Bundestrojaner? UKash Aufforderung mit Systemstillegung

Heistmer · 09.10.2012, 13:45

Hallo,

hier das Fix Log.

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C21-4689-8DBE-D226CF777FE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4327FABE-3C21-4689-8DBE-D226CF777FE9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
ADS C:\Windows\pOOrGUI:Source Setup Log.txt deleted successfully.
ADS C:\Windows:7E92895CF0C0E947 deleted successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
ADS C:\ProgramData\Microsoft:GU20qEzkcvUPQnca2EoO96egmYBo7 deleted successfully.
ADS C:\ProgramData\Microsoft:6UbkivR8LfAWeH3hD48xECCj6 deleted successfully.
ADS C:\ProgramData\Microsoft:0gtbGQ5UBdBtGnl3ms7gN6CAa deleted successfully.
========== FILES ==========
C:\Windows\pOOrGUI moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Heistmer\Desktop\cmd.bat deleted successfully.
C:\Users\Heistmer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Heistmer
->Temp folder emptied: 6080208 bytes
->Temporary Internet Files folder emptied: 1289520574 bytes
->Java cache emptied: 8125001 bytes
->FireFox cache emptied: 68287063 bytes
->Flash cache emptied: 154928 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 35648 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1061934 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.310,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 10092012_133009

Files\Folders moved on Reboot...
C:\Users\Heistmer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Heistmer\AppData\Local\Temp\REG58DA.tmp moved successfully.
C:\Users\Heistmer\AppData\Local\Temp\REG75A3.tmp moved successfully.
File move failed. C:\Windows\SysNative\uxtF565.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 09.10.2012, 15:21

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Heistmer · 09.10.2012, 20:44

Datei: MovedFiles.zip_1 empfangen

Vorgang erfolgreich abgeschlossen.

cosinus · 10.10.2012, 10:18

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Heistmer · 10.10.2012, 11:58

Hier das TDSS Log

Code:

ATTFilter

12:51:46.0018 5700  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:51:48.0020 5700  ============================================================
12:51:48.0020 5700  Current date / time: 2012/10/10 12:51:48.0020
12:51:48.0020 5700  SystemInfo:
12:51:48.0021 5700  
12:51:48.0021 5700  OS Version: 6.0.6002 ServicePack: 2.0
12:51:48.0021 5700  Product type: Workstation
12:51:48.0021 5700  ComputerName: Heistmer-ONE
12:51:48.0021 5700  UserName: Heistmer
12:51:48.0021 5700  Windows directory: C:\Windows
12:51:48.0021 5700  System windows directory: C:\Windows
12:51:48.0021 5700  Running under WOW64
12:51:48.0021 5700  Processor architecture: Intel x64
12:51:48.0021 5700  Number of processors: 4
12:51:48.0021 5700  Page size: 0x1000
12:51:48.0021 5700  Boot type: Normal boot
12:51:48.0021 5700  ============================================================
12:51:57.0320 5700  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:51:57.0355 5700  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:51:57.0387 5700  ============================================================
12:51:57.0387 5700  \Device\Harddisk0\DR0:
12:51:57.0387 5700  MBR partitions:
12:51:57.0387 5700  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
12:51:57.0387 5700  \Device\Harddisk1\DR1:
12:51:57.0388 5700  MBR partitions:
12:51:57.0388 5700  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3863A000
12:51:57.0408 5700  \Device\Harddisk1\DR1\Partition2: MBR, Type 0xB, StartLBA 0x3863B000, BlocksNum 0x1D4A800
12:51:57.0408 5700  ============================================================
12:51:57.0448 5700  C: <-> \Device\Harddisk1\DR1\Partition1
12:51:57.0467 5700  D: <-> \Device\Harddisk1\DR1\Partition2
12:51:57.0474 5700  J: <-> \Device\Harddisk0\DR0\Partition1
12:51:57.0474 5700  ============================================================
12:51:57.0474 5700  Initialize success
12:51:57.0474 5700  ============================================================
12:52:53.0223 5396  ============================================================
12:52:53.0223 5396  Scan started
12:52:53.0223 5396  Mode: Manual; SigCheck; TDLFS; 
12:52:53.0223 5396  ============================================================
12:52:54.0402 5396  ================ Scan system memory ========================
12:52:54.0402 5396  System memory - ok
12:52:54.0403 5396  ================ Scan services =============================
12:52:54.0484 5396  !SASCORE - ok
12:52:54.0621 5396  [ 48D4EA83CA0A1285ECA3D6AFA780D93D ] 3xHybr64        C:\Windows\system32\DRIVERS\3xHybr64.sys
12:52:54.0901 5396  3xHybr64 - ok
12:52:54.0925 5396  [ 156BC3F91DCF43510C28E75CC5CEE3C7 ] acedrv10        C:\Windows\system32\drivers\acedrv10.sys
12:52:54.0949 5396  acedrv10 - ok
12:52:54.0960 5396  [ 1AFE4120F70962B4A773008557F660CD ] acehlp10        C:\Windows\system32\drivers\acehlp10.sys
12:52:54.0982 5396  acehlp10 - ok
12:52:55.0007 5396  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
12:52:55.0029 5396  ACPI - ok
12:52:55.0050 5396  [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:52:55.0081 5396  adp94xx - ok
12:52:55.0107 5396  [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:52:55.0132 5396  adpahci - ok
12:52:55.0155 5396  [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
12:52:55.0192 5396  adpu160m - ok
12:52:55.0218 5396  [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:52:55.0248 5396  adpu320 - ok
12:52:55.0269 5396  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:52:55.0425 5396  AeLookupSvc - ok
12:52:55.0450 5396  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
12:52:55.0509 5396  AFD - ok
12:52:55.0526 5396  [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:52:55.0543 5396  agp440 - ok
12:52:55.0560 5396  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:52:55.0578 5396  aic78xx - ok
12:52:55.0600 5396  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
12:52:55.0787 5396  ALG - ok
12:52:55.0805 5396  [ BFE5E136EDC48F8ED2386639CA3BC687 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:52:55.0822 5396  aliide - ok
12:52:55.0832 5396  [ 9C5C3109E07C8A9F5D63F4C6171B9587 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:52:55.0848 5396  amdide - ok
12:52:55.0858 5396  [ DE55DC52F7CEB89A967572D6B491ADA2 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:52:56.0005 5396  AmdK8 - ok
12:52:56.0079 5396  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:52:56.0207 5396  AntiVirSchedulerService - ok
12:52:56.0230 5396  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:52:56.0241 5396  AntiVirService - ok
12:52:56.0257 5396  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
12:52:56.0287 5396  Appinfo - ok
12:52:56.0341 5396  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:52:56.0380 5396  Apple Mobile Device - ok
12:52:56.0409 5396  [ 3DA98C07B18A676180FE7EED924D1673 ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:52:56.0447 5396  AppMgmt - ok
12:52:56.0456 5396  [ 2E8623F2FED998A97129A3DB919551C8 ] arc             C:\Windows\system32\drivers\arc.sys
12:52:56.0474 5396  arc - ok
12:52:56.0486 5396  [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:52:56.0503 5396  arcsas - ok
12:52:56.0521 5396  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:52:56.0565 5396  AsyncMac - ok
12:52:56.0588 5396  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:52:56.0600 5396  atapi - ok
12:52:56.0626 5396  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
12:52:56.0673 5396  atksgt - ok
12:52:56.0709 5396  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:52:56.0742 5396  AudioEndpointBuilder - ok
12:52:56.0750 5396  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:52:56.0777 5396  AudioSrv - ok
12:52:56.0783 5396  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:52:56.0794 5396  avgntflt - ok
12:52:56.0822 5396  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:52:56.0851 5396  avipbb - ok
12:52:56.0865 5396  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:52:56.0907 5396  avkmgr - ok
12:52:56.0941 5396  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
12:52:56.0987 5396  BFE - ok
12:52:57.0025 5396  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\System32\qmgr.dll
12:52:57.0110 5396  BITS - ok
12:52:57.0114 5396  blbdrive - ok
12:52:57.0155 5396  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:52:57.0205 5396  Bonjour Service - ok
12:52:57.0249 5396  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:52:57.0274 5396  bowser - ok
12:52:57.0293 5396  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
12:52:57.0335 5396  BrFiltLo - ok
12:52:57.0348 5396  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
12:52:57.0388 5396  BrFiltUp - ok
12:52:57.0409 5396  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
12:52:57.0447 5396  Browser - ok
12:52:57.0456 5396  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
12:52:57.0510 5396  Brserid - ok
12:52:57.0520 5396  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
12:52:57.0612 5396  BrSerWdm - ok
12:52:57.0624 5396  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
12:52:57.0678 5396  BrUsbMdm - ok
12:52:57.0693 5396  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
12:52:57.0761 5396  BrUsbSer - ok
12:52:57.0764 5396  BTCFilterService - ok
12:52:57.0783 5396  [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
12:52:57.0819 5396  BthEnum - ok
12:52:57.0832 5396  [ 72F70A38BB15252EB7C4DA7BA3BD4ED1 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:52:57.0866 5396  BTHMODEM - ok
12:52:57.0886 5396  [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:52:57.0923 5396  BthPan - ok
12:52:57.0959 5396  [ E1466882252FF51EDDE48C3F7EDA2591 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
12:52:58.0047 5396  BTHPORT - ok
12:52:58.0095 5396  [ 22E65FFD640F16968F855F5B3528D366 ] BthServ         C:\Windows\System32\bthserv.dll
12:52:58.0131 5396  BthServ - ok
12:52:58.0148 5396  [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
12:52:58.0177 5396  BTHUSB - ok
12:52:58.0195 5396  [ 1778EBA872274C1226D869CD9486847E ] Capture Device Service C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
12:52:58.0231 5396  Capture Device Service - ok
12:52:58.0257 5396  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:52:58.0289 5396  cdfs - ok
12:52:58.0303 5396  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:52:58.0344 5396  cdrom - ok
12:52:58.0373 5396  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:52:58.0407 5396  CertPropSvc - ok
12:52:58.0417 5396  [ F28F00596824058BC61D5EDF434C9B82 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:52:58.0468 5396  circlass - ok
12:52:58.0527 5396  [ 7DB47DA3A831A330FCF6E6C77849744B ] cjpcsc          C:\Windows\SysWOW64\cjpcsc.exe
12:52:58.0562 5396  cjpcsc - ok
12:52:58.0603 5396  [ B16DA6F151CD7FA0D58F82AC884D5039 ] cjusb           C:\Windows\system32\DRIVERS\cjusb.sys
12:52:58.0618 5396  cjusb - ok
12:52:58.0636 5396  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
12:52:58.0659 5396  CLFS - ok
12:52:58.0712 5396  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:52:58.0724 5396  clr_optimization_v2.0.50727_32 - ok
12:52:58.0756 5396  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:52:58.0772 5396  clr_optimization_v2.0.50727_64 - ok
12:52:58.0804 5396  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:52:58.0819 5396  clr_optimization_v4.0.30319_32 - ok
12:52:58.0843 5396  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:52:58.0858 5396  clr_optimization_v4.0.30319_64 - ok
12:52:58.0880 5396  [ 689630948F770D4462B04B69D28CD5A1 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:52:58.0895 5396  cmdide - ok
12:52:58.0917 5396  [ 2B3B8CBEA1BA1BCE5700607FBDB31034 ] cmnsusbser      C:\Windows\system32\DRIVERS\cmnsusbser.sys
12:52:58.0938 5396  cmnsusbser ( UnsignedFile.Multi.Generic ) - warning
12:52:58.0938 5396  cmnsusbser - detected UnsignedFile.Multi.Generic (1)
12:52:58.0947 5396  [ 0E77A445640BF310817F60941C50560C ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:52:58.0962 5396  Compbatt - ok
12:52:58.0966 5396  COMSysApp - ok
12:52:58.0971 5396  [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:52:58.0982 5396  crcdisk - ok
12:52:59.0007 5396  [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:52:59.0050 5396  CryptSvc - ok
12:52:59.0067 5396  [ F60F50C8ED3FCBE358430B95FE27D09C ] CSC             C:\Windows\system32\drivers\csc.sys
12:52:59.0155 5396  CSC - ok
12:52:59.0192 5396  [ 1B5F256D31836ED2BA60B3A6C800200C ] CscService      C:\Windows\System32\cscsvc.dll
12:52:59.0226 5396  CscService - ok
12:52:59.0256 5396  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:52:59.0323 5396  DcomLaunch - ok
12:52:59.0372 5396  [ 0259948FFE5F7E69CD1D8A8E74E0547C ] DeviceMonitorService C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
12:52:59.0398 5396  DeviceMonitorService - ok
12:52:59.0411 5396  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:52:59.0455 5396  DfsC - ok
12:52:59.0544 5396  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
12:52:59.0733 5396  DFSR - ok
12:52:59.0754 5396  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
12:52:59.0804 5396  Dhcp - ok
12:52:59.0830 5396  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
12:52:59.0844 5396  disk - ok
12:52:59.0871 5396  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:52:59.0899 5396  Dnscache - ok
12:52:59.0914 5396  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:52:59.0939 5396  dot3svc - ok
12:52:59.0963 5396  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
12:52:59.0998 5396  DPS - ok
12:53:00.0010 5396  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:53:00.0035 5396  drmkaud - ok
12:53:00.0067 5396  [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:53:00.0112 5396  DXGKrnl - ok
12:53:00.0151 5396  [ 6130D06A3D41AC5DC67E9D4513239125 ] e1express       C:\Windows\system32\DRIVERS\e1e6032e.sys
12:53:00.0174 5396  e1express - ok
12:53:00.0190 5396  [ D57FE09B575545738A73A0C193D0616A ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
12:53:00.0243 5396  E1G60 - ok
12:53:00.0255 5396  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
12:53:00.0292 5396  EapHost - ok
12:53:00.0308 5396  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
12:53:00.0324 5396  Ecache - ok
12:53:00.0359 5396  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:53:00.0394 5396  ehRecvr - ok
12:53:00.0419 5396  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
12:53:00.0448 5396  ehSched - ok
12:53:00.0475 5396  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
12:53:00.0514 5396  ehstart - ok
12:53:00.0553 5396  [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:53:00.0578 5396  elxstor - ok
12:53:00.0617 5396  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
12:53:00.0685 5396  EMDMgmt - ok
12:53:00.0710 5396  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
12:53:00.0748 5396  EventSystem - ok
12:53:00.0767 5396  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:53:00.0805 5396  exfat - ok
12:53:00.0828 5396  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:53:00.0866 5396  fastfat - ok
12:53:00.0891 5396  [ 989A776A2FF32A148FCF15C44058B129 ] Fax             C:\Windows\system32\fxssvc.exe
12:53:01.0008 5396  Fax - ok
12:53:01.0023 5396  [ 61B6DBD1AD1143F008364D4E9A96B224 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:53:01.0073 5396  fdc - ok
12:53:01.0092 5396  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
12:53:01.0133 5396  fdPHost - ok
12:53:01.0148 5396  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
12:53:01.0196 5396  FDResPub - ok
12:53:01.0216 5396  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:53:01.0231 5396  FileInfo - ok
12:53:01.0259 5396  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:53:01.0376 5396  Filetrace - ok
12:53:01.0430 5396  [ 7A7F1D1C598C5C8B21CEAAAB892B9FB8 ] FlipShare Service C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
12:53:01.0452 5396  FlipShare Service - ok
12:53:01.0472 5396  [ 12C3D1B4D0CE49E1CE343BA2F22F15E0 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:53:01.0523 5396  flpydisk - ok
12:53:01.0542 5396  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:53:01.0561 5396  FltMgr - ok
12:53:01.0595 5396  [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache       C:\Windows\system32\FntCache.dll
12:53:01.0718 5396  FontCache - ok
12:53:01.0745 5396  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:53:01.0756 5396  FontCache3.0.0.0 - ok
12:53:01.0770 5396  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:53:01.0801 5396  Fs_Rec - ok
12:53:01.0822 5396  [ 849E38DB7D829962D0233A0A252B60C3 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:53:01.0838 5396  fvevol - ok
12:53:01.0856 5396  [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:53:01.0873 5396  gagp30kx - ok
12:53:01.0894 5396  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:53:01.0908 5396  GEARAspiWDM - ok
12:53:01.0934 5396  [ 360FC9E29EBCD7CB75320E2663EBA0F2 ] getPlusHelper   C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
12:53:01.0943 5396  getPlusHelper - ok
12:53:02.0022 5396  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:53:02.0104 5396  gpsvc - ok
12:53:02.0132 5396  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:53:02.0210 5396  HdAudAddService - ok
12:53:02.0255 5396  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:53:02.0410 5396  HDAudBus - ok
12:53:02.0422 5396  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:53:02.0485 5396  HidBth - ok
12:53:02.0495 5396  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:53:02.0544 5396  HidIr - ok
12:53:02.0564 5396  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\system32\hidserv.dll
12:53:02.0588 5396  hidserv - ok
12:53:02.0607 5396  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:53:02.0643 5396  HidUsb - ok
12:53:02.0662 5396  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:53:02.0696 5396  hkmsvc - ok
12:53:02.0713 5396  [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
12:53:02.0729 5396  HpCISSs - ok
12:53:02.0761 5396  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:53:02.0845 5396  HTTP - ok
12:53:02.0863 5396  [ F2901763845570ECAC48E6A50EC50812 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
12:53:02.0878 5396  i2omp - ok
12:53:02.0903 5396  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:53:02.0943 5396  i8042prt - ok
12:53:02.0959 5396  [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
12:53:02.0981 5396  iaStorV - ok
12:53:03.0031 5396  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:53:03.0066 5396  IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:53:03.0066 5396  IDriverT - detected UnsignedFile.Multi.Generic (1)
12:53:03.0103 5396  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:53:03.0178 5396  idsvc - ok
12:53:03.0245 5396  [ E28602C9E17B0DDCE9F5DEB3B3E2A635 ] IGDCTRL         C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
12:53:03.0256 5396  IGDCTRL - ok
12:53:03.0267 5396  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:53:03.0284 5396  iirsp - ok
12:53:03.0315 5396  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
12:53:03.0378 5396  IKEEXT - ok
12:53:03.0444 5396  [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:53:03.0547 5396  IntcAzAudAddService - ok
12:53:03.0590 5396  [ 2B6EBA0D1588AA45C505DB4974DFDE9B ] IntelDH64       C:\Windows\system32\Drivers\IntelDH64.sys
12:53:03.0617 5396  IntelDH64 - ok
12:53:03.0638 5396  [ D61A91BC967937EC9CA81632BC12593E ] intelide        C:\Windows\system32\drivers\intelide.sys
12:53:03.0654 5396  intelide - ok
12:53:03.0674 5396  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:53:03.0706 5396  intelppm - ok
12:53:03.0725 5396  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:53:03.0758 5396  IPBusEnum - ok
12:53:03.0774 5396  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:53:03.0816 5396  IpFilterDriver - ok
12:53:03.0833 5396  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:53:03.0877 5396  iphlpsvc - ok
12:53:03.0881 5396  IpInIp - ok
12:53:03.0897 5396  [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
12:53:03.0950 5396  IPMIDRV - ok
12:53:03.0962 5396  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
12:53:04.0004 5396  IPNAT - ok
12:53:04.0048 5396  [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:53:04.0119 5396  iPod Service - ok
12:53:04.0167 5396  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:53:04.0201 5396  IRENUM - ok
12:53:04.0215 5396  [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:53:04.0230 5396  isapnp - ok
12:53:04.0252 5396  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:53:04.0269 5396  iScsiPrt - ok
12:53:04.0279 5396  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
12:53:04.0295 5396  iteatapi - ok
12:53:04.0305 5396  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
12:53:04.0340 5396  iteraid - ok
12:53:04.0370 5396  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:53:04.0387 5396  kbdclass - ok
12:53:04.0408 5396  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:53:04.0439 5396  kbdhid - ok
12:53:04.0472 5396  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
12:53:04.0518 5396  KeyIso - ok
12:53:04.0556 5396  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:53:04.0598 5396  KSecDD - ok
12:53:04.0653 5396  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:53:04.0695 5396  ksthunk - ok
12:53:04.0734 5396  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:53:04.0794 5396  KtmRm - ok
12:53:04.0821 5396  [ BBD9BBED0DE036B2297E6434B26D1AE9 ] L8042Kbd        C:\Windows\system32\DRIVERS\L8042Kbd.sys
12:53:04.0835 5396  L8042Kbd - ok
12:53:04.0858 5396  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:53:04.0895 5396  LanmanServer - ok
12:53:04.0924 5396  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:53:04.0960 5396  LanmanWorkstation - ok
12:53:05.0005 5396  [ 4D25A79A9F67A7E2D8D5382E75FCB124 ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
12:53:05.0015 5396  LBTServ - ok
12:53:05.0033 5396  [ AA3D903C5A7538803F2400A8391F1881 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:53:05.0047 5396  LHidFilt - ok
12:53:05.0072 5396  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
12:53:05.0087 5396  lirsgt - ok
12:53:05.0097 5396  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:53:05.0141 5396  lltdio - ok
12:53:05.0157 5396  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:53:05.0210 5396  lltdsvc - ok
12:53:05.0220 5396  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:53:05.0253 5396  lmhosts - ok
12:53:05.0265 5396  [ 90B4B2B0B5F05ABB9FB365405A7B825B ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:53:05.0280 5396  LMouFilt - ok
12:53:05.0295 5396  [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:53:05.0312 5396  LSI_FC - ok
12:53:05.0321 5396  [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:53:05.0338 5396  LSI_SAS - ok
12:53:05.0350 5396  [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:53:05.0368 5396  LSI_SCSI - ok
12:53:05.0389 5396  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:53:05.0426 5396  luafv - ok
12:53:05.0446 5396  [ 4EB7886F6223F68CA855730A96D6110C ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
12:53:05.0461 5396  LUsbFilt - ok
12:53:05.0493 5396  [ 86504FE0759D4DCE38E997921062DF6B ] MagicTuneEngine C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
12:53:05.0514 5396  MagicTuneEngine ( UnsignedFile.Multi.Generic ) - warning
12:53:05.0514 5396  MagicTuneEngine - detected UnsignedFile.Multi.Generic (1)
12:53:05.0531 5396  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:53:05.0543 5396  MBAMProtector - ok
12:53:05.0561 5396  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:53:05.0601 5396  MBAMScheduler - ok
12:53:05.0653 5396  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:53:05.0705 5396  MBAMService - ok
12:53:05.0734 5396  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:53:05.0772 5396  Mcx2Svc - ok
12:53:05.0788 5396  [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:53:05.0804 5396  megasas - ok
12:53:05.0853 5396  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:53:05.0885 5396  Microsoft Office Groove Audit Service - ok
12:53:05.0912 5396  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
12:53:05.0953 5396  MMCSS - ok
12:53:05.0963 5396  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
12:53:05.0998 5396  Modem - ok
12:53:06.0024 5396  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:53:06.0065 5396  monitor - ok
12:53:06.0069 5396  motccgp - ok
12:53:06.0072 5396  motccgpfl - ok
12:53:06.0077 5396  motmodem - ok
12:53:06.0080 5396  MotoSwitchService - ok
12:53:06.0084 5396  Motousbnet - ok
12:53:06.0087 5396  motusbdevice - ok
12:53:06.0109 5396  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:53:06.0126 5396  mouclass - ok
12:53:06.0135 5396  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:53:06.0178 5396  mouhid - ok
12:53:06.0193 5396  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
12:53:06.0206 5396  MountMgr - ok
12:53:06.0224 5396  [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:53:06.0258 5396  mpio - ok
12:53:06.0285 5396  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:53:06.0318 5396  mpsdrv - ok
12:53:06.0343 5396  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:53:06.0401 5396  MpsSvc - ok
12:53:06.0412 5396  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
12:53:06.0428 5396  Mraid35x - ok
12:53:06.0441 5396  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:53:06.0463 5396  MRxDAV - ok
12:53:06.0485 5396  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:53:06.0519 5396  mrxsmb - ok
12:53:06.0550 5396  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:53:06.0568 5396  mrxsmb10 - ok
12:53:06.0582 5396  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:53:06.0604 5396  mrxsmb20 - ok
12:53:06.0615 5396  [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:53:06.0628 5396  msahci - ok
12:53:06.0637 5396  [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:53:06.0655 5396  msdsm - ok
12:53:06.0686 5396  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
12:53:06.0725 5396  MSDTC - ok
12:53:06.0732 5396  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:53:06.0764 5396  Msfs - ok
12:53:06.0785 5396  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:53:06.0796 5396  msisadrv - ok
12:53:06.0808 5396  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:53:06.0847 5396  MSiSCSI - ok
12:53:06.0850 5396  msiserver - ok
12:53:06.0862 5396  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:53:06.0900 5396  MSKSSRV - ok
12:53:06.0910 5396  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:53:06.0944 5396  MSPCLOCK - ok
12:53:06.0956 5396  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:53:06.0988 5396  MSPQM - ok
12:53:07.0012 5396  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:53:07.0032 5396  MsRPC - ok
12:53:07.0048 5396  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:53:07.0061 5396  mssmbios - ok
12:53:07.0077 5396  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:53:07.0117 5396  MSTEE - ok
12:53:07.0142 5396  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:53:07.0155 5396  Mup - ok
12:53:07.0181 5396  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
12:53:07.0215 5396  napagent - ok
12:53:07.0234 5396  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:53:07.0258 5396  NativeWifiP - ok
12:53:07.0279 5396  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:53:07.0340 5396  NDIS - ok
12:53:07.0361 5396  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:53:07.0427 5396  NdisTapi - ok
12:53:07.0442 5396  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:53:07.0487 5396  Ndisuio - ok
12:53:07.0507 5396  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:53:07.0545 5396  NdisWan - ok
12:53:07.0557 5396  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:53:07.0584 5396  NDProxy - ok
12:53:07.0638 5396  [ 27FE4B70C12A2C67A58D799B9A4E8D81 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:53:07.0699 5396  Nero BackItUp Scheduler 4.0 - ok
12:53:07.0739 5396  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:53:07.0770 5396  NetBIOS - ok
12:53:07.0784 5396  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
12:53:07.0819 5396  netbt - ok
12:53:07.0828 5396  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
12:53:07.0840 5396  Netlogon - ok
12:53:07.0862 5396  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
12:53:07.0918 5396  Netman - ok
12:53:07.0942 5396  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
12:53:07.0987 5396  netprofm - ok
12:53:08.0017 5396  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:53:08.0053 5396  NetTcpPortSharing - ok
12:53:08.0069 5396  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:53:08.0089 5396  nfrd960 - ok
12:53:08.0110 5396  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:53:08.0147 5396  NlaSvc - ok
12:53:08.0166 5396  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:53:08.0191 5396  Npfs - ok
12:53:08.0196 5396  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
12:53:08.0238 5396  nsi - ok
12:53:08.0251 5396  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:53:08.0286 5396  nsiproxy - ok
12:53:08.0321 5396  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:53:08.0382 5396  Ntfs - ok
12:53:08.0417 5396  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
12:53:08.0456 5396  Null - ok
12:53:08.0768 5396  [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:53:09.0534 5396  nvlddmkm - ok
12:53:09.0548 5396  [ 840EEB44DC49317A6161961F7682CD99 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:53:09.0566 5396  nvraid - ok
12:53:09.0576 5396  [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:53:09.0593 5396  nvstor - ok
12:53:09.0633 5396  [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:53:09.0719 5396  nvsvc - ok
12:53:09.0821 5396  [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:53:09.0905 5396  nvUpdatusService - ok
12:53:09.0936 5396  [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:53:09.0955 5396  nv_agp - ok
12:53:09.0959 5396  NwlnkFlt - ok
12:53:09.0963 5396  NwlnkFwd - ok
12:53:10.0014 5396  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:53:10.0064 5396  odserv - ok
12:53:10.0092 5396  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
12:53:10.0129 5396  ohci1394 - ok
12:53:10.0159 5396  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:53:10.0197 5396  ose - ok
12:53:10.0238 5396  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
12:53:10.0287 5396  p2pimsvc - ok
12:53:10.0321 5396  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
12:53:10.0358 5396  p2psvc - ok
12:53:10.0411 5396  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
12:53:10.0470 5396  Parport - ok
12:53:10.0485 5396  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:53:10.0499 5396  partmgr - ok
12:53:10.0516 5396  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:53:10.0562 5396  PcaSvc - ok
12:53:10.0578 5396  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
12:53:10.0609 5396  pccsmcfd - ok
12:53:10.0621 5396  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
12:53:10.0638 5396  pci - ok
12:53:10.0644 5396  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:53:10.0656 5396  pciide - ok
12:53:10.0686 5396  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:53:10.0709 5396  pcmcia - ok
12:53:10.0732 5396  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:53:10.0825 5396  PEAUTH - ok
12:53:10.0866 5396  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:53:10.0896 5396  PerfHost - ok
12:53:10.0940 5396  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
12:53:11.0006 5396  pla - ok
12:53:11.0035 5396  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:53:11.0073 5396  PlugPlay - ok
12:53:11.0104 5396  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
12:53:11.0147 5396  PNRPAutoReg - ok
12:53:11.0204 5396  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
12:53:11.0228 5396  PNRPsvc - ok
12:53:11.0276 5396  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:53:11.0331 5396  PolicyAgent - ok
12:53:11.0359 5396  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:53:11.0388 5396  PptpMiniport - ok
12:53:11.0402 5396  [ 6BC78E5F12CBB74E7930AAAA4A0DB387 ] Processor       C:\Windows\system32\drivers\processr.sys
12:53:11.0469 5396  Processor - ok
12:53:11.0565 5396  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
12:53:11.0607 5396  ProfSvc - ok
12:53:11.0618 5396  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
12:53:11.0645 5396  ProtectedStorage - ok
12:53:11.0660 5396  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
12:53:11.0684 5396  PSched - ok
12:53:11.0704 5396  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
12:53:11.0717 5396  PSI_SVC_2 - ok
12:53:11.0742 5396  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
12:53:11.0752 5396  PxHlpa64 - ok
12:53:11.0787 5396  [ 4A29D25704917161BAD9B4659A248DFD ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:53:11.0852 5396  ql2300 - ok
12:53:11.0874 5396  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:53:11.0893 5396  ql40xx - ok
12:53:11.0918 5396  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
12:53:11.0937 5396  QWAVE - ok
12:53:11.0947 5396  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:53:11.0974 5396  QWAVEdrv - ok
12:53:12.0008 5396  [ ED4E69C31EF566266BE13638EBE9DA56 ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
12:53:12.0040 5396  RapiMgr - ok
12:53:12.0051 5396  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:53:12.0085 5396  RasAcd - ok
12:53:12.0110 5396  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
12:53:12.0150 5396  RasAuto - ok
12:53:12.0177 5396  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:53:12.0207 5396  Rasl2tp - ok
12:53:12.0228 5396  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
12:53:12.0258 5396  RasMan - ok
12:53:12.0274 5396  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:53:12.0310 5396  RasPppoe - ok
12:53:12.0324 5396  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:53:12.0355 5396  RasSstp - ok
12:53:12.0363 5396  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:53:12.0393 5396  rdbss - ok
12:53:12.0404 5396  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:53:12.0438 5396  RDPCDD - ok
12:53:12.0468 5396  [ AE23E79B13FEB62939E2CA1189E71735 ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
12:53:12.0511 5396  rdpdr - ok
12:53:12.0524 5396  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:53:12.0557 5396  RDPENCDD - ok
12:53:12.0583 5396  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:53:12.0613 5396  RDPWD - ok
12:53:12.0634 5396  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:53:12.0667 5396  RemoteAccess - ok
12:53:12.0681 5396  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:53:12.0721 5396  RemoteRegistry - ok
12:53:12.0741 5396  [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:53:12.0781 5396  RFCOMM - ok
12:53:12.0797 5396  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
12:53:12.0821 5396  RpcLocator - ok
12:53:12.0840 5396  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
12:53:12.0886 5396  RpcSs - ok
12:53:12.0916 5396  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:53:12.0953 5396  rspndr - ok
12:53:12.0972 5396  [ 3DA2CCA7206DB8D4CE234177A97A1B62 ] SaiMini         C:\Windows\system32\DRIVERS\SaiMini.sys
12:53:13.0003 5396  SaiMini - ok
12:53:13.0025 5396  [ 7DF4B3E55FF2540111E7E7AD3656A7C5 ] SaiNtBus        C:\Windows\system32\drivers\SaiBus.sys
12:53:13.0058 5396  SaiNtBus - ok
12:53:13.0084 5396  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
12:53:13.0096 5396  SamSs - ok
12:53:13.0115 5396  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:53:13.0134 5396  sbp2port - ok
12:53:13.0146 5396  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:53:13.0175 5396  SCardSvr - ok
12:53:13.0205 5396  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
12:53:13.0295 5396  Schedule - ok
12:53:13.0315 5396  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:53:13.0338 5396  SCPolicySvc - ok
12:53:13.0358 5396  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:53:13.0387 5396  SDRSVC - ok
12:53:13.0402 5396  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:53:13.0453 5396  secdrv - ok
12:53:13.0466 5396  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
12:53:13.0509 5396  seclogon - ok
12:53:13.0524 5396  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
12:53:13.0561 5396  SENS - ok
12:53:13.0578 5396  [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:53:13.0623 5396  Serenum - ok
12:53:13.0637 5396  [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:53:13.0683 5396  Serial - ok
12:53:13.0703 5396  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:53:13.0744 5396  sermouse - ok
12:53:13.0760 5396  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:53:13.0801 5396  SessionEnv - ok
12:53:13.0821 5396  [ 18C056B109DA7CD823BFAE223818EB2E ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:53:13.0845 5396  sffdisk - ok
12:53:13.0859 5396  [ B387781EA1A47BBE08A6E4CBD82F9790 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:53:13.0884 5396  sffp_mmc - ok
12:53:13.0896 5396  [ 4E6B82359DFBD84E914B4D01256EF3BF ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:53:13.0911 5396  sffp_sd - ok
12:53:13.0921 5396  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:53:13.0971 5396  sfloppy - ok
12:53:13.0987 5396  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:53:14.0030 5396  SharedAccess - ok
12:53:14.0072 5396  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:53:14.0143 5396  ShellHWDetection - ok
12:53:14.0169 5396  [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
12:53:14.0186 5396  SiSRaid2 - ok
12:53:14.0196 5396  [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:53:14.0212 5396  SiSRaid4 - ok
12:53:14.0275 5396  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
12:53:14.0380 5396  slsvc - ok
12:53:14.0422 5396  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
12:53:14.0452 5396  SLUINotify - ok
12:53:14.0469 5396  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:53:14.0513 5396  Smb - ok
12:53:14.0532 5396  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:53:14.0555 5396  SNMPTRAP - ok
12:53:14.0572 5396  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
12:53:14.0585 5396  spldr - ok
12:53:14.0612 5396  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
12:53:14.0643 5396  Spooler - ok
12:53:14.0685 5396  [ 9AB59CF736981ED1F83C6AB5FAA8BA5C ] sptd            C:\Windows\System32\Drivers\sptd.sys
12:53:14.0743 5396  sptd - ok
12:53:14.0789 5396  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:53:14.0849 5396  srv - ok
12:53:14.0870 5396  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:53:14.0926 5396  srv2 - ok
12:53:14.0955 5396  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:53:14.0971 5396  srvnet - ok
12:53:14.0988 5396  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:53:15.0033 5396  SSDPSRV - ok
12:53:15.0044 5396  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:53:15.0068 5396  SstpSvc - ok
12:53:15.0081 5396  Steam Client Service - ok
12:53:15.0097 5396  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
12:53:15.0139 5396  stisvc - ok
12:53:15.0182 5396  [ D2FBE517D8FE03552E9C6CF91C1540D2 ] StkCMini        C:\Windows\system32\Drivers\StkCMini.sys
12:53:15.0273 5396  StkCMini ( UnsignedFile.Multi.Generic ) - warning
12:53:15.0273 5396  StkCMini - detected UnsignedFile.Multi.Generic (1)
12:53:15.0283 5396  [ 0E447EF3CC90B32BA478093B998C48FD ] StkSSrv         C:\Windows\System32\StkCSrv.exe
12:53:15.0291 5396  StkSSrv ( UnsignedFile.Multi.Generic ) - warning
12:53:15.0291 5396  StkSSrv - detected UnsignedFile.Multi.Generic (1)
12:53:15.0312 5396  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:53:15.0327 5396  swenum - ok
12:53:15.0366 5396  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:53:15.0385 5396  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
12:53:15.0385 5396  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
12:53:15.0410 5396  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
12:53:15.0462 5396  swprv - ok
12:53:15.0488 5396  [ E4154C5CE666B713DE9398C053D8FB7E ] sxuptp          C:\Windows\system32\DRIVERS\sxuptp.sys
12:53:15.0515 5396  sxuptp - ok
12:53:15.0527 5396  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
12:53:15.0544 5396  Symc8xx - ok
12:53:15.0550 5396  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
12:53:15.0566 5396  Sym_hi - ok
12:53:15.0582 5396  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
12:53:15.0599 5396  Sym_u3 - ok
12:53:15.0626 5396  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
12:53:15.0690 5396  SysMain - ok
12:53:15.0727 5396  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:53:15.0754 5396  TabletInputService - ok
12:53:15.0783 5396  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:53:15.0824 5396  TapiSrv - ok
12:53:15.0833 5396  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
12:53:15.0866 5396  TBS - ok
12:53:15.0899 5396  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:53:15.0958 5396  Tcpip - ok
12:53:15.0991 5396  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
12:53:16.0038 5396  Tcpip6 - ok
12:53:16.0074 5396  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:53:16.0112 5396  tcpipreg - ok
12:53:16.0131 5396  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:53:16.0165 5396  TDPIPE - ok
12:53:16.0189 5396  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:53:16.0223 5396  TDTCP - ok
12:53:16.0233 5396  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:53:16.0277 5396  tdx - ok
12:53:16.0293 5396  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:53:16.0311 5396  TermDD - ok
12:53:16.0331 5396  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
12:53:16.0379 5396  TermService - ok
12:53:16.0404 5396  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
12:53:16.0420 5396  Themes - ok
12:53:16.0431 5396  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:53:16.0463 5396  THREADORDER - ok
12:53:16.0477 5396  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
12:53:16.0512 5396  TrkWks - ok
12:53:16.0536 5396  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:53:16.0565 5396  TrustedInstaller - ok
12:53:16.0575 5396  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:53:16.0609 5396  tssecsrv - ok
12:53:16.0674 5396  [ C7935E1E4025CDD62F9806CAEEF86086 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
12:53:16.0726 5396  TuneUp.UtilitiesSvc - ok
12:53:16.0767 5396  [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
12:53:16.0779 5396  TuneUpUtilitiesDrv - ok
12:53:16.0790 5396  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
12:53:16.0807 5396  tunmp - ok
12:53:16.0829 5396  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:53:16.0845 5396  tunnel - ok
12:53:16.0884 5396  [ 1A006963644C7FDE5BE60036F3A43E68 ] TVICHW64        C:\Windows\SysWOW64\Drivers\TVICHW64.SYS
12:53:16.0898 5396  TVICHW64 - ok
12:53:16.0922 5396  [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:53:16.0939 5396  uagp35 - ok
12:53:16.0969 5396  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:53:17.0014 5396  udfs - ok
12:53:17.0028 5396  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:53:17.0067 5396  UI0Detect - ok
12:53:17.0084 5396  [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:53:17.0102 5396  uliagpkx - ok
12:53:17.0118 5396  [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
12:53:17.0141 5396  uliahci - ok
12:53:17.0157 5396  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
12:53:17.0176 5396  UlSata - ok
12:53:17.0192 5396  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
12:53:17.0213 5396  ulsata2 - ok
12:53:17.0238 5396  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:53:17.0273 5396  umbus - ok
12:53:17.0289 5396  [ 01ABE05C401E70795B43A8933B44831E ] UMPass          C:\Windows\system32\DRIVERS\umpass.sys
12:53:17.0323 5396  UMPass - ok
12:53:17.0337 5396  [ DC5E34F189B827199B9CC8481C648269 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:53:17.0371 5396  UmRdpService - ok
12:53:17.0392 5396  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
12:53:17.0469 5396  upnphost - ok
12:53:17.0473 5396  upperdev - ok
12:53:17.0507 5396  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:53:17.0536 5396  USBAAPL64 - ok
12:53:17.0557 5396  [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:53:17.0596 5396  usbaudio - ok
12:53:17.0622 5396  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:53:17.0656 5396  usbccgp - ok
12:53:17.0691 5396  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:53:17.0761 5396  usbcir - ok
12:53:17.0782 5396  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:53:17.0809 5396  usbehci - ok
12:53:17.0839 5396  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:53:17.0881 5396  usbhub - ok
12:53:17.0897 5396  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:53:17.0960 5396  usbohci - ok
12:53:17.0977 5396  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:53:18.0012 5396  usbprint - ok
12:53:18.0039 5396  [ F7386007FB19E7685FC7B298560AA81F ] usbser          C:\Windows\system32\drivers\usbser.sys
12:53:18.0065 5396  usbser - ok
12:53:18.0069 5396  UsbserFilt - ok
12:53:18.0084 5396  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:53:18.0114 5396  USBSTOR - ok
12:53:18.0128 5396  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:53:18.0159 5396  usbuhci - ok
12:53:18.0171 5396  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
12:53:18.0197 5396  UxSms - ok
12:53:18.0212 5396  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
12:53:18.0246 5396  vds - ok
12:53:18.0262 5396  [ 2998DC48905E9B4821AD8FD75B3E070C ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:53:18.0312 5396  vga - ok
12:53:18.0324 5396  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:53:18.0366 5396  VgaSave - ok
12:53:18.0383 5396  [ 9978DA36FF889A28B590E74BF11B4764 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:53:18.0399 5396  viaide - ok
12:53:18.0417 5396  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:53:18.0431 5396  volmgr - ok
12:53:18.0453 5396  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:53:18.0476 5396  volmgrx - ok
12:53:18.0508 5396  [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:53:18.0527 5396  volsnap - ok
12:53:18.0543 5396  [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:53:18.0561 5396  vsmraid - ok
12:53:18.0593 5396  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
12:53:18.0680 5396  VSS - ok
12:53:18.0705 5396  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
12:53:18.0767 5396  W32Time - ok
12:53:18.0799 5396  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:53:18.0855 5396  WacomPen - ok
12:53:18.0868 5396  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
12:53:18.0909 5396  Wanarp - ok
12:53:18.0913 5396  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:53:18.0935 5396  Wanarpv6 - ok
12:53:18.0968 5396  [ 48EEE289DF9E4989128B2283F3EEACC6 ] wbengine        C:\Windows\system32\wbengine.exe
12:53:19.0031 5396  wbengine - ok
12:53:19.0078 5396  [ 382A7B0B632EC98DE5F0658DA9DE6159 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
12:53:19.0119 5396  WcesComm - ok
12:53:19.0144 5396  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:53:19.0178 5396  wcncsvc - ok
12:53:19.0214 5396  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:53:19.0243 5396  WcsPlugInService - ok
12:53:19.0255 5396  [ 59B501B0A04C9672142B7FFA2BDBF663 ] Wd              C:\Windows\system32\drivers\wd.sys
12:53:19.0270 5396  Wd - ok
12:53:19.0299 5396  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:53:19.0336 5396  Wdf01000 - ok
12:53:19.0364 5396  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:53:19.0402 5396  WdiServiceHost - ok
12:53:19.0405 5396  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:53:19.0437 5396  WdiSystemHost - ok
12:53:19.0459 5396  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
12:53:19.0479 5396  WebClient - ok
12:53:19.0483 5396  WEBNTACCESS - ok
12:53:19.0502 5396  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:53:19.0541 5396  Wecsvc - ok
12:53:19.0556 5396  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:53:19.0581 5396  wercplsupport - ok
12:53:19.0589 5396  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
12:53:19.0616 5396  WerSvc - ok
12:53:19.0632 5396  WinDefend - ok
12:53:19.0637 5396  WinHttpAutoProxySvc - ok
12:53:19.0670 5396  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:53:19.0696 5396  Winmgmt - ok
12:53:19.0746 5396  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:53:19.0859 5396  WinRM - ok
12:53:19.0883 5396  [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
12:53:19.0912 5396  winusb - ok
12:53:19.0941 5396  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:53:19.0989 5396  Wlansvc - ok
12:53:20.0004 5396  [ AE34218455D5DC12D1E45DE85F160346 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:53:20.0053 5396  WmiAcpi - ok
12:53:20.0069 5396  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:53:20.0108 5396  wmiApSrv - ok
12:53:20.0114 5396  WMPNetworkSvc - ok
12:53:20.0127 5396  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:53:20.0163 5396  WPCSvc - ok
12:53:20.0178 5396  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:53:20.0204 5396  WPDBusEnum - ok
12:53:20.0230 5396  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
12:53:20.0248 5396  WpdUsb - ok
12:53:20.0321 5396  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:53:20.0381 5396  WPFFontCache_v0400 - ok
12:53:20.0431 5396  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:53:20.0470 5396  ws2ifsl - ok
12:53:20.0487 5396  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\System32\wscsvc.dll
12:53:20.0512 5396  wscsvc - ok
12:53:20.0515 5396  WSearch - ok
12:53:20.0576 5396  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:53:20.0669 5396  wuauserv - ok
12:53:20.0711 5396  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:53:20.0737 5396  WudfPf - ok
12:53:20.0757 5396  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:53:20.0779 5396  WUDFRd - ok
12:53:20.0791 5396  [ 3DCC7BF5AFA921B479E622BD999121F3 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:53:20.0815 5396  wudfsvc - ok
12:53:20.0836 5396  [ EC760BEE30B167A04A246C29F1A8E120 ] X10Hid          C:\Windows\system32\Drivers\x10hid.sys
12:53:20.0850 5396  X10Hid - ok
12:53:20.0875 5396  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
12:53:20.0885 5396  x10nets ( UnsignedFile.Multi.Generic ) - warning
12:53:20.0885 5396  x10nets - detected UnsignedFile.Multi.Generic (1)
12:53:20.0908 5396  [ 6533F30045B0A234783BD8B4069F0433 ] XUIF            C:\Windows\system32\Drivers\x10ufx2.sys
12:53:20.0918 5396  XUIF - ok
12:53:20.0928 5396  ================ Scan global ===============================
12:53:20.0957 5396  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
12:53:20.0980 5396  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
12:53:20.0997 5396  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
12:53:21.0023 5396  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
12:53:21.0030 5396  [Global] - ok
12:53:21.0031 5396  ================ Scan MBR ==================================
12:53:21.0033 5396  [ DD46BDBDC677798D42CCB057D4BDFC92 ] \Device\Harddisk0\DR0
12:53:21.0247 5396  \Device\Harddisk0\DR0 - ok
12:53:21.0259 5396  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
12:53:21.0508 5396  \Device\Harddisk1\DR1 - ok
12:53:21.0509 5396  ================ Scan VBR ==================================
12:53:21.0511 5396  [ FAC856C5AC26EFEEB504A5FC82AC8DD9 ] \Device\Harddisk0\DR0\Partition1
12:53:21.0512 5396  \Device\Harddisk0\DR0\Partition1 - ok
12:53:21.0515 5396  [ AD5BB688BBFAFDC2E7AC44E19A00F31A ] \Device\Harddisk1\DR1\Partition1
12:53:21.0516 5396  \Device\Harddisk1\DR1\Partition1 - ok
12:53:21.0530 5396  [ F2274E9CC0F31EBDC4DA3846BBF057E0 ] \Device\Harddisk1\DR1\Partition2
12:53:21.0531 5396  \Device\Harddisk1\DR1\Partition2 - ok
12:53:21.0532 5396  ============================================================
12:53:21.0532 5396  Scan finished
12:53:21.0532 5396  ============================================================
12:53:21.0542 6108  Detected object count: 7
12:53:21.0542 6108  Actual detected object count: 7
12:53:48.0812 6108  cmnsusbser ( UnsignedFile.Multi.Generic ) - skipped by user
12:53:48.0812 6108  cmnsusbser ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:53:48.0815 6108  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:53:48.0815 6108  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:53:48.0817 6108  MagicTuneEngine ( UnsignedFile.Multi.Generic ) - skipped by user
12:53:48.0817 6108  MagicTuneEngine ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:53:48.0818 6108  StkCMini ( UnsignedFile.Multi.Generic ) - skipped by user
12:53:48.0818 6108  StkCMini ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:53:48.0819 6108  StkSSrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:53:48.0819 6108  StkSSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:53:48.0820 6108  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
12:53:48.0820 6108  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:53:48.0822 6108  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
12:53:48.0822 6108  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 10.10.2012, 13:51

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Heistmer · 11.10.2012, 10:03

Das hab ich nun auch geschafft,

Probleme gab es dabei Combofix zu starten. Das System ist immer bei ca der Hälfte bei verzeichniss C:/32788R22FWJFW hängen geblieben.

Nach mehrfachen versuchen, und zwischenzeitlichen Löschens des Ordners hat es dann geklappt.
Leider bekahm ich dann die Meldung das Avira noch im Hintergrund läuft. Über den Taskmanager habe ich es dann auch gefunden konnte aber auf Grund der Gruppenrichtlinie es nicht deaktivieren. Ich habe dann mittels AutoRuns es deaktiviert bekommen, und dann sogar deinstaliren können.
Danach konte ich Kombofix wieder starten und es gab keine Fehlermeldung

Hier nun das Kombofix Log.

Code:

ATTFilter

ComboFix 12-10-11.01 - Heistmer 11.10.2012  10:17:58.1.4 - x64
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.49.1031.18.3325.1856 [GMT 2:00]
ausgeführt von:: c:\users\Heistmer\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\index.htm
c:\program files (x86)\PluginDL
c:\program files (x86)\PluginDL\axdlplug.inf
c:\program files (x86)\PluginDL\PluginDL.url
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\568DE542ED.sys
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PluginDL
c:\users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PluginDL\HomePage.lnk
c:\windows\Installer\$PatchCache$\Managed\6D79387323DF29048A45A657BCE7AD64\1.5.2060\pst.ini2
c:\windows\IsUn0407.exe
c:\windows\UA000107.DLL
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-11 bis 2012-10-11  ))))))))))))))))))))))))))))))
.
.
2012-10-11 08:29 . 2012-10-11 08:29	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-10-11 08:29 . 2012-10-11 08:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-11 06:06 . 2012-09-13 13:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-11 06:06 . 2012-09-13 13:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-11 06:06 . 2012-08-24 16:07	218624	----a-w-	c:\windows\system32\wintrust.dll
2012-10-11 06:06 . 2012-08-24 15:53	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-11 06:06 . 2012-06-02 00:20	1268736	----a-w-	c:\windows\system32\crypt32.dll
2012-10-11 06:06 . 2012-06-02 00:20	174592	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-11 06:06 . 2012-06-02 00:20	132096	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-11 06:06 . 2012-06-02 00:02	985088	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-11 06:06 . 2012-06-02 00:02	98304	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-11 06:06 . 2012-06-02 00:02	133120	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-11 06:05 . 2012-08-29 11:40	4699520	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-09 11:58 . 2012-08-30 07:27	9308616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5E27317-FF4E-48ED-B38E-F479CE507871}\mpengine.dll
2012-10-09 11:30 . 2012-10-09 20:43	--------	d-----w-	C:\_OTL
2012-10-04 15:06 . 2012-10-04 15:06	--------	d-----w-	c:\program files (x86)\ESET
2012-10-02 18:51 . 2012-10-02 18:51	--------	d-----w-	c:\users\Heistmer\AppData\Roaming\Malwarebytes
2012-10-02 18:51 . 2012-10-02 18:51	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-02 18:51 . 2012-10-02 18:51	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-02 18:51 . 2012-09-07 15:04	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-22 21:57 . 2012-09-22 21:57	--------	d-----w-	c:\users\Heistmer\AppData\Local\NOS
2012-09-11 18:53 . 2012-09-11 18:53	--------	d-----w-	c:\users\Heistmer\AppData\Roaming\MAGIX
2012-09-11 18:53 . 2012-09-11 18:53	--------	d-----w-	c:\users\Heistmer\AppData\Local\Xara
2012-09-11 18:51 . 2012-09-11 18:53	--------	d-----w-	c:\programdata\MAGIX
2012-09-11 18:51 . 2012-09-11 18:51	--------	d-----w-	c:\program files (x86)\MAGIX
2012-09-11 18:50 . 2012-10-02 21:42	--------	d-----w-	c:\programdata\Yahoo!
2012-09-11 18:50 . 2012-09-11 18:50	--------	d-----w-	c:\users\Heistmer\AppData\Roaming\Yahoo!
2012-09-11 18:50 . 2012-09-11 18:50	--------	d-----w-	c:\program files (x86)\Yahoo!
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 20:10 . 2012-08-08 20:10	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-08 20:10 . 2012-08-08 20:10	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStart-Manager"="c:\program files (x86)\Tools&More\Autostart-Manager\AutoStart-Manager.exe" [2012-02-29 401408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMFBoxMonitor"="c:\program files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe" [2008-06-03 1508656]
.
c:\users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - c:\program files (x86)\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-7-2 2298320]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe [2008-6-14 29184]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-19 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\acrord32.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\afterfx.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\exprwd.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\filezilla.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\flashplayer11-2_p2_install_win_ax64_112211.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\flashplayer11-2_p2_uninstall_win_64_112211.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\flipshare.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\magictune.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\mml.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\mmlupdate.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\msoxmled.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\mstore.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\presentationhost.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\switchboard.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\uninstall.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2009-08-18 277904]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2009-08-18 228000]
S3 3xHybr64;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybr64.sys [2008-03-13 1607392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\FRITZ!DSL\\sarah.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 192.168.178.1
DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3}
FF - ProfilePath - c:\users\Heistmer\AppData\Roaming\Mozilla\Firefox\Profiles\7ew9dmkc.default\
FF - prefs.js: browser.search.selectedEngine - FireSearch
FF - prefs.js: browser.startup.homepage - hxxp://www2.firesearch.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-TAPI - c:\windows\IsUn0407.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
AddRemove-bleh eggs link - c:\progra~4\PROXYM~1\AntiPlus.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*êÖtêÖt¾Z¾Zuw&]
@Allowed: (Read) (RestrictedCode)
"0"=hex:56,00,31,00,00,00,00,00,3b,41,58,98,10,00,48,45,49,53,54,4d,7e,31,00,
   00,3e,00,07,00,04,00,ef,be,2f,41,e6,8e,3b,41,58,98,26,00,00,00,48,a3,07,00,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:56,00,31,00,00,00,00,00,3b,41,e0,9b,10,00,48,45,49,53,54,4d,7e,31,00,
   00,3e,00,07,00,04,00,ef,be,2f,41,e6,8e,3b,41,e0,9b,26,00,00,00,48,a3,07,00,\
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*ê
v¾ZƒZbÙžYš7*\À7*Ð•7*]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,00,31,00,00,00,00,00,fd,40,bc,6b,10,00,44,45,52,54,4f,49,7e,31,00,
   00,4e,00,07,00,04,00,ef,be,f5,40,62,99,fd,40,bc,6b,26,00,00,00,f1,45,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*ê1vê1v¾Zž`£Ä"]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,00,31,00,00,00,00,00,c6,40,f6,9a,10,00,54,4f,57,45,52,2d,7e,31,00,
   00,4e,00,07,00,04,00,ef,be,96,40,ee,5e,c6,40,f6,9a,26,00,00,00,23,72,07,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*ê8vê8v¾ZF_Ú¬kÃ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,00,31,00,00,00,00,00,b9,40,20,8e,10,00,54,4f,57,45,52,2d,7e,31,00,
   00,4e,00,07,00,04,00,ef,be,96,40,ee,5e,b9,40,20,8e,26,00,00,00,23,72,07,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png êpvêpv¾ZX_
°rC]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,00,31,00,00,00,00,00,b6,40,0f,a0,10,00,54,4f,57,45,52,2d,7e,31,00,
   00,4e,00,07,00,04,00,ef,be,96,40,ee,5e,b6,40,0f,a0,26,00,00,00,23,72,07,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*ê›vê›v¾Zæa	Äâ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:52,00,31,00,00,00,00,00,ef,40,56,43,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,ef,40,56,43,26,00,00,00,fe,a1,03,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*êœvêœv¾Zbén¢]
@Allowed: (Read) (RestrictedCode)
"0"=hex:52,00,31,00,00,00,00,00,3f,40,1b,ad,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,3f,40,1b,ad,26,00,00,00,fe,a1,03,00,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:52,00,31,00,00,00,00,00,41,40,07,a8,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,41,40,07,a8,26,00,00,00,fe,a1,03,00,\
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*êžv¾ZÈf*œÁ*X”+*œº+*+*]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,00,31,00,00,00,00,00,9a,40,d7,a5,10,00,54,4f,57,45,52,2d,7e,31,00,
   00,4e,00,07,00,04,00,ef,be,96,40,ee,5e,9a,40,d7,a5,26,00,00,00,23,72,07,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*êñvêñv¾ZOWëŠŒû]
@Allowed: (Read) (RestrictedCode)
"0"=hex:56,00,31,00,00,00,00,00,2f,41,29,93,10,00,48,45,49,53,54,4d,7e,31,00,
   00,3e,00,07,00,04,00,ef,be,2f,41,e6,8e,2f,41,29,93,26,00,00,00,48,a3,07,00,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:56,00,31,00,00,00,00,00,2f,41,47,93,10,00,48,45,49,53,54,4d,7e,31,00,
   00,3e,00,07,00,04,00,ef,be,2f,41,e6,8e,2f,41,47,93,26,00,00,00,48,a3,07,00,\
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*êwêw¾Z[?àó1]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,00,31,00,00,00,00,00,a2,40,cb,9e,10,00,54,4f,57,45,52,2d,7e,31,00,
   00,4e,00,07,00,04,00,ef,be,96,40,ee,5e,a2,40,cb,9e,26,00,00,00,23,72,07,00,\
"MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:66,00,31,00,00,00,00,00,a2,40,2b,9f,10,00,54,4f,57,45,52,2d,7e,31,00,
   00,4e,00,07,00,04,00,ef,be,96,40,ee,5e,a2,40,2b,9f,26,00,00,00,23,72,07,00,\
"2"=hex:66,00,31,00,00,00,00,00,a2,40,83,a0,10,00,54,4f,57,45,52,2d,7e,31,00,
   00,4e,00,07,00,04,00,ef,be,96,40,ee,5e,a2,40,83,a0,26,00,00,00,23,72,07,00,\
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*¾ZƒZÞÅžY]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,00,31,00,00,00,00,00,fd,40,e1,54,10,00,44,45,52,54,4f,49,7e,31,00,
   00,4e,00,07,00,04,00,ef,be,f5,40,62,99,fd,40,e1,54,26,00,00,00,f1,45,00,00,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:66,00,31,00,00,00,00,00,fd,40,ac,76,10,00,44,45,52,54,4f,49,7e,31,00,
   00,4e,00,07,00,04,00,ef,be,f5,40,62,99,fd,40,ac,76,26,00,00,00,f1,45,00,00,\
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*¾Z]’*Æ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:56,00,31,00,00,00,00,00,30,41,dd,4a,10,00,48,45,49,53,54,4d,7e,31,00,
   00,3e,00,07,00,04,00,ef,be,2f,41,e6,8e,30,41,dd,4a,26,00,00,00,48,a3,07,00,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:56,00,31,00,00,00,00,00,32,41,43,a2,10,00,48,45,49,53,54,4d,7e,31,00,
   00,3e,00,07,00,04,00,ef,be,2f,41,e6,8e,32,41,43,a2,26,00,00,00,48,a3,07,00,\
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*¾Z…cKù&¢]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,00,31,00,00,00,00,00,bf,40,46,87,10,00,54,4f,57,45,52,2d,7e,31,00,
   00,4e,00,07,00,04,00,ef,be,96,40,ee,5e,bf,40,46,87,26,00,00,00,23,72,07,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*¾ZÈfÁ*]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,00,31,00,00,00,00,00,9a,40,14,a3,10,00,54,4f,57,45,52,2d,7e,31,00,
   00,4e,00,07,00,04,00,ef,be,96,40,ee,5e,9a,40,14,a3,26,00,00,00,23,72,07,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*êÌuêÌu¾Z2_2î£]
@Allowed: (Read) (RestrictedCode)
"0"=hex:52,00,31,00,00,00,00,00,ba,40,1a,a2,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,ba,40,1a,a2,26,00,00,00,fe,a1,03,00,\
"MRUListEx"=hex:04,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,ff,
   ff,ff,ff
"1"=hex:52,00,31,00,00,00,00,00,ba,40,1a,a2,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,ba,40,1a,a2,26,00,00,00,fe,a1,03,00,\
"2"=hex:52,00,31,00,00,00,00,00,ba,40,1a,a2,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,ba,40,1a,a2,26,00,00,00,fe,a1,03,00,\
"3"=hex:52,00,31,00,00,00,00,00,ba,40,1a,a2,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,ba,40,1a,a2,26,00,00,00,fe,a1,03,00,\
"4"=hex:52,00,31,00,00,00,00,00,ba,40,1a,a2,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,ba,40,1a,a2,26,00,00,00,fe,a1,03,00,\
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*ê*vê*v¾Zò^ÓŽù>]
@Allowed: (Read) (RestrictedCode)
"0"=hex:52,00,31,00,00,00,00,00,35,40,80,a6,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,35,40,80,a6,26,00,00,00,fe,a1,03,00,\
"MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:52,00,31,00,00,00,00,00,35,40,47,ac,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,35,40,47,ac,26,00,00,00,fe,a1,03,00,\
"2"=hex:52,00,31,00,00,00,00,00,35,40,64,af,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,35,40,64,af,26,00,00,00,fe,a1,03,00,\
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*¾Zú`ÚÄ;]
@Allowed: (Read) (RestrictedCode)
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
   00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*¾Za[2bF]
@Allowed: (Read) (RestrictedCode)
"0"=hex:52,00,31,00,00,00,00,00,47,40,e1,ae,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,47,40,e1,ae,26,00,00,00,fe,a1,03,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*¾Z”j>{ßb]
@Allowed: (Read) (RestrictedCode)
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
   00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
   00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
   00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*¾Z·pR\³]
@Allowed: (Read) (RestrictedCode)
"0"=hex:52,00,31,00,00,00,00,00,ec,40,f2,9e,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,ec,40,f2,9e,26,00,00,00,fe,a1,03,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pspimage*›vê›v¾ZæaªÄâ`š]*¤À]*–]*]
@Allowed: (Read) (RestrictedCode)
"0"=hex:52,00,31,00,00,00,00,00,ef,40,56,43,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,ef,40,56,43,26,00,00,00,fe,a1,03,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pspimage*}-Bþÿÿÿêžvêžv¾ZÈf*œÁ*X”+*œº+*+*]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,00,31,00,00,00,00,00,9a,40,8a,a3,10,00,54,4f,57,45,52,2d,7e,31,00,
   00,4e,00,07,00,04,00,ef,be,96,40,ee,5e,9a,40,8a,a3,26,00,00,00,23,72,07,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pspimage*ø¯uÀõþÿÿÿê¥uê¥u¾ZDaa—Ê]
@Allowed: (Read) (RestrictedCode)
"0"=hex:52,00,31,00,00,00,00,00,51,40,cd,b0,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,51,40,cd,b0,26,00,00,00,fe,a1,03,00,\
"MRUListEx"=hex:0e,00,00,00,0d,00,00,00,0c,00,00,00,0b,00,00,00,0a,00,00,00,09,
   00,00,00,08,00,00,00,07,00,00,00,06,00,00,00,05,00,00,00,04,00,00,00,03,00,\
"1"=hex:52,00,31,00,00,00,00,00,54,40,4e,98,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,4e,98,26,00,00,00,fe,a1,03,00,\
"2"=hex:52,00,31,00,00,00,00,00,54,40,73,98,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,73,98,26,00,00,00,fe,a1,03,00,\
"3"=hex:52,00,31,00,00,00,00,00,54,40,92,98,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,92,98,26,00,00,00,fe,a1,03,00,\
"4"=hex:52,00,31,00,00,00,00,00,54,40,ac,98,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,ac,98,26,00,00,00,fe,a1,03,00,\
"5"=hex:52,00,31,00,00,00,00,00,54,40,ca,98,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,ca,98,26,00,00,00,fe,a1,03,00,\
"6"=hex:52,00,31,00,00,00,00,00,54,40,e5,98,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,e5,98,26,00,00,00,fe,a1,03,00,\
"7"=hex:52,00,31,00,00,00,00,00,54,40,02,99,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,02,99,26,00,00,00,fe,a1,03,00,\
"8"=hex:52,00,31,00,00,00,00,00,54,40,19,99,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,19,99,26,00,00,00,fe,a1,03,00,\
"9"=hex:52,00,31,00,00,00,00,00,54,40,36,99,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,36,99,26,00,00,00,fe,a1,03,00,\
"10"=hex:52,00,31,00,00,00,00,00,54,40,74,99,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,74,99,26,00,00,00,fe,a1,03,00,\
"11"=hex:52,00,31,00,00,00,00,00,54,40,b9,99,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,b9,99,26,00,00,00,fe,a1,03,00,\
"12"=hex:52,00,31,00,00,00,00,00,54,40,80,9a,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,80,9a,26,00,00,00,fe,a1,03,00,\
"13"=hex:52,00,31,00,00,00,00,00,54,40,ca,9a,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,ca,9a,26,00,00,00,fe,a1,03,00,\
"14"=hex:52,00,31,00,00,00,00,00,54,40,eb,9a,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,eb,9a,26,00,00,00,fe,a1,03,00,\
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pspimage ø¯uÀõþÿÿÿê¥uê¥u¾ZDaá
—Ê]
@Allowed: (Read) (RestrictedCode)
"0"=hex:52,00,31,00,00,00,00,00,54,40,0b,9b,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,0b,9b,26,00,00,00,fe,a1,03,00,\
"MRUListEx"=hex:0a,00,00,00,09,00,00,00,08,00,00,00,07,00,00,00,06,00,00,00,05,
   00,00,00,04,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,\
"1"=hex:52,00,31,00,00,00,00,00,54,40,b8,9d,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,b8,9d,26,00,00,00,fe,a1,03,00,\
"2"=hex:52,00,31,00,00,00,00,00,54,40,8c,a6,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,8c,a6,26,00,00,00,fe,a1,03,00,\
"3"=hex:52,00,31,00,00,00,00,00,54,40,d8,a6,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,d8,a6,26,00,00,00,fe,a1,03,00,\
"4"=hex:52,00,31,00,00,00,00,00,54,40,46,a7,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,46,a7,26,00,00,00,fe,a1,03,00,\
"5"=hex:52,00,31,00,00,00,00,00,54,40,4a,a7,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,4a,a7,26,00,00,00,fe,a1,03,00,\
"6"=hex:52,00,31,00,00,00,00,00,54,40,5d,a7,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,5d,a7,26,00,00,00,fe,a1,03,00,\
"7"=hex:52,00,31,00,00,00,00,00,54,40,0f,a8,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,0f,a8,26,00,00,00,fe,a1,03,00,\
"8"=hex:52,00,31,00,00,00,00,00,54,40,21,a8,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,21,a8,26,00,00,00,fe,a1,03,00,\
"9"=hex:52,00,31,00,00,00,00,00,54,40,37,a8,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,37,a8,26,00,00,00,fe,a1,03,00,\
"10"=hex:52,00,31,00,00,00,00,00,54,40,49,a8,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,54,40,49,a8,26,00,00,00,fe,a1,03,00,\
.
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pspimage ø
v,ßPTþÿÿÿê vê v¾Zò^ÓŽù>]
@Allowed: (Read) (RestrictedCode)
"0"=hex:52,00,31,00,00,00,00,00,35,40,e3,bc,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,35,40,e3,bc,26,00,00,00,fe,a1,03,00,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:52,00,31,00,00,00,00,00,35,40,7a,be,10,00,68,6f,63,68,7a,65,69,74,00,
   00,3a,00,07,00,04,00,ef,be,35,40,b8,a4,35,40,7a,be,26,00,00,00,fe,a1,03,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_400_252_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_400_252_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:b5,58,57,e5,b4,98,13,5e,68,e9,00,b7,64,94,bb,28,9f,7f,e7,a7,f3,
   09,ab,5a,37,76,eb,9d,e0,6e,51,aa,0b,a7,21,cc,f1,30,44,f7,c5,c7,8a,40,6c,d7,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_400_252_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_400_252_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_400_252.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_400_252.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_400_252.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_400_252.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\0\win32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_400_252.ocx"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\FLAGS]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR]
@="c:\\Windows\\system32\\Macromed\\Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\FLAGS]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\HELPDIR]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_400_252_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
"RasTimeoutResponseWait"=dword:00000032
"RasTimeoutPause"=dword:00000005
"ConnectTypesAllowed"=dword:0000000a
"CheckPasswordTimeoutSeconds"=dword:00000014
"WaitV2TimeoutSeconds"=dword:00000004
"SerialPort"="Bluetooth"
"HasUsbDevice"=dword:00000000
"SerialBaudRate"=dword:0001c200
"DeviceType"=""
"DeviceOemInfo"=""
"DeviceVersion"=dword:04401504
"DeviceProcessorType"=dword:00000000
"DeviceProcessor"=""
"DTPTNetworkType"="{0}"
"DisableIr"=dword:00000000
"GuestOnly"=dword:00000000
"MajorVersion"=dword:00000006
"MinorVersion"=dword:00000000
"InstalledDir"=expand:"%windir%\\WindowsMobile"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:b5,58,57,e5,b4,98,13,5e,68,e9,00,b7,64,94,bb,28,9f,7f,e7,a7,f3,
   09,ab,5a,37,76,eb,9d,e0,6e,51,aa,0b,a7,21,cc,f1,30,44,f7,c5,c7,8a,40,6c,d7,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-10-11  10:34:27
ComboFix-quarantined-files.txt  2012-10-11 08:34
.
Vor Suchlauf: 16 Verzeichnis(se), 29.150.113.792 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 28.972.433.408 Bytes frei
.
- - End Of File - - FAC62B0F29F3CB50D64FEB2D16B49A6A

cosinus · 11.10.2012, 14:07

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Heistmer · 11.10.2012, 18:19

GMER lief ohne Probleme.

Bei Osam finde ich leider das LOG nicht. In der Anleitung ist ja beschrieben das ich auf Save Log klicken soll. Wenn ich das mache bekomm ich aber keinen speicher unter bildschim. Ich habe auch mit der Windows Suche nach neuen Dateien gesucht, aber nix gefunden.
Ich habe jetzt erst mal ein JPG mit angehängt vielleicht reicht das ja.

ASW ist auch durch.

Hier die LOG's

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-11 16:23:05
Windows 6.0.6002 Service Pack 2 
Running: 1circqqp.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016930002a5                                          
Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016930002a5@00188d74fb1d                             0x31 0xCF 0xCC 0x2A ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xD1 0x94 0xEA 0x82 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x75 0x1A 0xE6 0x2C ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xF8 0xFF 0xE1 0x5D ...
Reg  HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016930002a5 (not active ControlSet)                      
Reg  HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016930002a5@00188d74fb1d                                 0x31 0xCF 0xCC 0x2A ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xD1 0x94 0xEA 0x82 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x75 0x1A 0xE6 0x2C ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xF8 0xFF 0xE1 0x5D ...

---- EOF - GMER 1.0.15 ----

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-11 18:04:59
-----------------------------
18:04:59.079    OS Version: Windows x64 6.0.6002 Service Pack 2
18:04:59.079    Number of processors: 4 586 0xF0B
18:04:59.080    ComputerName: Heistmer-ONE  UserName: Heistmer
18:05:01.724    Initialize success
18:06:51.059    AVAST engine defs: 12101100
18:07:23.325    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
18:07:23.327    Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
18:07:23.329    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-6
18:07:23.331    Disk 1 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
18:07:23.336    Disk 1 MBR read successfully
18:07:23.338    Disk 1 MBR scan
18:07:23.348    Disk 1 Windows VISTA default MBR code
18:07:23.360    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS       461940 MB offset 2048
18:07:23.364    Disk 1 Partition - 00     0F Extended LBA             14998 MB offset 946055168
18:07:23.398    Disk 1 Partition 2 00     0B        FAT32 MSDOS5.0    14997 MB offset 946057216
18:07:23.434    Disk 1 scanning C:\Windows\system32\drivers
18:07:33.574    Service scanning
18:07:51.743    Modules scanning
18:07:51.749    Disk 1 trace - called modules:
18:07:51.795    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
18:07:51.799    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004fd5060]
18:07:51.802    3 CLASSPNP.SYS[fffffa6000b56c33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-6[0xfffffa800383d940]
18:07:54.026    AVAST engine scan C:\Windows
18:07:59.826    AVAST engine scan C:\Windows\system32
18:11:38.062    AVAST engine scan C:\Windows\system32\drivers
18:12:00.765    AVAST engine scan C:\Users\Heistmer
18:53:46.716    Disk 1 MBR has been saved successfully to "C:\Users\Heistmer\Desktop\MBR.dat"
18:53:46.721    The log file has been saved successfully to "C:\Users\Heistmer\Desktop\aswMBR.txt"

cosinus · 12.10.2012, 09:32

Ist schon ok, OSAM funktioniert nicht immter auf einem 64-Bit-Vista

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Heistmer · 12.10.2012, 20:13

Sooo, die Scans sind durch,

Malware:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.12.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Heistmer :: Heistmer-ONE [Administrator]

Schutz: Aktiviert

12.10.2012 15:19:54
mbam-log-2012-10-12 (18-54-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 816316
Laufzeit: 2 Stunde(n), 19 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0


(Ende)

Und Super Antispyware

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/12/2012 at 08:41 PM

Application Version : 5.6.1010

Core Rules Database Version : 9394
Trace Rules Database Version: 7206

Scan type       : Complete Scan
Total Scan Time : 01:37:35

Operating System Information
Windows Vista Ultimate 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User

Memory items scanned      : 330
Memory threats detected   : 0
Registry items scanned    : 73482
Registry threats detected : 30
File items scanned        : 171081
File threats detected     : 138

Security.HiJack[ImageFileExecutionOptions]
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AFTERFX.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AFTERFX.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPRWD.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPRWD.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FILEZILLA.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FILEZILLA.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLASHPLAYER11-2_P2_INSTALL_WIN_AX64_112211.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLASHPLAYER11-2_P2_INSTALL_WIN_AX64_112211.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLASHPLAYER11-2_P2_UNINSTALL_WIN_64_112211.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLASHPLAYER11-2_P2_UNINSTALL_WIN_64_112211.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLIPSHARE.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLIPSHARE.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MAGICTUNE.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MAGICTUNE.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MML.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MML.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MMLUPDATE.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MMLUPDATE.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PRESENTATIONHOST.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PRESENTATIONHOST.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWITCHBOARD.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWITCHBOARD.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINSTALL.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINSTALL.EXE#Debugger

Adware.Tracking Cookie
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\H9REJC93.txt [ /smartadserver.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\9SW4DVEG.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\2PC6SPWV.txt [ /ad.360yield.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\2PA1EOMX.txt [ /webmasterplan.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\M3DP8J0H.txt [ /revsci.net ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\SE1X7PT1.txt [ /server.adformdsp.net ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\YJ98HIGN.txt [ /de.sitestat.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\TSBX45HM.txt [ /ad.zanox.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\MSNXW35C.txt [ /ads.verticalscope.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\W0TEL8PU.txt [ /zanox.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\JHN46Q3Q.txt [ /adbrite.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\2KUVBYQ6.txt [ /serving-sys.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\Z8D0T2QC.txt [ /bs.serving-sys.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\3B7SGKCZ.txt [ /adx2.chip.de ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\0CYUK3GB.txt [ /stat.dealtime.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\V6QX6E7M.txt [ /edates.traffective-tracking.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\O3MW8204.txt [ /de.sitestat.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\Q0AEM54X.txt [ /xiti.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\PCTWOYQ6.txt [ /ad4.adfarm1.adition.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\TNEXPOCN.txt [ /at.atwola.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\X80Z9N80.txt [ /adfarm1.adition.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\QPUODD2R.txt [ /tracker.vinsight.de ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\TBL4015A.txt [ /ru4.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\53S0SWXF.txt [ /ad.ad-srv.net ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\IXHLO1XA.txt [ /amazon-adsystem.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\00AQJO3G.txt [ /clickfuse.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\JYDPFUYL.txt [ /www.googleadservices.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\MX4C4S53.txt [ /ad.yieldmanager.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\B5ZRO0BC.txt [ /invitemedia.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\WTNN4HFD.txt [ /tracking.mobile.de ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\1BSUM3RG.txt [ /ec-track.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\JFJ1PQ9O.txt [ /ar.atwola.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\DAWRBYIN.txt [ /eas.apm.emediate.eu ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\6HKB0JSJ.txt [ /de.sitestat.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\YR6QYNDX.txt [ /ads.creative-serving.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\MHPDVD0X.txt [ /uk.at.atwola.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\RX22PSP2.txt [ /tacoda.at.atwola.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\ANZ2A4PZ.txt [ /stats.deka.de ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\Q25NNMHI.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\K4TU3X4S.txt [ /www.etracker.de ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\TL2AXY93.txt [ /atwola.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\26I6D3CZ.txt [ /adx.chip.de ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\4U5KNPUU.txt [ /adtech.de ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\L1K914P0.txt [ /ad.lokalisten.de ]
	C:\USERS\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\NEMYJ8LK.txt [ Cookie:Heistmer@www.tomtom.com/livetraffic ]
	C:\USERS\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\2LDZT3EC.txt [ Cookie:Heistmer@adsonar.com/adserving ]
	C:\USERS\Heistmer\Cookies\H9REJC93.txt [ Cookie:Heistmer@smartadserver.com/ ]
	C:\USERS\Heistmer\Cookies\9SW4DVEG.txt [ Cookie:Heistmer@ad3.adfarm1.adition.com/ ]
	C:\USERS\Heistmer\Cookies\NEMYJ8LK.txt [ Cookie:Heistmer@www.tomtom.com/livetraffic ]
	C:\USERS\Heistmer\Cookies\M3DP8J0H.txt [ Cookie:Heistmer@revsci.net/ ]
	C:\USERS\Heistmer\Cookies\SE1X7PT1.txt [ Cookie:Heistmer@server.adformdsp.net/ ]
	C:\USERS\Heistmer\Cookies\YJ98HIGN.txt [ Cookie:Heistmer@de.sitestat.com/is24-mail/is24-mail/ ]
	C:\USERS\Heistmer\Cookies\W0TEL8PU.txt [ Cookie:Heistmer@zanox.com/ ]
	C:\USERS\Heistmer\Cookies\2KUVBYQ6.txt [ Cookie:Heistmer@serving-sys.com/ ]
	C:\USERS\Heistmer\Cookies\Z8D0T2QC.txt [ Cookie:Heistmer@bs.serving-sys.com/ ]
	C:\USERS\Heistmer\Cookies\3B7SGKCZ.txt [ Cookie:Heistmer@adx2.chip.de/ ]
	C:\USERS\Heistmer\Cookies\V6QX6E7M.txt [ Cookie:Heistmer@edates.traffective-tracking.com/ ]
	C:\USERS\Heistmer\Cookies\O3MW8204.txt [ Cookie:Heistmer@de.sitestat.com/sport1/ ]
	C:\USERS\Heistmer\Cookies\Q0AEM54X.txt [ Cookie:Heistmer@xiti.com/ ]
	C:\USERS\Heistmer\Cookies\PCTWOYQ6.txt [ Cookie:Heistmer@ad4.adfarm1.adition.com/ ]
	C:\USERS\Heistmer\Cookies\TNEXPOCN.txt [ Cookie:Heistmer@at.atwola.com/ ]
	C:\USERS\Heistmer\Cookies\X80Z9N80.txt [ Cookie:Heistmer@adfarm1.adition.com/ ]
	C:\USERS\Heistmer\Cookies\TBL4015A.txt [ Cookie:Heistmer@ru4.com/ ]
	C:\USERS\Heistmer\Cookies\IXHLO1XA.txt [ Cookie:Heistmer@amazon-adsystem.com/ ]
	C:\USERS\Heistmer\Cookies\00AQJO3G.txt [ Cookie:Heistmer@clickfuse.com/ ]
	C:\USERS\Heistmer\Cookies\MX4C4S53.txt [ Cookie:Heistmer@ad.yieldmanager.com/ ]
	C:\USERS\Heistmer\Cookies\B5ZRO0BC.txt [ Cookie:Heistmer@invitemedia.com/ ]
	C:\USERS\Heistmer\Cookies\WTNN4HFD.txt [ Cookie:Heistmer@tracking.mobile.de/ ]
	C:\USERS\Heistmer\Cookies\JFJ1PQ9O.txt [ Cookie:Heistmer@ar.atwola.com/ ]
	C:\USERS\Heistmer\Cookies\DAWRBYIN.txt [ Cookie:Heistmer@eas.apm.emediate.eu/ ]
	C:\USERS\Heistmer\Cookies\6HKB0JSJ.txt [ Cookie:Heistmer@de.sitestat.com/sport1/sport1-de/ ]
	C:\USERS\Heistmer\Cookies\MHPDVD0X.txt [ Cookie:Heistmer@uk.at.atwola.com/ ]
	C:\USERS\Heistmer\Cookies\2LDZT3EC.txt [ Cookie:Heistmer@adsonar.com/adserving ]
	C:\USERS\Heistmer\Cookies\RX22PSP2.txt [ Cookie:Heistmer@tacoda.at.atwola.com/ ]
	C:\USERS\Heistmer\Cookies\ANZ2A4PZ.txt [ Cookie:Heistmer@stats.deka.de/track/ ]
	C:\USERS\Heistmer\Cookies\Q25NNMHI.txt [ Cookie:Heistmer@ad2.adfarm1.adition.com/ ]
	C:\USERS\Heistmer\Cookies\K4TU3X4S.txt [ Cookie:Heistmer@www.etracker.de/ ]
	C:\USERS\Heistmer\Cookies\TL2AXY93.txt [ Cookie:Heistmer@atwola.com/ ]
	C:\USERS\Heistmer\Cookies\4U5KNPUU.txt [ Cookie:Heistmer@adtech.de/ ]
	s0.2mdn.net [ C:\USERS\Heistmer\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F6ZMF8VW ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@AD-HOC-NEWS[2].TXT [ /AD-HOC-NEWS ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@AD.71I[1].TXT [ /AD.71I ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@AD.ADNET[3].TXT [ /AD.ADNET ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@AD.BEEPWORLD[1].TXT [ /AD.BEEPWORLD ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@AD.IEUROP[2].TXT [ /AD.IEUROP ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@AD.ZANOX[1].TXT [ /AD.ZANOX ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADBRITE[1].TXT [ /ADBRITE ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADINTERAX[1].TXT [ /ADINTERAX ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADREVOLVER[2].TXT [ /ADREVOLVER ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.ADSHOPPING[2].TXT [ /ADS.ADSHOPPING ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.FETTSPIELEN[2].TXT [ /ADS.FETTSPIELEN ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.HEIAS[1].TXT [ /ADS.HEIAS ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.JINKADS[1].TXT [ /ADS.JINKADS ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.KOMPLADS[2].TXT [ /ADS.KOMPLADS ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.ONTECNIA[2].TXT [ /ADS.ONTECNIA ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.POINTROLL[2].TXT [ /ADS.POINTROLL ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.REVSCI[1].TXT [ /ADS.REVSCI ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.SUN[1].TXT [ /ADS.SUN ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.TOOSHOCKING[1].TXT [ /ADS.TOOSHOCKING ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.TUNINGSUCHE[1].TXT [ /ADS.TUNINGSUCHE ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS3.EXP[2].TXT [ /ADS3.EXP ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADSERVER.FILEFRONT[1].TXT [ /ADSERVER.FILEFRONT ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADULTFRIENDFINDER[1].TXT [ /ADULTFRIENDFINDER ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADVIVA[2].TXT [ /ADVIVA ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@AUTOSCOUT24.112.2O7[1].TXT [ /AUTOSCOUT24.112.2O7 ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@CASALEMEDIA[2].TXT [ /CASALEMEDIA ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@DE2.KOMTRACK[2].TXT [ /DE2.KOMTRACK ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@DISCOUNT24.QUARTERSERVER[1].TXT [ /DISCOUNT24.QUARTERSERVER ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@E-2DJ6WGKYQJD5MAP.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WGKYQJD5MAP.STATS.ESOMNITURE ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@E-2DJ6WJK4UICZMDP.STATS.ESOMNITURE[1].TXT [ /E-2DJ6WJK4UICZMDP.STATS.ESOMNITURE ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@FASTCLICK[1].TXT [ /FASTCLICK ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@FILEUPLOADX[1].TXT [ /FILEUPLOADX ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@GOSTATS[1].TXT [ /GOSTATS ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@HITBOX[1].TXT [ /HITBOX ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@INDEXTOOLS[1].TXT [ /INDEXTOOLS ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@KOMTRACK[1].TXT [ /KOMTRACK ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@KUNDEN.WUNDERMEDIA[1].TXT [ /KUNDEN.WUNDERMEDIA ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@LOCALPORTAL24DE.112.2O7[1].TXT [ /LOCALPORTAL24DE.112.2O7 ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@MEDIA.FUNPIC[1].TXT [ /MEDIA.FUNPIC ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@MEDIA.MTVNSERVICES[1].TXT [ /MEDIA.MTVNSERVICES ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@PARTNERS.WEBMASTERPLAN[1].TXT [ /PARTNERS.WEBMASTERPLAN ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@PORNTUBE[2].TXT [ /PORNTUBE ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@RICHMEDIA.YAHOO[2].TXT [ /RICHMEDIA.YAHOO ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@S2.TRAFFICMAXX[1].TXT [ /S2.TRAFFICMAXX ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@SALES.LIVEPERSON[3].TXT [ /SALES.LIVEPERSON ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@SEXYJODHPURS[2].TXT [ /SEXYJODHPURS ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@SOFTONIC.112.2O7[1].TXT [ /SOFTONIC.112.2O7 ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@STAT.DEALTIME[2].TXT [ /STAT.DEALTIME ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@STATSE.WEBTRENDSLIVE[1].TXT [ /STATSE.WEBTRENDSLIVE ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@TACODA[2].TXT [ /TACODA ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@TTO2.TRAFFICTRACK[1].TXT [ /TTO2.TRAFFICTRACK ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@WEBMASTERPLAN[1].TXT [ /WEBMASTERPLAN ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@WEBORAMA[1].TXT [ /WEBORAMA ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@WWW.DISCOUNT24[1].TXT [ /WWW.DISCOUNT24 ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@WWW.DISCOUNT24[2].TXT [ /WWW.DISCOUNT24 ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@WWW.GAMESBANNER[1].TXT [ /WWW.GAMESBANNER ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@YADRO[2].TXT [ /YADRO ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ZBOX.ZANOX[2].TXT [ /ZBOX.ZANOX ]

cosinus · 12.10.2012, 21:02

Code:

ATTFilter

UAC On - Limited User

Wie hast du SUPERAntiSpyware gestartet? Einfach per Doppelklick?

Bitte so wie es in der Anleitung steht auch ausführen!

Zitat:

Zitat von cosinus

Teil 2: Programm ausführen
Das Programm wurde nun installiert, eine Verknüpfung auf dem Desktop sollte erstellt worden sein. Nachdem du es gestartet hast, wird es sich erstmalig beim Updateserver nach neuen Schädlingssignaturen umsehen und Updates installieren. Diesen Vorgang NICHT abbrechen!

Benutzer mit Windows Vista und Windows 7 starten das Tool bitte wieder per Rechtsklick => als Administrator ausführen!

Heistmer · 13.10.2012, 14:18

Hallo, das kann ich nicht ausschliessen. Da muss ich mich immer zu zwingen, und bin mich auch zuvor schon immer ein paar mal erwischt das ich das wie gewohnt mit dem Doppelklick gemacht habe. Es ist irgendwie so drinn.

Neues Log

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/13/2012 at 03:01 PM

Application Version : 5.6.1010

Core Rules Database Version : 9398
Trace Rules Database Version: 7210

Scan type       : Complete Scan
Total Scan Time : 04:58:45

Operating System Information
Windows Vista Ultimate 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 670
Memory threats detected   : 0
Registry items scanned    : 74377
Registry threats detected : 30
File items scanned        : 471607
File threats detected     : 139

Security.HiJack[ImageFileExecutionOptions]
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AFTERFX.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AFTERFX.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPRWD.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPRWD.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FILEZILLA.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FILEZILLA.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLASHPLAYER11-2_P2_INSTALL_WIN_AX64_112211.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLASHPLAYER11-2_P2_INSTALL_WIN_AX64_112211.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLASHPLAYER11-2_P2_UNINSTALL_WIN_64_112211.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLASHPLAYER11-2_P2_UNINSTALL_WIN_64_112211.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLIPSHARE.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLIPSHARE.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MAGICTUNE.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MAGICTUNE.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MML.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MML.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MMLUPDATE.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MMLUPDATE.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PRESENTATIONHOST.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PRESENTATIONHOST.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWITCHBOARD.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWITCHBOARD.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINSTALL.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINSTALL.EXE#Debugger

Adware.Tracking Cookie
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\H9REJC93.txt [ /smartadserver.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\9SW4DVEG.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\2PC6SPWV.txt [ /ad.360yield.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\2PA1EOMX.txt [ /webmasterplan.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\M3DP8J0H.txt [ /revsci.net ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\SE1X7PT1.txt [ /server.adformdsp.net ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\YJ98HIGN.txt [ /de.sitestat.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\TSBX45HM.txt [ /ad.zanox.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\MSNXW35C.txt [ /ads.verticalscope.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\W0TEL8PU.txt [ /zanox.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\JHN46Q3Q.txt [ /adbrite.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\2KUVBYQ6.txt [ /serving-sys.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\Z8D0T2QC.txt [ /bs.serving-sys.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\3B7SGKCZ.txt [ /adx2.chip.de ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\0CYUK3GB.txt [ /stat.dealtime.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\V6QX6E7M.txt [ /edates.traffective-tracking.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\O3MW8204.txt [ /de.sitestat.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\Q0AEM54X.txt [ /xiti.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\PCTWOYQ6.txt [ /ad4.adfarm1.adition.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\TNEXPOCN.txt [ /at.atwola.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\X80Z9N80.txt [ /adfarm1.adition.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\QPUODD2R.txt [ /tracker.vinsight.de ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\TBL4015A.txt [ /ru4.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\53S0SWXF.txt [ /ad.ad-srv.net ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\IXHLO1XA.txt [ /amazon-adsystem.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\00AQJO3G.txt [ /clickfuse.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\JYDPFUYL.txt [ /www.googleadservices.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\MX4C4S53.txt [ /ad.yieldmanager.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\B5ZRO0BC.txt [ /invitemedia.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\WTNN4HFD.txt [ /tracking.mobile.de ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\1BSUM3RG.txt [ /ec-track.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\JFJ1PQ9O.txt [ /ar.atwola.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\DAWRBYIN.txt [ /eas.apm.emediate.eu ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\6HKB0JSJ.txt [ /de.sitestat.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\YR6QYNDX.txt [ /ads.creative-serving.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\MHPDVD0X.txt [ /uk.at.atwola.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\RX22PSP2.txt [ /tacoda.at.atwola.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\ANZ2A4PZ.txt [ /stats.deka.de ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\Q25NNMHI.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\K4TU3X4S.txt [ /www.etracker.de ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\TL2AXY93.txt [ /atwola.com ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\26I6D3CZ.txt [ /adx.chip.de ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\4U5KNPUU.txt [ /adtech.de ]
	C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\L1K914P0.txt [ /ad.lokalisten.de ]
	C:\USERS\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\NEMYJ8LK.txt [ Cookie:Heistmer@www.tomtom.com/livetraffic ]
	C:\USERS\Heistmer\AppData\Roaming\Microsoft\Windows\Cookies\2LDZT3EC.txt [ Cookie:Heistmer@adsonar.com/adserving ]
	C:\USERS\Heistmer\Cookies\H9REJC93.txt [ Cookie:Heistmer@smartadserver.com/ ]
	C:\USERS\Heistmer\Cookies\9SW4DVEG.txt [ Cookie:Heistmer@ad3.adfarm1.adition.com/ ]
	C:\USERS\Heistmer\Cookies\NEMYJ8LK.txt [ Cookie:Heistmer@www.tomtom.com/livetraffic ]
	C:\USERS\Heistmer\Cookies\M3DP8J0H.txt [ Cookie:Heistmer@revsci.net/ ]
	C:\USERS\Heistmer\Cookies\SE1X7PT1.txt [ Cookie:Heistmer@server.adformdsp.net/ ]
	C:\USERS\Heistmer\Cookies\YJ98HIGN.txt [ Cookie:Heistmer@de.sitestat.com/is24-mail/is24-mail/ ]
	C:\USERS\Heistmer\Cookies\W0TEL8PU.txt [ Cookie:Heistmer@zanox.com/ ]
	C:\USERS\Heistmer\Cookies\2KUVBYQ6.txt [ Cookie:Heistmer@serving-sys.com/ ]
	C:\USERS\Heistmer\Cookies\Z8D0T2QC.txt [ Cookie:Heistmer@bs.serving-sys.com/ ]
	C:\USERS\Heistmer\Cookies\3B7SGKCZ.txt [ Cookie:Heistmer@adx2.chip.de/ ]
	C:\USERS\Heistmer\Cookies\V6QX6E7M.txt [ Cookie:Heistmer@edates.traffective-tracking.com/ ]
	C:\USERS\Heistmer\Cookies\O3MW8204.txt [ Cookie:Heistmer@de.sitestat.com/sport1/ ]
	C:\USERS\Heistmer\Cookies\Q0AEM54X.txt [ Cookie:Heistmer@xiti.com/ ]
	C:\USERS\Heistmer\Cookies\PCTWOYQ6.txt [ Cookie:Heistmer@ad4.adfarm1.adition.com/ ]
	C:\USERS\Heistmer\Cookies\TNEXPOCN.txt [ Cookie:Heistmer@at.atwola.com/ ]
	C:\USERS\Heistmer\Cookies\X80Z9N80.txt [ Cookie:Heistmer@adfarm1.adition.com/ ]
	C:\USERS\Heistmer\Cookies\TBL4015A.txt [ Cookie:Heistmer@ru4.com/ ]
	C:\USERS\Heistmer\Cookies\IXHLO1XA.txt [ Cookie:Heistmer@amazon-adsystem.com/ ]
	C:\USERS\Heistmer\Cookies\00AQJO3G.txt [ Cookie:Heistmer@clickfuse.com/ ]
	C:\USERS\Heistmer\Cookies\MX4C4S53.txt [ Cookie:Heistmer@ad.yieldmanager.com/ ]
	C:\USERS\Heistmer\Cookies\B5ZRO0BC.txt [ Cookie:Heistmer@invitemedia.com/ ]
	C:\USERS\Heistmer\Cookies\WTNN4HFD.txt [ Cookie:Heistmer@tracking.mobile.de/ ]
	C:\USERS\Heistmer\Cookies\JFJ1PQ9O.txt [ Cookie:Heistmer@ar.atwola.com/ ]
	C:\USERS\Heistmer\Cookies\DAWRBYIN.txt [ Cookie:Heistmer@eas.apm.emediate.eu/ ]
	C:\USERS\Heistmer\Cookies\6HKB0JSJ.txt [ Cookie:Heistmer@de.sitestat.com/sport1/sport1-de/ ]
	C:\USERS\Heistmer\Cookies\MHPDVD0X.txt [ Cookie:Heistmer@uk.at.atwola.com/ ]
	C:\USERS\Heistmer\Cookies\2LDZT3EC.txt [ Cookie:Heistmer@adsonar.com/adserving ]
	C:\USERS\Heistmer\Cookies\RX22PSP2.txt [ Cookie:Heistmer@tacoda.at.atwola.com/ ]
	C:\USERS\Heistmer\Cookies\ANZ2A4PZ.txt [ Cookie:Heistmer@stats.deka.de/track/ ]
	C:\USERS\Heistmer\Cookies\Q25NNMHI.txt [ Cookie:Heistmer@ad2.adfarm1.adition.com/ ]
	C:\USERS\Heistmer\Cookies\K4TU3X4S.txt [ Cookie:Heistmer@www.etracker.de/ ]
	C:\USERS\Heistmer\Cookies\TL2AXY93.txt [ Cookie:Heistmer@atwola.com/ ]
	C:\USERS\Heistmer\Cookies\4U5KNPUU.txt [ Cookie:Heistmer@adtech.de/ ]
	s0.2mdn.net [ C:\USERS\Heistmer\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F6ZMF8VW ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@MEDIA.FUNPIC[1].TXT [ /MEDIA.FUNPIC ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@AD-HOC-NEWS[2].TXT [ /AD-HOC-NEWS ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@CASALEMEDIA[2].TXT [ /CASALEMEDIA ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@LOCALPORTAL24DE.112.2O7[1].TXT [ /LOCALPORTAL24DE.112.2O7 ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@S2.TRAFFICMAXX[1].TXT [ /S2.TRAFFICMAXX ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@SOFTONIC.112.2O7[1].TXT [ /SOFTONIC.112.2O7 ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@FASTCLICK[1].TXT [ /FASTCLICK ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.TOOSHOCKING[1].TXT [ /ADS.TOOSHOCKING ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@SEXYJODHPURS[2].TXT [ /SEXYJODHPURS ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@FILEUPLOADX[1].TXT [ /FILEUPLOADX ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@PARTNERS.WEBMASTERPLAN[1].TXT [ /PARTNERS.WEBMASTERPLAN ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@AD.ZANOX[1].TXT [ /AD.ZANOX ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@E-2DJ6WJK4UICZMDP.STATS.ESOMNITURE[1].TXT [ /E-2DJ6WJK4UICZMDP.STATS.ESOMNITURE ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.SUN[1].TXT [ /ADS.SUN ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@RICHMEDIA.YAHOO[2].TXT [ /RICHMEDIA.YAHOO ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@WWW.GAMESBANNER[1].TXT [ /WWW.GAMESBANNER ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@AUTOSCOUT24.112.2O7[1].TXT [ /AUTOSCOUT24.112.2O7 ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@WEBORAMA[1].TXT [ /WEBORAMA ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADSERVER.FILEFRONT[1].TXT [ /ADSERVER.FILEFRONT ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@AD.IEUROP[2].TXT [ /AD.IEUROP ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.ONTECNIA[2].TXT [ /ADS.ONTECNIA ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@TTO2.TRAFFICTRACK[1].TXT [ /TTO2.TRAFFICTRACK ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ZBOX.ZANOX[2].TXT [ /ZBOX.ZANOX ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.POINTROLL[2].TXT [ /ADS.POINTROLL ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@HITBOX[1].TXT [ /HITBOX ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@INDEXTOOLS[1].TXT [ /INDEXTOOLS ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@STATSE.WEBTRENDSLIVE[1].TXT [ /STATSE.WEBTRENDSLIVE ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@AD.71I[1].TXT [ /AD.71I ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADVIVA[2].TXT [ /ADVIVA ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.ADSHOPPING[2].TXT [ /ADS.ADSHOPPING ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADINTERAX[1].TXT [ /ADINTERAX ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@PORNTUBE[2].TXT [ /PORNTUBE ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.TUNINGSUCHE[1].TXT [ /ADS.TUNINGSUCHE ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.KOMPLADS[2].TXT [ /ADS.KOMPLADS ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.FETTSPIELEN[2].TXT [ /ADS.FETTSPIELEN ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@E-2DJ6WGKYQJD5MAP.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WGKYQJD5MAP.STATS.ESOMNITURE ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADULTFRIENDFINDER[1].TXT [ /ADULTFRIENDFINDER ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@STAT.DEALTIME[2].TXT [ /STAT.DEALTIME ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@AD.ADNET[3].TXT [ /AD.ADNET ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@KOMTRACK[1].TXT [ /KOMTRACK ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@DE2.KOMTRACK[2].TXT [ /DE2.KOMTRACK ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@SALES.LIVEPERSON[3].TXT [ /SALES.LIVEPERSON ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@YADRO[2].TXT [ /YADRO ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@MEDIA.MTVNSERVICES[1].TXT [ /MEDIA.MTVNSERVICES ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADREVOLVER[2].TXT [ /ADREVOLVER ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.REVSCI[1].TXT [ /ADS.REVSCI ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@AD.BEEPWORLD[1].TXT [ /AD.BEEPWORLD ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS3.EXP[2].TXT [ /ADS3.EXP ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@GOSTATS[1].TXT [ /GOSTATS ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADBRITE[1].TXT [ /ADBRITE ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@TACODA[2].TXT [ /TACODA ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@DISCOUNT24.QUARTERSERVER[1].TXT [ /DISCOUNT24.QUARTERSERVER ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.JINKADS[1].TXT [ /ADS.JINKADS ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@KUNDEN.WUNDERMEDIA[1].TXT [ /KUNDEN.WUNDERMEDIA ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@WEBMASTERPLAN[1].TXT [ /WEBMASTERPLAN ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@ADS.HEIAS[1].TXT [ /ADS.HEIAS ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@WWW.DISCOUNT24[2].TXT [ /WWW.DISCOUNT24 ]
	C:\USERS\Heistmer\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Heistmer@WWW.DISCOUNT24[1].TXT [ /WWW.DISCOUNT24 ]


Trojan.Agent/Gen-Malintent
	C:\PROGRAM FILES (X86)\WINRAR\DEFAULT.SFX

cosinus · 13.10.2012, 17:05

Sieht ok aus, da wurden nur Cookies und Überreste gefunden, die können alle weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Heistmer · 13.10.2012, 20:19

Hab ich gelöscht.

Ja ich denke ich muss mal umdenken. Bisher hab ich Bisher hab ich den Rechner eingeschaltet gnutzt und ausgeschaltet. Pflege und Wartung kommt da auch mangels Zeit, bzw. einem bisher zu niedrigem Stellenwert viel zu kurz.
Nach dem Einschalten hat der Rechner bevor die ganzen Sachen durchgefürt wurden gute 5-8 min zum hochfahren gebraucht. Runter das gleiche noch mal. Das ist nun auf gut die hälfte geschrumpft

Ansonnsten alles wieder wie gewohnt möchte ich behaupten.

Vielen Dank.
Ich bin beindruckt von so viel Geduld, Hilfsbereitschaft und Arbeit mit Leuten wie mir, die trotz toller Anleitung immernoch blöde Fehler machen.

Meinen Respect muss ich auch für das Durcharbeiten seitenweiser Log's und vorallem dem dazugehörigem Wissen was es mit den Einträgen auf sich hat aussprechen.

Absolut Top.

12.10.2012, 09:32	#40
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundestrojaner? UKash Aufforderung mit Systemstillegung Ist schon ok, OSAM funktioniert nicht immter auf einem 64-Bit-Vista Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Bundestrojaner? UKash Aufforderung mit Systemstillegung

Log-Analyse und Auswertung: Bundestrojaner? UKash Aufforderung mit Systemstillegung