:31.0989 4520	RDPDR - ok
18:16:32.0004 4520	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:16:32.0051 4520	RDPENCDD - ok
18:16:32.0079 4520	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:16:32.0106 4520	RDPREFMP - ok
18:16:32.0161 4520	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:16:32.0204 4520	RdpVideoMiniport - ok
18:16:32.0237 4520	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:16:32.0259 4520	RDPWD - ok
18:16:32.0317 4520	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:16:32.0329 4520	rdyboost - ok
18:16:32.0354 4520	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:16:32.0404 4520	RemoteAccess - ok
18:16:32.0442 4520	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:16:32.0474 4520	RemoteRegistry - ok
18:16:32.0507 4520	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:16:32.0542 4520	RFCOMM - ok
18:16:32.0572 4520	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:16:32.0627 4520	RpcEptMapper - ok
18:16:32.0664 4520	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:16:32.0694 4520	RpcLocator - ok
18:16:32.0742 4520	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:16:32.0774 4520	RpcSs - ok
18:16:32.0799 4520	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:16:32.0829 4520	rspndr - ok
18:16:32.0869 4520	RTHDMIAzAudService (730c8393dfc90386d5a1ecb24dd6c614) C:\Windows\system32\drivers\RtHDMIVX.sys
18:16:32.0877 4520	RTHDMIAzAudService - ok
18:16:32.0919 4520	RTL8167         (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:16:32.0959 4520	RTL8167 - ok
18:16:32.0999 4520	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:16:33.0047 4520	s3cap - ok
18:16:33.0092 4520	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:33.0099 4520	SamSs - ok
18:16:33.0224 4520	SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:16:33.0232 4520	SASDIFSV - ok
18:16:33.0249 4520	SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:16:33.0257 4520	SASKUTIL - ok
18:16:33.0302 4520	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:16:33.0317 4520	sbp2port - ok
18:16:33.0360 4520	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:16:33.0418 4520	SCardSvr - ok
18:16:33.0450 4520	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:16:33.0495 4520	scfilter - ok
18:16:33.0553 4520	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:16:33.0603 4520	Schedule - ok
18:16:33.0655 4520	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:16:33.0683 4520	SCPolicySvc - ok
18:16:33.0728 4520	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:16:33.0753 4520	SDRSVC - ok
18:16:33.0795 4520	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:16:33.0845 4520	secdrv - ok
18:16:33.0873 4520	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:16:33.0918 4520	seclogon - ok
18:16:33.0943 4520	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:16:33.0990 4520	SENS - ok
18:16:34.0015 4520	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:16:34.0035 4520	SensrSvc - ok
18:16:34.0055 4520	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:16:34.0083 4520	Serenum - ok
18:16:34.0116 4520	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:16:34.0155 4520	Serial - ok
18:16:34.0192 4520	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:16:34.0200 4520	sermouse - ok
18:16:34.0252 4520	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:16:34.0307 4520	SessionEnv - ok
18:16:34.0330 4520	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:16:34.0360 4520	sffdisk - ok
18:16:34.0382 4520	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:16:34.0415 4520	sffp_mmc - ok
18:16:34.0440 4520	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:16:34.0472 4520	sffp_sd - ok
18:16:34.0502 4520	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:16:34.0512 4520	sfloppy - ok
18:16:34.0547 4520	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:16:34.0607 4520	SharedAccess - ok
18:16:34.0665 4520	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:16:34.0727 4520	ShellHWDetection - ok
18:16:34.0765 4520	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:16:34.0775 4520	SiSRaid2 - ok
18:16:34.0787 4520	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:16:34.0797 4520	SiSRaid4 - ok
18:16:34.0907 4520	sj              (4523268768f70049ea95ffdf8354b4fa) C:\AeriaGames\EdenEternal\sjcs64.sys
18:16:34.0915 4520	sj - ok
18:16:34.0945 4520	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:16:34.0997 4520	Smb - ok
18:16:35.0067 4520	SNMP            (ca62ae004e98374bf7f082cd765eea02) C:\Windows\System32\snmp.exe
18:16:35.0087 4520	SNMP - ok
18:16:35.0102 4520	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:16:35.0130 4520	SNMPTRAP - ok
18:16:35.0175 4520	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:16:35.0182 4520	spldr - ok
18:16:35.0250 4520	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:16:35.0287 4520	Spooler - ok
18:16:35.0548 4520	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:16:35.0713 4520	sppsvc - ok
18:16:35.0810 4520	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:16:35.0860 4520	sppuinotify - ok
18:16:35.0945 4520	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:16:36.0013 4520	srv - ok
18:16:36.0063 4520	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:16:36.0103 4520	srv2 - ok
18:16:36.0133 4520	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:16:36.0165 4520	srvnet - ok
18:16:36.0210 4520	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:16:36.0273 4520	SSDPSRV - ok
18:16:36.0298 4520	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:16:36.0325 4520	SstpSvc - ok
18:16:36.0435 4520	Steam Client Service - ok
18:16:36.0468 4520	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:16:36.0475 4520	stexstor - ok
18:16:36.0533 4520	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:16:36.0580 4520	stisvc - ok
18:16:36.0610 4520	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:16:36.0618 4520	storflt - ok
18:16:36.0673 4520	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:16:36.0683 4520	storvsc - ok
18:16:36.0725 4520	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:16:36.0733 4520	swenum - ok
18:16:36.0783 4520	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:16:36.0848 4520	swprv - ok
18:16:36.0868 4520	Synth3dVsc - ok
18:16:36.0963 4520	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:16:37.0038 4520	SysMain - ok
18:16:37.0151 4520	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:16:37.0171 4520	TabletInputService - ok
18:16:37.0208 4520	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:16:37.0266 4520	TapiSrv - ok
18:16:37.0301 4520	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:16:37.0348 4520	TBS - ok
18:16:37.0463 4520	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:16:37.0526 4520	Tcpip - ok
18:16:37.0678 4520	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:16:37.0708 4520	TCPIP6 - ok
18:16:37.0798 4520	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:16:37.0843 4520	tcpipreg - ok
18:16:37.0873 4520	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:16:37.0924 4520	TDPIPE - ok
18:16:37.0956 4520	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:16:37.0981 4520	TDTCP - ok
18:16:38.0016 4520	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:16:38.0049 4520	tdx - ok
18:16:38.0219 4520	TeamViewer7     (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:16:38.0256 4520	TeamViewer7 - ok
18:16:38.0389 4520	teamviewervpn   (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
18:16:38.0396 4520	teamviewervpn - ok
18:16:38.0444 4520	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:16:38.0451 4520	TermDD - ok
18:16:38.0509 4520	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:16:38.0571 4520	TermService - ok
18:16:38.0614 4520	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:16:38.0651 4520	Themes - ok
18:16:38.0699 4520	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:16:38.0726 4520	THREADORDER - ok
18:16:38.0734 4520	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:16:38.0789 4520	TrkWks - ok
18:16:38.0856 4520	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:16:38.0904 4520	TrustedInstaller - ok
18:16:38.0941 4520	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:16:38.0966 4520	tssecsrv - ok
18:16:39.0021 4520	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:16:39.0041 4520	TsUsbFlt - ok
18:16:39.0046 4520	tsusbhub - ok
18:16:39.0101 4520	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:16:39.0149 4520	tunnel - ok
18:16:39.0181 4520	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:16:39.0189 4520	uagp35 - ok
18:16:39.0244 4520	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:16:39.0301 4520	udfs - ok
18:16:39.0341 4520	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:16:39.0376 4520	UI0Detect - ok
18:16:39.0441 4520	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:16:39.0451 4520	uliagpkx - ok
18:16:39.0469 4520	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:16:39.0474 4520	umbus - ok
18:16:39.0499 4520	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:16:39.0507 4520	UmPass - ok
18:16:39.0544 4520	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
18:16:39.0587 4520	UmRdpService - ok
18:16:39.0629 4520	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:16:39.0707 4520	upnphost - ok
18:16:39.0759 4520	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:16:39.0774 4520	USBAAPL64 - ok
18:16:39.0817 4520	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:16:39.0844 4520	usbccgp - ok
18:16:39.0899 4520	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:16:39.0914 4520	usbcir - ok
18:16:39.0932 4520	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:16:39.0959 4520	usbehci - ok
18:16:40.0007 4520	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:16:40.0047 4520	usbhub - ok
18:16:40.0069 4520	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:16:40.0097 4520	usbohci - ok
18:16:40.0132 4520	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:16:40.0164 4520	usbprint - ok
18:16:40.0204 4520	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
18:16:40.0244 4520	USBSTOR - ok
18:16:40.0269 4520	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:16:40.0297 4520	usbuhci - ok
18:16:40.0514 4520	usj             (659ba43f61fc37609288a5340a8d37d4) C:\AeriaGames\EdenEternal\avital\ussjcs64.sys
18:16:40.0557 4520	usj - ok
18:16:40.0587 4520	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:16:40.0659 4520	UxSms - ok
18:16:40.0697 4520	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:40.0704 4520	VaultSvc - ok
18:16:40.0757 4520	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:16:40.0764 4520	vdrvroot - ok
18:16:40.0837 4520	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:16:40.0879 4520	vds - ok
18:16:40.0927 4520	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:16:40.0939 4520	vga - ok
18:16:40.0957 4520	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:16:41.0002 4520	VgaSave - ok
18:16:41.0004 4520	VGPU - ok
18:16:41.0047 4520	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:16:41.0059 4520	vhdmp - ok
18:16:41.0097 4520	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:16:41.0107 4520	viaide - ok
18:16:41.0127 4520	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:16:41.0139 4520	vmbus - ok
18:16:41.0152 4520	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:16:41.0182 4520	VMBusHID - ok
18:16:41.0214 4520	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:16:41.0222 4520	volmgr - ok
18:16:41.0269 4520	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:16:41.0289 4520	volmgrx - ok
18:16:41.0339 4520	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:16:41.0362 4520	volsnap - ok
18:16:41.0397 4520	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:16:41.0409 4520	vsmraid - ok
18:16:41.0495 4520	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:16:41.0585 4520	VSS - ok
18:16:41.0690 4520	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:16:41.0717 4520	vwifibus - ok
18:16:41.0767 4520	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:16:41.0810 4520	W32Time - ok
18:16:41.0830 4520	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:16:41.0840 4520	WacomPen - ok
18:16:41.0895 4520	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:16:41.0930 4520	WANARP - ok
18:16:41.0940 4520	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:16:41.0965 4520	Wanarpv6 - ok
18:16:42.0062 4520	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:16:42.0112 4520	wbengine - ok
18:16:42.0190 4520	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:16:42.0215 4520	WbioSrvc - ok
18:16:42.0270 4520	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:16:42.0295 4520	wcncsvc - ok
18:16:42.0305 4520	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:16:42.0357 4520	WcsPlugInService - ok
18:16:42.0385 4520	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:16:42.0395 4520	Wd - ok
18:16:42.0427 4520	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:16:42.0457 4520	Wdf01000 - ok
18:16:42.0470 4520	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:16:42.0537 4520	WdiServiceHost - ok
18:16:42.0542 4520	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:16:42.0555 4520	WdiSystemHost - ok
18:16:42.0612 4520	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:16:42.0687 4520	WebClient - ok
18:16:42.0732 4520	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:16:42.0790 4520	Wecsvc - ok
18:16:42.0817 4520	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:16:42.0852 4520	wercplsupport - ok
18:16:42.0865 4520	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:16:42.0917 4520	WerSvc - ok
18:16:42.0975 4520	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:16:43.0002 4520	WfpLwf - ok
18:16:43.0010 4520	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:16:43.0028 4520	WIMMount - ok
18:16:43.0058 4520	WinDefend - ok
18:16:43.0070 4520	WinHttpAutoProxySvc - ok
18:16:43.0108 4520	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:16:43.0173 4520	Winmgmt - ok
18:16:43.0263 4520	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:16:43.0343 4520	WinRM - ok
18:16:43.0459 4520	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:16:43.0492 4520	WinUsb - ok
18:16:43.0547 4520	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:16:43.0604 4520	Wlansvc - ok
18:16:43.0784 4520	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:16:43.0862 4520	wlidsvc - ok
18:16:43.0987 4520	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:16:44.0019 4520	WmiAcpi - ok
18:16:44.0079 4520	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:16:44.0112 4520	wmiApSrv - ok
18:16:44.0159 4520	WMPNetworkSvc - ok
18:16:44.0187 4520	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:16:44.0204 4520	WPCSvc - ok
18:16:44.0232 4520	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:16:44.0257 4520	WPDBusEnum - ok
18:16:44.0290 4520	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:16:44.0335 4520	ws2ifsl - ok
18:16:44.0340 4520	WSearch - ok
18:16:44.0450 4520	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:16:44.0547 4520	wuauserv - ok
18:16:44.0665 4520	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:16:44.0715 4520	WudfPf - ok
18:16:44.0800 4520	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:16:44.0872 4520	WUDFRd - ok
18:16:44.0902 4520	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:16:44.0932 4520	wudfsvc - ok
18:16:44.0955 4520	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:16:45.0000 4520	WwanSvc - ok
18:16:45.0057 4520	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:16:45.0210 4520	\Device\Harddisk0\DR0 - ok
18:16:45.0367 4520	MBR (0x1B8)     (f00f65623ce0296e8ef44b4f7eecf685) \Device\Harddisk1\DR1
18:21:50.0086 4520	\Device\Harddisk1\DR1 - ok
18:21:50.0109 4520	Boot (0x1200)   (f56491357f6ba883ce1f0c6a9a7e8391) \Device\Harddisk0\DR0\Partition0
18:21:50.0134 4520	\Device\Harddisk0\DR0\Partition0 - ok
18:21:50.0149 4520	Boot (0x1200)   (ffaf2f3c9df2cba1da79bde988e03cc1) \Device\Harddisk0\DR0\Partition1
18:21:50.0191 4520	\Device\Harddisk0\DR0\Partition1 - ok
18:21:50.0191 4520	============================================================
18:21:50.0191 4520	Scan finished
18:21:50.0191 4520	============================================================
18:21:50.0199 4196	Detected object count: 1
18:21:50.0199 4196	Actual detected object count: 1
18:21:54.0986 4196	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:54.0986 4196	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:22:00.0397 5780	Deinitialize success
         
__________________


Geändert von danke (02.07.2012 um 18:06 Uhr)

Alt 03.07.2012, 11:16   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
__________________

Alt 03.07.2012, 18:54   #19
danke
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-02.01 - Fab 03.07.2012  19:38:08.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4094.2605 [GMT 2:00]
ausgeführt von:: c:\users\Fab\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\483D\87B9.tmp
c:\users\Fab\AppData\Local\assembly\tmp
c:\users\Fab\AppData\Roaming\edxLabs
c:\users\Fab\AppData\Roaming\edxLabs\edxSilkroadLoader5\analyzer\log\242409.txt
c:\users\Fab\AppData\Roaming\edxLabs\edxSilkroadLoader5\edxSilkroadLoader5.ini
c:\users\Fab\AppData\Roaming\Microsoft\Google
c:\users\Fab\AppData\Roaming\Microsoft\Google\s.txt
c:\users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet Explorer.lnk
c:\windows\SysWow64\gmail.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-03 bis 2012-07-03  ))))))))))))))))))))))))))))))
.
.
2012-07-03 17:46 . 2012-07-03 17:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-03 17:16 . 2012-07-03 17:16	--------	d-----w-	c:\program files\iPod
2012-07-03 17:16 . 2012-07-03 17:17	--------	d-----w-	c:\program files\iTunes
2012-07-03 17:16 . 2012-07-03 17:17	--------	d-----w-	c:\program files (x86)\iTunes
2012-07-03 16:39 . 2012-06-21 13:16	927800	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-03 16:39 . 2012-06-21 13:16	927800	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3CF40356-3E0D-4355-9EED-25F7E39E833E}\gapaengine.dll
2012-07-03 16:38 . 2012-05-30 19:04	9013136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62F42FB6-4614-45F4-8E6A-502739708E61}\mpengine.dll
2012-07-01 16:52 . 2012-05-30 19:04	9013136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-30 06:52 . 2012-06-30 06:52	--------	d-----w-	c:\program files (x86)\Games
2012-06-30 04:29 . 2012-06-30 04:29	--------	d-----w-	c:\users\Fab\AppData\Local\Macromedia
2012-06-28 04:01 . 2012-06-28 04:01	--------	d-----w-	c:\program files (x86)\Drakensang Online
2012-06-22 07:57 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-22 07:57 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-22 07:57 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-22 07:57 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-22 07:57 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-22 07:57 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-22 07:57 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-22 07:56 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-22 07:56 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-20 22:45 . 2012-06-20 22:45	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-06-20 22:45 . 2012-06-20 22:45	--------	d-----w-	c:\program files\Microsoft Security Client
2012-06-20 14:25 . 2012-05-18 01:59	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-06-20 14:24 . 2012-03-31 05:42	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-06-20 14:23 . 2011-03-11 06:41	189824	----a-w-	c:\windows\system32\drivers\storport.sys
2012-06-20 02:13 . 2012-06-20 02:13	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-06-20 02:12 . 2012-06-20 02:12	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2012-06-20 02:12 . 2012-06-20 02:12	--------	d-----w-	c:\programdata\McAfee
2012-06-20 01:19 . 2012-06-20 01:19	--------	d-----w-	c:\users\Fab\AppData\Roaming\f-secure
2012-06-20 01:18 . 2012-06-20 01:18	--------	d-----w-	c:\programdata\F-Secure
2012-06-20 01:05 . 2012-06-20 01:05	--------	d-----w-	c:\users\Fab\AppData\Roaming\QuickScan
2012-06-20 01:05 . 2009-06-30 08:37	33800	----a-w-	c:\windows\system32\drivers\pavboot64.sys
2012-06-20 01:04 . 2012-06-20 01:04	--------	d-----w-	c:\program files (x86)\Panda Security
2012-06-19 23:41 . 2012-06-19 23:41	--------	d-----w-	c:\program files\CCleaner
2012-06-19 21:12 . 2012-06-19 21:12	--------	d-----w-	c:\users\Fab\AppData\Roaming\SUPERAntiSpyware.com
2012-06-19 21:11 . 2012-06-19 21:12	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-06-19 21:11 . 2012-06-19 21:11	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-06-19 21:01 . 2012-06-19 21:01	--------	d-----w-	c:\program files (x86)\ESET
2012-06-19 00:12 . 2012-06-19 00:12	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-19 00:12 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-18 23:58 . 2012-07-02 15:37	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-06-18 22:48 . 2012-06-18 22:48	114688	--sha-r-	c:\windows\SysWow64\fdBthk.dll
2012-06-14 15:52 . 2012-06-14 16:58	--------	d-----w-	c:\program files (x86)\Silkroad
2012-06-14 15:45 . 2012-06-14 15:44	955840	----a-w-	c:\windows\system32\npDeployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:33 . 2011-03-29 20:00	20544	----a-w-	c:\windows\gdrv.sys
2012-06-30 03:51 . 2012-06-30 03:51	345256	----a-w-	C:\TDSS Killer Logs.zip
2012-06-27 08:34 . 2012-04-03 12:50	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-27 08:34 . 2011-05-14 19:29	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-17 22:11 . 2012-04-30 12:01	281288	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-06-17 22:11 . 2012-04-30 11:42	281288	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-06-14 15:44 . 2011-05-23 18:10	839096	----a-w-	c:\windows\system32\deployJava1.dll
2012-05-30 14:57 . 2011-03-29 20:17	30528	----a-w-	c:\windows\GVTDrv64.sys
2012-05-29 08:47 . 2011-04-01 14:26	25640	----a-w-	c:\windows\etdrv.sys
2012-05-09 10:21 . 2012-04-27 12:11	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 10:21 . 2011-04-01 14:09	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-30 21:45 . 2012-04-30 11:42	283416	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-04-30 11:42 . 2012-04-30 11:42	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-04-06 02:00	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-07-13 21:59	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32	54784	----a-w-	c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32	50176	----a-w-	c:\windows\SysWow64\OpenCL.dll
2006-05-03 11:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe [2012-3-13 274328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-05-29 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-05-30 30528]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe [2012-03-13 237272]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [2012-03-05 47224]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 35112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [2012-06-07 89560]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-07 254528]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-04-01 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-04-01 16008]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-03 c:\windows\Tasks\fkykjgjgph.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000Core.job
- c:\users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 17:45]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000UA.job
- c:\users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 17:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-08-27 6471200]
"Skytel"="Skytel.exe" [2008-08-27 1833504]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.klassikradio.de/liveplayer.php
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Fab\AppData\Roaming\Mozilla\Firefox\Profiles\jiwpuw59.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-39480465.sys
SafeBoot-95626647.sys
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-G.O.M - c:\windows\system32\usetup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%I*ï*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%I*ï*\OpenWithList]
@Class="Shell"
"a"="WORDPAD.EXE"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%I*ï*\OpenWithProgids]
"¦Iï_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000_Classes\.*’%I*ï*]
@Allowed: (Read) (RestrictedCode)
@="¦Iï_auto_file"
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000_Classes\’%I*ï*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"\"%ProgramFiles%\\Windows NT\\Accessories\\WORDPAD.EXE\" \"%1\""
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-03  19:48:50
ComboFix-quarantined-files.txt  2012-07-03 17:48
.
Vor Suchlauf: 12 Verzeichnis(se), 37.046.099.968 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 38.885.548.032 Bytes frei
.
- - End Of File - - 0E11C4EB33DF6A0988CD800DC266D18D
         
--- --- ---

Alt 04.07.2012, 16:12   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.07.2012, 17:41   #21
danke
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



hier die logs:

gmer log:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-04 17:51:21
Windows 6.1.7601 Service Pack 1 
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9401d483                                                      
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9401d483 (not active ControlSet)                                  
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.¦Iï\OpenWithProgids@\x2019%I\0ï\0_\0a\0u\0t\0o\0_\0f\0i\0l\0e  

---- EOF - GMER 1.0.15 ----
         
--- --- ---



osam log :


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:54:51 on 04.07.2012

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Opera Software Opera Internet Browser 12.00

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"fkykjgjgph.job" - ? - C:\Windows\SysWOW64\fdBthk.dll  (File is exclusively opened, access blocked | File found, but it contains no detailed information)
"GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000Core.job" - "Google Inc." - C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000UA.job" - "Google Inc." - C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Pando" - "Pando Networks" - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)
"AODDriver4.0" (AODDriver4.0) - "Advanced Micro Devices" - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"EagleX64" (EagleX64) - ? - C:\Windows\system32\drivers\EagleX64.sys  (File not found)
"etdrv" (etdrv) - "Windows (R) Server 2003 DDK provider" - C:\Windows\etdrv.sys
"gdrv" (gdrv) - "Windows (R) Server 2003 DDK provider" - C:\Windows\gdrv.sys
"GVTDrv64" (GVTDrv64) - ? - C:\Windows\GVTDrv64.sys  (File found, but it contains no detailed information)
"pavboot" (pavboot) - "Panda Security, S.L." - C:\Windows\System32\drivers\pavboot64.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
"sj" (sj) - ? - C:\AeriaGames\EdenEternal\sjcs64.sys  (File found, but it contains no detailed information)
"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)
"usj" (usj) - ? - C:\AeriaGames\EdenEternal\avital\ussjcs64.sys  (File found, but it contains no detailed information)
"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{9191F686-7F0A-441D-8A98-2FE3AC1BD913} "ActiveScan 2.0 Installer Class" - "Panda Security" - C:\Windows\Downloaded Program Files\as2stubie.dll / hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} "Bitdefender QuickScan Control" - "Bitdefender LLC" - C:\Windows\DOWNLO~1\qsax.dll / hxxp://quickscan.bitdefender.com/qsax/qsax.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\Windows\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\Windows\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
"ICQ7.5" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.5\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
Locked "Locked" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"MobileDocuments" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"FlashPlayerUpdate" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe -update plugin
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"DivXUpdate" - ? - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"AMD FUEL Service" (AMD FUEL Service) - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File not found)
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]


aswmbr log:



Code:
ATTFilter
 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-04 17:55:53
-----------------------------
17:55:53.155    OS Version: Windows x64 6.1.7601 Service Pack 1
17:55:53.155    Number of processors: 2 586 0x4303
17:55:53.156    ComputerName: FAB  UserName: Fab
17:55:53.787    Initialize success
17:56:44.324    AVAST engine defs: 12070400
17:56:52.077    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:56:52.093    Disk 0 Vendor: MAXTOR_STM3250310AS 4.AAA Size: 238474MB BusType: 3
17:56:52.093    Disk 0 MBR read successfully
17:56:52.109    Disk 0 MBR scan
17:56:52.109    Disk 0 Windows 7 default MBR code
17:56:52.109    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:56:52.124    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       238372 MB offset 206848
17:56:52.140    Disk 0 scanning C:\Windows\system32\drivers
17:57:02.186    Service scanning
17:57:17.493    Modules scanning
17:57:17.493    Disk 0 trace - called modules:
17:57:17.508    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
17:57:17.524    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004922060]
17:57:17.524    3 CLASSPNP.SYS[fffff88001bae43f] -> nt!IofCallDriver -> [0xfffffa80047d8520]
17:57:17.524    5 ACPI.sys[fffff88000eda7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80047ce680]
17:57:18.257    AVAST engine scan C:\Windows
17:57:21.408    AVAST engine scan C:\Windows\system32
18:00:35.801    AVAST engine scan C:\Windows\system32\drivers
18:00:47.408    AVAST engine scan C:\Users\Fab
18:33:18.743    AVAST engine scan C:\ProgramData
18:34:35.264    Scan finished successfully
18:39:19.013    Disk 0 MBR has been saved successfully to "C:\Users\Fab\Desktop\MBR.dat"
18:39:19.028    The log file has been saved successfully to "C:\Users\Fab\Desktop\aswMBR log.txt"
         

Alt 05.07.2012, 09:43   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Code:
ATTFilter
"fkykjgjgph.job" - ? - C:\Windows\SysWOW64\fdBthk.dll  (File is exclusively opened, access blocked | File found, but it contains no detailed information)
         
Bitte mit OSAM deaktivieren + löschen (delete from storage)
Mach danach einen Neustart und ein neues Log mit OSAM
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.07.2012, 13:56   #23
danke
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



ok das wars danke microsoft se startet nun wieder und bekomme auch keine redirects mehr

aber mir ist jetzt aufgefallen das der windows sicherheitscenterdienst auch die ganze zeit deaktiviert war und sich immernoch nich wieder aktivieren lässt

hier der neue osam log :

Code:
ATTFilter
 Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
 Saved at 14:48:09 on 05.07.2012
OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Opera Software Opera Internet Browser 12.00

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries
 	Risk	Name	Publisher	Full Path	Status
Common
%SystemRoot%\Tasks
	||||  	"GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000Core.job"	"Google Inc."	C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe	File exists
	||||  	"GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000UA.job"	"Google Inc."	C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe	File exists
Control Panel Objects
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
	      	"Pando"	"Pando Networks"	C:\Program Files (x86)\Pando Networks\Media Booster\PMB.cpl	File exists
	      	"QuickTime"	"Apple Inc."	C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl	File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
	      	"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub)		C:\Windows\System32\drivers\tsusbhub.sys	File not found
	      	"AODDriver4.0" (AODDriver4.0)	"Advanced Micro Devices"	C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys	File exists
	      	"catchme" (catchme)		C:\ComboFix\catchme.sys	File not found
	      	"EagleX64" (EagleX64)		C:\Windows\system32\drivers\EagleX64.sys	File not found
	||||||	"etdrv" (etdrv)	"Windows (R) Server 2003 DDK provider"	C:\Windows\etdrv.sys	File exists
	||||||	"gdrv" (gdrv)	"Windows (R) Server 2003 DDK provider"	C:\Windows\gdrv.sys	File exists
	||||||	"GVTDrv64" (GVTDrv64)		C:\Windows\GVTDrv64.sys	File found, but it contains no detailed information
	||||||	"pavboot" (pavboot)	"Panda Security, S.L."	C:\Windows\System32\drivers\pavboot64.sys	File exists
	||||||	"SASDIFSV" (SASDIFSV)	"SUPERAdBlocker.com and SUPERAntiSpyware.com"	C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS	File exists
	||||||	"SASKUTIL" (SASKUTIL)	"SUPERAdBlocker.com and SUPERAntiSpyware.com"	C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS	File exists
	      	"sj" (sj)		C:\AeriaGames\EdenEternal\sjcs64.sys	File found, but it contains no detailed information
	      	"Synth3dVsc" (Synth3dVsc)		C:\Windows\System32\drivers\synth3dvsc.sys	File not found
	      	"usj" (usj)		C:\AeriaGames\EdenEternal\avital\ussjcs64.sys	File found, but it contains no detailed information
	      	"VGPU" (VGPU)		C:\Windows\System32\drivers\rdvgkmd.sys	File not found
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
	      	{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"	"Adobe Systems, Inc."	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll	File exists
	||||||	{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"		C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll	File exists
HKLM\Software\Classes\Protocols\Handler
	||||  	{828030A1-22C1-4009-854F-8E305202313F} "livecall"	"Microsoft Corporation"	C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll	File exists
	||||  	{828030A1-22C1-4009-854F-8E305202313F} "msnim"	"Microsoft Corporation"	C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
	      	{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension"			File not found | COM-object registry key not found
	||    	{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler"	"DivX, Inc."	C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll	File exists
	||    	{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider"	"DivX, Inc."	C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll	File exists
	||||||	{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler"		C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll	File exists
	||||||	{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler"		C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll	File exists
	||||||	{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler"		C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll	File exists
	||||||	{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler"		C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll	File exists
	||||||	{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer"		C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll	File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
	      	ITBar7Height "ITBar7Height"			File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
	||||||	{9191F686-7F0A-441D-8A98-2FE3AC1BD913} "ActiveScan 2.0 Installer Class"
hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab	"Panda Security"	C:\Windows\Downloaded Program Files\as2stubie.dll	File exists
	      	{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} "Bitdefender QuickScan Control"
hxxp://quickscan.bitdefender.com/qsax/qsax.cab	"Bitdefender LLC"	C:\Windows\DOWNLO~1\qsax.dll	File exists
	      	{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab	"Sun Microsystems, Inc."	C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll	File exists
	      	{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab	"Sun Microsystems, Inc."	C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll	File exists
	      	{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab	"Sun Microsystems, Inc."	C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll	File exists
	      	{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab	"Sun Microsystems, Inc."	C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll	File exists
	      	{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control"
hxxp://download.eset.com/special/eos/OnlineScanner.cab	"ESET"	C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX	File exists
	      	{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab	"Adobe Systems, Inc."	C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx	File exists
	||||||	{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner"
hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab	"Symantec Corporation"	C:\Windows\Downloaded Program Files\avsniff.dll	File exists
	||||||	{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class"
hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab	"Symantec Corporation"	C:\Windows\Downloaded Program Files\rufsi.dll	File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
	||||  	{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600"	"Microsoft Corporation"	C:\Program Files (x86)\Windows Live\Companion\companioncore.dll	File exists
	||||  	"ICQ7.5"	"ICQ, LLC."	C:\Program Files (x86)\ICQ7.5\ICQ.exe	File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
	      	Locked "Locked"			File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
	      	{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper"	"Adobe Systems Incorporated"	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll	File exists
	      	{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 	"DivX, LLC"	C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll	File exists
	      	{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"	"Sun Microsystems, Inc."	C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll	File exists
	      	{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper"	"Sun Microsystems, Inc."	C:\Program Files (x86)\Java\jre6\bin\ssv.dll	File exists
	||||||	{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm"	"Microsoft Corp."	C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll	File exists
	||||  	{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper"	"Microsoft Corporation"	C:\Program Files (x86)\Windows Live\Companion\companioncore.dll	File exists
LSA Providers
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
	||||||	"Security Packages"	"Microsoft Corp."	C:\Windows\system32\livessp.dll	File exists
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
	||||||	"desktop.ini"		C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
	||||||	"desktop.ini"		C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	||||  	"DAEMON Tools Lite"	"DT Soft Ltd"	"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun	File exists
	||||  	"ISUSPM Startup"	"InstallShield Software Corporation"	C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup	File exists
	      	"MobileDocuments"	"Apple Inc."	C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe	File exists
	      	"SUPERAntiSpyware"	"SUPERAntiSpyware.com"	C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
	||||  	"Adobe ARM"	"Adobe Systems Incorporated"	"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"	File exists
	      	"AppleSyncNotifier"	"Apple Inc."	C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe	File exists
	      	"APSDaemon"	"Apple Inc."	"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"	File exists
	      	"DivXUpdate"		"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW	File exists
	||||  	"ISUSScheduler"	"InstallShield Software Corporation"	"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start	File exists
	      	"iTunesHelper"	"Apple Inc."	"C:\Program Files (x86)\iTunes\iTunesHelper.exe"	File exists
	      	"QuickTime Task"	"Apple Inc."	"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime	File exists
	      	"StartCCC"	"Advanced Micro Devices, Inc."	"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun	File exists
	||||  	"SunJavaUpdateSched"	"Sun Microsystems, Inc."	"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"	File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
	      	"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc)		"C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"	File not found
	      	"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv)	"Microsoft Corporation"	c:\Program Files\Microsoft Security Client\NisSrv.exe	File exists
	||    	"Adobe Acrobat Update Service" (AdobeARMservice)	"Adobe Systems Incorporated"	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe	File exists
	      	"AMD FUEL Service" (AMD FUEL Service)	"Advanced Micro Devices, Inc."	C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe	File exists
	      	"Apple Mobile Device" (Apple Mobile Device)	"Apple Inc."	C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe	File exists
	||||||	"ASP.NET-Zustandsdienst" (aspnet_state)	"Microsoft Corporation"	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe	File exists
	||||||	"Dienst "Bonjour"" (Bonjour Service)	"Apple Inc."	C:\Program Files\Bonjour\mDNSResponder.exe	File exists
	||||  	"InstallDriver Table Manager" (IDriverT)	"Macrovision Corporation"	C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe	File exists
	      	"iPod-Dienst" (iPod Service)	"Apple Inc."	C:\Program Files\iPod\bin\iPodService.exe	File exists
	||||||	"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64)	"Microsoft Corporation"	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File exists
	||||||	"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32)	"Microsoft Corporation"	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File exists
	      	"Microsoft Antimalware Service" (MsMpSvc)	"Microsoft Corporation"	c:\Program Files\Microsoft Security Client\MsMpEng.exe	File exists
	      	"PnkBstrA" (PnkBstrA)		C:\Windows\system32\PnkBstrA.exe	File not found
	||||||	"SAS Core Service" (!SASCORE)	"SUPERAntiSpyware.com"	C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE	File exists
	      	"Steam Client Service" (Steam Client Service)	"Valve Corporation"	C:\Program Files (x86)\Common Files\Steam\SteamService.exe	File exists
	      	"TeamViewer 7" (TeamViewer7)	"TeamViewer GmbH"	C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe	File exists
	||||||	"Windows Live ID Sign-in Assistant" (wlidsvc)	"Microsoft Corp."	C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE	File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
	||||||	"mdnsNSP"	"Apple Inc."	C:\Program Files (x86)\Bonjour\mdnsNSP.dll	File exists
	||||||	"WindowsLive Local NSP"	"Microsoft Corp."	C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL	File exists
	||||||	"WindowsLive NSP"	"Microsoft Corp."	C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL	File exists


If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
echt klasse

Alt 05.07.2012, 15:57   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.07.2012, 17:55   #25
danke
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



super anti spyware zeigt wieder diese tracking coockies an hier das log



Code:
ATTFilter
 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/05/2012 at 06:52 PM

Application Version : 5.1.1002

Core Rules Database Version : 8848
Trace Rules Database Version: 6660

Scan type       : Complete Scan
Total Scan Time : 01:37:07

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 927
Memory threats detected   : 0
Registry items scanned    : 66179
Registry threats detected : 0
File items scanned        : 100973
File threats detected     : 21

Adware.Tracking Cookie
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\SITEZUKU.txt [ /ero-advertising.com ]
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\B1X2NJVG.txt [ /track.adform.net ]
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\TB4PPF6B.txt [ /ads.us.e-planning.net ]
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\RWXDKWTH.txt [ /adform.net ]
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\521M0JME.txt [ /ad.adition.net ]
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\UNZHMGH4.txt [ /casalemedia.com ]
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\EVAMZA32.txt [ /atdmt.com ]
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\OAFO8ED9.txt [ /ad.yieldmanager.com ]
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\LSRL5VI2.txt [ /adtech.de ]
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\P2EAPVGW.txt [ /adfarm1.adition.com ]
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\HGJ71SX6.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\AZUPYLFG.txt [ /ad4.adfarm1.adition.com ]
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\VCYH8L98.txt [ /doubleclick.net ]
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\9YDR26WD.txt [ /adbrite.com ]
	C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\0SG124M3.txt [ /ad.360yield.com ]
	C:\USERS\FAB\Cookies\521M0JME.txt [ Cookie:fab@ad.adition.net/ ]
	C:\USERS\FAB\Cookies\EVAMZA32.txt [ Cookie:fab@atdmt.com/ ]
	C:\USERS\FAB\Cookies\LSRL5VI2.txt [ Cookie:fab@adtech.de/ ]
	C:\USERS\FAB\Cookies\AZUPYLFG.txt [ Cookie:fab@ad4.adfarm1.adition.com/ ]
	C:\USERS\FAB\Cookies\VCYH8L98.txt [ Cookie:fab@doubleclick.net/ ]
	C:\USERS\FAB\Cookies\9YDR26WD.txt [ Cookie:fab@adbrite.com/ ]
         


malwarebytes log :



Code:
ATTFilter
 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fab :: FAB [Administrator]

05.07.2012 15:32:54
mbam-log-2012-07-05 (15-32-54).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 445818
Laufzeit: 2 Stunde(n), 43 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Geändert von danke (05.07.2012 um 18:00 Uhr)

Alt 05.07.2012, 20:06   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.07.2012, 20:37   #27
danke
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



es ist alles wieder in ordnung ich kann dir gar nicht genug danken echt hammer das wir es geschafft haben diese blöde sache zu finden.

hdl und hoffe dieser beitrag hilft vielen anderen, und passt auf was ihr downloaded leute.


tschüss

Alt 05.07.2012, 21:00   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt
7-zip, acrobat update, adblock, adware, akamai, battle.net, bho, bonjour, browser, downloader, error, exe, fb photo zoom, firefox, flash player, format, helper, iexplore.exe, install.exe, langs, launch, object, plug-in, prozesse, realtek, registry, rundll, schlimm?, schreibfehler, searchscopes, security, server, software, start von windows, starten, svchost.exe, teamspeak, windows, wrapper




Ähnliche Themen: Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt


  1. Adware.Tracking cookie
    Überwachung, Datenschutz und Spam - 08.04.2014 (16)
  2. Adware Tracking Cookie und Security HiJack
    Plagegeister aller Art und deren Bekämpfung - 10.10.2012 (30)
  3. Trojan.Agent/Gen, Adware.Tracking Cookie und Oreans32 gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (11)
  4. "SuperantiSpyware" erkennt "Adware.tracking cookie" kann aber das nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (21)
  5. Tracking Cookie
    Log-Analyse und Auswertung - 08.07.2010 (3)
  6. unerwünschte pop ups -> (Adware Tracking Cookie,trojan agent,trojan dropper)
    Log-Analyse und Auswertung - 02.06.2010 (20)
  7. AVG Meldungen: Adware:Generic2.CMX und Tracking cookie.Atdmt gefunden
    Plagegeister aller Art und deren Bekämpfung - 26.06.2009 (1)
  8. tracking cookie, 100% CPU Auslastung
    Plagegeister aller Art und deren Bekämpfung - 16.06.2009 (27)
  9. @atdmt Tracking Cookie ???
    Plagegeister aller Art und deren Bekämpfung - 10.06.2009 (0)
  10. Tracking Cookie
    Plagegeister aller Art und deren Bekämpfung - 27.01.2009 (0)
  11. adware tracking cookie
    Plagegeister aller Art und deren Bekämpfung - 15.11.2008 (1)
  12. Adware.Tracking.Cookie
    Plagegeister aller Art und deren Bekämpfung - 13.09.2008 (6)
  13. Tracking-cookie, popup-terror, cookie-einstellungen
    Plagegeister aller Art und deren Bekämpfung - 02.08.2008 (0)
  14. tracking cookie kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 26.02.2008 (9)
  15. Tracking Cookie
    Plagegeister aller Art und deren Bekämpfung - 15.02.2008 (5)
  16. Adware.Tracking Cookie
    Plagegeister aller Art und deren Bekämpfung - 12.06.2007 (1)
  17. Tracking-Cookie
    Plagegeister aller Art und deren Bekämpfung - 04.01.2006 (2)

Zum Thema Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt - Code: Alles auswählen Aufklappen ATTFilter \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user Diesen Eintrag => TDSS File System <= bitte mit dem TDSS-Killer fixen. Aber bitte nur - Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt...
Archiv
Du betrachtest: Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.