Trojaner-Board - Trojaner Windows blockiert

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Trojaner Windows blockiert (https://www.trojaner-board.de/110128-trojaner-windows-blockiert.html)

Dann mach es so, aber auch den Haken bei alle Benutzer setzen!

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Langsam verzweifel ich, auch wenn ich run scan machen kommt die Fehlermeldung " Out of Memory" nach ca. 15 Minuten.
Hab alles gemacht wie gesagt, also Häkchen bei alle Benutzer, den Text eingefügt und Use Safe List bei Extra Registrierung.

Dann nehm ich dein letztes OTL-Log als Grundlage

Zitat:

O2 - BHO: (DivX Plus Web Player HTML5 <video>)

Sagmal, gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschauen?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!

Ja, nach den Erfahrungen jetzt lasse ich das echt besser sein, bin viel zu sehr auf einen funktionierenden Computer angewiesen.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 2A 2E 24 5C 7C CC 01  [binary data]

FF - prefs.js..browser.search.defaultengine: "Web Search"

FF - prefs.js..browser.search.defaultenginename: "Web Search"

FF - prefs.js..browser.search.order.1: "Web Search"

FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1"

FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&q="

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()

O3:64bit: - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()

O3 - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001..\Run: []  File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hier ist das Log zum Fix.

Code:

All processes killed

========== OTL ==========

HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!

HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

Prefs.js: "Web Search" removed from browser.search.defaultengine

Prefs.js: "Web Search" removed from browser.search.defaultenginename

Prefs.js: "Web Search" removed from browser.search.order.1

Prefs.js: "Web Search" removed from browser.search.selectedEngine

Prefs.js: "hxxp://startsear.ch/?aff=1" removed from browser.startup.homepage

Prefs.js: "hxxp://startsear.ch/?aff=1&q=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.

C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.

C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.

64bit-Registry value HKEY_USERS\S-1-5-21-2191024634-1259103323-1375288803-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.

Registry value HKEY_USERS\S-1-5-21-2191024634-1259103323-1375288803-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-2191024634-1259103323-1375288803-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\ not found.

File E:\Autorun.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Felix

->Temp folder emptied: 250481759 bytes

->Temporary Internet Files folder emptied: 1307364 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 50050738 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 657 bytes

 

User: JFGR

->Temp folder emptied: 180224 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 44761331 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 126866 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 331,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.32.0 log created on 02222012_094956

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

hier kommt der Log zum TDSSKiller

Code:

11:30:02.0027 3156        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

11:30:02.0217 3156        ============================================================

11:30:02.0217 3156        Current date / time: 2012/02/22 11:30:02.0217

11:30:02.0217 3156        SystemInfo:

11:30:02.0217 3156        

11:30:02.0217 3156        OS Version: 6.1.7600 ServicePack: 0.0

11:30:02.0217 3156        Product type: Workstation

11:30:02.0217 3156        ComputerName: JFGR-PC

11:30:02.0217 3156        UserName: JFGR

11:30:02.0217 3156        Windows directory: C:\Windows

11:30:02.0217 3156        System windows directory: C:\Windows

11:30:02.0217 3156        Running under WOW64

11:30:02.0217 3156        Processor architecture: Intel x64

11:30:02.0217 3156        Number of processors: 2

11:30:02.0217 3156        Page size: 0x1000

11:30:02.0217 3156        Boot type: Normal boot

11:30:02.0217 3156        ============================================================

11:30:03.0489 3156        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:30:03.0489 3156        \Device\Harddisk0\DR0:

11:30:03.0489 3156        MBR used

11:30:03.0489 3156        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0x12A14C00

11:30:03.0519 3156        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141859B9, BlocksNum 0x112A7D08

11:30:03.0589 3156        Initialize success

11:30:03.0589 3156        ============================================================

11:31:26.0243 4516        ============================================================

11:31:26.0243 4516        Scan started

11:31:26.0243 4516        Mode: Manual; SigCheck; TDLFS; 

11:31:26.0243 4516        ============================================================

11:31:26.0923 4516        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

11:31:27.0153 4516        1394ohci - ok

11:31:27.0303 4516        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

11:31:27.0333 4516        ACPI - ok

11:31:27.0453 4516        AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

11:31:27.0543 4516        AcpiPmi - ok

11:31:27.0723 4516        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

11:31:27.0763 4516        adp94xx - ok

11:31:27.0913 4516        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

11:31:27.0943 4516        adpahci - ok

11:31:28.0093 4516        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

11:31:28.0113 4516        adpu320 - ok

11:31:28.0283 4516        AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

11:31:28.0373 4516        AFD - ok

11:31:28.0593 4516        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

11:31:28.0613 4516        agp440 - ok

11:31:28.0723 4516        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

11:31:28.0743 4516        aliide - ok

11:31:28.0893 4516        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

11:31:28.0913 4516        amdide - ok

11:31:29.0053 4516        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

11:31:29.0113 4516        AmdK8 - ok

11:31:29.0495 4516        amdkmdag        (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys

11:31:29.0935 4516        amdkmdag - ok

11:31:30.0067 4516        amdkmdap        (8c493027d9b2399283e724e9862ebb42) C:\Windows\system32\DRIVERS\atikmpag.sys

11:31:30.0127 4516        amdkmdap - ok

11:31:30.0257 4516        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

11:31:30.0307 4516        AmdPPM - ok

11:31:30.0467 4516        amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

11:31:30.0497 4516        amdsata - ok

11:31:30.0637 4516        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

11:31:30.0657 4516        amdsbs - ok

11:31:30.0807 4516        amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

11:31:30.0827 4516        amdxata - ok

11:31:31.0047 4516        AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

11:31:31.0147 4516        AppID - ok

11:31:31.0337 4516        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

11:31:31.0357 4516        arc - ok

11:31:31.0507 4516        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

11:31:31.0527 4516        arcsas - ok

11:31:31.0637 4516        ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

11:31:43.0419 4516        ASMMAP64 - ok

11:31:43.0559 4516        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:31:43.0709 4516        AsyncMac - ok

11:31:43.0829 4516        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

11:31:43.0849 4516        atapi - ok

11:31:44.0041 4516        athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys

11:31:44.0131 4516        athr - ok

11:31:44.0301 4516        AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys

11:31:44.0321 4516        AtiHDAudioService - ok

11:31:44.0739 4516        atikmdag        (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys

11:31:44.0963 4516        atikmdag - ok

11:31:45.0183 4516        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

11:31:45.0203 4516        avgntflt - ok

11:31:45.0293 4516        avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys

11:31:45.0313 4516        avipbb - ok

11:31:45.0333 4516        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

11:31:45.0353 4516        avkmgr - ok

11:31:45.0443 4516        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

11:31:45.0523 4516        b06bdrv - ok

11:31:45.0663 4516        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:31:45.0713 4516        b57nd60a - ok

11:31:45.0873 4516        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:31:45.0963 4516        Beep - ok

11:31:46.0133 4516        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:31:46.0173 4516        blbdrive - ok

11:31:46.0333 4516        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

11:31:46.0403 4516        bowser - ok

11:31:46.0483 4516        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

11:31:46.0533 4516        BrFiltLo - ok

11:31:46.0573 4516        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

11:31:46.0603 4516        BrFiltUp - ok

11:31:46.0643 4516        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:31:46.0703 4516        Brserid - ok

11:31:46.0843 4516        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:31:46.0893 4516        BrSerWdm - ok

11:31:47.0035 4516        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:31:47.0095 4516        BrUsbMdm - ok

11:31:47.0225 4516        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:31:47.0265 4516        BrUsbSer - ok

11:31:47.0405 4516        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

11:31:47.0445 4516        BTHMODEM - ok

11:31:47.0605 4516        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:31:47.0685 4516        cdfs - ok

11:31:47.0845 4516        cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

11:31:47.0885 4516        cdrom - ok

11:31:48.0035 4516        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

11:31:48.0075 4516        circlass - ok

11:31:48.0165 4516        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:31:48.0195 4516        CLFS - ok

11:31:48.0395 4516        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

11:31:48.0435 4516        CmBatt - ok

11:31:48.0555 4516        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

11:31:48.0575 4516        cmdide - ok

11:31:48.0715 4516        CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

11:31:48.0765 4516        CNG - ok

11:31:48.0905 4516        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

11:31:48.0925 4516        Compbatt - ok

11:31:49.0055 4516        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

11:31:49.0105 4516        CompositeBus - ok

11:31:49.0245 4516        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

11:31:49.0265 4516        crcdisk - ok

11:31:49.0435 4516        CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

11:31:49.0505 4516        CSC - ok

11:31:49.0705 4516        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

11:31:49.0765 4516        DfsC - ok

11:31:49.0895 4516        DgiVecp         (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys

11:31:49.0915 4516        DgiVecp - ok

11:31:50.0045 4516        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:31:50.0145 4516        discache - ok

11:31:50.0315 4516        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

11:31:50.0345 4516        Disk - ok

11:31:50.0507 4516        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:31:50.0557 4516        drmkaud - ok

11:31:50.0717 4516        DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

11:31:50.0767 4516        DXGKrnl - ok

11:31:50.0987 4516        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

11:31:51.0149 4516        ebdrv - ok

11:31:51.0331 4516        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

11:31:51.0361 4516        elxstor - ok

11:31:51.0491 4516        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

11:31:51.0531 4516        ErrDev - ok

11:31:51.0691 4516        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:31:51.0771 4516        exfat - ok

11:31:51.0911 4516        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:31:51.0991 4516        fastfat - ok

11:31:52.0141 4516        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

11:31:52.0161 4516        fdc - ok

11:31:52.0321 4516        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:31:52.0341 4516        FileInfo - ok

11:31:52.0481 4516        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:31:52.0561 4516        Filetrace - ok

11:31:52.0691 4516        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

11:31:52.0731 4516        flpydisk - ok

11:31:52.0891 4516        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

11:31:52.0921 4516        FltMgr - ok

11:31:53.0061 4516        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:31:53.0091 4516        FsDepends - ok

11:31:53.0211 4516        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

11:31:53.0241 4516        Fs_Rec - ok

11:31:53.0381 4516        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:31:53.0421 4516        fvevol - ok

11:31:53.0561 4516        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

11:31:53.0581 4516        gagp30kx - ok

11:31:53.0721 4516        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:31:53.0741 4516        GEARAspiWDM - ok

11:31:53.0941 4516        hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

11:31:53.0981 4516        hamachi - ok

11:31:54.0193 4516        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:31:54.0253 4516        hcw85cir - ok

11:31:54.0403 4516        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

11:31:54.0464 4516        HdAudAddService - ok

11:31:54.0605 4516        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:31:54.0670 4516        HDAudBus - ok

11:31:54.0807 4516        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

11:31:54.0857 4516        HidBatt - ok

11:31:54.0999 4516        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

11:31:55.0059 4516        HidBth - ok

11:31:55.0251 4516        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

11:31:55.0301 4516        HidIr - ok

11:31:55.0464 4516        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

11:31:55.0547 4516        HidUsb - ok

11:31:55.0747 4516        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

11:31:55.0767 4516        HpSAMD - ok

11:31:55.0957 4516        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

11:31:56.0047 4516        HTTP - ok

11:31:56.0167 4516        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

11:31:56.0197 4516        hwpolicy - ok

11:31:56.0347 4516        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

11:31:56.0367 4516        i8042prt - ok

11:31:56.0527 4516        iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

11:31:56.0557 4516        iaStorV - ok

11:31:56.0707 4516        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

11:31:56.0727 4516        iirsp - ok

11:31:56.0867 4516        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

11:31:56.0887 4516        intelide - ok

11:31:57.0027 4516        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:31:57.0057 4516        intelppm - ok

11:31:57.0197 4516        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:31:57.0277 4516        IpFilterDriver - ok

11:31:57.0417 4516        IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

11:31:57.0457 4516        IPMIDRV - ok

11:31:57.0597 4516        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:31:57.0697 4516        IPNAT - ok

11:31:57.0869 4516        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:31:57.0959 4516        IRENUM - ok

11:31:58.0089 4516        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

11:31:58.0119 4516        isapnp - ok

11:31:58.0259 4516        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

11:31:58.0279 4516        iScsiPrt - ok

11:31:58.0379 4516        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:31:58.0399 4516        kbdclass - ok

11:31:58.0459 4516        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

11:31:58.0499 4516        kbdhid - ok

11:31:58.0649 4516        KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

11:31:58.0669 4516        KSecDD - ok

11:31:58.0809 4516        KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

11:31:58.0839 4516        KSecPkg - ok

11:31:58.0979 4516        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:31:59.0059 4516        ksthunk - ok

11:31:59.0239 4516        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:31:59.0319 4516        lltdio - ok

11:31:59.0479 4516        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

11:31:59.0509 4516        LSI_FC - ok

11:31:59.0639 4516        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

11:31:59.0659 4516        LSI_SAS - ok

11:31:59.0789 4516        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

11:31:59.0819 4516        LSI_SAS2 - ok

11:31:59.0971 4516        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

11:31:59.0991 4516        LSI_SCSI - ok

11:32:00.0121 4516        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:32:00.0211 4516        luafv - ok

11:32:00.0381 4516        MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

11:32:00.0391 4516        MBAMProtector - ok

11:32:00.0541 4516        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

11:32:00.0561 4516        megasas - ok

11:32:00.0701 4516        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

11:32:00.0731 4516        MegaSR - ok

11:32:00.0871 4516        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:32:00.0951 4516        Modem - ok

11:32:01.0101 4516        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:32:01.0151 4516        monitor - ok

11:32:01.0281 4516        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:32:01.0301 4516        mouclass - ok

11:32:01.0441 4516        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:32:01.0481 4516        mouhid - ok

11:32:01.0621 4516        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

11:32:01.0641 4516        mountmgr - ok

11:32:01.0781 4516        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

11:32:01.0801 4516        mpio - ok

11:32:01.0941 4516        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:32:02.0041 4516        mpsdrv - ok

11:32:02.0191 4516        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

11:32:02.0231 4516        MRxDAV - ok

11:32:02.0381 4516        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:32:02.0411 4516        mrxsmb - ok

11:32:02.0571 4516        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:32:02.0621 4516        mrxsmb10 - ok

11:32:02.0751 4516        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:32:02.0791 4516        mrxsmb20 - ok

11:32:02.0921 4516        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

11:32:02.0941 4516        msahci - ok

11:32:03.0071 4516        msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

11:32:03.0101 4516        msdsm - ok

11:32:03.0271 4516        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:32:03.0341 4516        Msfs - ok

11:32:03.0491 4516        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:32:03.0571 4516        mshidkmdf - ok

11:32:03.0701 4516        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

11:32:03.0721 4516        msisadrv - ok

11:32:03.0881 4516        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:32:03.0961 4516        MSKSSRV - ok

11:32:04.0103 4516        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:32:04.0183 4516        MSPCLOCK - ok

11:32:04.0323 4516        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:32:04.0413 4516        MSPQM - ok

11:32:04.0573 4516        MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

11:32:04.0603 4516        MsRPC - ok

11:32:04.0733 4516        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

11:32:04.0753 4516        mssmbios - ok

11:32:04.0893 4516        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:32:04.0973 4516        MSTEE - ok

11:32:05.0103 4516        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

11:32:05.0143 4516        MTConfig - ok

11:32:05.0293 4516        MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys

11:32:05.0313 4516        MTsensor - ok

11:32:05.0453 4516        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:32:05.0473 4516        Mup - ok

11:32:05.0643 4516        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:32:05.0703 4516        NativeWifiP - ok

11:32:05.0873 4516        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

11:32:05.0923 4516        NDIS - ok

11:32:06.0053 4516        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:32:06.0151 4516        NdisCap - ok

11:32:06.0285 4516        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:32:06.0365 4516        NdisTapi - ok

11:32:06.0507 4516        Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

11:32:06.0577 4516        Ndisuio - ok

11:32:06.0719 4516        NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

11:32:06.0789 4516        NdisWan - ok

11:32:06.0919 4516        NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

11:32:07.0009 4516        NDProxy - ok

11:32:07.0191 4516        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:32:07.0271 4516        NetBIOS - ok

11:32:07.0411 4516        NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

11:32:07.0501 4516        NetBT - ok

11:32:07.0671 4516        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

11:32:07.0701 4516        nfrd960 - ok

11:32:07.0841 4516        nmwcd           (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys

11:32:07.0911 4516        nmwcd - ok

11:32:08.0061 4516        nmwcdc          (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys

11:32:08.0111 4516        nmwcdc - ok

11:32:08.0281 4516        nmwcdnsucx64    (697ca586209e022d15dd0c838b235d6a) C:\Windows\system32\drivers\nmwcdnsucx64.sys

11:32:08.0331 4516        nmwcdnsucx64 - ok

11:32:08.0491 4516        nmwcdnsux64     (292ddf13f91f2cb2482b57aacd6aeb9b) C:\Windows\system32\drivers\nmwcdnsux64.sys

11:32:08.0561 4516        nmwcdnsux64 - ok

11:32:08.0701 4516        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:32:08.0771 4516        Npfs - ok

11:32:08.0921 4516        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:32:09.0001 4516        nsiproxy - ok

11:32:09.0201 4516        Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

11:32:09.0281 4516        Ntfs - ok

11:32:09.0421 4516        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:32:09.0501 4516        Null - ok

11:32:09.0641 4516        nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

11:32:09.0671 4516        nvraid - ok

11:32:09.0811 4516        nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

11:32:09.0831 4516        nvstor - ok

11:32:09.0971 4516        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

11:32:09.0991 4516        nv_agp - ok

11:32:10.0131 4516        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

11:32:10.0171 4516        ohci1394 - ok

11:32:10.0351 4516        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

11:32:10.0381 4516        Parport - ok

11:32:10.0523 4516        partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

11:32:10.0543 4516        partmgr - ok

11:32:10.0723 4516        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

11:32:10.0753 4516        pccsmcfd - ok

11:32:10.0883 4516        pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

11:32:10.0913 4516        pci - ok

11:32:11.0043 4516        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

11:32:11.0063 4516        pciide - ok

11:32:11.0223 4516        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

11:32:11.0243 4516        pcmcia - ok

11:32:11.0373 4516        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:32:11.0403 4516        pcw - ok

11:32:11.0553 4516        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:32:11.0650 4516        PEAUTH - ok

11:32:11.0915 4516        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

11:32:11.0995 4516        PptpMiniport - ok

11:32:12.0135 4516        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

11:32:12.0175 4516        Processor - ok

11:32:12.0345 4516        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

11:32:12.0415 4516        Psched - ok

11:32:12.0555 4516        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

11:32:12.0636 4516        ql2300 - ok

11:32:12.0777 4516        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

11:32:12.0797 4516        ql40xx - ok

11:32:12.0947 4516        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:32:12.0997 4516        QWAVEdrv - ok

11:32:13.0127 4516        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:32:13.0207 4516        RasAcd - ok

11:32:13.0357 4516        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:32:13.0437 4516        RasAgileVpn - ok

11:32:13.0567 4516        Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:32:13.0657 4516        Rasl2tp - ok

11:32:13.0797 4516        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:32:13.0887 4516        RasPppoe - ok

11:32:14.0017 4516        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:32:14.0097 4516        RasSstp - ok

11:32:14.0237 4516        rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

11:32:14.0327 4516        rdbss - ok

11:32:14.0457 4516        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

11:32:14.0497 4516        rdpbus - ok

11:32:14.0637 4516        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:32:14.0727 4516        RDPCDD - ok

11:32:14.0877 4516        RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

11:32:14.0927 4516        RDPDR - ok

11:32:15.0067 4516        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:32:15.0147 4516        RDPENCDD - ok

11:32:15.0277 4516        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:32:15.0347 4516        RDPREFMP - ok

11:32:15.0477 4516        RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

11:32:15.0567 4516        RDPWD - ok

11:32:15.0737 4516        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

11:32:15.0757 4516        rdyboost - ok

11:32:15.0937 4516        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:32:16.0017 4516        rspndr - ok

11:32:16.0157 4516        s3cap           (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

11:32:16.0217 4516        s3cap - ok

11:32:16.0357 4516        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

11:32:16.0377 4516        sbp2port - ok

11:32:16.0527 4516        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

11:32:16.0607 4516        scfilter - ok

11:32:16.0777 4516        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:32:16.0857 4516        secdrv - ok

11:32:17.0007 4516        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

11:32:17.0027 4516        Serenum - ok

11:32:17.0167 4516        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

11:32:17.0207 4516        Serial - ok

11:32:17.0337 4516        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

11:32:17.0367 4516        sermouse - ok

11:32:17.0547 4516        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

11:32:17.0587 4516        sffdisk - ok

11:32:17.0717 4516        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

11:32:17.0757 4516        sffp_mmc - ok

11:32:17.0897 4516        sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

11:32:17.0937 4516        sffp_sd - ok

11:32:18.0077 4516        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

11:32:18.0117 4516        sfloppy - ok

11:32:18.0267 4516        SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys

11:32:18.0317 4516        SiSGbeLH - ok

11:32:18.0467 4516        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

11:32:18.0487 4516        SiSRaid2 - ok

11:32:18.0637 4516        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

11:32:18.0657 4516        SiSRaid4 - ok

11:32:18.0797 4516        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:32:18.0889 4516        Smb - ok

11:32:19.0059 4516        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:32:19.0079 4516        spldr - ok

11:32:19.0319 4516        sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

11:32:19.0319 4516        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

11:32:19.0339 4516        sptd ( LockedFile.Multi.Generic ) - warning

11:32:19.0339 4516        sptd - detected LockedFile.Multi.Generic (1)

11:32:19.0479 4516        srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

11:32:19.0549 4516        srv - ok

11:32:19.0699 4516        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

11:32:19.0729 4516        srv2 - ok

11:32:19.0869 4516        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

11:32:19.0909 4516        srvnet - ok

11:32:20.0049 4516        SSPORT          (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys

11:32:20.0069 4516        SSPORT - ok

11:32:20.0209 4516        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

11:32:20.0229 4516        stexstor - ok

11:32:20.0369 4516        StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

11:32:20.0419 4516        StillCam - ok

11:32:20.0569 4516        storflt         (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

11:32:20.0589 4516        storflt - ok

11:32:20.0741 4516        storvsc         (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

11:32:20.0761 4516        storvsc - ok

11:32:20.0881 4516        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

11:32:20.0901 4516        swenum - ok

11:32:21.0063 4516        tap0901         (024adc7f69d1776d72cc5d031b41ce4f) C:\Windows\system32\DRIVERS\tap0901.sys

11:32:21.0113 4516        tap0901 - ok

11:32:21.0263 4516        tap0901t        (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys

11:32:21.0303 4516        tap0901t ( UnsignedFile.Multi.Generic ) - warning

11:32:21.0303 4516        tap0901t - detected UnsignedFile.Multi.Generic (1)

11:32:21.0513 4516        Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

11:32:21.0603 4516        Tcpip - ok

11:32:21.0813 4516        TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

11:32:21.0883 4516        TCPIP6 - ok

11:32:22.0023 4516        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

11:32:22.0103 4516        tcpipreg - ok

11:32:22.0263 4516        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:32:22.0333 4516        TDPIPE - ok

11:32:22.0483 4516        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

11:32:22.0573 4516        TDTCP - ok

11:32:22.0713 4516        tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

11:32:22.0803 4516        tdx - ok

11:32:22.0943 4516        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

11:32:22.0973 4516        TermDD - ok

11:32:23.0143 4516        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:32:23.0213 4516        tssecsrv - ok

11:32:23.0383 4516        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

11:32:23.0463 4516        tunnel - ok

11:32:23.0613 4516        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

11:32:23.0633 4516        uagp35 - ok

11:32:23.0783 4516        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

11:32:23.0873 4516        udfs - ok

11:32:24.0033 4516        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

11:32:24.0053 4516        uliagpkx - ok

11:32:24.0193 4516        umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

11:32:24.0233 4516        umbus - ok

11:32:24.0353 4516        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

11:32:24.0393 4516        UmPass - ok

11:32:24.0565 4516        upperdev        (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys

11:32:24.0625 4516        upperdev - ok

11:32:24.0785 4516        USBAAPL64       (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys

11:32:24.0835 4516        USBAAPL64 - ok

11:32:24.0975 4516        usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

11:32:25.0035 4516        usbccgp - ok

11:32:25.0165 4516        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

11:32:25.0215 4516        usbcir - ok

11:32:25.0357 4516        usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys

11:32:25.0397 4516        usbehci - ok

11:32:25.0557 4516        usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

11:32:25.0607 4516        usbhub - ok

11:32:25.0749 4516        usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys

11:32:25.0789 4516        usbohci - ok

11:32:25.0919 4516        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:32:25.0969 4516        usbprint - ok

11:32:26.0099 4516        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

11:32:26.0129 4516        usbscan - ok

11:32:26.0289 4516        usbser          (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys

11:32:26.0339 4516        usbser - ok

11:32:26.0449 4516        UsbserFilt      (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys

11:32:26.0499 4516        UsbserFilt - ok

11:32:26.0539 4516        USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:32:26.0599 4516        USBSTOR - ok

11:32:26.0739 4516        usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys

11:32:26.0779 4516        usbuhci - ok

11:32:26.0939 4516        usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

11:32:26.0999 4516        usbvideo - ok

11:32:27.0171 4516        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

11:32:27.0191 4516        vdrvroot - ok

11:32:27.0363 4516        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:32:27.0393 4516        vga - ok

11:32:27.0523 4516        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:32:27.0613 4516        VgaSave - ok

11:32:27.0743 4516        vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

11:32:27.0763 4516        vhdmp - ok

11:32:27.0903 4516        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

11:32:27.0923 4516        viaide - ok

11:32:28.0043 4516        vmbus           (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

11:32:28.0073 4516        vmbus - ok

11:32:28.0193 4516        VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

11:32:28.0233 4516        VMBusHID - ok

11:32:28.0353 4516        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

11:32:28.0383 4516        volmgr - ok

11:32:28.0503 4516        volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

11:32:28.0533 4516        volmgrx - ok

11:32:28.0683 4516        volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

11:32:28.0713 4516        volsnap - ok

11:32:28.0843 4516        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

11:32:28.0873 4516        vsmraid - ok

11:32:29.0003 4516        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

11:32:29.0033 4516        vwifibus - ok

11:32:29.0153 4516        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:32:29.0203 4516        vwififlt - ok

11:32:29.0343 4516        vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

11:32:29.0373 4516        vwifimp - ok

11:32:29.0515 4516        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

11:32:29.0555 4516        WacomPen - ok

11:32:29.0715 4516        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

11:32:29.0795 4516        WANARP - ok

11:32:29.0825 4516        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

11:32:29.0895 4516        Wanarpv6 - ok

11:32:30.0045 4516        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

11:32:30.0065 4516        Wd - ok

11:32:30.0205 4516        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:32:30.0255 4516        Wdf01000 - ok

11:32:30.0437 4516        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:32:30.0497 4516        WfpLwf - ok

11:32:30.0627 4516        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:32:30.0647 4516        WIMMount - ok

11:32:30.0887 4516        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

11:32:30.0917 4516        WinUsb - ok

11:32:31.0057 4516        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

11:32:31.0107 4516        WmiAcpi - ok

11:32:31.0269 4516        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:32:31.0349 4516        ws2ifsl - ok

11:32:31.0519 4516        WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

11:32:31.0556 4516        WSDPrintDevice - ok

11:32:31.0691 4516        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

11:32:31.0771 4516        WudfPf - ok

11:32:31.0921 4516        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:32:31.0991 4516        WUDFRd - ok

11:32:32.0081 4516        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

11:32:32.0231 4516        \Device\Harddisk0\DR0 - ok

11:32:32.0241 4516        Boot (0x1200)   (a054ea219235462a3cd6f74bf46aff6d) \Device\Harddisk0\DR0\Partition0

11:32:32.0241 4516        \Device\Harddisk0\DR0\Partition0 - ok

11:32:32.0251 4516        Boot (0x1200)   (a9ec316e4ae1cd7b1cb8e1cb4e7f9ef6) \Device\Harddisk0\DR0\Partition1

11:32:32.0251 4516        \Device\Harddisk0\DR0\Partition1 - ok

11:32:32.0261 4516        ============================================================

11:32:32.0261 4516        Scan finished

11:32:32.0261 4516        ============================================================

11:32:32.0281 4836        Detected object count: 2

11:32:32.0281 4836        Actual detected object count: 2

11:38:22.0814 4836        sptd ( LockedFile.Multi.Generic ) - skipped by user

11:38:22.0814 4836        sptd ( LockedFile.Multi.Generic ) - User select action: Skip 

11:38:22.0814 4836        tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user

11:38:22.0814 4836        tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hier das Log von ComboFix!

Combofix Logfile:

Code:

ComboFix 12-02-22.01 - JFGR 22.02.2012  13:41:44.1.2 - x64

Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4095.2871 [GMT 1:00]

ausgeführt von:: c:\users\Felix\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\windows\IsUn0407.exe

c:\windows\iun6002.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-22 bis 2012-02-22  ))))))))))))))))))))))))))))))

.

.

2012-02-22 13:02 . 2012-02-22 13:02        --------        d-----w-        c:\users\JFGR\AppData\Roaming\PC Suite

2012-02-22 12:52 . 2012-02-22 13:03        --------        d-----w-        c:\users\JFGR\AppData\Local\temp

2012-02-22 12:52 . 2012-02-22 12:52        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-21 09:38 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DFF0251-5B3E-4D11-A17F-779BCAA9FA27}\mpengine.dll

2012-02-20 09:16 . 2012-02-20 09:16        --------        d-----w-        c:\program files\Defraggler

2012-02-19 19:17 . 2012-02-19 19:17        --------        d-----w-        c:\program files (x86)\ESET

2012-02-18 17:17 . 2012-02-18 17:17        --------        d-----w-        c:\users\Felix\AppData\Roaming\Malwarebytes

2012-02-18 16:24 . 2012-02-18 16:24        --------        d-----w-        C:\_OTL

2012-02-18 16:21 . 2012-02-18 16:21        --------        d-----w-        c:\users\JFGR\AppData\Roaming\Malwarebytes

2012-02-18 16:21 . 2012-02-18 16:21        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-18 16:21 . 2012-02-18 16:21        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-18 16:21 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-10 22:35 . 2012-02-10 22:35        --------        d-----w-        c:\users\Felix\AppData\Local\DDMSettings

2012-02-07 21:26 . 2012-02-07 21:26        --------        d-----w-        c:\users\Felix\AppData\Roaming\Nokia

2012-02-07 21:26 . 2012-02-07 21:26        --------        d-----w-        c:\users\Felix\AppData\Local\Nokia

2012-02-07 21:26 . 2012-02-22 13:02        --------        d-----w-        c:\users\JFGR\AppData\Local\Nokia

2012-02-07 21:26 . 2012-02-07 21:26        --------        d-----w-        c:\users\JFGR\AppData\Roaming\Nokia

2012-02-07 21:26 . 2012-02-07 21:27        --------        d-----w-        c:\programdata\PC Suite

2012-02-07 21:26 . 2012-02-07 21:28        --------        d-----w-        c:\users\Felix\AppData\Roaming\PC Suite

2012-02-07 21:25 . 2012-02-07 21:25        --------        d-----w-        c:\program files (x86)\Common Files\Nokia

2012-02-07 21:25 . 2012-02-07 21:25        --------        d-----w-        c:\programdata\Nokia

2012-02-07 21:24 . 2012-02-07 21:24        --------        d-----w-        c:\program files\DIFX

2012-02-07 21:24 . 2008-08-28 10:44        25600        ----a-w-        c:\windows\system32\drivers\pccsmcfdx64.sys

2012-02-07 21:24 . 2012-02-07 21:24        --------        d-----w-        c:\program files (x86)\PC Connectivity Solution

2012-02-07 21:21 . 2012-02-07 21:25        --------        d-----w-        c:\program files (x86)\Nokia

2012-02-04 17:56 . 2012-02-04 17:56        --------        d-----w-        c:\users\JFGR\AppData\Roaming\Avira

2012-02-04 17:52 . 2012-02-04 17:52        --------        d-----w-        c:\users\JFGR\AppData\Local\Diagnostics

2012-02-03 20:35 . 2010-03-08 04:38        41984        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\KOAZCA_P.DLL

2012-02-03 20:23 . 2009-10-01 08:08        15360        ----a-w-        c:\windows\system32\KOAZCA_L.DLL

2012-01-29 11:00 . 2012-01-29 11:00        --------        d-----w-        c:\users\JFGR\AppData\Roaming\HP

2012-01-29 10:57 . 2012-01-29 10:57        --------        d-----w-        c:\program files (x86)\MSN Toolbar

2012-01-29 10:57 . 2012-01-29 10:57        --------        d-----w-        c:\program files (x86)\Bing Bar Installer

2012-01-29 10:56 . 2012-01-29 10:56        --------        d-----w-        c:\program files (x86)\Common Files\HP

2012-01-29 10:56 . 2012-01-29 10:56        --------        d-----w-        c:\program files (x86)\Common Files\Hewlett-Packard

2012-01-29 10:54 . 2012-01-29 10:55        --------        d-----w-        c:\program files (x86)\HP

2012-01-29 10:53 . 2012-01-29 10:55        --------        d-----w-        c:\programdata\HP

2012-01-29 10:52 . 2010-05-13 10:25        906240        ----a-w-        c:\windows\system32\hpwwiax5.dll

2012-01-29 10:52 . 2010-05-13 10:25        1422848        ----a-w-        c:\windows\system32\hpwtiop4.dll

2012-01-29 10:52 . 2010-05-13 10:29        553472        ----a-w-        c:\windows\system32\hppldcoi.dll

2012-01-29 10:52 . 2010-02-01 06:54        488960        ----a-w-        c:\windows\system32\hpovst11.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-16 20:48 . 2011-10-16 21:06        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-01-29 04:10 . 2010-08-08 20:02        279656        ------w-        c:\windows\system32\MpSigStub.exe

2012-01-04 00:48 . 2012-01-04 00:48        354176        ----a-w-        c:\windows\SysWow64\DivXControlPanelApplet.cpl

2011-12-12 18:19 . 2011-07-05 18:04        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-03-06 552960]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]

"LogMeIn Hamachi Ui"="d:\programme\Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\JFGR\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]

OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176]

R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programme\Hamachi\hamachi-2.exe [2012-02-07 2343816]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]

S2 TunngleService;TunngleService;d:\programme\Tunngle\TnglCtrl.exe [2010-11-22 718072]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 SiSGbeLH;NDIS 6.0-Treiber für SiS191/SiS190-Ethernet-Gerät;c:\windows\system32\DRIVERS\SiSG664.sys [x]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 12:09]

.

2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 12:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll

TCP: DhcpNameServer = 134.130.4.1 134.130.5.1

FF - ProfilePath - c:\users\JFGR\AppData\Roaming\Mozilla\Firefox\Profiles\16dfcxuc.default\

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: browser.startup.homepage - 

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe

AddRemove-S3 - c:\windows\IsUn0407.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2191024634-1259103323-1375288803-1001\Software\SecuROM\License information*]

"datasecu"=hex:a9,bd,a5,56,e9,5c,5b,c2,eb,72,d9,dc,e7,b9,9a,86,36,82,c4,10,cb,

   e9,03,9d,a3,9c,6f,59,6b,7f,01,e1,90,93,52,ea,aa,0f,0b,22,73,22,97,80,84,df,\

"rkeysecu"=hex:18,21,db,9b,42,82,55,92,68,34,1c,ef,81,9b,0e,e3

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.9"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe

c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-02-22  14:20:52 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-02-22 13:20

.

Vor Suchlauf: 15 Verzeichnis(se), 96.625.496.064 Bytes frei

Nach Suchlauf: 23 Verzeichnis(se), 96.261.509.120 Bytes frei

.

- - End Of File - - E7761A2DB5128DF3AA66E17A5BA1C623

--- --- ---

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Hier kommt die aswMBR.txt!

Code:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software

Run date: 2012-02-22 19:33:53

-----------------------------

19:33:53.083    OS Version: Windows x64 6.1.7600 

19:33:53.083    Number of processors: 2 586 0x170A

19:33:53.083    ComputerName: JFGR-PC  UserName: JFGR

19:33:53.645    Initialize success

19:34:00.993    AVAST engine defs: 12022200

19:35:14.718    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2

19:35:14.718    Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3

19:35:14.749    Disk 0 MBR read successfully

19:35:14.749    Disk 0 MBR scan

19:35:14.765    Disk 0 Windows 7 default MBR code

19:35:14.781    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    12001 MB offset 63

19:35:14.781    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       152617 MB offset 24579450

19:35:14.796    Disk 0 Partition - 00     0F Extended LBA            140623 MB offset 337140090

19:35:14.827    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       140623 MB offset 337140153

19:35:14.859    Disk 0 scanning C:\Windows\system32\drivers

19:35:23.797    Service scanning

19:35:49.038    Modules scanning

19:35:49.038    Disk 0 trace - called modules:

19:35:49.070    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 

19:35:49.085    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bb2060]

19:35:49.085    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8004a1b530]

19:35:49.085    5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8004a21680]

19:35:49.616    AVAST engine scan C:\Windows

19:35:52.049    AVAST engine scan C:\Windows\system32

19:39:20.075    AVAST engine scan C:\Windows\system32\drivers

19:39:30.777    AVAST engine scan C:\Users\JFGR

19:39:53.382    AVAST engine scan C:\ProgramData

19:41:22.785    Scan finished successfully

19:41:38.510    Disk 0 MBR has been saved successfully to "C:\Users\Felix\Desktop\MBR.dat"

19:41:38.510    The log file has been saved successfully to "C:\Users\Felix\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

SASW-Log:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 02/23/2012 at 11:26 AM
 

Application Version : 5.0.1144
 

Core Rules Database Version : 8268

Trace Rules Database Version: 6080
 

Scan type       : Complete Scan

Total Scan Time : 01:40:09
 

Operating System Information

Windows 7 Professional 64-bit (Build 6.01.7600)

UAC Off - Limited User
 

Memory items scanned      : 673

Memory threats detected   : 0

Registry items scanned    : 70055

Registry threats detected : 6

File items scanned        : 120669

File threats detected     : 140
 

Adware.Tracking Cookie

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@adbrite[2].txt [ /adbrite ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@ads.adk2[2].txt [ /ads.adk2 ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@adtech[1].txt [ /adtech ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@apmebf[1].txt [ /apmebf ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@atdmt.combing[2].txt [ /atdmt.combing ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@atwola[2].txt [ /atwola ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@bs.serving-sys[1].txt [ /bs.serving-sys ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@content.yieldmanager[1].txt [ /content.yieldmanager ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@content.yieldmanager[3].txt [ /content.yieldmanager ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@doubleclick[1].txt [ /doubleclick ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@fastclick[1].txt [ /fastclick ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@revsci[2].txt [ /revsci ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@serving-sys[1].txt [ /serving-sys ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@tradedoubler[2].txt [ /tradedoubler ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@weborama[2].txt [ /weborama ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@www.active-tracking[1].txt [ /www.active-tracking ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@yadro[2].txt [ /yadro ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\VUOTFSHH.txt [ /ad.yieldmanager.com ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\SR9FY4ZW.txt [ /mediaplex.com ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\HWLNKYR5.txt [ /adserver.adtechus.com ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\QQ7D8LLO.txt [ /imrworldwide.com ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\MACUO8S4.txt [ /smartadserver.com ]

        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\GI6BNT0I.txt [ /adbrite.com ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@statcounter[2].txt [ Cookie:felix@statcounter.com/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@ad.yieldmanager[2].txt [ Cookie:felix@ad.yieldmanager.com/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@traffictrack[2].txt [ Cookie:felix@traffictrack.de/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@mediaplex[2].txt [ Cookie:felix@mediaplex.com/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@tradedoubler[1].txt [ Cookie:felix@tradedoubler.com/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@fastclick[1].txt [ Cookie:felix@fastclick.net/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@www.active-tracking[2].txt [ Cookie:felix@www.active-tracking.de/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@doubleclick[1].txt [ Cookie:felix@doubleclick.net/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@interclick[1].txt [ Cookie:felix@interclick.com/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@adfarm1.adition[1].txt [ Cookie:felix@adfarm1.adition.com/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@ad.zanox[1].txt [ Cookie:felix@ad.zanox.com/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@statse.webtrendslive[2].txt [ Cookie:felix@statse.webtrendslive.com/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@tracking.mlsat02[1].txt [ Cookie:felix@tracking.mlsat02.de/tmobile/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@zanox[2].txt [ Cookie:felix@zanox.com/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@serving-sys[1].txt [ Cookie:felix@serving-sys.com/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@www.zanox-affiliate[1].txt [ Cookie:felix@www.zanox-affiliate.de/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@ad2.adfarm1.adition[1].txt [ Cookie:felix@ad2.adfarm1.adition.com/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@tracking.quisma[1].txt [ Cookie:felix@tracking.quisma.com/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@apmebf[1].txt [ Cookie:felix@apmebf.com/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\R770M2KS.txt [ Cookie:felix@atdmt.com/ ]

        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@zanox-affiliate[1].txt [ Cookie:felix@zanox-affiliate.de/ ]

        C:\USERS\FELIX\Cookies\felix@atdmt.combing[2].txt [ Cookie:felix@atdmt.combing.com/ ]

        C:\USERS\FELIX\Cookies\VUOTFSHH.txt [ Cookie:felix@ad.yieldmanager.com/ ]

        C:\USERS\FELIX\Cookies\felix@content.yieldmanager[3].txt [ Cookie:felix@content.yieldmanager.com/ak/ ]

        C:\USERS\FELIX\Cookies\SR9FY4ZW.txt [ Cookie:felix@mediaplex.com/ ]

        C:\USERS\FELIX\Cookies\felix@tradedoubler[2].txt [ Cookie:felix@tradedoubler.com/ ]

        C:\USERS\FELIX\Cookies\felix@content.yieldmanager[1].txt [ Cookie:felix@content.yieldmanager.com/ ]

        C:\USERS\FELIX\Cookies\felix@www.active-tracking[1].txt [ Cookie:felix@www.active-tracking.de/ ]

        C:\USERS\FELIX\Cookies\felix@fastclick[1].txt [ Cookie:felix@fastclick.net/ ]

        C:\USERS\FELIX\Cookies\felix@doubleclick[1].txt [ Cookie:felix@doubleclick.net/ ]

        C:\USERS\FELIX\Cookies\HWLNKYR5.txt [ Cookie:felix@adserver.adtechus.com/ ]

        C:\USERS\FELIX\Cookies\felix@serving-sys[1].txt [ Cookie:felix@serving-sys.com/ ]

        C:\USERS\FELIX\Cookies\QQ7D8LLO.txt [ Cookie:felix@imrworldwide.com/cgi-bin ]

        C:\USERS\FELIX\Cookies\felix@weborama[2].txt [ Cookie:felix@weborama.fr/ ]

        C:\USERS\FELIX\Cookies\MACUO8S4.txt [ Cookie:felix@smartadserver.com/ ]

        C:\USERS\FELIX\Cookies\felix@apmebf[1].txt [ Cookie:felix@apmebf.com/ ]

        C:\USERS\FELIX\Cookies\felix@atwola[2].txt [ Cookie:felix@atwola.com/ ]

        C:\USERS\FELIX\Cookies\felix@adtech[1].txt [ Cookie:felix@adtech.de/ ]

        C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\HRMZ2LBQ.txt [ Cookie:jfgr@apmebf.com/ ]

        C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\OS0RDG6S.txt [ Cookie:jfgr@smartadserver.com/ ]

        C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\jfgr@doubleclick[2].txt [ Cookie:jfgr@doubleclick.net/ ]

        C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\7FNK7BED.txt [ Cookie:jfgr@ad.yieldmanager.com/ ]

        C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\V0W3NCMJ.txt [ Cookie:jfgr@mediaplex.com/ ]

        C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\jfgr@atdmt[2].txt [ Cookie:jfgr@atdmt.com/ ]

        C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\jfgr@adbrite[1].txt [ Cookie:jfgr@adbrite.com/ ]

        C:\USERS\JFGR\Cookies\HRMZ2LBQ.txt [ Cookie:jfgr@apmebf.com/ ]

        C:\USERS\JFGR\Cookies\OS0RDG6S.txt [ Cookie:jfgr@smartadserver.com/ ]

        C:\USERS\JFGR\Cookies\jfgr@doubleclick[2].txt [ Cookie:jfgr@doubleclick.net/ ]

        C:\USERS\JFGR\Cookies\7FNK7BED.txt [ Cookie:jfgr@ad.yieldmanager.com/ ]

        C:\USERS\JFGR\Cookies\V0W3NCMJ.txt [ Cookie:jfgr@mediaplex.com/ ]

        C:\USERS\JFGR\Cookies\jfgr@atdmt[2].txt [ Cookie:jfgr@atdmt.com/ ]

        C:\USERS\JFGR\Cookies\jfgr@adbrite[1].txt [ Cookie:jfgr@adbrite.com/ ]

        statse.webtrendslive.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .statcounter.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .divx.112.2o7.net [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .content.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        rgadvert.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        1.bfugmedia.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        www.zanox-affiliate.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        rgadvert.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        rgadvert.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .zanox-affiliate.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .gostats.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        www.zanox-affiliate.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        tracking.mlsat02.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        rts.pgmediaserve.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        rts.pgmediaserve.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        rts.pgmediaserve.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]

        C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JFGR@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]

        C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JFGR@STATSE.WEBTRENDSLIVE[2].TXT [ /STATSE.WEBTRENDSLIVE ]

        .adtech.de [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]

        .zanox-affiliate.de [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
 

Trojan.Agent/Gen-UsrMgr

        (x86) HKLM\System\ControlSet001\Services\OPENVPNSERVICE

        C:\PROGRAM FILES (X86)\RWTH OPENVPN CLIENT\BIN\OPENVPNSERV.EXE

        (x86) HKLM\System\ControlSet001\Enum\Root\LEGACY_OPENVPNSERVICE

        (x86) HKLM\System\ControlSet002\Services\OPENVPNSERVICE

        (x86) HKLM\System\ControlSet002\Enum\Root\LEGACY_OPENVPNSERVICE

        (x86) HKLM\System\CurrentControlSet\Services\OPENVPNSERVICE

        (x86) HKLM\System\CurrentControlSet\Enum\Root\LEGACY_OPENVPNSERVICE
 

Trojan.Agent/Gen-SoftonicDownloader

        C:\USERS\FELIX\DESKTOP\DOWNLOADS\SOFTONICDOWNLOADER_FUER_CODEC-PACK-ALL-IN-ONE.EXE

        C:\USERS\FELIX\DESKTOP\DOWNLOADS\SOFTONICDOWNLOADER_FUER_GSPOT.EXE

Der Malware-Log:

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.22.03
 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Felix :: JFGR-PC [limitiert]
 

Schutz: Aktiviert
 

22.02.2012 20:52:00

mbam-log-2012-02-22 (20-52-00).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 450217

Laufzeit: 3 Stunde(n), 9 Minute(n), 53 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)