Win32/Sirefef.FC Trojaner

cosinus · 01.09.2012, 12:26

Ich werde hier beide Augen zudrücken, weil der Kram ja auch schon im Papierkorb war und LW F offensichtlich ein Netzwerkspeicher bei dir ist.

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

DerJosch · 02.09.2012, 18:52

Hier die Log:

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 09/02/2012 um 19:47:52 erstellt 
# Aktualisiert am 30/08/2012 von Xplode 
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) 
# Benutzer : Coko - COKO
# Normaler Modus : Normal 
# Ausgeführt unter : C:\Users\Coko\Desktop\adwcleaner.exe 
# Option [Suche] 


**** [Dienste] **** 


***** [Dateien / Ordner] ***** 


***** [Registrierungsdatenbank] ***** 

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} 

***** [Internet Browser] ***** 

-\\ Internet Explorer v9.0.8112.16421 

[OK] Die Registrierungsdatenbank ist sauber. 

-\\ Mozilla Firefox v12.0 (de) 

Profilname : default  
Datei : C:\Users\Coko\AppData\Roaming\Mozilla\Firefox\Profiles\504etxy1.default\prefs.js 

[OK] Die Datei ist sauber. 

************************* 

AdwCleaner[R1].txt - [838 octets] - [02/09/2012 19:47:52] 

########## EOF - C:\AdwCleaner[R1].txt - [897 octets] ##########

cosinus · 03.09.2012, 19:35

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

DerJosch · 03.09.2012, 23:38

Hi,
bitte nochmal vielmals um Aufschiebung.
Bin leider bis nächste Woche beruflich unterwegs und kann mich dann erst wieder mit der neuen Log zurückmelden.

cosinus · 04.09.2012, 13:39

Ich seh schon wenn du hier wieder postest

DerJosch · 09.09.2012, 21:40

ok, nun war es das aber erstma mit dem Reisen :-)
Hier die Log:

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 09/09/2012 um 22:29:30 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Coko - COKO-PC
# Normaler Modus : Normal
# Ausgef¸hrt unter : C:\Users\Coko\Desktop\adwcleaner.exe
# Option [Lˆschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v12.0 (de)

Profilname : default 
Datei : C:\Users\Coko\AppData\Roaming\Mozilla\Firefox\Profiles\504etxy1.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [965 octets] - [02/09/2012 19:47:52]
AdwCleaner[S1].txt - [1156 octets] - [09/09/2012 22:29:30]

########## EOF - C:\AdwCleaner[S1].txt - [1216 octets] ##########

cosinus · 10.09.2012, 16:09

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

DerJosch · 10.09.2012, 16:49

1) Der normale Modus ging schon immer. Bis auf das ich immer wieder von NOD32 die Meldungen von dem gefundenen Trojaner bekomme, die Windows Firewall nicht mehr aktivieren kann und ich bei klicks auf einen Link nach einer Google Suche auf Werbeseiten geleitet wurde (das ist jetzt nicht mehr der Fall) ging eigentlich alles normal.

2) Vermissen tue ich auch nichts. Alle Ordner sind gefüllt und so, wie sie sein sollen.

cosinus · 10.09.2012, 20:21

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

DerJosch · 11.09.2012, 19:07

Alles nach Anleitung erledigt. Hier die Log:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11.09.2012 19:21:03 - Run 2
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Coko\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,77% Memory free
4,00 Gb Paging File | 3,14 Gb Available in Paging File | 78,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,59 Gb Total Space | 47,49 Gb Free Space | 62,00% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 97,56 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive F: | 135,23 Gb Total Space | 73,72 Gb Free Space | 54,51% Space Free | Partition Type: NTFS
 
Computer Name: COKO-PC | User Name: Coko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.11 19:18:17 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Coko\Desktop\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\ekrn.exe
PRC - [2011.09.22 13:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\egui.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 23:29:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:36 | 000,259,072 | ---- | M] () -- C:\Windows\System32\services.exe
PRC - [2009.04.14 08:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.31 22:14:46 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.31 16:11:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\efavdrv.sys -- (efavdrv)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.09 15:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011.08.04 10:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2011.08.04 10:20:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2011.08.04 10:20:38 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011.08.04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.06.18 20:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de
IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C E2 E6 94 C3 C5 CC 01  [binary data]
IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 16:11:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.03 17:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.12.29 02:06:10 | 000,000,000 | ---D | M]
 
[2011.12.29 01:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coko\AppData\Roaming\mozilla\Extensions
[2012.05.12 22:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coko\AppData\Roaming\mozilla\Firefox\Profiles\504etxy1.default\extensions
[2012.04.01 17:48:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.31 16:11:31 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.31 16:11:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 16:11:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.31 16:11:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.31 16:11:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.31 16:11:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.31 16:11:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Coko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Coko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24ED9925-762C-4644-957A-2FCE40ADB78F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: wuauserv -  File not found
NetSvcs: BITS -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.31 22:24:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.31 16:18:43 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Coko\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.23 16:15:12 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Coko\Desktop\esetsmartinstaller_enu.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.11 19:18:17 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Coko\Desktop\OTL.exe
[2012.09.11 19:13:56 | 000,022,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 19:13:56 | 000,022,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 19:06:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.11 19:06:28 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.02 19:47:31 | 000,511,265 | ---- | M] () -- C:\Users\Coko\Desktop\adwcleaner.exe
[2012.09.02 19:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 16:20:10 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.31 16:18:58 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Coko\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.23 16:15:14 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Coko\Desktop\esetsmartinstaller_enu.exe
 
========== Files Created - No Company Name ==========
 
[2012.09.02 19:50:00 | 000,090,624 | ---- | C] () -- C:\Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\U\80000032.@
[2012.09.02 19:47:28 | 000,511,265 | ---- | C] () -- C:\Users\Coko\Desktop\adwcleaner.exe
[2012.08.31 22:12:49 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\U\00000008.@
[2012.08.31 22:12:38 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\U\80000000.@
[2012.08.31 16:20:10 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.02 20:31:00 | 000,000,000 | ---- | C] () -- C:\Users\Coko\defogger_reenable
[2012.07.22 13:14:58 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\L\00000004.@
[2012.01.16 22:16:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\@
[2012.01.16 22:16:24 | 000,002,048 | -HS- | C] () -- C:\Users\Coko\AppData\Local\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\@
[2011.12.29 14:41:09 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.12.29 14:41:09 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.12.29 14:39:35 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.29 14:39:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.12.29 14:38:16 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011.12.29 14:38:03 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.12.29 14:38:03 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.12.29 14:38:02 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011.12.28 20:34:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.28 20:34:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.04.12 03:30:05 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== LOP Check ==========
 
[2012.03.08 21:15:29 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Canneverbe Limited
[2012.09.11 19:07:13 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Dropbox
[2011.12.29 02:08:06 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\ESET
[2011.12.30 19:38:29 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\redsn0w
[2011.12.29 01:50:23 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Thunderbird
[2011.12.30 23:42:37 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Trillian
[2011.12.29 19:03:34 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Xilisoft
[2012.07.22 13:21:27 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\xsecva
[2012.07.25 22:23:41 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.31 00:18:29 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Adobe
[2012.03.03 14:33:28 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Apple Computer
[2012.03.03 08:04:26 | 000,000,000 | R--D | M] -- C:\Users\Coko\AppData\Roaming\Brother
[2012.03.08 21:15:29 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Canneverbe Limited
[2012.09.11 19:07:13 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Dropbox
[2011.12.29 02:08:06 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\ESET
[2011.12.28 20:41:19 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Identities
[2011.12.29 14:36:02 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\InstallShield
[2011.12.29 14:48:58 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Macromedia
[2012.08.02 17:00:34 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Malwarebytes
[2011.04.12 03:39:07 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Media Center Programs
[2012.03.08 21:31:43 | 000,000,000 | --SD | M] -- C:\Users\Coko\AppData\Roaming\Microsoft
[2011.12.29 01:39:31 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Mozilla
[2011.12.30 19:38:29 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\redsn0w
[2011.12.29 01:50:23 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Thunderbird
[2011.12.30 23:42:37 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Trillian
[2012.01.02 04:41:07 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\vlc
[2011.12.29 19:03:34 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\Xilisoft
[2012.07.22 13:21:27 | 000,000,000 | ---D | M] -- C:\Users\Coko\AppData\Roaming\xsecva
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Coko\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Coko\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Coko\AppData\Roaming\Dropbox\bin\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.12.29 02:24:20 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.12.29 02:24:20 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll

< End of report >

--- --- ---

cosinus · 11.09.2012, 23:12

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2460109341-2024125387-723533134-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}
C:\Users\Coko\AppData\Local\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

DerJosch · 12.09.2012, 14:50

Der Rechner wurde neugestartet und brachte folgende Log hervor:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop not found.
Registry value HKEY_USERS\S-1-5-21-2460109341-2024125387-723533134-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
========== FILES ==========
File\Folder C:\Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62} not found.
C:\Users\Coco\AppData\Local\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\U folder moved successfully.
C:\Users\Coco\AppData\Local\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\L folder moved successfully.
C:\Users\Coco\AppData\Local\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62} folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Coco\Desktop\cmd.bat deleted successfully.
C:\Users\Coco\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Coco
->Temp folder emptied: 1481 bytes
->Temporary Internet Files folder emptied: 37294 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7609439 bytes
->Flash cache emptied: 492 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.3 log created on 09122012_154406

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 12.09.2012, 15:23

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

DerJosch · 12.09.2012, 17:34

Hier die nächste Log:

Code:

ATTFilter

18:28:10.0593 2080  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:28:10.0875 2080  ============================================================
18:28:10.0875 2080  Current date / time: 2012/09/12 18:28:10.0875
18:28:10.0875 2080  SystemInfo:
18:28:10.0875 2080  
18:28:10.0875 2080  OS Version: 6.1.7601 ServicePack: 1.0
18:28:10.0875 2080  Product type: Workstation
18:28:10.0875 2080  ComputerName: COCO-PC
18:28:10.0875 2080  UserName: Coco
18:28:10.0875 2080  Windows directory: C:\Windows
18:28:10.0875 2080  System windows directory: C:\Windows
18:28:10.0875 2080  Processor architecture: Intel x86
18:28:10.0875 2080  Number of processors: 1
18:28:10.0875 2080  Page size: 0x1000
18:28:10.0875 2080  Boot type: Normal boot
18:28:10.0875 2080  ============================================================
18:28:12.0015 2080  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:28:12.0031 2080  Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x939E, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
18:28:12.0031 2080  ============================================================
18:28:12.0031 2080  \Device\Harddisk1\DR1:
18:28:12.0031 2080  MBR partitions:
18:28:12.0031 2080  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
18:28:12.0031 2080  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x10E74800
18:28:12.0031 2080  \Device\Harddisk0\DR0:
18:28:12.0031 2080  MBR partitions:
18:28:12.0031 2080  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:28:12.0031 2080  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x992F800
18:28:12.0031 2080  ============================================================
18:28:12.0046 2080  C: <-> \Device\Harddisk0\DR0\Partition2
18:28:12.0062 2080  E: <-> \Device\Harddisk1\DR1\Partition1
18:28:12.0093 2080  F: <-> \Device\Harddisk1\DR1\Partition2
18:28:12.0093 2080  ============================================================
18:28:12.0093 2080  Initialize success
18:28:12.0093 2080  ============================================================
18:29:24.0223 3860  ============================================================
18:29:24.0223 3860  Scan started
18:29:24.0223 3860  Mode: Manual; SigCheck; TDLFS; 
18:29:24.0223 3860  ============================================================
18:29:25.0176 3860  ================ Scan system memory ========================
18:29:25.0176 3860  System memory - ok
18:29:25.0176 3860  ================ Scan services =============================
18:29:25.0333 3860  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
18:29:25.0459 3860  1394ohci - ok
18:29:25.0491 3860  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:29:25.0522 3860  ACPI - ok
18:29:25.0553 3860  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:29:25.0600 3860  AcpiPmi - ok
18:29:25.0788 3860  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:29:25.0803 3860  AdobeARMservice - ok
18:29:25.0881 3860  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:29:25.0897 3860  AdobeFlashPlayerUpdateSvc - ok
18:29:25.0944 3860  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:29:25.0959 3860  adp94xx - ok
18:29:26.0022 3860  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:29:26.0038 3860  adpahci - ok
18:29:26.0069 3860  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:29:26.0084 3860  adpu320 - ok
18:29:26.0131 3860  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:29:26.0272 3860  AeLookupSvc - ok
18:29:26.0319 3860  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
18:29:26.0366 3860  AFD - ok
18:29:26.0413 3860  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
18:29:26.0413 3860  agp440 - ok
18:29:26.0459 3860  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:29:26.0475 3860  aic78xx - ok
18:29:26.0616 3860  [ 7997B6F02CBDA0E31FA18CC85871B938 ] ALCXWDM         C:\Windows\system32\drivers\RTKVAC.SYS
18:29:33.0241 3860  ALCXWDM - ok
18:29:33.0303 3860  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
18:29:33.0350 3860  ALG - ok
18:29:33.0381 3860  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:29:33.0381 3860  aliide - ok
18:29:33.0428 3860  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:29:33.0444 3860  amdagp - ok
18:29:33.0444 3860  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:29:33.0459 3860  amdide - ok
18:29:33.0506 3860  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:29:33.0538 3860  AmdK8 - ok
18:29:33.0553 3860  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:29:33.0584 3860  AmdPPM - ok
18:29:33.0631 3860  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:29:33.0647 3860  amdsata - ok
18:29:33.0741 3860  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:29:33.0756 3860  amdsbs - ok
18:29:33.0788 3860  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:29:33.0803 3860  amdxata - ok
18:29:33.0850 3860  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
18:29:33.0881 3860  AppID - ok
18:29:33.0913 3860  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:29:33.0959 3860  AppIDSvc - ok
18:29:33.0991 3860  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
18:29:34.0022 3860  Appinfo - ok
18:29:34.0069 3860  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:29:34.0084 3860  Apple Mobile Device - ok
18:29:34.0131 3860  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:29:34.0178 3860  AppMgmt - ok
18:29:34.0209 3860  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
18:29:34.0225 3860  arc - ok
18:29:34.0241 3860  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:29:34.0256 3860  arcsas - ok
18:29:34.0288 3860  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:29:34.0382 3860  AsyncMac - ok
18:29:34.0414 3860  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
18:29:34.0429 3860  atapi - ok
18:29:34.0570 3860  [ 712D8A95E45B070114C5309ADA7358FF ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:29:34.0726 3860  atikmdag - ok
18:29:34.0773 3860  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:29:34.0820 3860  AudioEndpointBuilder - ok
18:29:34.0851 3860  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:29:34.0882 3860  Audiosrv - ok
18:29:34.0914 3860  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:29:34.0960 3860  AxInstSV - ok
18:29:35.0007 3860  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
18:29:35.0054 3860  b06bdrv - ok
18:29:35.0101 3860  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
18:29:35.0132 3860  b57nd60x - ok
18:29:35.0195 3860  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:29:35.0226 3860  BDESVC - ok
18:29:35.0257 3860  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:29:35.0289 3860  Beep - ok
18:29:35.0320 3860  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:29:35.0351 3860  blbdrive - ok
18:29:35.0414 3860  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:29:35.0429 3860  Bonjour Service - ok
18:29:35.0460 3860  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:29:35.0492 3860  bowser - ok
18:29:35.0523 3860  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:29:35.0554 3860  BrFiltLo - ok
18:29:35.0585 3860  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:29:35.0617 3860  BrFiltUp - ok
18:29:35.0664 3860  [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser         C:\Windows\System32\browser.dll
18:29:35.0742 3860  Browser - ok
18:29:35.0773 3860  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:29:35.0820 3860  Brserid - ok
18:29:35.0851 3860  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:29:35.0882 3860  BrSerWdm - ok
18:29:35.0898 3860  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:29:35.0929 3860  BrUsbMdm - ok
18:29:35.0945 3860  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:29:35.0976 3860  BrUsbSer - ok
18:29:35.0992 3860  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:29:36.0023 3860  BTHMODEM - ok
18:29:36.0070 3860  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
18:29:36.0117 3860  bthserv - ok
18:29:36.0132 3860  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:29:36.0179 3860  cdfs - ok
18:29:36.0226 3860  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:29:36.0257 3860  cdrom - ok
18:29:36.0304 3860  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:29:36.0335 3860  CertPropSvc - ok
18:29:36.0367 3860  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:29:36.0400 3860  circlass - ok
18:29:36.0416 3860  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
18:29:36.0447 3860  CLFS - ok
18:29:36.0509 3860  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:29:36.0525 3860  clr_optimization_v2.0.50727_32 - ok
18:29:36.0603 3860  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:29:36.0634 3860  clr_optimization_v4.0.30319_32 - ok
18:29:36.0650 3860  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
18:29:36.0681 3860  CmBatt - ok
18:29:36.0712 3860  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:29:36.0728 3860  cmdide - ok
18:29:36.0775 3860  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
18:29:36.0806 3860  CNG - ok
18:29:36.0822 3860  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:29:36.0822 3860  Compbatt - ok
18:29:36.0869 3860  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:29:36.0884 3860  CompositeBus - ok
18:29:36.0916 3860  COMSysApp - ok
18:29:36.0947 3860  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:29:36.0962 3860  crcdisk - ok
18:29:37.0025 3860  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:29:37.0072 3860  CryptSvc - ok
18:29:37.0119 3860  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
18:29:37.0150 3860  CSC - ok
18:29:37.0197 3860  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
18:29:37.0228 3860  CscService - ok
18:29:37.0259 3860  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:29:37.0306 3860  DcomLaunch - ok
18:29:37.0337 3860  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:29:37.0384 3860  defragsvc - ok
18:29:37.0431 3860  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:29:37.0462 3860  DfsC - ok
18:29:37.0509 3860  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:29:37.0556 3860  Dhcp - ok
18:29:37.0587 3860  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
18:29:37.0634 3860  discache - ok
18:29:37.0697 3860  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
18:29:37.0712 3860  Disk - ok
18:29:37.0744 3860  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
18:29:37.0775 3860  dmvsc - ok
18:29:37.0806 3860  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:29:37.0853 3860  Dnscache - ok
18:29:37.0884 3860  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:29:37.0931 3860  dot3svc - ok
18:29:37.0962 3860  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
18:29:37.0994 3860  DPS - ok
18:29:38.0041 3860  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:29:38.0056 3860  drmkaud - ok
18:29:38.0103 3860  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:29:38.0134 3860  DXGKrnl - ok
18:29:38.0166 3860  [ 04238864710460C5682E260207D06192 ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
18:29:38.0181 3860  eamonm - ok
18:29:38.0212 3860  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
18:29:38.0259 3860  EapHost - ok
18:29:38.0384 3860  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
18:29:38.0509 3860  ebdrv - ok
18:29:38.0541 3860  efavdrv - ok
18:29:38.0572 3860  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
18:29:38.0603 3860  EFS - ok
18:29:38.0634 3860  [ DEFF87F04AB5F6DD5EDF2B80853BBE10 ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
18:29:38.0650 3860  ehdrv - ok
18:29:38.0759 3860  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:29:38.0806 3860  ehRecvr - ok
18:29:38.0822 3860  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
18:29:38.0853 3860  ehSched - ok
18:29:38.0931 3860  [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn            C:\Program Files\ESET\ESET Smart Security\ekrn.exe
18:29:38.0962 3860  ekrn - ok
18:29:39.0009 3860  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:29:39.0041 3860  elxstor - ok
18:29:39.0087 3860  [ 5BA193CA0AE31209AAA39939CE6736B2 ] epfw            C:\Windows\system32\DRIVERS\epfw.sys
18:29:39.0103 3860  epfw - ok
18:29:39.0119 3860  [ 9CEFD59C8E5EBFB48165AEF54617F539 ] EpfwLWF         C:\Windows\system32\DRIVERS\EpfwLWF.sys
18:29:39.0134 3860  EpfwLWF - ok
18:29:39.0166 3860  [ 7144A06AC105A2A7302944602E415EC1 ] epfwwfp         C:\Windows\system32\DRIVERS\epfwwfp.sys
18:29:39.0166 3860  epfwwfp - ok
18:29:39.0181 3860  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:29:39.0212 3860  ErrDev - ok
18:29:39.0275 3860  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
18:29:39.0306 3860  EventSystem - ok
18:29:39.0337 3860  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
18:29:39.0369 3860  exfat - ok
18:29:39.0416 3860  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:29:39.0462 3860  fastfat - ok
18:29:39.0509 3860  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
18:29:39.0556 3860  Fax - ok
18:29:39.0587 3860  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:29:39.0619 3860  fdc - ok
18:29:39.0634 3860  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
18:29:39.0697 3860  fdPHost - ok
18:29:39.0728 3860  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
18:29:39.0744 3860  FDResPub - ok
18:29:39.0775 3860  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:29:39.0791 3860  FileInfo - ok
18:29:39.0806 3860  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:29:39.0853 3860  Filetrace - ok
18:29:39.0884 3860  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:29:39.0900 3860  flpydisk - ok
18:29:39.0931 3860  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:29:39.0947 3860  FltMgr - ok
18:29:39.0994 3860  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
18:29:40.0041 3860  FontCache - ok
18:29:40.0119 3860  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:29:40.0119 3860  FontCache3.0.0.0 - ok
18:29:40.0150 3860  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:29:40.0166 3860  FsDepends - ok
18:29:40.0197 3860  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:29:40.0212 3860  Fs_Rec - ok
18:29:40.0259 3860  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:29:40.0275 3860  fvevol - ok
18:29:40.0306 3860  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:29:40.0322 3860  gagp30kx - ok
18:29:40.0353 3860  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:29:40.0369 3860  GEARAspiWDM - ok
18:29:40.0418 3860  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:29:40.0471 3860  gpsvc - ok
18:29:40.0502 3860  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:29:40.0534 3860  hcw85cir - ok
18:29:40.0565 3860  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:29:40.0596 3860  HDAudBus - ok
18:29:40.0612 3860  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:29:40.0643 3860  HidBatt - ok
18:29:40.0721 3860  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:29:40.0737 3860  HidBth - ok
18:29:40.0768 3860  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:29:40.0799 3860  HidIr - ok
18:29:40.0815 3860  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
18:29:40.0862 3860  hidserv - ok
18:29:40.0909 3860  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:29:40.0940 3860  HidUsb - ok
18:29:40.0956 3860  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:29:41.0002 3860  hkmsvc - ok
18:29:41.0034 3860  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:29:41.0049 3860  HomeGroupListener - ok
18:29:41.0096 3860  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:29:41.0127 3860  HomeGroupProvider - ok
18:29:41.0159 3860  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:29:41.0174 3860  HpSAMD - ok
18:29:41.0221 3860  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:29:41.0268 3860  HTTP - ok
18:29:41.0284 3860  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:29:41.0299 3860  hwpolicy - ok
18:29:41.0331 3860  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:29:41.0346 3860  i8042prt - ok
18:29:41.0393 3860  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:29:41.0409 3860  iaStorV - ok
18:29:41.0478 3860  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:29:41.0509 3860  idsvc - ok
18:29:41.0556 3860  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:29:41.0572 3860  iirsp - ok
18:29:41.0619 3860  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:29:41.0666 3860  IKEEXT - ok
18:29:41.0712 3860  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:29:41.0728 3860  intelide - ok
18:29:41.0759 3860  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
18:29:41.0775 3860  intelppm - ok
18:29:41.0822 3860  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:29:41.0853 3860  IPBusEnum - ok
18:29:41.0884 3860  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:41.0931 3860  IpFilterDriver - ok
18:29:41.0947 3860  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:29:41.0962 3860  IPMIDRV - ok
18:29:42.0009 3860  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:29:42.0041 3860  IPNAT - ok
18:29:42.0087 3860  [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:29:42.0119 3860  iPod Service - ok
18:29:42.0166 3860  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:29:42.0181 3860  IRENUM - ok
18:29:42.0212 3860  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:29:42.0228 3860  isapnp - ok
18:29:42.0259 3860  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:29:42.0275 3860  iScsiPrt - ok
18:29:42.0322 3860  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:29:42.0322 3860  kbdclass - ok
18:29:42.0369 3860  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:29:42.0400 3860  kbdhid - ok
18:29:42.0416 3860  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
18:29:42.0431 3860  KeyIso - ok
18:29:42.0462 3860  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:29:42.0485 3860  KSecDD - ok
18:29:42.0506 3860  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:29:42.0524 3860  KSecPkg - ok
18:29:42.0571 3860  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:29:42.0602 3860  KtmRm - ok
18:29:42.0633 3860  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:29:42.0680 3860  LanmanServer - ok
18:29:42.0743 3860  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:29:42.0774 3860  LanmanWorkstation - ok
18:29:42.0821 3860  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:29:42.0868 3860  lltdio - ok
18:29:42.0899 3860  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:29:42.0930 3860  lltdsvc - ok
18:29:42.0961 3860  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:29:42.0993 3860  lmhosts - ok
18:29:43.0040 3860  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:29:43.0055 3860  LSI_FC - ok
18:29:43.0102 3860  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:29:43.0118 3860  LSI_SAS - ok
18:29:43.0149 3860  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:29:43.0149 3860  LSI_SAS2 - ok
18:29:43.0180 3860  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:29:43.0196 3860  LSI_SCSI - ok
18:29:43.0227 3860  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
18:29:43.0258 3860  luafv - ok
18:29:43.0321 3860  [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:29:43.0336 3860  MBAMProtector - ok
18:29:43.0415 3860  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:29:43.0446 3860  MBAMService - ok
18:29:43.0493 3860  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:29:43.0508 3860  Mcx2Svc - ok
18:29:43.0540 3860  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:29:43.0555 3860  megasas - ok
18:29:43.0586 3860  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:29:43.0602 3860  MegaSR - ok
18:29:43.0665 3860  Microsoft SharePoint Workspace Audit Service - ok
18:29:43.0743 3860  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
18:29:43.0774 3860  MMCSS - ok
18:29:43.0805 3860  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
18:29:43.0852 3860  Modem - ok
18:29:43.0868 3860  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:29:43.0899 3860  monitor - ok
18:29:43.0946 3860  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:29:43.0961 3860  mouclass - ok
18:29:43.0993 3860  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:29:44.0024 3860  mouhid - ok
18:29:44.0055 3860  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:29:44.0071 3860  mountmgr - ok
18:29:44.0149 3860  [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:29:44.0165 3860  MozillaMaintenance - ok
18:29:44.0180 3860  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:29:44.0196 3860  mpio - ok
18:29:44.0227 3860  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:29:44.0258 3860  mpsdrv - ok
18:29:44.0290 3860  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:29:44.0321 3860  MRxDAV - ok
18:29:44.0368 3860  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:44.0383 3860  mrxsmb - ok
18:29:44.0415 3860  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:44.0446 3860  mrxsmb10 - ok
18:29:44.0477 3860  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:44.0493 3860  mrxsmb20 - ok
18:29:44.0524 3860  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
18:29:44.0540 3860  msahci - ok
18:29:44.0571 3860  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:29:44.0586 3860  msdsm - ok
18:29:44.0618 3860  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
18:29:44.0649 3860  MSDTC - ok
18:29:44.0696 3860  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:29:44.0727 3860  Msfs - ok
18:29:44.0758 3860  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:29:44.0790 3860  mshidkmdf - ok
18:29:44.0821 3860  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:29:44.0836 3860  msisadrv - ok
18:29:44.0883 3860  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:29:44.0930 3860  MSiSCSI - ok
18:29:44.0946 3860  msiserver - ok
18:29:44.0977 3860  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:29:45.0008 3860  MSKSSRV - ok
18:29:45.0040 3860  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:29:45.0086 3860  MSPCLOCK - ok
18:29:45.0118 3860  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:29:45.0149 3860  MSPQM - ok
18:29:45.0180 3860  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:29:45.0196 3860  MsRPC - ok
18:29:45.0243 3860  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:29:45.0243 3860  mssmbios - ok
18:29:45.0290 3860  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:29:45.0336 3860  MSTEE - ok
18:29:45.0352 3860  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:29:45.0383 3860  MTConfig - ok
18:29:45.0399 3860  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:29:45.0415 3860  Mup - ok
18:29:45.0461 3860  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
18:29:45.0508 3860  napagent - ok
18:29:45.0555 3860  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:29:45.0586 3860  NativeWifiP - ok
18:29:45.0618 3860  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:29:45.0649 3860  NDIS - ok
18:29:45.0743 3860  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:29:45.0836 3860  NdisCap - ok
18:29:45.0899 3860  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:29:45.0930 3860  NdisTapi - ok
18:29:45.0961 3860  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:29:45.0993 3860  Ndisuio - ok
18:29:46.0024 3860  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:29:46.0055 3860  NdisWan - ok
18:29:46.0086 3860  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:29:46.0118 3860  NDProxy - ok
18:29:46.0149 3860  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:29:46.0196 3860  NetBIOS - ok
18:29:46.0211 3860  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:29:46.0258 3860  NetBT - ok
18:29:46.0274 3860  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
18:29:46.0290 3860  Netlogon - ok
18:29:46.0336 3860  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
18:29:46.0383 3860  Netman - ok
18:29:46.0415 3860  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
18:29:46.0461 3860  netprofm - ok
18:29:46.0477 3860  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:29:46.0493 3860  NetTcpPortSharing - ok
18:29:46.0540 3860  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:29:46.0555 3860  nfrd960 - ok
18:29:46.0586 3860  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:29:46.0633 3860  NlaSvc - ok
18:29:46.0696 3860  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:29:46.0743 3860  Npfs - ok
18:29:46.0774 3860  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
18:29:46.0805 3860  nsi - ok
18:29:46.0821 3860  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:29:46.0868 3860  nsiproxy - ok
18:29:46.0930 3860  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:29:46.0977 3860  Ntfs - ok
18:29:47.0008 3860  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
18:29:47.0055 3860  Null - ok
18:29:47.0086 3860  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:29:47.0102 3860  nvraid - ok
18:29:47.0133 3860  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:29:47.0149 3860  nvstor - ok
18:29:47.0165 3860  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:29:47.0180 3860  nv_agp - ok
18:29:47.0211 3860  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:29:47.0243 3860  ohci1394 - ok
18:29:47.0274 3860  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:29:47.0290 3860  ose - ok
18:29:47.0461 3860  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:29:47.0681 3860  osppsvc - ok
18:29:47.0728 3860  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:29:47.0775 3860  p2pimsvc - ok
18:29:47.0806 3860  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:29:47.0853 3860  p2psvc - ok
18:29:47.0884 3860  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:29:47.0900 3860  Parport - ok
18:29:47.0931 3860  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:29:47.0947 3860  partmgr - ok
18:29:47.0978 3860  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
18:29:47.0978 3860  Parvdm - ok
18:29:48.0025 3860  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:29:48.0041 3860  PcaSvc - ok
18:29:48.0072 3860  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
18:29:48.0087 3860  pci - ok
18:29:48.0119 3860  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
18:29:48.0134 3860  pciide - ok
18:29:48.0150 3860  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:29:48.0166 3860  pcmcia - ok
18:29:48.0197 3860  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
18:29:48.0212 3860  pcw - ok
18:29:48.0244 3860  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:29:48.0291 3860  PEAUTH - ok
18:29:48.0353 3860  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:29:48.0416 3860  PeerDistSvc - ok
18:29:48.0509 3860  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
18:29:48.0572 3860  pla - ok
18:29:48.0634 3860  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:29:48.0666 3860  PlugPlay - ok
18:29:48.0712 3860  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:29:48.0728 3860  PNRPAutoReg - ok
18:29:48.0759 3860  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:29:48.0775 3860  PNRPsvc - ok
18:29:48.0822 3860  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:29:48.0853 3860  PolicyAgent - ok
18:29:48.0900 3860  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
18:29:48.0947 3860  Power - ok
18:29:48.0978 3860  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:29:49.0025 3860  PptpMiniport - ok
18:29:49.0041 3860  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
18:29:49.0072 3860  Processor - ok
18:29:49.0119 3860  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
18:29:49.0166 3860  ProfSvc - ok
18:29:49.0197 3860  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:29:49.0197 3860  ProtectedStorage - ok
18:29:49.0244 3860  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:29:49.0275 3860  Psched - ok
18:29:49.0353 3860  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:29:49.0416 3860  ql2300 - ok
18:29:49.0431 3860  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:29:49.0447 3860  ql40xx - ok
18:29:49.0494 3860  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
18:29:49.0525 3860  QWAVE - ok
18:29:49.0541 3860  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:29:49.0557 3860  QWAVEdrv - ok
18:29:49.0604 3860  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:29:49.0635 3860  RasAcd - ok
18:29:49.0713 3860  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:29:49.0745 3860  RasAgileVpn - ok
18:29:49.0776 3860  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
18:29:49.0823 3860  RasAuto - ok
18:29:49.0854 3860  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:49.0901 3860  Rasl2tp - ok
18:29:49.0932 3860  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
18:29:49.0979 3860  RasMan - ok
18:29:50.0026 3860  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:29:50.0057 3860  RasPppoe - ok
18:29:50.0088 3860  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:29:50.0135 3860  RasSstp - ok
18:29:50.0151 3860  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:29:50.0213 3860  rdbss - ok
18:29:50.0245 3860  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:29:50.0260 3860  rdpbus - ok
18:29:50.0276 3860  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:50.0323 3860  RDPCDD - ok
18:29:50.0354 3860  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:29:50.0401 3860  RDPDR - ok
18:29:50.0432 3860  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:29:50.0463 3860  RDPENCDD - ok
18:29:50.0495 3860  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:29:50.0526 3860  RDPREFMP - ok
18:29:50.0573 3860  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:29:50.0604 3860  RDPWD - ok
18:29:50.0651 3860  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:29:50.0666 3860  rdyboost - ok
18:29:50.0713 3860  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:29:50.0745 3860  RemoteAccess - ok
18:29:50.0776 3860  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:29:50.0807 3860  RemoteRegistry - ok
18:29:50.0854 3860  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:29:50.0901 3860  RpcEptMapper - ok
18:29:50.0948 3860  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
18:29:50.0963 3860  RpcLocator - ok
18:29:50.0995 3860  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
18:29:51.0026 3860  RpcSs - ok
18:29:51.0073 3860  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:29:51.0104 3860  rspndr - ok
18:29:51.0135 3860  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:29:51.0166 3860  s3cap - ok
18:29:51.0182 3860  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
18:29:51.0198 3860  SamSs - ok
18:29:51.0245 3860  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:29:51.0260 3860  sbp2port - ok
18:29:51.0291 3860  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:29:51.0338 3860  SCardSvr - ok
18:29:51.0370 3860  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:29:51.0401 3860  scfilter - ok
18:29:51.0448 3860  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
18:29:51.0495 3860  Schedule - ok
18:29:51.0526 3860  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:29:51.0557 3860  SCPolicySvc - ok
18:29:51.0588 3860  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:29:51.0620 3860  SDRSVC - ok
18:29:51.0666 3860  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:29:51.0729 3860  secdrv - ok
18:29:51.0760 3860  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
18:29:51.0807 3860  seclogon - ok
18:29:51.0838 3860  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
18:29:51.0885 3860  SENS - ok
18:29:51.0916 3860  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:29:51.0948 3860  SensrSvc - ok
18:29:51.0979 3860  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:29:52.0010 3860  Serenum - ok
18:29:52.0026 3860  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:29:52.0057 3860  Serial - ok
18:29:52.0073 3860  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:29:52.0088 3860  sermouse - ok
18:29:52.0135 3860  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:29:52.0166 3860  SessionEnv - ok
18:29:52.0198 3860  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:29:52.0229 3860  sffdisk - ok
18:29:52.0260 3860  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:29:52.0276 3860  sffp_mmc - ok
18:29:52.0291 3860  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:29:52.0323 3860  sffp_sd - ok
18:29:52.0338 3860  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:29:52.0354 3860  sfloppy - ok
18:29:52.0401 3860  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:29:52.0463 3860  ShellHWDetection - ok
18:29:52.0495 3860  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:29:52.0510 3860  SiSRaid2 - ok
18:29:52.0526 3860  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:29:52.0541 3860  SiSRaid4 - ok
18:29:52.0574 3860  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:29:52.0621 3860  Smb - ok
18:29:52.0667 3860  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:29:52.0683 3860  SNMPTRAP - ok
18:29:52.0714 3860  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:29:52.0730 3860  spldr - ok
18:29:52.0761 3860  [ 866A43013535DC8587C258E43579C764 ] Spooler         C:\Windows\System32\spoolsv.exe
18:29:52.0792 3860  Spooler - ok
18:29:52.0917 3860  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
18:29:53.0042 3860  sppsvc - ok
18:29:53.0074 3860  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:29:53.0105 3860  sppuinotify - ok
18:29:53.0152 3860  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:29:53.0183 3860  srv - ok
18:29:53.0230 3860  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:29:53.0246 3860  srv2 - ok
18:29:53.0292 3860  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:29:53.0308 3860  srvnet - ok
18:29:53.0339 3860  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:29:53.0386 3860  SSDPSRV - ok
18:29:53.0402 3860  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:29:53.0449 3860  SstpSvc - ok
18:29:53.0480 3860  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:29:53.0496 3860  stexstor - ok
18:29:53.0527 3860  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
18:29:53.0542 3860  StillCam - ok
18:29:53.0605 3860  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
18:29:53.0636 3860  StiSvc - ok
18:29:53.0714 3860  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:29:53.0730 3860  storflt - ok
18:29:53.0761 3860  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
18:29:53.0777 3860  StorSvc - ok
18:29:53.0824 3860  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:29:53.0839 3860  storvsc - ok
18:29:53.0871 3860  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:29:53.0886 3860  swenum - ok
18:29:53.0917 3860  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
18:29:53.0980 3860  swprv - ok
18:29:54.0042 3860  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
18:29:54.0074 3860  SysMain - ok
18:29:54.0105 3860  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:29:54.0136 3860  TabletInputService - ok
18:29:54.0167 3860  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:29:54.0214 3860  TapiSrv - ok
18:29:54.0230 3860  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
18:29:54.0277 3860  TBS - ok
18:29:54.0339 3860  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:29:54.0386 3860  Tcpip - ok
18:29:54.0449 3860  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:29:54.0496 3860  TCPIP6 - ok
18:29:54.0527 3860  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:29:54.0558 3860  tcpipreg - ok
18:29:54.0589 3860  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:29:54.0621 3860  TDPIPE - ok
18:29:54.0636 3860  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:29:54.0652 3860  TDTCP - ok
18:29:54.0761 3860  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:29:54.0792 3860  tdx - ok
18:29:54.0808 3860  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:29:54.0824 3860  TermDD - ok
18:29:54.0871 3860  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
18:29:54.0917 3860  TermService - ok
18:29:54.0933 3860  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
18:29:54.0964 3860  Themes - ok
18:29:54.0996 3860  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
18:29:55.0027 3860  THREADORDER - ok
18:29:55.0074 3860  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
18:29:55.0121 3860  TrkWks - ok
18:29:55.0167 3860  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:29:55.0199 3860  TrustedInstaller - ok
18:29:55.0230 3860  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:29:55.0277 3860  tssecsrv - ok
18:29:55.0292 3860  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:29:55.0324 3860  TsUsbFlt - ok
18:29:55.0371 3860  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:29:55.0386 3860  TsUsbGD - ok
18:29:55.0433 3860  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:29:55.0449 3860  tunnel - ok
18:29:55.0496 3860  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:29:55.0511 3860  uagp35 - ok
18:29:55.0527 3860  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:29:55.0589 3860  udfs - ok
18:29:55.0621 3860  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:29:55.0652 3860  UI0Detect - ok
18:29:55.0714 3860  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:29:55.0730 3860  uliagpkx - ok
18:29:55.0761 3860  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:29:55.0777 3860  umbus - ok
18:29:55.0808 3860  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:29:55.0839 3860  UmPass - ok
18:29:55.0871 3860  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:29:55.0902 3860  UmRdpService - ok
18:29:55.0933 3860  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
18:29:55.0980 3860  upnphost - ok
18:29:56.0011 3860  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
18:29:56.0042 3860  USBAAPL - ok
18:29:56.0074 3860  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:29:56.0089 3860  usbccgp - ok
18:29:56.0136 3860  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:29:56.0152 3860  usbcir - ok
18:29:56.0167 3860  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:29:56.0199 3860  usbehci - ok
18:29:56.0246 3860  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:29:56.0261 3860  usbhub - ok
18:29:56.0292 3860  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:29:56.0308 3860  usbohci - ok
18:29:56.0339 3860  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
18:29:56.0371 3860  usbprint - ok
18:29:56.0386 3860  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:29:56.0417 3860  USBSTOR - ok
18:29:56.0449 3860  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:29:56.0480 3860  usbuhci - ok
18:29:56.0511 3860  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
18:29:56.0542 3860  UxSms - ok
18:29:56.0574 3860  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
18:29:56.0589 3860  VaultSvc - ok
18:29:56.0622 3860  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:29:56.0637 3860  vdrvroot - ok
18:29:56.0731 3860  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
18:29:56.0778 3860  vds - ok
18:29:56.0825 3860  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:29:56.0856 3860  vga - ok
18:29:56.0872 3860  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:29:56.0903 3860  VgaSave - ok
18:29:56.0934 3860  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:29:56.0965 3860  vhdmp - ok
18:29:56.0997 3860  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:29:57.0012 3860  viaagp - ok
18:29:57.0028 3860  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:29:57.0043 3860  ViaC7 - ok
18:29:57.0075 3860  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
18:29:57.0090 3860  viaide - ok
18:29:57.0122 3860  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:29:57.0137 3860  vmbus - ok
18:29:57.0153 3860  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:29:57.0184 3860  VMBusHID - ok
18:29:57.0215 3860  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:29:57.0215 3860  volmgr - ok
18:29:57.0247 3860  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:29:57.0278 3860  volmgrx - ok
18:29:57.0293 3860  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:29:57.0325 3860  volsnap - ok
18:29:57.0340 3860  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:29:57.0356 3860  vsmraid - ok
18:29:57.0418 3860  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
18:29:57.0481 3860  VSS - ok
18:29:57.0497 3860  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:29:57.0512 3860  vwifibus - ok
18:29:57.0559 3860  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
18:29:57.0606 3860  W32Time - ok
18:29:57.0637 3860  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:29:57.0653 3860  WacomPen - ok
18:29:57.0731 3860  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:29:57.0762 3860  WANARP - ok
18:29:57.0778 3860  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:29:57.0809 3860  Wanarpv6 - ok
18:29:57.0856 3860  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
18:29:57.0918 3860  wbengine - ok
18:29:57.0934 3860  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:29:57.0965 3860  WbioSrvc - ok
18:29:58.0012 3860  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:29:58.0043 3860  wcncsvc - ok
18:29:58.0059 3860  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:29:58.0090 3860  WcsPlugInService - ok
18:29:58.0137 3860  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
18:29:58.0137 3860  Wd - ok
18:29:58.0168 3860  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:29:58.0200 3860  Wdf01000 - ok
18:29:58.0215 3860  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:29:58.0278 3860  WdiServiceHost - ok
18:29:58.0293 3860  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:29:58.0309 3860  WdiSystemHost - ok
18:29:58.0356 3860  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
18:29:58.0387 3860  WebClient - ok
18:29:58.0418 3860  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:29:58.0450 3860  Wecsvc - ok
18:29:58.0481 3860  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:29:58.0497 3860  wercplsupport - ok
18:29:58.0543 3860  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:29:58.0575 3860  WerSvc - ok
18:29:58.0606 3860  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:29:58.0637 3860  WfpLwf - ok
18:29:58.0715 3860  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:29:58.0731 3860  WIMMount - ok
18:29:58.0747 3860  WinHttpAutoProxySvc - ok
18:29:58.0809 3860  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:29:58.0840 3860  Winmgmt - ok
18:29:58.0903 3860  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
18:29:58.0965 3860  WinRM - ok
18:29:59.0043 3860  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:29:59.0059 3860  WinUsb - ok
18:29:59.0122 3860  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:29:59.0168 3860  Wlansvc - ok
18:29:59.0200 3860  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:29:59.0215 3860  WmiAcpi - ok
18:29:59.0262 3860  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:29:59.0293 3860  wmiApSrv - ok
18:29:59.0387 3860  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:29:59.0450 3860  WMPNetworkSvc - ok
18:29:59.0481 3860  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:29:59.0512 3860  WPCSvc - ok
18:29:59.0543 3860  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:29:59.0575 3860  WPDBusEnum - ok
18:29:59.0606 3860  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:29:59.0653 3860  ws2ifsl - ok
18:29:59.0715 3860  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
18:29:59.0731 3860  WSDPrintDevice - ok
18:29:59.0747 3860  WSearch - ok
18:29:59.0793 3860  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:29:59.0825 3860  WudfPf - ok
18:29:59.0872 3860  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:29:59.0934 3860  WUDFRd - ok
18:29:59.0981 3860  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:29:59.0997 3860  wudfsvc - ok
18:30:00.0028 3860  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:30:00.0075 3860  WwanSvc - ok
18:30:00.0137 3860  [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
18:30:00.0184 3860  yukonw7 - ok
18:30:00.0200 3860  ================ Scan global ===============================
18:30:00.0215 3860  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:30:00.0262 3860  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
18:30:00.0278 3860  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
18:30:00.0293 3860  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:30:00.0340 3860  [ A302BBFF2A7278C0E239EE5D471D86A9 ] C:\Windows\system32\services.exe
18:30:00.0356 3860  C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected
18:30:00.0356 3860  C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)
18:30:00.0356 3860  ================ Scan MBR ==================================
18:30:00.0372 3860  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
18:30:00.0450 3860  \Device\Harddisk1\DR1 - ok
18:30:00.0465 3860  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:30:00.0731 3860  \Device\Harddisk0\DR0 - ok
18:30:00.0731 3860  ================ Scan VBR ==================================
18:30:00.0747 3860  [ A6707D11D8A72967E3C58E361DF3035B ] \Device\Harddisk1\DR1\Partition1
18:30:00.0747 3860  \Device\Harddisk1\DR1\Partition1 - ok
18:30:00.0747 3860  [ A8F5E6CCD467797C4BF0E25B94FA0AEC ] \Device\Harddisk1\DR1\Partition2
18:30:00.0747 3860  \Device\Harddisk1\DR1\Partition2 - ok
18:30:00.0793 3860  [ 1FA1CAEB20DF487AE6C1A20CC4BF7F93 ] \Device\Harddisk0\DR0\Partition1
18:30:00.0793 3860  \Device\Harddisk0\DR0\Partition1 - ok
18:30:00.0793 3860  [ 1B9210AF6B2E796194C88F5C8B6A5C98 ] \Device\Harddisk0\DR0\Partition2
18:30:00.0809 3860  \Device\Harddisk0\DR0\Partition2 - ok
18:30:00.0809 3860  ============================================================
18:30:00.0809 3860  Scan finished
18:30:00.0809 3860  ============================================================
18:30:00.0840 3856  Detected object count: 1
18:30:00.0840 3856  Actual detected object count: 1
18:31:08.0677 3856  C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - skipped by user
18:31:08.0677 3856  C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Skip

cosinus · 12.09.2012, 20:27

Code:

ATTFilter

C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m )

Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.

04.09.2012, 13:39	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win32/Sirefef.FC Trojaner Ich seh schon wenn du hier wieder postest __________________ Logfiles bitte immer in CODE-Tags posten

10.09.2012, 16:09	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win32/Sirefef.FC Trojaner Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

12.09.2012, 20:27	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win32/Sirefef.FC Trojaner Code: ATTFilter C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag! Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten. __________________ Logfiles bitte immer in CODE-Tags posten

Win32/Sirefef.FC Trojaner

Plagegeister aller Art und deren Bekämpfung: Win32/Sirefef.FC Trojaner