Babylon Search im Firefox

Gargamel456 · 30.07.2012, 22:30

Okay, hier der TDSS Killer log:

Code:

ATTFilter

23:21:27.0950 0832	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:21:28.0400 0832	============================================================
23:21:28.0400 0832	Current date / time: 2012/07/30 23:21:28.0400
23:21:28.0400 0832	SystemInfo:
23:21:28.0400 0832	
23:21:28.0400 0832	OS Version: 6.1.7601 ServicePack: 1.0
23:21:28.0400 0832	Product type: Workstation
23:21:28.0400 0832	ComputerName: ARNE-HP
23:21:28.0400 0832	UserName: Arne
23:21:28.0400 0832	Windows directory: C:\Windows
23:21:28.0400 0832	System windows directory: C:\Windows
23:21:28.0400 0832	Running under WOW64
23:21:28.0400 0832	Processor architecture: Intel x64
23:21:28.0400 0832	Number of processors: 4
23:21:28.0400 0832	Page size: 0x1000
23:21:28.0400 0832	Boot type: Normal boot
23:21:28.0400 0832	============================================================
23:21:29.0131 0832	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:21:29.0131 0832	============================================================
23:21:29.0131 0832	\Device\Harddisk0\DR0:
23:21:29.0131 0832	MBR partitions:
23:21:29.0131 0832	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:21:29.0131 0832	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38551000
23:21:29.0131 0832	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x385B5000, BlocksNum 0x1D9D000
23:21:29.0131 0832	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
23:21:29.0131 0832	============================================================
23:21:29.0161 0832	C: <-> \Device\Harddisk0\DR0\Partition1
23:21:29.0211 0832	D: <-> \Device\Harddisk0\DR0\Partition2
23:21:29.0231 0832	F: <-> \Device\Harddisk0\DR0\Partition3
23:21:29.0231 0832	============================================================
23:21:29.0231 0832	Initialize success
23:21:29.0231 0832	============================================================
23:22:59.0380 2780	============================================================
23:22:59.0380 2780	Scan started
23:22:59.0380 2780	Mode: Manual; SigCheck; TDLFS; 
23:22:59.0380 2780	============================================================
23:22:59.0848 2780	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:22:59.0926 2780	1394ohci - ok
23:22:59.0973 2780	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:23:00.0019 2780	ACPI - ok
23:23:00.0035 2780	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:23:00.0113 2780	AcpiPmi - ok
23:23:00.0238 2780	AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:23:00.0269 2780	AdobeFlashPlayerUpdateSvc - ok
23:23:00.0363 2780	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:23:00.0409 2780	adp94xx - ok
23:23:00.0456 2780	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:23:00.0487 2780	adpahci - ok
23:23:00.0534 2780	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:23:00.0565 2780	adpu320 - ok
23:23:00.0597 2780	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:23:00.0737 2780	AeLookupSvc - ok
23:23:00.0799 2780	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:23:00.0846 2780	AFD - ok
23:23:00.0877 2780	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:23:00.0893 2780	agp440 - ok
23:23:00.0924 2780	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:23:00.0955 2780	ALG - ok
23:23:00.0987 2780	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:23:01.0002 2780	aliide - ok
23:23:01.0049 2780	AMD External Events Utility (2902a4fe2571ccb491e3ca51b75f8d2d) C:\Windows\system32\atiesrxx.exe
23:23:01.0174 2780	AMD External Events Utility - ok
23:23:01.0189 2780	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:23:01.0205 2780	amdide - ok
23:23:01.0267 2780	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:23:01.0299 2780	AmdK8 - ok
23:23:01.0689 2780	amdkmdag        (49a9a2fb39e682c4c7b2c27033b714d0) C:\Windows\system32\DRIVERS\atikmdag.sys
23:23:01.0954 2780	amdkmdag - ok
23:23:02.0125 2780	amdkmdap        (692c5a435f65cfd629f5338021f1364d) C:\Windows\system32\DRIVERS\atikmpag.sys
23:23:02.0172 2780	amdkmdap - ok
23:23:02.0203 2780	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:23:02.0235 2780	AmdPPM - ok
23:23:02.0266 2780	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:23:02.0266 2780	amdsata - ok
23:23:02.0328 2780	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:23:02.0359 2780	amdsbs - ok
23:23:02.0375 2780	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:23:02.0391 2780	amdxata - ok
23:23:02.0500 2780	AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:23:02.0515 2780	AntiVirSchedulerService - ok
23:23:02.0562 2780	AntiVirService  (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:23:02.0593 2780	AntiVirService - ok
23:23:02.0640 2780	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:23:02.0843 2780	AppID - ok
23:23:02.0874 2780	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:23:02.0952 2780	AppIDSvc - ok
23:23:02.0952 2780	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:23:02.0999 2780	Appinfo - ok
23:23:03.0061 2780	Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:23:03.0093 2780	Apple Mobile Device - ok
23:23:03.0124 2780	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:23:03.0139 2780	arc - ok
23:23:03.0171 2780	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:23:03.0186 2780	arcsas - ok
23:23:03.0217 2780	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:23:03.0295 2780	AsyncMac - ok
23:23:03.0311 2780	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:23:03.0311 2780	atapi - ok
23:23:03.0389 2780	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:23:03.0451 2780	AudioEndpointBuilder - ok
23:23:03.0451 2780	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:23:03.0483 2780	AudioSrv - ok
23:23:03.0545 2780	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
23:23:03.0576 2780	avgntflt - ok
23:23:03.0607 2780	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
23:23:03.0623 2780	avipbb - ok
23:23:03.0654 2780	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
23:23:03.0654 2780	avkmgr - ok
23:23:03.0701 2780	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:23:03.0810 2780	AxInstSV - ok
23:23:03.0873 2780	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:23:03.0935 2780	b06bdrv - ok
23:23:03.0997 2780	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:23:04.0060 2780	b57nd60a - ok
23:23:04.0138 2780	BBSvc           (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:23:04.0169 2780	BBSvc - ok
23:23:04.0278 2780	BCM43XX         (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:23:04.0356 2780	BCM43XX - ok
23:23:04.0403 2780	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:23:04.0434 2780	BDESVC - ok
23:23:04.0497 2780	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:23:04.0575 2780	Beep - ok
23:23:04.0637 2780	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:23:04.0731 2780	BITS - ok
23:23:04.0746 2780	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
23:23:04.0777 2780	blbdrive - ok
23:23:04.0871 2780	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:23:04.0887 2780	Bonjour Service - ok
23:23:04.0933 2780	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:23:04.0965 2780	bowser - ok
23:23:04.0996 2780	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:23:05.0043 2780	BrFiltLo - ok
23:23:05.0074 2780	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:23:05.0089 2780	BrFiltUp - ok
23:23:05.0152 2780	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:23:05.0230 2780	Browser - ok
23:23:05.0277 2780	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:23:05.0355 2780	Brserid - ok
23:23:05.0370 2780	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:23:05.0401 2780	BrSerWdm - ok
23:23:05.0433 2780	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:23:05.0479 2780	BrUsbMdm - ok
23:23:05.0495 2780	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:23:05.0526 2780	BrUsbSer - ok
23:23:05.0557 2780	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:23:05.0589 2780	BTHMODEM - ok
23:23:05.0651 2780	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:23:05.0698 2780	bthserv - ok
23:23:05.0713 2780	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:23:05.0760 2780	cdfs - ok
23:23:05.0823 2780	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:23:05.0869 2780	cdrom - ok
23:23:05.0916 2780	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:23:05.0994 2780	CertPropSvc - ok
23:23:06.0041 2780	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:23:06.0088 2780	circlass - ok
23:23:06.0135 2780	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:23:06.0166 2780	CLFS - ok
23:23:06.0275 2780	CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
23:23:06.0306 2780	CLKMSVC10_38F51D56 - ok
23:23:06.0369 2780	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:23:06.0400 2780	clr_optimization_v2.0.50727_32 - ok
23:23:06.0447 2780	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:23:06.0478 2780	clr_optimization_v2.0.50727_64 - ok
23:23:06.0571 2780	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:23:06.0618 2780	clr_optimization_v4.0.30319_32 - ok
23:23:06.0649 2780	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:23:06.0665 2780	clr_optimization_v4.0.30319_64 - ok
23:23:06.0727 2780	clwvd           (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
23:23:06.0743 2780	clwvd - ok
23:23:06.0790 2780	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:23:06.0837 2780	CmBatt - ok
23:23:06.0868 2780	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:23:06.0883 2780	cmdide - ok
23:23:06.0946 2780	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
23:23:07.0008 2780	CNG - ok
23:23:07.0039 2780	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:23:07.0055 2780	Compbatt - ok
23:23:07.0086 2780	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:23:07.0117 2780	CompositeBus - ok
23:23:07.0133 2780	COMSysApp - ok
23:23:07.0149 2780	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:23:07.0164 2780	crcdisk - ok
23:23:07.0195 2780	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:23:07.0227 2780	CryptSvc - ok
23:23:07.0367 2780	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:23:07.0398 2780	cvhsvc - ok
23:23:07.0461 2780	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:23:07.0523 2780	DcomLaunch - ok
23:23:07.0570 2780	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:23:07.0663 2780	defragsvc - ok
23:23:07.0741 2780	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:23:07.0819 2780	DfsC - ok
23:23:07.0882 2780	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:23:07.0975 2780	Dhcp - ok
23:23:08.0007 2780	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:23:08.0053 2780	discache - ok
23:23:08.0085 2780	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:23:08.0116 2780	Disk - ok
23:23:08.0163 2780	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:23:08.0178 2780	Dnscache - ok
23:23:08.0225 2780	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:23:08.0303 2780	dot3svc - ok
23:23:08.0319 2780	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:23:08.0365 2780	DPS - ok
23:23:08.0397 2780	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:23:08.0443 2780	drmkaud - ok
23:23:08.0506 2780	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:23:08.0537 2780	DXGKrnl - ok
23:23:08.0568 2780	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:23:08.0615 2780	EapHost - ok
23:23:08.0787 2780	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:23:08.0896 2780	ebdrv - ok
23:23:09.0021 2780	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:23:09.0052 2780	EFS - ok
23:23:09.0145 2780	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:23:09.0208 2780	ehRecvr - ok
23:23:09.0223 2780	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:23:09.0239 2780	ehSched - ok
23:23:09.0333 2780	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:23:09.0379 2780	elxstor - ok
23:23:09.0411 2780	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:23:09.0426 2780	ErrDev - ok
23:23:09.0473 2780	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:23:09.0567 2780	EventSystem - ok
23:23:09.0629 2780	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:23:09.0691 2780	exfat - ok
23:23:09.0707 2780	ezSharedSvc - ok
23:23:09.0723 2780	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:23:09.0769 2780	fastfat - ok
23:23:09.0847 2780	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:23:09.0910 2780	Fax - ok
23:23:09.0925 2780	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:23:09.0957 2780	fdc - ok
23:23:09.0988 2780	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:23:10.0050 2780	fdPHost - ok
23:23:10.0066 2780	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:23:10.0097 2780	FDResPub - ok
23:23:10.0113 2780	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:23:10.0128 2780	FileInfo - ok
23:23:10.0144 2780	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:23:10.0191 2780	Filetrace - ok
23:23:10.0206 2780	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:23:10.0237 2780	flpydisk - ok
23:23:10.0269 2780	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:23:10.0284 2780	FltMgr - ok
23:23:10.0362 2780	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:23:10.0440 2780	FontCache - ok
23:23:10.0503 2780	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:23:10.0534 2780	FontCache3.0.0.0 - ok
23:23:10.0581 2780	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:23:10.0596 2780	FsDepends - ok
23:23:10.0643 2780	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:23:10.0674 2780	Fs_Rec - ok
23:23:10.0705 2780	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:23:10.0721 2780	fvevol - ok
23:23:10.0768 2780	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:23:10.0783 2780	gagp30kx - ok
23:23:10.0877 2780	GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:23:10.0908 2780	GamesAppService - ok
23:23:10.0971 2780	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:23:10.0986 2780	GEARAspiWDM - ok
23:23:11.0017 2780	ggflt           (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
23:23:11.0049 2780	ggflt - ok
23:23:11.0080 2780	ggsemc          (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
23:23:11.0095 2780	ggsemc - ok
23:23:11.0158 2780	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:23:11.0267 2780	gpsvc - ok
23:23:11.0298 2780	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:23:11.0314 2780	hcw85cir - ok
23:23:11.0361 2780	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:23:11.0407 2780	HdAudAddService - ok
23:23:11.0454 2780	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:23:11.0501 2780	HDAudBus - ok
23:23:11.0517 2780	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:23:11.0532 2780	HidBatt - ok
23:23:11.0548 2780	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:23:11.0579 2780	HidBth - ok
23:23:11.0626 2780	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:23:11.0657 2780	HidIr - ok
23:23:11.0688 2780	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:23:11.0751 2780	hidserv - ok
23:23:11.0782 2780	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:23:11.0797 2780	HidUsb - ok
23:23:11.0844 2780	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:23:11.0891 2780	hkmsvc - ok
23:23:11.0922 2780	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:23:11.0985 2780	HomeGroupListener - ok
23:23:12.0000 2780	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:23:12.0031 2780	HomeGroupProvider - ok
23:23:12.0187 2780	HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:23:12.0219 2780	HP Support Assistant Service - ok
23:23:12.0281 2780	HPClientSvc     (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
23:23:12.0312 2780	HPClientSvc - ok
23:23:12.0421 2780	hpCMSrv         (e07f8e78d08d9269e3365c2a4f637191) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
23:23:12.0468 2780	hpCMSrv - ok
23:23:12.0593 2780	hpqwmiex        (5298e3b4844328a11c9eb6c001cf0529) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:23:12.0640 2780	hpqwmiex - ok
23:23:12.0780 2780	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:23:12.0811 2780	HpSAMD - ok
23:23:12.0874 2780	HPWMISVC        (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
23:23:12.0889 2780	HPWMISVC - ok
23:23:12.0967 2780	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:23:13.0077 2780	HTTP - ok
23:23:13.0077 2780	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:23:13.0092 2780	hwpolicy - ok
23:23:13.0139 2780	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:23:13.0155 2780	i8042prt - ok
23:23:13.0201 2780	iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
23:23:13.0217 2780	iaStor - ok
23:23:13.0295 2780	IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:23:13.0311 2780	IAStorDataMgrSvc - ok
23:23:13.0373 2780	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:23:13.0435 2780	iaStorV - ok
23:23:13.0607 2780	IconMan_R       (d22d82d74fd1b6c77e7556dbdc3ea9d2) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
23:23:13.0685 2780	IconMan_R ( UnsignedFile.Multi.Generic ) - warning
23:23:13.0685 2780	IconMan_R - detected UnsignedFile.Multi.Generic (1)
23:23:13.0825 2780	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:23:13.0888 2780	idsvc - ok
23:23:13.0981 2780	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:23:14.0013 2780	iirsp - ok
23:23:14.0091 2780	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:23:14.0184 2780	IKEEXT - ok
23:23:14.0231 2780	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:23:14.0262 2780	IntcDAud - ok
23:23:14.0293 2780	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:23:14.0293 2780	intelide - ok
23:23:14.0839 2780	intelkmd        (78527e6a4d78b1153925914c55872beb) C:\Windows\system32\DRIVERS\igdpmd64.sys
23:23:15.0167 2780	intelkmd - ok
23:23:15.0307 2780	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:23:15.0354 2780	intelppm - ok
23:23:15.0385 2780	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:23:15.0448 2780	IPBusEnum - ok
23:23:15.0479 2780	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:23:15.0526 2780	IpFilterDriver - ok
23:23:15.0541 2780	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:23:15.0573 2780	IPMIDRV - ok
23:23:15.0604 2780	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:23:15.0651 2780	IPNAT - ok
23:23:15.0744 2780	iPod Service    (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
23:23:15.0791 2780	iPod Service - ok
23:23:15.0807 2780	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:23:15.0838 2780	IRENUM - ok
23:23:15.0869 2780	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:23:15.0885 2780	isapnp - ok
23:23:15.0916 2780	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:23:15.0947 2780	iScsiPrt - ok
23:23:15.0978 2780	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:23:15.0978 2780	kbdclass - ok
23:23:16.0009 2780	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:23:16.0056 2780	kbdhid - ok
23:23:16.0072 2780	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:23:16.0103 2780	KeyIso - ok
23:23:16.0119 2780	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
23:23:16.0150 2780	KSecDD - ok
23:23:16.0165 2780	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
23:23:16.0181 2780	KSecPkg - ok
23:23:16.0212 2780	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:23:16.0259 2780	ksthunk - ok
23:23:16.0321 2780	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:23:16.0415 2780	KtmRm - ok
23:23:16.0477 2780	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:23:16.0571 2780	LanmanServer - ok
23:23:16.0602 2780	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:23:16.0665 2780	LanmanWorkstation - ok
23:23:16.0696 2780	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:23:16.0727 2780	lltdio - ok
23:23:16.0774 2780	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:23:16.0899 2780	lltdsvc - ok
23:23:16.0914 2780	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:23:17.0008 2780	lmhosts - ok
23:23:17.0101 2780	LMS             (d75c4b4a8fe6d7fd74a7eecdbaec729f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:23:17.0133 2780	LMS - ok
23:23:17.0179 2780	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:23:17.0195 2780	LSI_FC - ok
23:23:17.0226 2780	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:23:17.0242 2780	LSI_SAS - ok
23:23:17.0273 2780	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:23:17.0289 2780	LSI_SAS2 - ok
23:23:17.0304 2780	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:23:17.0320 2780	LSI_SCSI - ok
23:23:17.0335 2780	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:23:17.0382 2780	luafv - ok
23:23:17.0413 2780	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:23:17.0460 2780	Mcx2Svc - ok
23:23:17.0491 2780	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:23:17.0491 2780	megasas - ok
23:23:17.0538 2780	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:23:17.0585 2780	MegaSR - ok
23:23:17.0616 2780	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
23:23:17.0616 2780	MEIx64 - ok
23:23:17.0663 2780	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:23:17.0725 2780	MMCSS - ok
23:23:17.0757 2780	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:23:17.0803 2780	Modem - ok
23:23:17.0835 2780	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:23:17.0866 2780	monitor - ok
23:23:17.0897 2780	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:23:17.0897 2780	mouclass - ok
23:23:17.0928 2780	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:23:17.0944 2780	mouhid - ok
23:23:17.0991 2780	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:23:18.0006 2780	mountmgr - ok
23:23:18.0131 2780	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:23:18.0162 2780	MozillaMaintenance - ok
23:23:18.0193 2780	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:23:18.0209 2780	mpio - ok
23:23:18.0240 2780	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:23:18.0287 2780	mpsdrv - ok
23:23:18.0303 2780	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:23:18.0334 2780	MRxDAV - ok
23:23:18.0365 2780	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:23:18.0381 2780	mrxsmb - ok
23:23:18.0412 2780	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:23:18.0427 2780	mrxsmb10 - ok
23:23:18.0459 2780	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:23:18.0459 2780	mrxsmb20 - ok
23:23:18.0474 2780	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:23:18.0490 2780	msahci - ok
23:23:18.0505 2780	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:23:18.0521 2780	msdsm - ok
23:23:18.0552 2780	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:23:18.0583 2780	MSDTC - ok
23:23:18.0630 2780	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:23:18.0708 2780	Msfs - ok
23:23:18.0739 2780	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:23:18.0771 2780	mshidkmdf - ok
23:23:18.0802 2780	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:23:18.0817 2780	msisadrv - ok
23:23:18.0849 2780	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:23:18.0864 2780	MSiSCSI - ok
23:23:18.0880 2780	msiserver - ok
23:23:18.0911 2780	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:23:18.0973 2780	MSKSSRV - ok
23:23:18.0989 2780	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:23:19.0051 2780	MSPCLOCK - ok
23:23:19.0067 2780	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:23:19.0114 2780	MSPQM - ok
23:23:19.0145 2780	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:23:19.0192 2780	MsRPC - ok
23:23:19.0207 2780	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:23:19.0223 2780	mssmbios - ok
23:23:19.0254 2780	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:23:19.0317 2780	MSTEE - ok
23:23:19.0332 2780	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:23:19.0348 2780	MTConfig - ok
23:23:19.0363 2780	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:23:19.0363 2780	Mup - ok
23:23:19.0410 2780	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:23:19.0519 2780	napagent - ok
23:23:19.0566 2780	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:23:19.0660 2780	NativeWifiP - ok
23:23:19.0753 2780	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
23:23:19.0800 2780	NDIS - ok
23:23:19.0831 2780	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:23:19.0863 2780	NdisCap - ok
23:23:19.0894 2780	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:23:19.0909 2780	NdisTapi - ok
23:23:19.0925 2780	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:23:19.0972 2780	Ndisuio - ok
23:23:19.0987 2780	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:23:20.0034 2780	NdisWan - ok
23:23:20.0065 2780	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:23:20.0128 2780	NDProxy - ok
23:23:20.0143 2780	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:23:20.0237 2780	NetBIOS - ok
23:23:20.0268 2780	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:23:20.0299 2780	NetBT - ok
23:23:20.0331 2780	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:23:20.0346 2780	Netlogon - ok
23:23:20.0393 2780	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:23:20.0487 2780	Netman - ok
23:23:20.0518 2780	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:23:20.0565 2780	netprofm - ok
23:23:20.0643 2780	netr28x         (24cf1304d899124336f67f88f3c15e21) C:\Windows\system32\DRIVERS\netr28x.sys
23:23:20.0674 2780	netr28x - ok
23:23:20.0752 2780	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:23:20.0783 2780	NetTcpPortSharing - ok
23:23:20.0814 2780	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:23:20.0830 2780	nfrd960 - ok
23:23:20.0861 2780	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:23:20.0939 2780	NlaSvc - ok
23:23:20.0970 2780	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:23:21.0001 2780	Npfs - ok
23:23:21.0017 2780	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:23:21.0064 2780	nsi - ok
23:23:21.0079 2780	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:23:21.0111 2780	nsiproxy - ok
23:23:21.0220 2780	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:23:21.0313 2780	Ntfs - ok
23:23:21.0438 2780	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:23:21.0501 2780	Null - ok
23:23:21.0532 2780	NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
23:23:21.0594 2780	NVENETFD - ok
23:23:21.0641 2780	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:23:21.0657 2780	nvraid - ok
23:23:21.0688 2780	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:23:21.0703 2780	nvstor - ok
23:23:21.0750 2780	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:23:21.0766 2780	nv_agp - ok
23:23:21.0797 2780	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:23:21.0844 2780	ohci1394 - ok
23:23:21.0937 2780	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:23:21.0969 2780	ose - ok
23:23:22.0281 2780	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:23:22.0421 2780	osppsvc - ok
23:23:22.0546 2780	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:23:22.0624 2780	p2pimsvc - ok
23:23:22.0655 2780	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:23:22.0702 2780	p2psvc - ok
23:23:22.0764 2780	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:23:22.0795 2780	Parport - ok
23:23:22.0827 2780	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:23:22.0842 2780	partmgr - ok
23:23:22.0873 2780	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:23:22.0920 2780	PcaSvc - ok
23:23:22.0951 2780	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:23:22.0998 2780	pci - ok
23:23:23.0014 2780	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:23:23.0029 2780	pciide - ok
23:23:23.0045 2780	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:23:23.0061 2780	pcmcia - ok
23:23:23.0092 2780	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:23:23.0092 2780	pcw - ok
23:23:23.0139 2780	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:23:23.0217 2780	PEAUTH - ok
23:23:23.0310 2780	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:23:23.0357 2780	PerfHost - ok
23:23:23.0435 2780	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:23:23.0529 2780	pla - ok
23:23:23.0591 2780	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:23:23.0653 2780	PlugPlay - ok
23:23:23.0669 2780	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:23:23.0685 2780	PNRPAutoReg - ok
23:23:23.0716 2780	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:23:23.0731 2780	PNRPsvc - ok
23:23:23.0763 2780	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:23:23.0841 2780	PolicyAgent - ok
23:23:23.0903 2780	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:23:23.0997 2780	Power - ok
23:23:24.0075 2780	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:23:24.0121 2780	PptpMiniport - ok
23:23:24.0137 2780	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:23:24.0168 2780	Processor - ok
23:23:24.0215 2780	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:23:24.0277 2780	ProfSvc - ok
23:23:24.0293 2780	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:23:24.0324 2780	ProtectedStorage - ok
23:23:24.0355 2780	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:23:24.0418 2780	Psched - ok
23:23:24.0527 2780	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:23:24.0621 2780	ql2300 - ok
23:23:24.0745 2780	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:23:24.0777 2780	ql40xx - ok
23:23:24.0808 2780	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:23:24.0855 2780	QWAVE - ok
23:23:24.0886 2780	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:23:24.0901 2780	QWAVEdrv - ok
23:23:24.0917 2780	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:23:24.0948 2780	RasAcd - ok
23:23:24.0979 2780	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:23:25.0011 2780	RasAgileVpn - ok
23:23:25.0042 2780	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:23:25.0073 2780	RasAuto - ok
23:23:25.0104 2780	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:23:25.0135 2780	Rasl2tp - ok
23:23:25.0167 2780	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:23:25.0213 2780	RasMan - ok
23:23:25.0276 2780	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:23:25.0338 2780	RasPppoe - ok
23:23:25.0369 2780	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:23:25.0401 2780	RasSstp - ok
23:23:25.0432 2780	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:23:25.0479 2780	rdbss - ok
23:23:25.0510 2780	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:23:25.0557 2780	rdpbus - ok
23:23:25.0603 2780	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:23:25.0635 2780	RDPCDD - ok
23:23:25.0650 2780	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:23:25.0697 2780	RDPENCDD - ok
23:23:25.0697 2780	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:23:25.0728 2780	RDPREFMP - ok
23:23:25.0759 2780	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:23:25.0775 2780	RDPWD - ok
23:23:25.0822 2780	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:23:25.0869 2780	rdyboost - ok
23:23:25.0900 2780	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:23:25.0978 2780	RemoteAccess - ok
23:23:26.0009 2780	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:23:26.0087 2780	RemoteRegistry - ok
23:23:26.0103 2780	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:23:26.0149 2780	RpcEptMapper - ok
23:23:26.0165 2780	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:23:26.0196 2780	RpcLocator - ok
23:23:26.0243 2780	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:23:26.0305 2780	RpcSs - ok
23:23:26.0352 2780	RSPCIESTOR      (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
23:23:26.0352 2780	RSPCIESTOR - ok
23:23:26.0399 2780	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:23:26.0430 2780	rspndr - ok
23:23:26.0477 2780	RTL8167         (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:23:26.0508 2780	RTL8167 - ok
23:23:26.0555 2780	s117bus         (6c90231046fb9fc4123c42179832817f) C:\Windows\system32\DRIVERS\s117bus.sys
23:23:26.0571 2780	s117bus - ok
23:23:26.0602 2780	s117mdfl        (3279341c90ef8f226af77623039f4495) C:\Windows\system32\DRIVERS\s117mdfl.sys
23:23:26.0617 2780	s117mdfl - ok
23:23:26.0633 2780	s117mdm         (73e331f555279e753b312675ddaf4516) C:\Windows\system32\DRIVERS\s117mdm.sys
23:23:26.0649 2780	s117mdm - ok
23:23:26.0680 2780	s117mgmt        (d420731fd2880f0f40f20771efaad671) C:\Windows\system32\DRIVERS\s117mgmt.sys
23:23:26.0695 2780	s117mgmt - ok
23:23:26.0727 2780	s117nd5         (98236ca5a9a77d0983ac3f6d6527c796) C:\Windows\system32\DRIVERS\s117nd5.sys
23:23:26.0727 2780	s117nd5 - ok
23:23:26.0773 2780	s117obex        (1dd613909477ae298c98e86617ec356b) C:\Windows\system32\DRIVERS\s117obex.sys
23:23:26.0789 2780	s117obex - ok
23:23:26.0805 2780	s117unic        (9a22df5fe9b6be279d820776a6adb56f) C:\Windows\system32\DRIVERS\s117unic.sys
23:23:26.0805 2780	s117unic - ok
23:23:26.0836 2780	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:23:26.0836 2780	SamSs - ok
23:23:26.0867 2780	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:23:26.0883 2780	sbp2port - ok
23:23:26.0914 2780	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:23:26.0961 2780	SCardSvr - ok
23:23:26.0976 2780	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:23:27.0023 2780	scfilter - ok
23:23:27.0085 2780	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:23:27.0179 2780	Schedule - ok
23:23:27.0210 2780	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:23:27.0273 2780	SCPolicySvc - ok
23:23:27.0304 2780	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
23:23:27.0335 2780	sdbus - ok
23:23:27.0366 2780	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:23:27.0413 2780	SDRSVC - ok
23:23:27.0475 2780	SeaPort         (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:23:27.0507 2780	SeaPort - ok
23:23:27.0538 2780	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:23:27.0585 2780	secdrv - ok
23:23:27.0600 2780	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:23:27.0631 2780	seclogon - ok
23:23:27.0647 2780	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:23:27.0709 2780	SENS - ok
23:23:27.0756 2780	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:23:27.0803 2780	SensrSvc - ok
23:23:27.0834 2780	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:23:27.0865 2780	Serenum - ok
23:23:27.0897 2780	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:23:27.0928 2780	Serial - ok
23:23:27.0959 2780	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:23:28.0006 2780	sermouse - ok
23:23:28.0037 2780	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:23:28.0068 2780	SessionEnv - ok
23:23:28.0099 2780	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:23:28.0099 2780	sffdisk - ok
23:23:28.0115 2780	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:23:28.0131 2780	sffp_mmc - ok
23:23:28.0146 2780	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:23:28.0162 2780	sffp_sd - ok
23:23:28.0177 2780	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:23:28.0209 2780	sfloppy - ok
23:23:28.0271 2780	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
23:23:28.0287 2780	Sftfs - ok
23:23:28.0380 2780	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:23:28.0427 2780	sftlist - ok
23:23:28.0458 2780	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:23:28.0458 2780	Sftplay - ok
23:23:28.0474 2780	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:23:28.0489 2780	Sftredir - ok
23:23:28.0505 2780	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
23:23:28.0505 2780	Sftvol - ok
23:23:28.0536 2780	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:23:28.0536 2780	sftvsa - ok
23:23:28.0583 2780	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:23:28.0630 2780	SharedAccess - ok
23:23:28.0661 2780	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:23:28.0708 2780	ShellHWDetection - ok
23:23:28.0739 2780	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:23:28.0770 2780	SiSRaid2 - ok
23:23:28.0786 2780	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:23:28.0801 2780	SiSRaid4 - ok
23:23:28.0879 2780	SkypeUpdate     (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:23:28.0911 2780	SkypeUpdate - ok
23:23:28.0942 2780	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:23:29.0004 2780	Smb - ok
23:23:29.0035 2780	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:23:29.0082 2780	SNMPTRAP - ok
23:23:29.0098 2780	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:23:29.0113 2780	spldr - ok
23:23:29.0145 2780	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:23:29.0191 2780	Spooler - ok
23:23:29.0363 2780	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:23:29.0503 2780	sppsvc - ok
23:23:29.0613 2780	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:23:29.0675 2780	sppuinotify - ok
23:23:29.0753 2780	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:23:29.0831 2780	srv - ok
23:23:29.0862 2780	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:23:29.0925 2780	srv2 - ok
23:23:29.0956 2780	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:23:29.0987 2780	SrvHsfHDA - ok
23:23:30.0081 2780	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:23:30.0143 2780	SrvHsfV92 - ok
23:23:30.0315 2780	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:23:30.0361 2780	SrvHsfWinac - ok
23:23:30.0393 2780	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:23:30.0408 2780	srvnet - ok
23:23:30.0455 2780	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:23:30.0533 2780	SSDPSRV - ok
23:23:30.0549 2780	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:23:30.0580 2780	SstpSvc - ok
23:23:30.0658 2780	STacSV          (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
23:23:30.0736 2780	STacSV - ok
23:23:30.0767 2780	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:23:30.0783 2780	stexstor - ok
23:23:30.0845 2780	STHDA           (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys
23:23:30.0892 2780	STHDA - ok
23:23:30.0954 2780	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:23:31.0017 2780	stisvc - ok
23:23:31.0032 2780	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:23:31.0048 2780	swenum - ok
23:23:31.0079 2780	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:23:31.0157 2780	swprv - ok
23:23:31.0266 2780	SynTP           (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
23:23:31.0313 2780	SynTP - ok
23:23:31.0516 2780	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:23:31.0641 2780	SysMain - ok
23:23:31.0703 2780	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:23:31.0734 2780	TabletInputService - ok
23:23:31.0750 2780	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:23:31.0797 2780	TapiSrv - ok
23:23:31.0812 2780	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:23:31.0843 2780	TBS - ok
23:23:31.0999 2780	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:23:32.0109 2780	Tcpip - ok
23:23:32.0296 2780	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:23:32.0343 2780	TCPIP6 - ok
23:23:32.0405 2780	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:23:32.0467 2780	tcpipreg - ok
23:23:32.0483 2780	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:23:32.0499 2780	TDPIPE - ok
23:23:32.0514 2780	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:23:32.0530 2780	TDTCP - ok
23:23:32.0545 2780	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:23:32.0577 2780	tdx - ok
23:23:32.0623 2780	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:23:32.0623 2780	TermDD - ok
23:23:32.0686 2780	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:23:32.0779 2780	TermService - ok
23:23:32.0811 2780	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:23:32.0811 2780	Themes - ok
23:23:32.0826 2780	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:23:32.0857 2780	THREADORDER - ok
23:23:32.0889 2780	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:23:32.0935 2780	TrkWks - ok
23:23:32.0982 2780	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:23:33.0045 2780	TrustedInstaller - ok
23:23:33.0076 2780	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:23:33.0107 2780	tssecsrv - ok
23:23:33.0154 2780	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:23:33.0185 2780	TsUsbFlt - ok
23:23:33.0216 2780	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:23:33.0232 2780	TsUsbGD - ok
23:23:33.0263 2780	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:23:33.0325 2780	tunnel - ok
23:23:33.0341 2780	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:23:33.0341 2780	uagp35 - ok
23:23:33.0372 2780	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:23:33.0450 2780	udfs - ok
23:23:33.0481 2780	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:23:33.0497 2780	UI0Detect - ok
23:23:33.0528 2780	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:23:33.0528 2780	uliagpkx - ok
23:23:33.0559 2780	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:23:33.0591 2780	umbus - ok
23:23:33.0606 2780	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:23:33.0622 2780	UmPass - ok
23:23:33.0825 2780	UNS             (758c2ce427c343f780a205e28555c98d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:23:33.0887 2780	UNS - ok
23:23:34.0027 2780	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:23:34.0121 2780	upnphost - ok
23:23:34.0168 2780	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:23:34.0215 2780	USBAAPL64 - ok
23:23:34.0246 2780	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:23:34.0261 2780	usbaudio - ok
23:23:34.0293 2780	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:23:34.0324 2780	usbccgp - ok
23:23:34.0371 2780	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:23:34.0402 2780	usbcir - ok
23:23:34.0402 2780	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:23:34.0433 2780	usbehci - ok
23:23:34.0495 2780	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:23:34.0558 2780	usbhub - ok
23:23:34.0573 2780	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:23:34.0589 2780	usbohci - ok
23:23:34.0605 2780	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:23:34.0651 2780	usbprint - ok
23:23:34.0683 2780	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:23:34.0698 2780	USBSTOR - ok
23:23:34.0714 2780	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:23:34.0729 2780	usbuhci - ok
23:23:34.0776 2780	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:23:34.0792 2780	usbvideo - ok
23:23:34.0823 2780	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:23:34.0870 2780	UxSms - ok
23:23:34.0901 2780	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:23:34.0901 2780	VaultSvc - ok
23:23:34.0932 2780	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:23:34.0932 2780	vdrvroot - ok
23:23:34.0979 2780	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:23:35.0057 2780	vds - ok
23:23:35.0104 2780	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:23:35.0135 2780	vga - ok
23:23:35.0151 2780	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:23:35.0197 2780	VgaSave - ok
23:23:35.0213 2780	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:23:35.0244 2780	vhdmp - ok
23:23:35.0260 2780	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:23:35.0260 2780	viaide - ok
23:23:35.0291 2780	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:23:35.0307 2780	volmgr - ok
23:23:35.0338 2780	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:23:35.0369 2780	volmgrx - ok
23:23:35.0400 2780	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:23:35.0416 2780	volsnap - ok
23:23:35.0447 2780	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:23:35.0463 2780	vsmraid - ok
23:23:35.0556 2780	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:23:35.0665 2780	VSS - ok
23:23:35.0759 2780	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:23:35.0806 2780	vwifibus - ok
23:23:35.0821 2780	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:23:35.0853 2780	vwififlt - ok
23:23:35.0899 2780	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:23:35.0977 2780	W32Time - ok
23:23:36.0009 2780	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:23:36.0040 2780	WacomPen - ok
23:23:36.0087 2780	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:23:36.0149 2780	WANARP - ok
23:23:36.0149 2780	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:23:36.0180 2780	Wanarpv6 - ok
23:23:36.0289 2780	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:23:36.0352 2780	WatAdminSvc - ok
23:23:36.0430 2780	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:23:36.0508 2780	wbengine - ok
23:23:36.0617 2780	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:23:36.0648 2780	WbioSrvc - ok
23:23:36.0679 2780	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:23:36.0711 2780	wcncsvc - ok
23:23:36.0726 2780	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:23:36.0757 2780	WcsPlugInService - ok
23:23:36.0804 2780	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:23:36.0820 2780	Wd - ok
23:23:36.0882 2780	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:23:36.0945 2780	Wdf01000 - ok
23:23:36.0976 2780	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:23:36.0991 2780	WdiServiceHost - ok
23:23:36.0991 2780	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:23:37.0007 2780	WdiSystemHost - ok
23:23:37.0054 2780	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:23:37.0101 2780	WebClient - ok
23:23:37.0116 2780	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:23:37.0179 2780	Wecsvc - ok
23:23:37.0194 2780	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:23:37.0225 2780	wercplsupport - ok
23:23:37.0257 2780	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:23:37.0288 2780	WerSvc - ok
23:23:37.0335 2780	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:23:37.0397 2780	WfpLwf - ok
23:23:37.0413 2780	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:23:37.0428 2780	WIMMount - ok
23:23:37.0506 2780	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:23:37.0569 2780	Winmgmt - ok
23:23:37.0678 2780	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:23:37.0787 2780	WinRM - ok
23:23:37.0927 2780	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:23:37.0974 2780	WinUsb - ok
23:23:38.0037 2780	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:23:38.0115 2780	Wlansvc - ok
23:23:38.0177 2780	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:23:38.0193 2780	wlcrasvc - ok
23:23:38.0395 2780	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:23:38.0473 2780	wlidsvc - ok
23:23:38.0598 2780	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:23:38.0629 2780	WmiAcpi - ok
23:23:38.0707 2780	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:23:38.0754 2780	wmiApSrv - ok
23:23:38.0817 2780	WMPNetworkSvc - ok
23:23:38.0832 2780	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:23:38.0863 2780	WPCSvc - ok
23:23:38.0895 2780	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:23:38.0910 2780	WPDBusEnum - ok
23:23:38.0941 2780	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:23:38.0988 2780	ws2ifsl - ok
23:23:39.0004 2780	WSearch - ok
23:23:39.0129 2780	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:23:39.0238 2780	wuauserv - ok
23:23:39.0378 2780	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:23:39.0456 2780	WudfPf - ok
23:23:39.0487 2780	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:23:39.0534 2780	WUDFRd - ok
23:23:39.0565 2780	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:23:39.0581 2780	wudfsvc - ok
23:23:39.0628 2780	WwanSvc         (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll
23:23:39.0675 2780	WwanSvc - ok
23:23:39.0721 2780	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:23:40.0080 2780	\Device\Harddisk0\DR0 - ok
23:23:40.0080 2780	Boot (0x1200)   (1a67824003d6558a0437bbcb70f2b285) \Device\Harddisk0\DR0\Partition0
23:23:40.0080 2780	\Device\Harddisk0\DR0\Partition0 - ok
23:23:40.0127 2780	Boot (0x1200)   (59fb920bd536b7023bcde246932ddea4) \Device\Harddisk0\DR0\Partition1
23:23:40.0127 2780	\Device\Harddisk0\DR0\Partition1 - ok
23:23:40.0158 2780	Boot (0x1200)   (04bf0f00aee3421e974d9b361caaf28b) \Device\Harddisk0\DR0\Partition2
23:23:40.0174 2780	\Device\Harddisk0\DR0\Partition2 - ok
23:23:40.0189 2780	Boot (0x1200)   (68142f2f18bb37f973da2700f46d5afe) \Device\Harddisk0\DR0\Partition3
23:23:40.0189 2780	\Device\Harddisk0\DR0\Partition3 - ok
23:23:40.0189 2780	============================================================
23:23:40.0189 2780	Scan finished
23:23:40.0189 2780	============================================================
23:23:40.0205 4432	Detected object count: 1
23:23:40.0205 4432	Actual detected object count: 1
23:26:50.0042 4432	IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:50.0042 4432	IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 31.07.2012, 10:20

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Gargamel456 · 04.08.2012, 17:25

Habe leider vergessen Antivir vorher auszuschalten, habe es kurz nach dem Start von cofix gemacht. Hoffe das war kein problem. Falls doch, lass mich bitte wissen ob ich es nochmal ausführen soll...

Hier der log:

Code:

ATTFilter

ComboFix 12-08-04.02 - Arne 04.08.2012  14:25:31.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4044.2671 [GMT 2:00]
ausgeführt von:: c:\users\Arne\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-04 bis 2012-08-04  ))))))))))))))))))))))))))))))
.
.
2012-07-28 13:12 . 2012-07-28 13:12	--------	d-----w-	C:\_OTL
2012-07-24 22:09 . 2012-07-24 22:09	--------	d-----w-	c:\windows\de
2012-07-24 22:05 . 2012-07-24 22:05	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\793608451cd69e802\DSETUP.dll
2012-07-24 22:05 . 2012-07-24 22:05	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\793608451cd69e802\DXSETUP.exe
2012-07-24 22:05 . 2012-07-24 22:05	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\793608451cd69e802\dsetup32.dll
2012-07-24 22:05 . 2012-07-24 22:05	15712	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\796b702a1cd69e803\MeshBetaRemover.exe
2012-07-18 20:59 . 2012-07-18 20:59	--------	d-----w-	c:\program files (x86)\ESET
2012-07-17 21:41 . 2012-07-17 21:41	--------	d-----w-	c:\users\Arne\AppData\Roaming\Malwarebytes
2012-07-17 21:41 . 2012-07-17 21:41	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-17 21:41 . 2012-07-17 21:41	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-17 21:41 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-11 17:07 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 16:14 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-06 16:26 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 21:38 . 2012-04-01 11:38	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 21:38 . 2011-10-28 09:16	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-24 22:07 . 2010-06-24 09:33	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-21 21:37	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 21:37	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 21:37	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 21:37	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 21:37	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 21:37	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 21:37	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 21:36	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 21:36	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-05-08 18:16 . 2011-12-04 21:13	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 18:16 . 2011-12-04 21:13	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-07 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/06/01 01:53;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-11-14 13352]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-09-13 1098296]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-23 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-07 203776]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 2372096]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-07 8281600]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-07 293376]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-08 12262688]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-04 1041760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:38]
.
2012-08-04 c:\windows\Tasks\HPCeeScheduleForArne.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 87.216.1.65 87.216.1.66
FF - ProfilePath - c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\76jv5ydo.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-04  14:35:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-04 12:35
.
Vor Suchlauf: 11 Verzeichnis(se), 381.226.901.504 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 380.689.989.632 Bytes frei
.
- - End Of File - - 61374A32069230E935FFE839F88F3359

cosinus · 04.08.2012, 18:55

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Gargamel456 · 06.08.2012, 19:39

GMER habe ich durchlaufen lassen, am Ende wurde angezeigt dass nichts gefunden wurde, es gab keine Einträge und das logfile war leer.

Komischerweise hat sich gestern das babylon search in meinem firefox zum ersten mal seit 2 wochen wieder gezeigt, allerdings nur einmal und seitdem auch nicht wieder. Fand ich jedenfalls verwirrend.

Das OSAM logfile ist hier:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:36:13 on 06.08.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"HPCeeScheduleForArne.job" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{E54729E8-BB3D-4270-9D49-7389EA579090} "EasyBits ShellExecute Hook" - "EasyBits Software Corp." - C:\Windows\SysWow64\EZUPBH~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204  (File not found)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"BDRegion" - "cyberlink" - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
"DivXUpdate" - ? - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Easybits Recovery" - "EasyBits Software AS" - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
"HP Quick Launch" - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
"HPConnectionManager" - "Hewlett-Packard Development Company L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
"HPOSD" - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"RemoteControl10" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"WinampAgent" - "Nullsoft, Inc." - "C:\Program Files (x86)\Winamp\winampa.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bullzip PDF Print Monitor" - "Bullzip" - C:\Windows\system32\bzpdf.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
"Avira Realtime Protection" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Scheduler" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"CyberLink Product - 2011/06/01 01:53:42" (CLKMSVC10_38F51D56) - "CyberLink" - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Easybits Services for Windows" (ezSharedSvc) - ? - C:\Windows\System32\ezSharedSvcHost.exe  (File not found)
"GamesAppService" (GamesAppService) - "WildTangent, Inc." - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
"HP Client Services" (HPClientSvc) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
"HP Connection Manager 4 Service" (hpCMSrv) - "Hewlett-Packard Development Company L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
"HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
"HP Support Assistant Service" (HP Support Assistant Service) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
"HPWMISVC" (HPWMISVC) - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
"IconMan_R" (IconMan_R) - "Realsil Microelectronics Inc." - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 07.08.2012, 13:22

und was ist mit aswMBR?

Gargamel456 · 07.08.2012, 16:01

Oh, habe ich übersehen, hier ist der log:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-07 16:29:17
-----------------------------
16:29:17.829    OS Version: Windows x64 6.1.7601 Service Pack 1
16:29:17.829    Number of processors: 4 586 0x2A07
16:29:17.839    ComputerName: ARNE-HP  UserName: Arne
16:29:19.010    Initialize success
16:32:59.619    AVAST engine defs: 12080700
16:34:03.654    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:34:03.654    Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3
16:34:03.664    Disk 0 MBR read successfully
16:34:03.664    Disk 0 MBR scan
16:34:03.684    Disk 0 Windows 7 default MBR code
16:34:03.694    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
16:34:03.714    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       461474 MB offset 409600
16:34:03.754    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15162 MB offset 945508352
16:34:03.784    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
16:34:03.824    Disk 0 scanning C:\Windows\system32\drivers
16:34:19.597    Service scanning
16:34:52.112    Modules scanning
16:34:52.122    Disk 0 trace - called modules:
16:34:52.202    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:34:52.212    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006bdf060]
16:34:52.222    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004d08050]
16:34:53.602    AVAST engine scan C:\Windows
16:34:57.023    AVAST engine scan C:\Windows\system32
16:39:08.658    File: C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} **SUSPICIOUS**
16:39:09.378    AVAST engine scan C:\Windows\system32\drivers
16:39:27.632    AVAST engine scan C:\Users\Arne
16:55:54.683    AVAST engine scan C:\ProgramData
16:57:14.556    Scan finished successfully
17:00:18.843    Disk 0 MBR has been saved successfully to "C:\Users\Arne\Desktop\MBR.dat"
17:00:18.843    The log file has been saved successfully to "C:\Users\Arne\Desktop\aswMBR.txt"

cosinus · 08.08.2012, 15:57

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Gargamel456 · 11.08.2012, 15:45

Hier der Scan von SASW:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/11/2012 at 04:34 PM

Application Version : 5.5.1012

Core Rules Database Version : 9044
Trace Rules Database Version: 6856

Scan type       : Complete Scan
Total Scan Time : 01:38:59

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 745
Memory threats detected   : 0
Registry items scanned    : 65258
Registry threats detected : 0
File items scanned        : 139775
File threats detected     : 61

Adware.Tracking Cookie
	C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\arne@ads.creative-serving[2].txt [ /ads.creative-serving ]
	C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\352GOJ66.txt [ /atdmt.com ]
	C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\TNQ1HR68.txt [ /bs.serving-sys.com ]
	C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\W8L4Q9D0.txt [ /serving-sys.com ]
	C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\QSYCLZ6F.txt [ /c.atdmt.com ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9SJ39ZPP.txt [ Cookie:arne@atdmt.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\IHJV07TS.txt [ Cookie:arne@msnportal.112.2o7.net/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\7G4OGH49.txt [ Cookie:arne@statse.webtrendslive.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\4B9Y5E0C.txt [ Cookie:arne@www.qsstats.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VR97JOAB.txt [ Cookie:arne@o1.qnsr.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6E9PAXFT.txt [ Cookie:arne@msn.com/olympics-2012/inside-track/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SL1FEFJB.txt [ Cookie:arne@virginmedia.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\35C5BC0T.txt [ Cookie:arne@adtech.de/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZEJ5663P.txt [ Cookie:arne@h.atdmt.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\KEFSE4Y4.txt [ Cookie:arne@e1.cdn.qnsr.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\UNURY09M.txt [ Cookie:arne@ad.yieldmanager.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\GBKMP637.txt [ Cookie:arne@qnsr.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SABI1SPY.txt [ Cookie:arne@zanox.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YHLB1ZDI.txt [ Cookie:arne@adfarm1.adition.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLKNXB08.txt [ Cookie:arne@mediaplex.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZTXK1K6I.txt [ Cookie:arne@horyzon-media.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2K0OHG02.txt [ Cookie:arne@ru4.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\KOEZYQ2N.txt [ Cookie:arne@ad.zanox.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ISZRSGPI.txt [ Cookie:arne@smartadserver.com/ ]
	C:\USERS\ARNE\Cookies\352GOJ66.txt [ Cookie:arne@atdmt.com/ ]
	.zanox-affiliate.de [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	ads2.zeusclicks.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.exoclick.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	traffic.acwebconnecting.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	traffic.acwebconnecting.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	ads.trafficjunky.net [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.exoclick.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Sirefef
	C:\WINDOWS\SYSTEM32\CONSRV.DLL

Und hier von Malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Arne :: ARNE-HP [Administrator]

11.08.2012 17:11:54
mbam-log-2012-08-11 (17-11-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 339196
Laufzeit: 1 Stunde(n), 18 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 11.08.2012, 18:41

Code:

ATTFilter

UAC On - Limited User

Wie hast du SUPERAntiSpyware gestartet? Einfach per Doppelklick?

Code:

ATTFilter

Trojan.Agent/Gen-Sirefef
	C:\WINDOWS\SYSTEM32\CONSRV.DLL

Vermutlich nur ein Überrest.
Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

Gargamel456 · 12.08.2012, 23:56

Okay, soll ich SUPERAntiSpyware nochmal als administrator ausführen?

Ich konnte die Datei nicht auf virustotal hochladen. Wenn ich in windows in dem ordner schaue, kann ich die datei finden, nicht aber beim hochladen bei virustotal. Auch nicht, nachdem ich die Anweisungen zum sichtbar machen von dateien befolgt habe. Erklären kann ich mir das nicht.

cosinus · 13.08.2012, 16:57

Zitat:

Okay, soll ich SUPERAntiSpyware nochmal als administrator ausführen?

Ja, wie in der Anleitung zu SUPERAntiSpyware erwähnt wurde

Zitat:

Auch nicht, nachdem ich die Anweisungen zum sichtbar machen von dateien befolgt habe. Erklären kann ich mir das nicht.

Man kann auch den kompletten Pfad der Datei kopieren und einfügen, man ist nicht gezwungen Dateien auszuwählen

Gargamel456 · 14.08.2012, 16:55

Okay, hier nochmal der SUPERAntiSpyware Scan:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/14/2012 at 05:48 PM

Application Version : 5.5.1012

Core Rules Database Version : 9044
Trace Rules Database Version: 6856

Scan type       : Complete Scan
Total Scan Time : 01:42:32

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 743
Memory threats detected   : 0
Registry items scanned    : 65275
Registry threats detected : 0
File items scanned        : 140393
File threats detected     : 64

Adware.Tracking Cookie
	C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\arne@ads.creative-serving[2].txt [ /ads.creative-serving ]
	C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\984H31LN.txt [ /atdmt.com ]
	C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\TNQ1HR68.txt [ /bs.serving-sys.com ]
	C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\W8L4Q9D0.txt [ /serving-sys.com ]
	C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\7OJQMR7X.txt [ /c.atdmt.com ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9SJ39ZPP.txt [ Cookie:arne@atdmt.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\IHJV07TS.txt [ Cookie:arne@msnportal.112.2o7.net/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\V4WHN3IG.txt [ Cookie:arne@imrworldwide.com/cgi-bin ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\7G4OGH49.txt [ Cookie:arne@statse.webtrendslive.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\4B9Y5E0C.txt [ Cookie:arne@www.qsstats.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VR97JOAB.txt [ Cookie:arne@o1.qnsr.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6E9PAXFT.txt [ Cookie:arne@msn.com/olympics-2012/inside-track/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SL1FEFJB.txt [ Cookie:arne@virginmedia.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\35C5BC0T.txt [ Cookie:arne@adtech.de/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZEJ5663P.txt [ Cookie:arne@h.atdmt.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\KEFSE4Y4.txt [ Cookie:arne@e1.cdn.qnsr.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\UNURY09M.txt [ Cookie:arne@ad.yieldmanager.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\GBKMP637.txt [ Cookie:arne@qnsr.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SABI1SPY.txt [ Cookie:arne@zanox.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YHLB1ZDI.txt [ Cookie:arne@adfarm1.adition.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLKNXB08.txt [ Cookie:arne@mediaplex.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZTXK1K6I.txt [ Cookie:arne@horyzon-media.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2K0OHG02.txt [ Cookie:arne@ru4.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\KOEZYQ2N.txt [ Cookie:arne@ad.zanox.com/ ]
	C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ISZRSGPI.txt [ Cookie:arne@smartadserver.com/ ]
	C:\USERS\ARNE\Cookies\984H31LN.txt [ Cookie:arne@atdmt.com/ ]
	C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\9YU6U50B.txt [ /atdmt.com ]
	C:\USERS\ARNE\Cookies\9YU6U50B.txt [ Cookie:arne@atdmt.com/ ]
	.zanox-affiliate.de [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	ads2.zeusclicks.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.exoclick.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	traffic.acwebconnecting.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	traffic.acwebconnecting.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	ads.trafficjunky.net [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.exoclick.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Sirefef
	C:\WINDOWS\SYSTEM32\CONSRV.DLL

Die Datei C:\WINDOWS\SYSTEM32\CONSRV.DLL wird trotzdem nicht gefunden unter Virustotal, auch wenn ich den Pfad wie angegeben reinkopiere...

cosinus · 14.08.2012, 17:11

Machen wir das so:

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:

ATTFilter

:Files
C:\WINDOWS\SYSTEM32\CONSRV.DLL
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Gargamel456 · 14.08.2012, 19:18

Okay, offensichtlich konnte die fragliche Datei auch hier nicht gefunden werden. Wenn ich in den Ordner schaue, sehe ich sie aber. Kann ich sie nicht einfach per SUPERAntiSpyware löschen?

Code:

ATTFilter

All processes killed
========== FILES ==========
File\Folder C:\WINDOWS\SYSTEM32\CONSRV.DLL not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Arne
->Temp folder emptied: 149516 bytes
->Temporary Internet Files folder emptied: 1296822 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5855771 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2682 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Arne
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.1 log created on 08142012_201101

Files\Folders moved on Reboot...
C:\Users\Arne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Arne\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

07.08.2012, 13:22	#21
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Babylon Search im Firefox und was ist mit aswMBR? __________________ --> Babylon Search im Firefox

08.08.2012, 15:57	#23
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Babylon Search im Firefox Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Babylon Search im Firefox

Plagegeister aller Art und deren Bekämpfung: Babylon Search im Firefox