Bundestrojaner

cosinus · 24.09.2012, 12:59

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2572183007-3965706403-1613814924-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2572183007-3965706403-1613814924-1000\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2572183007-3965706403-1613814924-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O32 - HKLM CDRom: AutoRun - 1
@Alternate Data Stream - 254 bytes -> C:\ProgramData\Temp:823606DE
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:D696AA12
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:D987CB43
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:85376176
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:404908B5
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:1C201DEB
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:D6D084A5
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:30E0D641
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:902C848D
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:884C7316
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:18A25CF1
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:661DC753
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:89A5891E
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:2F141B68
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:1A8BB29B
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:F7FFE8AF
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:4244811A
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:2A874675
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5A9F1AE5
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1E2D49E0
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:51E83E25
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:46283136
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:FB71A279
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:025DF3DE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:F9EDCFB0
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:9812B773
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:89CC7FD8
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:2F474C84
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:F5E8CAE0
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E7B4296D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:B6D84F71
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:9195103F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:7C8AA9A6
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E690114B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:B0A727D1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D5CCCBAA
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6CF828C2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:53BA2DF6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:183A9046
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:13CDB0E0
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:13019F4B
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:EDE28CFC
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BCFEA004
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A6B07419
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:2B9555D8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AD020DC3
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:6EE8565A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:0988A428
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:ECF3C50F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:6294B369
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5FC043A8
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E8C18F1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E73E1C2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:ED2D63E4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:BE0654D6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:6A0A47E7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4E79C4F8
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:B3C7433B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4C3D5A8B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:000D6A25
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:5DB36C47
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:BD34FFC5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:7BFAAE70
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:6757F885
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:1709732A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E0888117
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:70BDB805
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:084612C9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:65C4D44A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:587F3582
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F13867C6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D999FFD5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1E942FB9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F26F5952
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:754E278B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:2F70C0B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B8791731
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6ED8B881
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F89F2593
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8204AA35
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:678C1866
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E5496666
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DC7EDF41
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5B4686D7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:363E775E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:041ED421
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F6A0889A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:AFC732F7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:68A41423
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:8AED9359
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:384AA0FD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:2F8138B7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:C370B84F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3C4BD225
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2E636DD9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:65137F0D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:4CD3F344
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:BF6C81B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:96C9689F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:46CBC45C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:2B40A7DB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:1E5EC928
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:E6708F08
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:943971F5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:00258EE7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:553056F1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:DA5888A7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:26499772
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:57B2B96C
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:1A5822A3
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:96AFAB10
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:EF4FB3C5
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:28DB0DC4
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:213AFE42
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:F44D3C53
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:27D1368B
:Files
C:\Users\Rina\Downloads\SoftonicDownloader_fuer_g-force.exe
C:\Users\Rina\Downloads\Unlocker1.9.1-x64.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Shizznut · 24.09.2012, 14:33

Code:

ATTFilter

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2572183007-3965706403-1613814924-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2572183007-3965706403-1613814924-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2572183007-3965706403-1613814924-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Unable to delete ADS C:\ProgramData\Temp:823606DE @Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:D696AA12 @Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:D987CB43 @Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:85376176 @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:404908B5 @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:1C201DEB @Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:D6D084A5 @Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:30E0D641 @Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:902C848D @Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:884C7316 @Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:18A25CF1 @Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:661DC753 @Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:89A5891E @Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:2F141B68 @Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:1A8BB29B @Alternate Data Str .
Error: Unable to interpret <:AD020DC3 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:6EE8565A @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:0988A428 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:ECF3C50F @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:6294B369 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5FC043A8 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E8C18F1 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E73E1C2 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:ED2D63E4 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:BE0654D6 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:6A0A47E7 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4E79C4F8 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:B3C7433B @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4C3D5A8B @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:000D6A25 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:B36361EE @Alternat> in the current context!
Error: Unable to interpret <e Data Stream - 134 bytes -> C:\ProgramData\Temp:5DB36C47 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:BD34FFC5 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:7BFAAE70 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:6757F885 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:1709732A @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E0888117 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:70BDB805 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:084612C9 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:65C4D44A @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:587F3582 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F13867C6 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D999FFD5 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1E942FB9 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F26F5952 @Alternate Data Stream - 129 > in the current context!
Error: Unable to interpret <bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:754E278B @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:2F70C0B4 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B8791731 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6ED8B881 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F89F2593 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8204AA35 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:678C1866 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:12258D63 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E5496666 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DC7EDF41 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5B4686D7 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:363E775E @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:041ED421 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F6A0889A @Alternate Data Stream - 124 bytes -> C:\Program> in the current context!
Error: Unable to interpret <Data\Temp:AFC732F7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:68A41423 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:8AED9359 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:384AA0FD @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:2F8138B7 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:C370B84F @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3C4BD225 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2E636DD9 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:65137F0D @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:4CD3F344 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:BF6C81B2 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:96C9689F @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:46CBC45C @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:2B40A7DB @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:1E5EC928 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4EE95FE7 > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:E6708F08 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:943971F5 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:00258EE7 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:553056F1 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:DA5888A7 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:26499772 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:57B2B96C @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:1A5822A3 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:96AFAB10 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:EF4FB3C5 @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:28DB0DC4 @Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:213AFE42 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:F44D3C53 @Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:27D1368B :Files C:\Users\*\Downloads\SoftonicDownloader_fuer_g-force.exe> in the current context!
Error: Unable to interpret <C:\Users\*\Downloads\Unlocker1.9.1-x64.exe> in the current context!
Error: Unable to interpret <ipconfig /flushdns /c> in the current context!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: *
->Temp folder emptied: 21434913 bytes
->Temporary Internet Files folder emptied: 5712415 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60523757 bytes
->Google Chrome cache emptied: 23842210 bytes
->Flash cache emptied: 4753 bytes
 
%systemdrive% .tmp files removed: 12288000 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 246352 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 1389624 bytes
 
Total Files Cleaned = 120,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.66.2 log created on 09242012_152226

Files\Folders moved on Reboot...
C:\Users\*\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5KP4QK3\favicon[1].ico moved successfully.
C:\Users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5KP4QK3\shutdown[1].htm moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 24.09.2012, 19:26

Code:

ATTFilter

Error: Unable to interpret

Öhm nein -.-
Du musst meinen Text auch schon 1:1 abkopieren und dann auch so ins OTL-Fenster einfügen - hier als Hilfe nochmal in der Form, vllt ist das für dich dann einfacher:

Zitat:

:OTL
FF - user.js - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2572183007-3965706403-1613814924-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2572183007-3965706403-1613814924-1000\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2572183007-3965706403-1613814924-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O32 - HKLM CDRom: AutoRun - 1
@Alternate Data Stream - 254 bytes -> C:\ProgramData\Temp:823606DE
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:D696AA12
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:D987CB43
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:85376176
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:404908B5
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:1C201DEB
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:D6D084A5
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:30E0D641
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:902C848D
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:884C7316
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:18A25CF1
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:661DC753
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:89A5891E
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:2F141B68
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:1A8BB29B
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:F7FFE8AF
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:4244811A
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:2A874675
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5A9F1AE5
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1E2D49E0
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:51E83E25
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:46283136
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:FB71A279
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:025DF3DE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:F9EDCFB0
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:9812B773
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:89CC7FD8
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:2F474C84
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:F5E8CAE0
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E7B4296D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:B6D84F71
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:9195103F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:7C8AA9A6
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E690114B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:B0A727D1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D5CCCBAA
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6CF828C2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:53BA2DF6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:183A9046
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:13CDB0E0
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:13019F4B
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:EDE28CFC
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BCFEA004
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A6B07419
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:2B9555D8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AD020DC3
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:6EE8565A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:0988A428
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:ECF3C50F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:6294B369
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5FC043A8
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E8C18F1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E73E1C2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:ED2D63E4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:BE0654D6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:6A0A47E7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4E79C4F8
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:B3C7433B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4C3D5A8B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:000D6A25
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:5DB36C47
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:BD34FFC5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:7BFAAE70
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:6757F885
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:1709732A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E0888117
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:70BDB805
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:084612C9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:65C4D44A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:587F3582
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F13867C6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D999FFD5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1E942FB9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F26F5952
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:754E278B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:2F70C0B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B8791731
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6ED8B881
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F89F2593
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8204AA35
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:678C1866
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E5496666
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DC7EDF41
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5B4686D7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:363E775E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:041ED421
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F6A0889A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:AFC732F7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:68A41423
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:8AED9359
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:384AA0FD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:2F8138B7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:C370B84F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3C4BD225
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2E636DD9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:65137F0D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:4CD3F344
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:BF6C81B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:96C9689F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:46CBC45C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:2B40A7DB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:1E5EC928
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:E6708F08
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:943971F5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:00258EE7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:553056F1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:DA5888A7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:26499772
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:57B2B96C
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:1A5822A3
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:96AFAB10
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:EF4FB3C5
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:28DB0DC4
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:213AFE42
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:F44D3C53
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:27D1368B
:Files
C:\Users\Rina\Downloads\SoftonicDownloader_fuer_g-force.exe
C:\Users\Rina\Downloads\Unlocker1.9.1-x64.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Shizznut · 25.09.2012, 10:54

Hi Cosinus.
Jo, hab den Fehler erkannt. Habe deinen Code schon 1:1 eingefügt - nur aus der Email-Benachrichtigung heraus, ohne Zeilenumbruch.

Wegen Eintrag: Teatimer.exe/Spybot. Habe manuell den Resident deaktiviert.

Files: SoftonicDownloader_fuer_g-force und Unlocker1.9.1-x64 hatte ich damals schon geschreddert. Ich war wohl wieder zu schnell, oder: Was er zum löschen nicht finden kann ist auch nicht mehr da? Ich weiß es nicht.

Hier der OTL-Fix:

Code:

ATTFilter

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-21-2572183007-3965706403-1613814924-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2572183007-3965706403-1613814924-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-21-2572183007-3965706403-1613814924-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
File C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
ADS C:\ProgramData\Temp:823606DE deleted successfully.
ADS C:\ProgramData\Temp:D696AA12 deleted successfully.
ADS C:\ProgramData\Temp:D987CB43 deleted successfully.
ADS C:\ProgramData\Temp:85376176 deleted successfully.
ADS C:\ProgramData\Temp:404908B5 deleted successfully.
ADS C:\ProgramData\Temp:1C201DEB deleted successfully.
ADS C:\ProgramData\Temp:D6D084A5 deleted successfully.
ADS C:\ProgramData\Temp:30E0D641 deleted successfully.
ADS C:\ProgramData\Temp:902C848D deleted successfully.
ADS C:\ProgramData\Temp:884C7316 deleted successfully.
ADS C:\ProgramData\Temp:18A25CF1 deleted successfully.
ADS C:\ProgramData\Temp:661DC753 deleted successfully.
ADS C:\ProgramData\Temp:89A5891E deleted successfully.
ADS C:\ProgramData\Temp:2F141B68 deleted successfully.
ADS C:\ProgramData\Temp:1A8BB29B deleted successfully.
ADS C:\ProgramData\Temp:F7FFE8AF deleted successfully.
ADS C:\ProgramData\Temp:4244811A deleted successfully.
ADS C:\ProgramData\Temp:2A874675 deleted successfully.
ADS C:\ProgramData\Temp:5A9F1AE5 deleted successfully.
ADS C:\ProgramData\Temp:1E2D49E0 deleted successfully.
ADS C:\ProgramData\Temp:51E83E25 deleted successfully.
ADS C:\ProgramData\Temp:46283136 deleted successfully.
ADS C:\ProgramData\Temp:FB71A279 deleted successfully.
ADS C:\ProgramData\Temp:025DF3DE deleted successfully.
ADS C:\ProgramData\Temp:F9EDCFB0 deleted successfully.
ADS C:\ProgramData\Temp:9812B773 deleted successfully.
ADS C:\ProgramData\Temp:89CC7FD8 deleted successfully.
ADS C:\ProgramData\Temp:2F474C84 deleted successfully.
ADS C:\ProgramData\Temp:F5E8CAE0 deleted successfully.
ADS C:\ProgramData\Temp:E7B4296D deleted successfully.
ADS C:\ProgramData\Temp:B6D84F71 deleted successfully.
ADS C:\ProgramData\Temp:9195103F deleted successfully.
ADS C:\ProgramData\Temp:7C8AA9A6 deleted successfully.
ADS C:\ProgramData\Temp:E690114B deleted successfully.
ADS C:\ProgramData\Temp:B0A727D1 deleted successfully.
ADS C:\ProgramData\Temp:D5CCCBAA deleted successfully.
ADS C:\ProgramData\Temp:6CF828C2 deleted successfully.
ADS C:\ProgramData\Temp:53BA2DF6 deleted successfully.
ADS C:\ProgramData\Temp:183A9046 deleted successfully.
ADS C:\ProgramData\Temp:13CDB0E0 deleted successfully.
ADS C:\ProgramData\Temp:13019F4B deleted successfully.
ADS C:\ProgramData\Temp:EDE28CFC deleted successfully.
ADS C:\ProgramData\Temp:BCFEA004 deleted successfully.
ADS C:\ProgramData\Temp:A6B07419 deleted successfully.
ADS C:\ProgramData\Temp:2B9555D8 deleted successfully.
ADS C:\ProgramData\Temp:AD020DC3 deleted successfully.
ADS C:\ProgramData\Temp:6EE8565A deleted successfully.
ADS C:\ProgramData\Temp:0988A428 deleted successfully.
ADS C:\ProgramData\Temp:ECF3C50F deleted successfully.
ADS C:\ProgramData\Temp:6294B369 deleted successfully.
ADS C:\ProgramData\Temp:5FC043A8 deleted successfully.
ADS C:\ProgramData\Temp:5E8C18F1 deleted successfully.
ADS C:\ProgramData\Temp:5E73E1C2 deleted successfully.
ADS C:\ProgramData\Temp:ED2D63E4 deleted successfully.
ADS C:\ProgramData\Temp:BE0654D6 deleted successfully.
ADS C:\ProgramData\Temp:6A0A47E7 deleted successfully.
ADS C:\ProgramData\Temp:4E79C4F8 deleted successfully.
ADS C:\ProgramData\Temp:B3C7433B deleted successfully.
ADS C:\ProgramData\Temp:4C3D5A8B deleted successfully.
ADS C:\ProgramData\Temp:000D6A25 deleted successfully.
ADS C:\ProgramData\Temp:B36361EE deleted successfully.
ADS C:\ProgramData\Temp:5DB36C47 deleted successfully.
ADS C:\ProgramData\Temp:BD34FFC5 deleted successfully.
ADS C:\ProgramData\Temp:7BFAAE70 deleted successfully.
ADS C:\ProgramData\Temp:6757F885 deleted successfully.
ADS C:\ProgramData\Temp:1709732A deleted successfully.
ADS C:\ProgramData\Temp:E0888117 deleted successfully.
ADS C:\ProgramData\Temp:70BDB805 deleted successfully.
ADS C:\ProgramData\Temp:2F370DA6 deleted successfully.
ADS C:\ProgramData\Temp:084612C9 deleted successfully.
ADS C:\ProgramData\Temp:65C4D44A deleted successfully.
ADS C:\ProgramData\Temp:587F3582 deleted successfully.
ADS C:\ProgramData\Temp:F13867C6 deleted successfully.
ADS C:\ProgramData\Temp:D999FFD5 deleted successfully.
ADS C:\ProgramData\Temp:1E942FB9 deleted successfully.
ADS C:\ProgramData\Temp:F26F5952 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:754E278B deleted successfully.
ADS C:\ProgramData\Temp:2F70C0B4 deleted successfully.
ADS C:\ProgramData\Temp:B8791731 deleted successfully.
ADS C:\ProgramData\Temp:6ED8B881 deleted successfully.
ADS C:\ProgramData\Temp:F89F2593 deleted successfully.
ADS C:\ProgramData\Temp:8204AA35 deleted successfully.
ADS C:\ProgramData\Temp:678C1866 deleted successfully.
ADS C:\ProgramData\Temp:12258D63 deleted successfully.
ADS C:\ProgramData\Temp:E5496666 deleted successfully.
ADS C:\ProgramData\Temp:DC7EDF41 deleted successfully.
ADS C:\ProgramData\Temp:5B4686D7 deleted successfully.
ADS C:\ProgramData\Temp:363E775E deleted successfully.
ADS C:\ProgramData\Temp:041ED421 deleted successfully.
ADS C:\ProgramData\Temp:F6A0889A deleted successfully.
ADS C:\ProgramData\Temp:AFC732F7 deleted successfully.
ADS C:\ProgramData\Temp:68A41423 deleted successfully.
ADS C:\ProgramData\Temp:8AED9359 deleted successfully.
ADS C:\ProgramData\Temp:384AA0FD deleted successfully.
ADS C:\ProgramData\Temp:2F8138B7 deleted successfully.
ADS C:\ProgramData\Temp:C370B84F deleted successfully.
ADS C:\ProgramData\Temp:3C4BD225 deleted successfully.
ADS C:\ProgramData\Temp:2E636DD9 deleted successfully.
ADS C:\ProgramData\Temp:65137F0D deleted successfully.
ADS C:\ProgramData\Temp:4CD3F344 deleted successfully.
ADS C:\ProgramData\Temp:BF6C81B2 deleted successfully.
ADS C:\ProgramData\Temp:96C9689F deleted successfully.
ADS C:\ProgramData\Temp:46CBC45C deleted successfully.
ADS C:\ProgramData\Temp:2B40A7DB deleted successfully.
ADS C:\ProgramData\Temp:1E5EC928 deleted successfully.
ADS C:\ProgramData\Temp:4EE95FE7 deleted successfully.
ADS C:\ProgramData\Temp:E6708F08 deleted successfully.
ADS C:\ProgramData\Temp:943971F5 deleted successfully.
ADS C:\ProgramData\Temp:00258EE7 deleted successfully.
ADS C:\ProgramData\Temp:553056F1 deleted successfully.
ADS C:\ProgramData\Temp:DA5888A7 deleted successfully.
ADS C:\ProgramData\Temp:26499772 deleted successfully.
ADS C:\ProgramData\Temp:57B2B96C deleted successfully.
ADS C:\ProgramData\Temp:1A5822A3 deleted successfully.
ADS C:\ProgramData\Temp:96AFAB10 deleted successfully.
ADS C:\ProgramData\Temp:EF4FB3C5 deleted successfully.
ADS C:\ProgramData\Temp:28DB0DC4 deleted successfully.
ADS C:\ProgramData\Temp:213AFE42 deleted successfully.
ADS C:\ProgramData\Temp:F44D3C53 deleted successfully.
ADS C:\ProgramData\Temp:27D1368B deleted successfully.
========== FILES ==========
File\Folder C:\Users\*\Downloads\SoftonicDownloader_fuer_g-force.exe not found.
File\Folder C:\Users\*\Downloads\Unlocker1.9.1-x64.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\*\Desktop\cmd.bat deleted successfully.
C:\Users\*\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: *
->Temp folder emptied: 1066 bytes
->Temporary Internet Files folder emptied: 382808 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3516 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.68.0 log created on 09252012_111609

Files\Folders moved on Reboot...
C:\Users\*\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULBJY33M\favicon[1].ico moved successfully.
C:\Users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7Y118F9I\shutdown[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 25.09.2012, 13:31

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Shizznut · 25.09.2012, 13:57

Code:

ATTFilter

14:42:26.0419 1328  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:42:26.0646 1328  ============================================================
14:42:26.0646 1328  Current date / time: 2012/09/25 14:42:26.0646
14:42:26.0646 1328  SystemInfo:
14:42:26.0646 1328  
14:42:26.0646 1328  OS Version: 6.1.7601 ServicePack: 1.0
14:42:26.0646 1328  Product type: Workstation
14:42:26.0646 1328  ComputerName: *
14:42:26.0647 1328  UserName: *
14:42:26.0647 1328  Windows directory: C:\Windows
14:42:26.0647 1328  System windows directory: C:\Windows
14:42:26.0647 1328  Running under WOW64
14:42:26.0647 1328  Processor architecture: Intel x64
14:42:26.0647 1328  Number of processors: 2
14:42:26.0647 1328  Page size: 0x1000
14:42:26.0647 1328  Boot type: Normal boot
14:42:26.0647 1328  ============================================================
14:42:29.0462 1328  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:42:29.0470 1328  ============================================================
14:42:29.0470 1328  \Device\Harddisk0\DR0:
14:42:29.0470 1328  MBR partitions:
14:42:29.0470 1328  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x22D1C408
14:42:29.0470 1328  ============================================================
14:42:29.0511 1328  C: <-> \Device\Harddisk0\DR0\Partition1
14:42:29.0511 1328  ============================================================
14:42:29.0511 1328  Initialize success
14:42:29.0511 1328  ============================================================
14:44:24.0190 1856  ============================================================
14:44:24.0190 1856  Scan started
14:44:24.0190 1856  Mode: Manual; SigCheck; TDLFS; 
14:44:24.0190 1856  ============================================================
14:44:24.0986 1856  ================ Scan system memory ========================
14:44:24.0986 1856  System memory - ok
14:44:24.0986 1856  ================ Scan services =============================
14:44:25.0126 1856  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:44:25.0204 1856  1394ohci - ok
14:44:25.0235 1856  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:44:25.0251 1856  ACPI - ok
14:44:25.0267 1856  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:44:25.0313 1856  AcpiPmi - ok
14:44:25.0423 1856  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:44:25.0438 1856  AdobeFlashPlayerUpdateSvc - ok
14:44:25.0485 1856  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:44:25.0516 1856  adp94xx - ok
14:44:25.0532 1856  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:44:25.0563 1856  adpahci - ok
14:44:25.0579 1856  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:44:25.0594 1856  adpu320 - ok
14:44:25.0641 1856  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:44:25.0703 1856  AeLookupSvc - ok
14:44:25.0735 1856  [ FB2BE0BAE9B3F248080CDBF91EF16C7F ] AFBAgent        C:\Windows\system32\FBAgent.exe
14:44:25.0766 1856  AFBAgent - ok
14:44:25.0797 1856  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:44:25.0859 1856  AFD - ok
14:44:25.0891 1856  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:44:25.0906 1856  agp440 - ok
14:44:25.0953 1856  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:44:26.0000 1856  ALG - ok
14:44:26.0015 1856  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:44:26.0031 1856  aliide - ok
14:44:26.0047 1856  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:44:26.0062 1856  amdide - ok
14:44:26.0109 1856  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:44:26.0140 1856  AmdK8 - ok
14:44:26.0156 1856  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:44:26.0203 1856  AmdPPM - ok
14:44:26.0249 1856  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:44:26.0265 1856  amdsata - ok
14:44:26.0312 1856  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:44:26.0327 1856  amdsbs - ok
14:44:26.0343 1856  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:44:26.0359 1856  amdxata - ok
14:44:26.0390 1856  [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
14:44:26.0421 1856  AmUStor - ok
14:44:26.0452 1856  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:44:26.0515 1856  AppID - ok
14:44:26.0546 1856  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:44:26.0593 1856  AppIDSvc - ok
14:44:26.0624 1856  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
14:44:26.0655 1856  Appinfo - ok
14:44:26.0686 1856  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:44:26.0702 1856  arc - ok
14:44:26.0717 1856  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:44:26.0733 1856  arcsas - ok
14:44:26.0811 1856  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
14:44:26.0827 1856  ASLDRService - ok
14:44:26.0842 1856  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
14:44:26.0858 1856  ASMMAP64 - ok
14:44:26.0889 1856  [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
14:44:26.0905 1856  aswFsBlk - ok
14:44:26.0936 1856  [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
14:44:26.0951 1856  aswMonFlt - ok
14:44:26.0951 1856  [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
14:44:26.0967 1856  aswRdr - ok
14:44:27.0014 1856  [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
14:44:27.0045 1856  aswSnx - ok
14:44:27.0076 1856  [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
14:44:27.0107 1856  aswSP - ok
14:44:27.0123 1856  [ C3EC420451AC5300A22190AE38418FBA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
14:44:27.0139 1856  aswTdi - ok
14:44:27.0154 1856  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:44:27.0217 1856  AsyncMac - ok
14:44:27.0248 1856  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:44:27.0263 1856  atapi - ok
14:44:27.0341 1856  [ A5E770426D18F8EF332A593F3289DA91 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
14:44:27.0482 1856  athr - ok
14:44:27.0497 1856  [ 63F1212FFE13E62CA1E8D8EE19ABD9A7 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
14:44:27.0513 1856  ATKGFNEXSrv - ok
14:44:27.0544 1856  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:44:27.0622 1856  AudioEndpointBuilder - ok
14:44:27.0638 1856  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:44:27.0685 1856  AudioSrv - ok
14:44:27.0747 1856  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:44:27.0763 1856  avast! Antivirus - ok
14:44:27.0794 1856  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:44:27.0841 1856  AxInstSV - ok
14:44:27.0887 1856  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:44:27.0903 1856  b06bdrv - ok
14:44:27.0934 1856  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:44:27.0981 1856  b57nd60a - ok
14:44:28.0012 1856  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:44:28.0043 1856  BDESVC - ok
14:44:28.0059 1856  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:44:28.0106 1856  Beep - ok
14:44:28.0153 1856  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:44:28.0231 1856  BFE - ok
14:44:28.0277 1856  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:44:28.0387 1856  BITS - ok
14:44:28.0402 1856  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:44:28.0449 1856  blbdrive - ok
14:44:28.0480 1856  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:44:28.0511 1856  bowser - ok
14:44:28.0543 1856  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:44:28.0574 1856  BrFiltLo - ok
14:44:28.0605 1856  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:44:28.0621 1856  BrFiltUp - ok
14:44:28.0652 1856  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:44:28.0683 1856  Browser - ok
14:44:28.0714 1856  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:44:28.0761 1856  Brserid - ok
14:44:28.0792 1856  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:44:28.0823 1856  BrSerWdm - ok
14:44:28.0855 1856  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:44:28.0901 1856  BrUsbMdm - ok
14:44:28.0933 1856  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:44:28.0979 1856  BrUsbSer - ok
14:44:28.0979 1856  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:44:29.0011 1856  BTHMODEM - ok
14:44:29.0042 1856  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:44:29.0104 1856  bthserv - ok
14:44:29.0120 1856  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:44:29.0167 1856  cdfs - ok
14:44:29.0198 1856  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
14:44:29.0229 1856  cdrom - ok
14:44:29.0260 1856  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:44:29.0338 1856  CertPropSvc - ok
14:44:29.0369 1856  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:44:29.0401 1856  circlass - ok
14:44:29.0447 1856  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:44:29.0463 1856  CLFS - ok
14:44:29.0510 1856  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:44:29.0525 1856  clr_optimization_v2.0.50727_32 - ok
14:44:29.0572 1856  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:44:29.0588 1856  clr_optimization_v2.0.50727_64 - ok
14:44:29.0635 1856  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:44:29.0650 1856  clr_optimization_v4.0.30319_32 - ok
14:44:29.0666 1856  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:44:29.0681 1856  clr_optimization_v4.0.30319_64 - ok
14:44:29.0697 1856  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:44:29.0728 1856  CmBatt - ok
14:44:29.0759 1856  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:44:29.0775 1856  cmdide - ok
14:44:29.0806 1856  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:44:29.0853 1856  CNG - ok
14:44:29.0853 1856  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:44:29.0869 1856  Compbatt - ok
14:44:29.0900 1856  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:44:29.0947 1856  CompositeBus - ok
14:44:29.0947 1856  COMSysApp - ok
14:44:29.0978 1856  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:44:29.0993 1856  crcdisk - ok
14:44:30.0025 1856  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:44:30.0040 1856  CryptSvc - ok
14:44:30.0071 1856  [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
14:44:30.0087 1856  dc3d - ok
14:44:30.0118 1856  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:44:30.0181 1856  DcomLaunch - ok
14:44:30.0227 1856  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:44:30.0290 1856  defragsvc - ok
14:44:30.0337 1856  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:44:30.0399 1856  DfsC - ok
14:44:30.0430 1856  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:44:30.0493 1856  Dhcp - ok
14:44:30.0524 1856  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:44:30.0602 1856  discache - ok
14:44:30.0617 1856  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:44:30.0649 1856  Disk - ok
14:44:30.0680 1856  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:44:30.0711 1856  Dnscache - ok
14:44:30.0758 1856  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:44:30.0805 1856  dot3svc - ok
14:44:30.0851 1856  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:44:30.0898 1856  DPS - ok
14:44:30.0929 1856  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:44:30.0961 1856  drmkaud - ok
14:44:31.0039 1856  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:44:31.0054 1856  DXGKrnl - ok
14:44:31.0101 1856  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:44:31.0148 1856  EapHost - ok
14:44:31.0241 1856  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:44:31.0351 1856  ebdrv - ok
14:44:31.0397 1856  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:44:31.0429 1856  EFS - ok
14:44:31.0507 1856  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:44:31.0569 1856  ehRecvr - ok
14:44:31.0585 1856  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:44:31.0631 1856  ehSched - ok
14:44:31.0678 1856  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:44:31.0709 1856  elxstor - ok
14:44:31.0741 1856  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:44:31.0772 1856  ErrDev - ok
14:44:31.0819 1856  [ 3C38648375B7F3988691F53A7AAE10A9 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
14:44:31.0850 1856  ETD - ok
14:44:31.0912 1856  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:44:31.0959 1856  EventSystem - ok
14:44:32.0006 1856  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:44:32.0084 1856  exfat - ok
14:44:32.0099 1856  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:44:32.0162 1856  fastfat - ok
14:44:32.0193 1856  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:44:32.0255 1856  Fax - ok
14:44:32.0302 1856  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:44:32.0349 1856  fdc - ok
14:44:32.0380 1856  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:44:32.0411 1856  fdPHost - ok
14:44:32.0427 1856  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:44:32.0489 1856  FDResPub - ok
14:44:32.0505 1856  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:44:32.0521 1856  FileInfo - ok
14:44:32.0536 1856  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:44:32.0599 1856  Filetrace - ok
14:44:32.0630 1856  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:44:32.0645 1856  flpydisk - ok
14:44:32.0692 1856  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:44:32.0723 1856  FltMgr - ok
14:44:32.0770 1856  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
14:44:32.0833 1856  FontCache - ok
14:44:32.0895 1856  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:44:32.0895 1856  FontCache3.0.0.0 - ok
14:44:32.0926 1856  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:44:32.0942 1856  FsDepends - ok
14:44:32.0989 1856  [ 5814011B2F6E088E29D689B5FCD49B8F ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
14:44:33.0004 1856  fssfltr - ok
14:44:33.0051 1856  [ F6717211C1EC2CDDAA81B97B0727C2E9 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:44:33.0067 1856  fsssvc - ok
14:44:33.0129 1856  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:44:33.0145 1856  Fs_Rec - ok
14:44:33.0207 1856  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:44:33.0238 1856  fvevol - ok
14:44:33.0269 1856  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:44:33.0285 1856  gagp30kx - ok
14:44:33.0347 1856  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:44:33.0550 1856  gpsvc - ok
14:44:33.0659 1856  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:44:33.0675 1856  gupdate - ok
14:44:33.0691 1856  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:44:33.0706 1856  gupdatem - ok
14:44:33.0737 1856  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:44:33.0753 1856  gusvc - ok
14:44:33.0769 1856  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:44:33.0800 1856  hcw85cir - ok
14:44:33.0847 1856  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:44:33.0893 1856  HdAudAddService - ok
14:44:33.0925 1856  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:44:33.0956 1856  HDAudBus - ok
14:44:33.0987 1856  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:44:34.0034 1856  HidBatt - ok
14:44:34.0049 1856  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:44:34.0081 1856  HidBth - ok
14:44:34.0112 1856  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:44:34.0143 1856  HidIr - ok
14:44:34.0174 1856  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
14:44:34.0221 1856  hidserv - ok
14:44:34.0252 1856  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:44:34.0283 1856  HidUsb - ok
14:44:34.0315 1856  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:44:34.0377 1856  hkmsvc - ok
14:44:34.0408 1856  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:44:34.0471 1856  HomeGroupListener - ok
14:44:34.0517 1856  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:44:34.0564 1856  HomeGroupProvider - ok
14:44:34.0627 1856  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:44:34.0658 1856  HpSAMD - ok
14:44:34.0689 1856  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:44:34.0767 1856  HTTP - ok
14:44:34.0798 1856  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:44:34.0814 1856  hwpolicy - ok
14:44:34.0845 1856  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:44:34.0861 1856  i8042prt - ok
14:44:34.0892 1856  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:44:34.0923 1856  iaStorV - ok
14:44:34.0985 1856  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:44:35.0032 1856  idsvc - ok
14:44:35.0063 1856  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:44:35.0095 1856  iirsp - ok
14:44:35.0188 1856  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:44:35.0297 1856  IKEEXT - ok
14:44:35.0485 1856  [ 181E4FF75674A7105ECD0A02C35EF43A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:44:35.0531 1856  IntcAzAudAddService - ok
14:44:35.0578 1856  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:44:35.0594 1856  intelide - ok
14:44:35.0625 1856  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:44:35.0656 1856  intelppm - ok
14:44:35.0687 1856  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:44:35.0734 1856  IPBusEnum - ok
14:44:35.0765 1856  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:44:35.0812 1856  IpFilterDriver - ok
14:44:35.0843 1856  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:44:35.0921 1856  iphlpsvc - ok
14:44:35.0953 1856  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:44:35.0984 1856  IPMIDRV - ok
14:44:36.0015 1856  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:44:36.0077 1856  IPNAT - ok
14:44:36.0109 1856  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:44:36.0140 1856  IRENUM - ok
14:44:36.0187 1856  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:44:36.0202 1856  isapnp - ok
14:44:36.0249 1856  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:44:36.0265 1856  iScsiPrt - ok
14:44:36.0296 1856  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:44:36.0311 1856  kbdclass - ok
14:44:36.0343 1856  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:44:36.0374 1856  kbdhid - ok
14:44:36.0405 1856  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
14:44:36.0421 1856  kbfiltr - ok
14:44:36.0436 1856  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:44:36.0452 1856  KeyIso - ok
14:44:36.0499 1856  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:44:36.0530 1856  KSecDD - ok
14:44:36.0561 1856  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:44:36.0577 1856  KSecPkg - ok
14:44:36.0608 1856  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:44:36.0655 1856  ksthunk - ok
14:44:36.0748 1856  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:44:36.0811 1856  KtmRm - ok
14:44:36.0857 1856  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:44:36.0951 1856  LanmanServer - ok
14:44:36.0967 1856  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:44:37.0029 1856  LanmanWorkstation - ok
14:44:37.0060 1856  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:44:37.0123 1856  lltdio - ok
14:44:37.0185 1856  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:44:37.0247 1856  lltdsvc - ok
14:44:37.0263 1856  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:44:37.0325 1856  lmhosts - ok
14:44:37.0372 1856  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:44:37.0388 1856  LSI_FC - ok
14:44:37.0419 1856  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:44:37.0435 1856  LSI_SAS - ok
14:44:37.0450 1856  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:44:37.0466 1856  LSI_SAS2 - ok
14:44:37.0481 1856  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:44:37.0513 1856  LSI_SCSI - ok
14:44:37.0528 1856  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:44:37.0591 1856  luafv - ok
14:44:37.0622 1856  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:44:37.0637 1856  Mcx2Svc - ok
14:44:37.0653 1856  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:44:37.0669 1856  megasas - ok
14:44:37.0684 1856  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:44:37.0715 1856  MegaSR - ok
14:44:37.0747 1856  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:44:37.0809 1856  MMCSS - ok
14:44:37.0840 1856  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:44:37.0903 1856  Modem - ok
14:44:37.0918 1856  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:44:37.0965 1856  monitor - ok
14:44:37.0996 1856  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:44:38.0012 1856  mouclass - ok
14:44:38.0027 1856  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:44:38.0059 1856  mouhid - ok
14:44:38.0090 1856  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:44:38.0105 1856  mountmgr - ok
14:44:38.0137 1856  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:44:38.0152 1856  MozillaMaintenance - ok
14:44:38.0183 1856  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:44:38.0215 1856  mpio - ok
14:44:38.0230 1856  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:44:38.0277 1856  mpsdrv - ok
14:44:38.0324 1856  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:44:38.0402 1856  MpsSvc - ok
14:44:38.0464 1856  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:44:38.0511 1856  MRxDAV - ok
14:44:38.0558 1856  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:44:38.0573 1856  mrxsmb - ok
14:44:38.0589 1856  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:44:38.0636 1856  mrxsmb10 - ok
14:44:38.0667 1856  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:44:38.0714 1856  mrxsmb20 - ok
14:44:38.0745 1856  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:44:38.0761 1856  msahci - ok
14:44:38.0776 1856  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:44:38.0792 1856  msdsm - ok
14:44:38.0807 1856  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:44:38.0870 1856  MSDTC - ok
14:44:38.0932 1856  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:44:38.0979 1856  Msfs - ok
14:44:39.0010 1856  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:44:39.0057 1856  mshidkmdf - ok
14:44:39.0088 1856  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:44:39.0104 1856  msisadrv - ok
14:44:39.0135 1856  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:44:39.0182 1856  MSiSCSI - ok
14:44:39.0182 1856  msiserver - ok
14:44:39.0213 1856  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:44:39.0260 1856  MSKSSRV - ok
14:44:39.0275 1856  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:44:39.0322 1856  MSPCLOCK - ok
14:44:39.0353 1856  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:44:39.0416 1856  MSPQM - ok
14:44:39.0447 1856  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:44:39.0478 1856  MsRPC - ok
14:44:39.0525 1856  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:44:39.0541 1856  mssmbios - ok
14:44:39.0556 1856  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:44:39.0619 1856  MSTEE - ok
14:44:39.0634 1856  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:44:39.0681 1856  MTConfig - ok
14:44:39.0712 1856  [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
14:44:39.0728 1856  MTsensor - ok
14:44:39.0743 1856  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:44:39.0759 1856  Mup - ok
14:44:39.0806 1856  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:44:39.0868 1856  napagent - ok
14:44:39.0946 1856  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:44:40.0024 1856  NativeWifiP - ok
14:44:40.0071 1856  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:44:40.0133 1856  NDIS - ok
14:44:40.0149 1856  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:44:40.0196 1856  NdisCap - ok
14:44:40.0227 1856  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:44:40.0289 1856  NdisTapi - ok
14:44:40.0321 1856  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:44:40.0383 1856  Ndisuio - ok
14:44:40.0414 1856  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:44:40.0477 1856  NdisWan - ok
14:44:40.0508 1856  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:44:40.0539 1856  NDProxy - ok
14:44:40.0586 1856  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:44:40.0648 1856  NetBIOS - ok
14:44:40.0679 1856  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:44:40.0742 1856  NetBT - ok
14:44:40.0773 1856  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:44:40.0789 1856  Netlogon - ok
14:44:40.0820 1856  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:44:40.0898 1856  Netman - ok
14:44:40.0945 1856  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:44:41.0007 1856  netprofm - ok
14:44:41.0054 1856  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:44:41.0069 1856  NetTcpPortSharing - ok
14:44:41.0101 1856  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:44:41.0116 1856  nfrd960 - ok
14:44:41.0147 1856  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:44:41.0225 1856  NlaSvc - ok
14:44:41.0257 1856  [ 903681BAB213D5F84717C0FC42AFB28A ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
14:44:41.0319 1856  nmwcd - ok
14:44:41.0335 1856  [ EC4C5EBD003E0395BF4EA5A2EFD13CE6 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
14:44:41.0381 1856  nmwcdc - ok
14:44:41.0413 1856  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:44:41.0459 1856  Npfs - ok
14:44:41.0491 1856  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:44:41.0537 1856  nsi - ok
14:44:41.0569 1856  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:44:41.0631 1856  nsiproxy - ok
14:44:41.0693 1856  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:44:41.0771 1856  Ntfs - ok
14:44:41.0803 1856  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:44:41.0849 1856  Null - ok
14:44:41.0881 1856  [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
14:44:41.0896 1856  NVHDA - ok
14:44:42.0645 1856  [ BC2D2480F58C3BC7F03C1E36A8AD4BF9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:44:42.0832 1856  nvlddmkm - ok
14:44:42.0879 1856  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:44:42.0895 1856  nvraid - ok
14:44:42.0926 1856  [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
14:44:42.0941 1856  nvsmu - ok
14:44:42.0973 1856  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:44:43.0004 1856  nvstor - ok
14:44:43.0035 1856  [ B253BB1ADEB4004FDB1B640750EB2B4E ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
14:44:43.0051 1856  nvstor64 - ok
14:44:43.0129 1856  [ D900EEE33EDF655872CBA55ADAE0201A ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:44:43.0160 1856  nvsvc - ok
14:44:43.0191 1856  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:44:43.0207 1856  nv_agp - ok
14:44:43.0238 1856  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:44:43.0253 1856  ohci1394 - ok
14:44:43.0285 1856  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:44:43.0331 1856  p2pimsvc - ok
14:44:43.0378 1856  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:44:43.0409 1856  p2psvc - ok
14:44:43.0456 1856  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:44:43.0487 1856  Parport - ok
14:44:43.0519 1856  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:44:43.0550 1856  partmgr - ok
14:44:43.0581 1856  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:44:43.0612 1856  PcaSvc - ok
14:44:43.0690 1856  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:44:43.0721 1856  pci - ok
14:44:43.0721 1856  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:44:43.0737 1856  pciide - ok
14:44:43.0768 1856  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:44:43.0784 1856  pcmcia - ok
14:44:43.0799 1856  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:44:43.0831 1856  pcw - ok
14:44:43.0877 1856  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:44:43.0940 1856  PEAUTH - ok
14:44:44.0345 1856  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:44:44.0392 1856  PerfHost - ok
14:44:44.0501 1856  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:44:44.0579 1856  pla - ok
14:44:44.0657 1856  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:44:44.0689 1856  PlugPlay - ok
14:44:44.0704 1856  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:44:44.0751 1856  PNRPAutoReg - ok
14:44:44.0782 1856  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:44:44.0798 1856  PNRPsvc - ok
14:44:44.0813 1856  [ 32D374C60778253B81FA76C2FE19E155 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
14:44:44.0829 1856  Point64 - ok
14:44:44.0860 1856  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:44:44.0923 1856  PolicyAgent - ok
14:44:44.0954 1856  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:44:45.0016 1856  Power - ok
14:44:45.0047 1856  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:44:45.0110 1856  PptpMiniport - ok
14:44:45.0141 1856  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:44:45.0188 1856  Processor - ok
14:44:45.0219 1856  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:44:45.0250 1856  ProfSvc - ok
14:44:45.0266 1856  Prot6Flt - ok
14:44:45.0281 1856  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:44:45.0297 1856  ProtectedStorage - ok
14:44:45.0344 1856  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:44:45.0391 1856  Psched - ok
14:44:45.0453 1856  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:44:45.0515 1856  ql2300 - ok
14:44:45.0578 1856  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:44:45.0593 1856  ql40xx - ok
14:44:45.0625 1856  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:44:45.0656 1856  QWAVE - ok
14:44:45.0671 1856  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:44:45.0703 1856  QWAVEdrv - ok
14:44:45.0718 1856  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:44:45.0796 1856  RasAcd - ok
14:44:45.0843 1856  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:44:45.0890 1856  RasAgileVpn - ok
14:44:45.0937 1856  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:44:45.0999 1856  RasAuto - ok
14:44:46.0046 1856  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:44:46.0108 1856  Rasl2tp - ok
14:44:46.0139 1856  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:44:46.0202 1856  RasMan - ok
14:44:46.0217 1856  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:44:46.0280 1856  RasPppoe - ok
14:44:46.0342 1856  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:44:46.0389 1856  RasSstp - ok
14:44:46.0405 1856  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:44:46.0467 1856  rdbss - ok
14:44:46.0498 1856  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:44:46.0545 1856  rdpbus - ok
14:44:46.0576 1856  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:44:46.0639 1856  RDPCDD - ok
14:44:46.0654 1856  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:44:46.0717 1856  RDPENCDD - ok
14:44:46.0748 1856  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:44:46.0810 1856  RDPREFMP - ok
14:44:46.0841 1856  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:44:46.0951 1856  RDPWD - ok
14:44:46.0997 1856  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:44:47.0013 1856  rdyboost - ok
14:44:47.0060 1856  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:44:47.0138 1856  RemoteAccess - ok
14:44:47.0185 1856  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:44:47.0247 1856  RemoteRegistry - ok
14:44:47.0294 1856  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:44:47.0356 1856  RpcEptMapper - ok
14:44:47.0387 1856  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:44:47.0419 1856  RpcLocator - ok
14:44:47.0481 1856  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:44:47.0528 1856  RpcSs - ok
14:44:47.0559 1856  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:44:47.0637 1856  rspndr - ok
14:44:47.0715 1856  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:44:47.0731 1856  RTL8167 - ok
14:44:47.0762 1856  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:44:47.0793 1856  SamSs - ok
14:44:47.0855 1856  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:44:47.0871 1856  sbp2port - ok
14:44:47.0996 1856  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
14:44:48.0027 1856  SBSDWSCService - ok
14:44:48.0089 1856  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:44:48.0167 1856  SCardSvr - ok
14:44:48.0199 1856  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:44:48.0261 1856  scfilter - ok
14:44:48.0448 1856  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:44:48.0557 1856  Schedule - ok
14:44:48.0604 1856  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:44:48.0635 1856  SCPolicySvc - ok
14:44:48.0682 1856  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:44:48.0869 1856  SDRSVC - ok
14:44:48.0901 1856  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:44:48.0947 1856  secdrv - ok
14:44:48.0979 1856  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:44:49.0041 1856  seclogon - ok
14:44:49.0197 1856  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
14:44:49.0275 1856  SENS - ok
14:44:49.0306 1856  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:44:49.0353 1856  SensrSvc - ok
14:44:49.0384 1856  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:44:49.0431 1856  Serenum - ok
14:44:49.0462 1856  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:44:49.0493 1856  Serial - ok
14:44:49.0525 1856  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:44:49.0556 1856  sermouse - ok
14:44:49.0603 1856  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:44:49.0665 1856  SessionEnv - ok
14:44:49.0696 1856  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:44:49.0712 1856  sffdisk - ok
14:44:49.0743 1856  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:44:49.0774 1856  sffp_mmc - ok
14:44:49.0790 1856  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:44:49.0821 1856  sffp_sd - ok
14:44:49.0852 1856  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:44:49.0883 1856  sfloppy - ok
14:44:49.0946 1856  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:44:50.0039 1856  SharedAccess - ok
14:44:50.0102 1856  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:44:50.0195 1856  ShellHWDetection - ok
14:44:50.0242 1856  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
14:44:50.0258 1856  SiSGbeLH - ok
14:44:50.0289 1856  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:44:50.0305 1856  SiSRaid2 - ok
14:44:50.0320 1856  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:44:50.0383 1856  SiSRaid4 - ok
14:44:50.0429 1856  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:44:50.0445 1856  SkypeUpdate - ok
14:44:50.0492 1856  [ 544788D536087DAF32B846F10D8392F5 ] SLEE_17_DRIVER  C:\Windows\Sleen1764.sys
14:44:50.0507 1856  SLEE_17_DRIVER - ok
14:44:50.0523 1856  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:44:50.0632 1856  Smb - ok
14:44:50.0663 1856  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:44:50.0695 1856  SNMPTRAP - ok
14:44:50.0726 1856  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:44:50.0741 1856  spldr - ok
14:44:50.0819 1856  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:44:50.0882 1856  Spooler - ok
14:44:51.0069 1856  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:44:51.0225 1856  sppsvc - ok
14:44:51.0272 1856  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:44:51.0334 1856  sppuinotify - ok
14:44:51.0506 1856  [ D8816DED1AB7979400A1940C8A1FC020 ] SPUVCbv         C:\Windows\system32\Drivers\SPUVCbv_x64.sys
14:44:51.0584 1856  SPUVCbv - ok
14:44:51.0724 1856  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:44:51.0787 1856  srv - ok
14:44:51.0849 1856  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:44:51.0896 1856  srv2 - ok
14:44:51.0927 1856  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:44:51.0989 1856  srvnet - ok
14:44:52.0052 1856  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:44:52.0099 1856  SSDPSRV - ok
14:44:52.0130 1856  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:44:52.0192 1856  SstpSvc - ok
14:44:52.0223 1856  [ E55F8D27EB014B31073F2F60270B6B3E ] Stereo Service  C:\Windows\SysWOW64\nvSCPAPISvr.exe
14:44:52.0239 1856  Stereo Service - ok
14:44:52.0270 1856  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:44:52.0286 1856  stexstor - ok
14:44:52.0317 1856  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:44:52.0364 1856  stisvc - ok
14:44:52.0395 1856  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:44:52.0411 1856  swenum - ok
14:44:52.0457 1856  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:44:52.0504 1856  swprv - ok
14:44:52.0567 1856  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:44:52.0660 1856  SysMain - ok
14:44:52.0691 1856  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:44:52.0738 1856  TabletInputService - ok
14:44:52.0801 1856  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:44:52.0879 1856  TapiSrv - ok
14:44:52.0910 1856  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:44:52.0957 1856  TBS - ok
14:44:53.0378 1856  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:44:53.0471 1856  Tcpip - ok
14:44:53.0534 1856  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:44:53.0581 1856  TCPIP6 - ok
14:44:53.0643 1856  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:44:53.0690 1856  tcpipreg - ok
14:44:53.0737 1856  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:44:53.0783 1856  TDPIPE - ok
14:44:53.0815 1856  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:44:53.0830 1856  TDTCP - ok
14:44:53.0861 1856  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:44:53.0924 1856  tdx - ok
14:44:54.0095 1856  [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:44:54.0158 1856  TeamViewer7 - ok
14:44:54.0173 1856  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:44:54.0189 1856  TermDD - ok
14:44:54.0298 1856  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:44:54.0361 1856  TermService - ok
14:44:54.0376 1856  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:44:54.0423 1856  Themes - ok
14:44:54.0439 1856  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:44:54.0485 1856  THREADORDER - ok
14:44:54.0517 1856  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:44:54.0579 1856  TrkWks - ok
14:44:54.0673 1856  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:44:54.0719 1856  TrustedInstaller - ok
14:44:54.0782 1856  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:54.0844 1856  tssecsrv - ok
14:44:54.0891 1856  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:44:54.0938 1856  TsUsbFlt - ok
14:44:55.0187 1856  [ C7935E1E4025CDD62F9806CAEEF86086 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
14:44:55.0265 1856  TuneUp.UtilitiesSvc - ok
14:44:55.0297 1856  [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
14:44:55.0312 1856  TuneUpUtilitiesDrv - ok
14:44:55.0343 1856  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:44:55.0406 1856  tunnel - ok
14:44:55.0453 1856  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:44:55.0468 1856  uagp35 - ok
14:44:55.0562 1856  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:44:55.0640 1856  udfs - ok
14:44:55.0687 1856  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:44:55.0702 1856  UI0Detect - ok
14:44:55.0733 1856  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:44:55.0749 1856  uliagpkx - ok
14:44:55.0765 1856  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:44:55.0796 1856  umbus - ok
14:44:55.0858 1856  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:44:55.0889 1856  UmPass - ok
14:44:55.0952 1856  [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
14:44:55.0952 1856  UnlockerDriver5 - ok
14:44:55.0999 1856  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:44:56.0061 1856  upnphost - ok
14:44:56.0092 1856  [ 7168819F30FE9622284EA19BDE7F8AB4 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
14:44:56.0139 1856  upperdev - ok
14:44:56.0186 1856  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:56.0201 1856  usbccgp - ok
14:44:56.0233 1856  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:44:56.0264 1856  usbcir - ok
14:44:56.0295 1856  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:44:56.0326 1856  usbehci - ok
14:44:56.0420 1856  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:44:56.0482 1856  usbhub - ok
14:44:56.0498 1856  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:44:56.0545 1856  usbohci - ok
14:44:56.0576 1856  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:44:56.0607 1856  usbprint - ok
14:44:56.0638 1856  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
14:44:56.0669 1856  usbser - ok
14:44:56.0685 1856  [ 66C25CB20B2974E0C0CFDAB49FB72A02 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
14:44:56.0716 1856  UsbserFilt - ok
14:44:56.0763 1856  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:56.0794 1856  USBSTOR - ok
14:44:56.0810 1856  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:44:56.0841 1856  usbuhci - ok
14:44:56.0888 1856  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:44:56.0935 1856  usbvideo - ok
14:44:56.0966 1856  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:44:57.0028 1856  UxSms - ok
14:44:57.0059 1856  [ C4D7F592412AAED72E35614F4C0948C3 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
14:44:57.0075 1856  UxTuneUp - ok
14:44:57.0091 1856  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:44:57.0106 1856  VaultSvc - ok
14:44:57.0137 1856  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:44:57.0153 1856  vdrvroot - ok
14:44:57.0247 1856  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:44:57.0340 1856  vds - ok
14:44:57.0387 1856  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:57.0403 1856  vga - ok
14:44:57.0418 1856  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:44:57.0481 1856  VgaSave - ok
14:44:57.0527 1856  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:44:57.0559 1856  vhdmp - ok
14:44:57.0590 1856  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:44:57.0605 1856  viaide - ok
14:44:57.0621 1856  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:44:57.0637 1856  volmgr - ok
14:44:57.0668 1856  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:44:57.0699 1856  volmgrx - ok
14:44:57.0715 1856  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:44:57.0761 1856  volsnap - ok
14:44:57.0793 1856  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:44:57.0824 1856  vsmraid - ok
14:44:57.0964 1856  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:44:58.0089 1856  VSS - ok
14:44:58.0105 1856  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:44:58.0136 1856  vwifibus - ok
14:44:58.0151 1856  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:44:58.0183 1856  vwififlt - ok
14:44:58.0198 1856  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:44:58.0229 1856  vwifimp - ok
14:44:58.0276 1856  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:44:58.0323 1856  W32Time - ok
14:44:58.0354 1856  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:44:58.0385 1856  WacomPen - ok
14:44:58.0448 1856  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:44:58.0495 1856  WANARP - ok
14:44:58.0510 1856  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:44:58.0557 1856  Wanarpv6 - ok
14:44:58.0729 1856  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:44:58.0838 1856  wbengine - ok
14:44:58.0885 1856  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:44:58.0931 1856  WbioSrvc - ok
14:44:58.0978 1856  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:44:59.0009 1856  wcncsvc - ok
14:44:59.0025 1856  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:44:59.0072 1856  WcsPlugInService - ok
14:44:59.0134 1856  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:44:59.0150 1856  Wd - ok
14:44:59.0181 1856  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:44:59.0212 1856  Wdf01000 - ok
14:44:59.0228 1856  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:44:59.0259 1856  WdiServiceHost - ok
14:44:59.0275 1856  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:44:59.0290 1856  WdiSystemHost - ok
14:44:59.0321 1856  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:44:59.0353 1856  WebClient - ok
14:44:59.0384 1856  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:44:59.0446 1856  Wecsvc - ok
14:44:59.0462 1856  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:44:59.0524 1856  wercplsupport - ok
14:44:59.0555 1856  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:44:59.0618 1856  WerSvc - ok
14:44:59.0649 1856  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:44:59.0696 1856  WfpLwf - ok
14:44:59.0727 1856  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
14:44:59.0743 1856  WimFltr - ok
14:44:59.0758 1856  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:44:59.0789 1856  WIMMount - ok
14:44:59.0821 1856  WinDefend - ok
14:44:59.0821 1856  WinHttpAutoProxySvc - ok
14:44:59.0992 1856  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:45:00.0023 1856  Winmgmt - ok
14:45:00.0133 1856  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:45:00.0242 1856  WinRM - ok
14:45:00.0257 1856  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:45:00.0289 1856  WinUsb - ok
14:45:00.0351 1856  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:45:00.0398 1856  Wlansvc - ok
14:45:00.0429 1856  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:45:00.0476 1856  WmiAcpi - ok
14:45:00.0507 1856  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:45:00.0538 1856  wmiApSrv - ok
14:45:00.0569 1856  WMPNetworkSvc - ok
14:45:00.0601 1856  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:45:00.0647 1856  WPCSvc - ok
14:45:00.0694 1856  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:45:00.0710 1856  WPDBusEnum - ok
14:45:00.0741 1856  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:45:00.0788 1856  ws2ifsl - ok
14:45:00.0819 1856  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
14:45:00.0866 1856  wscsvc - ok
14:45:00.0866 1856  WSearch - ok
14:45:00.0944 1856  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:45:01.0022 1856  wuauserv - ok
14:45:01.0053 1856  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:45:01.0084 1856  WudfPf - ok
14:45:01.0131 1856  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:45:01.0162 1856  WUDFRd - ok
14:45:01.0209 1856  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:45:01.0256 1856  wudfsvc - ok
14:45:01.0287 1856  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:45:01.0349 1856  WwanSvc - ok
14:45:01.0349 1856  ================ Scan global ===============================
14:45:01.0427 1856  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:45:01.0474 1856  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:45:01.0490 1856  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:45:01.0521 1856  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:45:01.0537 1856  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:45:01.0552 1856  [Global] - ok
14:45:01.0552 1856  ================ Scan MBR ==================================
14:45:01.0568 1856  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:45:04.0142 1856  \Device\Harddisk0\DR0 - ok
14:45:04.0142 1856  ================ Scan VBR ==================================
14:45:04.0157 1856  [ 40B751FEAB62595B8C7EB16516D91B38 ] \Device\Harddisk0\DR0\Partition1
14:45:04.0173 1856  \Device\Harddisk0\DR0\Partition1 - ok
14:45:04.0173 1856  ============================================================
14:45:04.0173 1856  Scan finished
14:45:04.0173 1856  ============================================================
14:45:04.0189 2488  Detected object count: 0
14:45:04.0189 2488  Actual detected object count: 0
14:53:12.0527 1008  Deinitialize success

cosinus · 25.09.2012, 15:05

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Shizznut · 25.09.2012, 16:34

Code:

ATTFilter

ComboFix 12-09-24.03 - * 25.09.2012  16:33:42.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2794 [GMT 2:00]
ausgeführt von:: c:\users\*\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ASUS
c:\programdata\ASUS\LifeFrame\config0.cfg
c:\programdata\ASUS\LifeFrame\config1.cfg
c:\programdata\ASUS\LifeFrame\config2.cfg
c:\programdata\ASUS\LifeFrame\config3.cfg
c:\programdata\ASUS\LifeFrame\config4.cfg
c:\programdata\ASUS\LifeFrame\config5.cfg
c:\programdata\ASUS\LifeFrame\tmp0.img
c:\programdata\ASUS\LifeFrame\tmp1.img
c:\programdata\ASUS\LifeFrame\tmp2.img
c:\programdata\ASUS\LifeFrame\tmp3.img
c:\programdata\ASUS\LifeFrame\tmp4.img
c:\programdata\ASUS\LifeFrame\tmp5.img
c:\programdata\FullRemove.exe
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-25 bis 2012-09-25  ))))))))))))))))))))))))))))))
.
.
2012-09-25 08:50 . 2012-09-25 08:50	--------	d-----w-	c:\program files (x86)\TeamViewer
2012-09-25 08:47 . 2012-09-18 22:58	9308616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A7B955F-B9E7-465D-9E11-4D5E4F3DF2DE}\mpengine.dll
2012-09-23 06:46 . 2012-09-23 06:46	--------	d-----w-	c:\users\*\AppData\Roaming\iWin
2012-09-23 06:46 . 2012-09-23 06:46	--------	d-----w-	c:\programdata\iWin
2012-09-23 06:41 . 2012-09-23 06:42	--------	d-----w-	c:\program files (x86)\Jewel Quest Mysteries - Das Orakel von Ur
2012-09-19 13:51 . 2012-09-19 13:51	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-09-19 13:51 . 2012-09-19 13:51	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-18 06:35 . 2012-08-21 09:13	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-09-18 06:35 . 2012-08-21 09:13	359464	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-09-18 06:34 . 2012-08-21 09:13	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-09-18 06:34 . 2012-08-21 09:13	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-09-18 06:34 . 2012-08-21 09:13	969200	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-09-18 06:34 . 2012-08-21 09:13	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-09-18 06:34 . 2012-08-21 09:12	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-09-18 06:34 . 2012-08-21 09:12	41224	----a-w-	c:\windows\avastSS.scr
2012-09-18 06:34 . 2012-08-21 09:12	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-09-18 06:34 . 2012-09-18 06:34	--------	d-----w-	c:\programdata\AVAST Software
2012-09-18 06:34 . 2012-09-18 06:34	--------	d-----w-	c:\program files\AVAST Software
2012-09-17 13:47 . 2012-09-17 13:47	--------	d-----w-	c:\program files (x86)\ESET
2012-09-17 10:41 . 2012-09-17 10:41	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-17 10:41 . 2012-09-07 15:04	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-17 10:17 . 2012-09-17 10:17	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-09-17 10:06 . 2012-09-17 10:11	16200	----a-w-	c:\windows\stinger.sys
2012-09-17 09:07 . 2012-09-17 09:08	--------	d-----w-	c:\program files\WinRAR
2012-09-12 06:38 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 06:38 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 06:38 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-12 06:38 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-12 06:38 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 06:38 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 06:38 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 17:44 . 2012-09-11 17:44	--------	d-----w-	c:\users\*\AppData\Roaming\Mad Head Games
2012-09-11 09:02 . 2012-09-11 09:02	--------	d-----w-	c:\program files (x86)\Rite of Passage - Die perfekte Show Sammleredition
2012-09-09 14:38 . 2012-09-09 14:39	--------	d-----w-	c:\program files (x86)\Royal Detective - Herr der Statuen Sammleredition
2012-09-02 11:26 . 2012-09-02 11:26	--------	d-----w-	c:\programdata\Panda Software
2012-09-01 15:50 . 2012-09-01 15:50	--------	d-----w-	c:\windows\FltMgr
2012-09-01 15:45 . 2012-09-01 15:45	--------	d-----w-	c:\programdata\Backup
2012-09-01 15:44 . 2010-06-21 15:01	839488	----a-w-	c:\windows\system32\PavSHook64.dll
2012-09-01 15:44 . 2010-06-21 15:01	546624	----a-w-	c:\windows\SysWow64\PavSHookWow.dll
2012-09-01 15:44 . 2010-06-21 15:01	87872	----a-w-	c:\windows\SysWow64\PavLspHookWow.dll
2012-09-01 15:44 . 2010-06-21 15:01	114496	----a-w-	c:\windows\system32\PavLspHook64.dll
2012-09-01 15:44 . 2009-08-10 11:46	25344	----a-w-	c:\windows\SysWow64\sysHelper32.dll
2012-09-01 15:44 . 2009-08-10 11:46	25344	----a-w-	c:\windows\system32\sysHelper64.dll
2012-09-01 15:44 . 2012-09-17 16:15	--------	d-----w-	c:\programdata\Panda Security
2012-09-01 15:44 . 2010-09-01 09:09	216648	----a-w-	c:\windows\system32\drivers\n64i1644.sys
2012-09-01 15:44 . 2012-09-01 15:44	--------	d-----w-	c:\program files (x86)\Common Files\Panda Security
2012-08-31 15:41 . 2012-08-31 15:41	289768	----a-w-	c:\windows\system32\javaws.exe
2012-08-31 15:41 . 2012-08-31 15:41	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-31 15:41 . 2012-08-31 15:41	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-08-31 15:41 . 2012-08-31 15:41	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-08-31 15:41 . 2012-08-31 15:41	189416	----a-w-	c:\windows\system32\javaw.exe
2012-08-31 15:41 . 2012-08-31 15:41	188904	----a-w-	c:\windows\system32\java.exe
2012-08-31 15:41 . 2012-08-31 15:41	--------	d-----w-	c:\program files\Java
2012-08-31 15:18 . 2012-09-19 13:50	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-08-31 15:17 . 2012-09-19 13:50	--------	d-----w-	c:\program files (x86)\Java
2012-08-31 15:10 . 2012-08-25 02:00	266720	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-08-31 15:10 . 2012-08-25 01:58	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-31 14:21 . 2012-08-31 14:21	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-08-31 14:21 . 2012-08-31 14:21	--------	d-----r-	c:\program files (x86)\Skype
2012-08-31 13:39 . 2012-08-31 13:39	--------	d-----w-	c:\users\*\AppData\Roaming\Malwarebytes
2012-08-31 13:39 . 2012-08-31 13:39	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-31 13:18 . 2012-08-31 13:18	--------	d-----w-	C:\_OTL
2012-08-31 10:48 . 2012-08-31 13:20	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-08-31 10:42 . 2012-08-31 10:42	--------	d-----w-	c:\programdata\Norton
2012-08-31 10:42 . 2012-08-31 17:28	--------	d-----w-	c:\users\*\AppData\Local\NPE
2012-08-31 10:24 . 2012-09-25 08:53	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-08-31 10:24 . 2012-09-24 13:22	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-08-30 09:54 . 2012-08-31 09:32	--------	d-----w-	c:\program files (x86)\Ewige Reise - Das neue Atlantis Sammleredition
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-19 13:50 . 2011-09-10 15:31	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-12 17:26 . 2011-09-09 17:39	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-08-31 15:50 . 2012-04-08 06:06	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-31 15:50 . 2011-09-25 06:17	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:15 . 2012-08-15 05:28	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 05:28	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 05:28	59392	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 05:28	136704	----a-w-	c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 05:28	41984	----a-w-	c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATKMEDIA"=c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 250568]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 135664]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 114144]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\Sleen1764.sys [2010-02-17 13:21 108256]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe [2009-12-11 239208]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-11 2118976]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2010-01-31 2495944]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 15:50]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 20:38]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 20:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.msn.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\x7v2uwab.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-25  17:03:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-25 15:03
.
Vor Suchlauf: 10 Verzeichnis(se), 225.631.109.120 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 225.537.859.584 Bytes frei
.
- - End Of File - - 4879A24242586EC46775D7F3BCBA6740

cosinus · 25.09.2012, 19:24

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Shizznut · 26.09.2012, 13:41

Hi Cosinus,
Gmer, Osam und aswMBR habe ich gemacht.
Bei GMER ist es halt nur so, dass nur Services, Registry und Files markiert waren. Die restlichen gingen auch gar nicht. Trotzdem nen Scan gemacht. Es wurde nichts gefunden und ich konnte auch nichts in die Zwischenablage kopieren. Also von GMER habe ich also keine Log. Soll ich es im abgesicherten Modus ausführen? Bringt das was?
Hier die Osam-Log und aswMBR.txt.

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:05:36 on 25.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Google Inc. Google Chrome 21.0.1180.89

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP64" (ASMMAP64) - "*" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"Microsoft Mouse and Keyboard Center Filter Driver" (Point64) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\point64.sys
"nvsmu" (nvsmu) - "NVIDIA Corporation" - C:\Windows\System32\DRIVERS\nvsmu.sys
"Prot6Flt" (Prot6Flt) - ? - C:\Windows\System32\DRIVERS\Prot6Flt.sys  (File not found)
"Steganos Live Encryption Engine 17 [Driver]" (SLEE_17_DRIVER) - "Softwareentwicklung Remus - ArchiCrypt - " - C:\Windows\Sleen1764.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-win32.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
ITBar7Height64 "ITBar7Height64" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout64" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} "Windows Live Family Safety Browser Helper Class" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"AFBAgent" (AFBAgent) - "ASUSTeK Computer Inc." - C:\Windows\system32\FBAgent.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Windows\SysWOW64\nvSCPAPISvr.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
"Windows Live Family Safety" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-26 14:15:39
-----------------------------
14:15:39.555    OS Version: Windows x64 6.1.7601 Service Pack 1
14:15:39.555    Number of processors: 2 586 0x170A
14:15:39.555    ComputerName:      UserName:  
14:15:41.037    Initialize success
14:15:41.146    AVAST engine defs: 12092600
14:16:09.678    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
14:16:09.678    Disk 0 Vendor: ST932032 0003 Size: 305245MB BusType: 11
14:16:09.756    Disk 0 MBR read successfully
14:16:09.756    Disk 0 MBR scan
14:16:09.756    Disk 0 Windows 7 default MBR code
14:16:09.772    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       285240 MB offset 40965750
14:16:09.772    Disk 0 scanning C:\Windows\system32\drivers
14:16:18.414    Service scanning
14:16:35.325    Modules scanning
14:16:35.325    Disk 0 trace - called modules:
14:16:35.387    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 
14:16:35.403    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80041fd450]
14:16:35.403    3 CLASSPNP.SYS[fffff880013b043f] -> nt!IofCallDriver -> [0xfffffa80040707a0]
14:16:35.403    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa8004070060]
14:16:36.401    AVAST engine scan C:\Windows
14:16:39.240    AVAST engine scan C:\Windows\system32
14:19:12.760    AVAST engine scan C:\Windows\system32\drivers
14:19:24.834    AVAST engine scan C:\Users\ 
14:22:01.536    AVAST engine scan C:\ProgramData
14:22:43.407    Scan finished successfully
14:30:45.181    Disk 0 MBR has been saved successfully to "C:\Users\ \Desktop\MBR.dat"
14:30:45.181    The log file has been saved successfully to "C:\Users\ \Desktop\aswMBR.txt"

Gruß

cosinus · 26.09.2012, 16:07

Lass GMER einfach weg.

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Shizznut · 26.09.2012, 17:26

Hallo,
hier schon mal SUPERAntiSpyware:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/26/2012 at 06:18 PM

Application Version : 5.5.1022

Core Rules Database Version : 9294
Trace Rules Database Version: 7106

Scan type       : Complete Scan
Total Scan Time : 00:46:31

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 663
Memory threats detected   : 0
Registry items scanned    : 65133
Registry threats detected : 0
File items scanned        : 46121
File threats detected     : 2

Adware.Tracking Cookie
	.doubleclick.net [ C:\USERS\*\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\*\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Mal was anderes: Habe bei mir jetzt auch mal paar Scans gemacht. Es wurden auch bei AdwCleaner 4 Schlüssel, bei SUPERAntiSpyware 11 Security Hijacks und Malwarebytes hat einen Security Hijack gefunden.

Jetzt meine Frage: Soll ich ein neues Thema mit dieser Erläuterung eröffnen oder können wir das nach gelöstem Thema hier weiter bearbeiten (vorausgesetzt du hast Lust)?

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.26.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator]

Schutz: Aktiviert

26.09.2012 18:59:08
mbam-log-2012-09-26 (18-59-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 450738
Laufzeit: 1 Stunde(n), 39 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 27.09.2012, 11:52

Zitat:

Jetzt meine Frage: Soll ich ein neues Thema mit dieser Erläuterung eröffnen oder können wir das nach gelöstem Thema hier weiter bearbeiten (vorausgesetzt du hast Lust)?

Natürlich macht man für jeden Rechner einen separaten Strang auf! Oder würdest du noch den Überblick behalten wenn wild zig Logs von verschiedenen Rechnern in einem Strang gepostet sind? Wohl nicht

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Shizznut · 27.09.2012, 13:48

Hallo Cosinus,

Zitat:

Natürlich macht man für jeden Rechner einen separaten Strang auf! Oder würdest du noch den Überblick behalten wenn wild zig Logs von verschiedenen Rechnern in einem Strang gepostet sind? Wohl nicht

Jo, hast Recht. Deswegen ja meine Frage. Thema eröffnet!

Zitat:

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Kann ich gerade nicht sagen, da ich an den PC nicht 'ran komme.
Wenn das wieder der Fall ist, mache ich noch mal einen Scan mit SUPERAntiSpyware oder wie meinst du das mit: Andere Funde?

Aber bis dahin möchte ich dir ein ganz, ganz großes Dankeschön sagen (auch von meiner Mutter - die ist ganz fasziniert!

)

Ich finde es echt nobel, dass du unentgeltlich (zumindest für mich), dir die Mühe gemacht hast das System zu checken und mir Tipps/Anregungen zu geben.
Zudem waren deine Links sehr ausführlich!

In diesem Sinne...
Lieben Gruß

cosinus · 27.09.2012, 16:29

Zitat:

oder wie meinst du das mit: Andere Funde?

Wo hab ich das gemeint?

26.09.2012, 16:07	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundestrojaner Lass GMER einfach weg. Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Bundestrojaner

Log-Analyse und Auswertung: Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Ähnliche Themen: Bundestrojaner