Winlogon.exe stealer.exe was ist das alles

DonChulio · 05.12.2011, 16:56

Keine Antwort?
HAtte die Datei oben angehangen und gestern hatte ich dann noch einen GemaVirus.
Dieser lag unter Windows/User/*****/AppData/Local/Temp/
War wieder ein Zahlencode davor und dann stand da noch Gema.exe dran.

cosinus · 05.12.2011, 18:55

Code:

ATTFilter

O1 - Hosts: 127.0.0.1 w*w.acronis.de

Welchen Sinn und Zweck soll dieser Eintrag bei dir erfüllen?
Was hast du davon, wenn dein Rechner acronis.de nicht mehr erreichen kann?

DonChulio · 05.12.2011, 20:49

Das war mal zu testzwecken vor ein paar Monden wird aber nicht mehr genutzt.

cosinus · 05.12.2011, 20:57

Aha, du hast also zu Testzwecken einen Crack genutzt und wunderst dich jetzt, dass der Rechner spinnt?

DonChulio · 05.12.2011, 21:07

kein crack nur eine sperre um das app erst richtig zu testen da die demo davon zu sehr eingeschränkt war welches dann auch gekauft wurde auf die bitte von hp hin da ich zu dem zeitpunkt eine defekte hdd hatte die über den hp support getauscht wurde allerdings musste ich ein app haben das die daten 1 zu 1 spiegelt was mit dem wunderbar funktioniert und das war auch der Grund warum ich es dann gekauft habe.

cosinus · 05.12.2011, 22:32

Nagut...
Sei bitte so freundlich und mach das OTL-Log als CustomScan nochmal, da ich es ja leider übersehen habe und es doch schon ne Woche (zu) alt ist

DonChulio · 06.12.2011, 11:13

So hab den durchlauf mit Otl gemacht

cosinus · 06.12.2011, 11:52

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1"
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=101&q="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.defaultengine: "Web Search"??# Mozilla User Preferences
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=101&q="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.defaultengine: "Web Search"
[2010.03.31 22:17:13 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011.06.12 13:23:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.09 20:00:41 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.09 09:18:44 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.29 15:22:49 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\ffox@bandoo.com
[2010.08.09 19:19:15 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011.06.12 13:23:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.09 20:00:41 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\67b3q80q.default\searchplugins\icqplugin.xml
[2010.08.12 12:12:24 | 000,005,529 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\67b3q80q.default\searchplugins\SearchquWebSearch.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\67b3q80q.default\searchplugins\startsear.xml
CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=8fa34532-0237-11e1-8054-cf6766fd19f9&q={searchTerms}
O2:64bit: - BHO: (Reg Error: Value error.) - {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - C:\Programme\Mediafour\XPlay 3\XPBHO.DLL (Mediafour Corporation)
O2:64bit: - BHO: (Digital Trends Club) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\x64\Gacela2.dll (nurago GmbH)
O2 - BHO: (Digital Trends Club) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\Gacela2.dll (nurago GmbH)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files (x86)\YRefresher\YRefresher.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files (x86)\YRefresher\YRefresher.dll ()
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [HKCU] C:\Users\Daniel\AppData\Roaming\Java\Java.exe (Microsoft)
O9:64bit: - Extra 'Tools' menuitem : Ãœber Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\x64\Gacela2.dll (nurago GmbH)
O9 - Extra 'Tools' menuitem : Über Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\Gacela2.dll (nurago GmbH)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{12c927ef-aaed-11df-9459-406186961122}\Shell - "" = AutoRun
O33 - MountPoints2\{12c927ef-aaed-11df-9459-406186961122}\Shell\AutoRun\command - "" = L:\iStudio.exe
O33 - MountPoints2\{4a21454f-b8f4-11e0-a994-a1cb2b4c3ef3}\Shell - "" = AutoRun
O33 - MountPoints2\{4a21454f-b8f4-11e0-a994-a1cb2b4c3ef3}\Shell\AutoRun\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{4a21454f-b8f4-11e0-a994-a1cb2b4c3ef3}\Shell\dinstall\command - "" = M:\DirectX\dxsetup.exe
O33 - MountPoints2\{9feb5d87-dd3a-11df-a4de-406186961122}\Shell - "" = AutoRun
O33 - MountPoints2\{9feb5d87-dd3a-11df-a4de-406186961122}\Shell\AutoRun\command - "" = H:\Setup.exe
[2011.11.16 09:20:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.11.25 10:14:20 | 032,034,816 | ---- | C] () -- C:\Users\Daniel\E000019F5AC9EFB0
[2011.02.13 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bandoo
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:264B2CC4
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:B6AC352B
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

DonChulio · 06.12.2011, 12:25

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://startsear.ch/?aff=1" removed from browser.startup.homepage
Prefs.js: "hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=" removed from keyword.URL
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Web Search"??# Mozilla User Preferences removed from browser.search.defaultengine
Prefs.js: "hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=" removed from keyword.URL
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Web Search" removed from browser.search.defaultengine
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\defaults\preferences folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\defaults folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\ffox@bandoo.com\content\creatives folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\ffox@bandoo.com\content folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\ffox@bandoo.com\components folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\67b3q80q.default\extensions\ffox@bandoo.com folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\defaults\preferences folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\defaults folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.Hamster\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\67b3q80q.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\67b3q80q.default\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\67b3q80q.default\searchplugins\startsear.xml moved successfully.
Unable to fix default_search_provider items.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E}\ deleted successfully.
C:\Programme\Mediafour\XPlay 3\XPBHO.DLL moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BEEA052-726D-4A6E-B65D-A6BD07C263F3}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4BEEA052-726D-4A6E-B65D-A6BD07C263F3}\ deleted successfully.
C:\Program Files (x86)\Digital Trends Club\x64\Gacela2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BEEA052-726D-4A6E-B65D-A6BD07C263F3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4BEEA052-726D-4A6E-B65D-A6BD07C263F3}\ deleted successfully.
C:\Program Files (x86)\Digital Trends Club\Gacela2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\ deleted successfully.
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}\ deleted successfully.
C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.
C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ deleted successfully.
File C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B24BA06E-FB7B-4757-95C2-DC01125F750E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B24BA06E-FB7B-4757-95C2-DC01125F750E}\ deleted successfully.
C:\Program Files (x86)\YRefresher\YRefresher.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B24BA06E-FB7B-4757-95C2-DC01125F750E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B24BA06E-FB7B-4757-95C2-DC01125F750E}\ not found.
File C:\Program Files (x86)\YRefresher\YRefresher.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bluetooth Connection Assistant deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU deleted successfully.
C:\Users\Daniel\AppData\Roaming\Java\Java.exe moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4BEEA052-726D-4A6E-B65D-A6BD07C263F3}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4BEEA052-726D-4A6E-B65D-A6BD07C263F3}\ not found.
File C:\Program Files (x86)\Digital Trends Club\x64\Gacela2.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4BEEA052-726D-4A6E-B65D-A6BD07C263F3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4BEEA052-726D-4A6E-B65D-A6BD07C263F3}\ not found.
File C:\Program Files (x86)\Digital Trends Club\Gacela2.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12c927ef-aaed-11df-9459-406186961122}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12c927ef-aaed-11df-9459-406186961122}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12c927ef-aaed-11df-9459-406186961122}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12c927ef-aaed-11df-9459-406186961122}\ not found.
File L:\iStudio.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a21454f-b8f4-11e0-a994-a1cb2b4c3ef3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a21454f-b8f4-11e0-a994-a1cb2b4c3ef3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a21454f-b8f4-11e0-a994-a1cb2b4c3ef3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a21454f-b8f4-11e0-a994-a1cb2b4c3ef3}\ not found.
File M:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a21454f-b8f4-11e0-a994-a1cb2b4c3ef3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a21454f-b8f4-11e0-a994-a1cb2b4c3ef3}\ not found.
File M:\DirectX\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9feb5d87-dd3a-11df-a4de-406186961122}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9feb5d87-dd3a-11df-a4de-406186961122}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9feb5d87-dd3a-11df-a4de-406186961122}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9feb5d87-dd3a-11df-a4de-406186961122}\ not found.
File H:\Setup.exe not found.
C:\Windows\SysNative\Macromed\Flash folder moved successfully.
C:\Windows\SysNative\Macromed folder moved successfully.
C:\Users\Daniel\E000019F5AC9EFB0 moved successfully.
C:\Users\Daniel\AppData\Roaming\Bandoo folder moved successfully.
ADS C:\ProgramData\Temp:264B2CC4 deleted successfully.
ADS C:\ProgramData\Temp:B6AC352B deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Daniel
->Temp folder emptied: 37516170 bytes
->Temporary Internet Files folder emptied: 200230453 bytes
->Java cache emptied: 4105543 bytes
->FireFox cache emptied: 127363140 bytes
->Google Chrome cache emptied: 76238519 bytes
->Opera cache emptied: 18991893 bytes
->Flash cache emptied: 87503 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3520 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85230 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 443,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12062011_122651

cosinus · 06.12.2011, 13:20

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

DonChulio · 06.12.2011, 13:49

13:44:51.0728 2680 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
13:44:52.0001 2680 ============================================================
13:44:52.0001 2680 Current date / time: 2011/12/06 13:44:52.0001
13:44:52.0001 2680 SystemInfo:
13:44:52.0001 2680
13:44:52.0001 2680 OS Version: 6.1.7601 ServicePack: 1.0
13:44:52.0001 2680 Product type: Workstation
13:44:52.0002 2680 ComputerName: DANIEL-PC
13:44:52.0002 2680 UserName: Daniel
13:44:52.0002 2680 Windows directory: C:\Windows
13:44:52.0002 2680 System windows directory: C:\Windows
13:44:52.0002 2680 Running under WOW64
13:44:52.0002 2680 Processor architecture: Intel x64
13:44:52.0002 2680 Number of processors: 4
13:44:52.0002 2680 Page size: 0x1000
13:44:52.0002 2680 Boot type: Normal boot
13:44:52.0002 2680 ============================================================
13:45:01.0933 2680 Initialize success
13:47:46.0022 1108 ============================================================
13:47:46.0022 1108 Scan started
13:47:46.0022 1108 Mode: Manual; SigCheck; TDLFS;
13:47:46.0022 1108 ============================================================
13:47:46.0735 1108 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:47:46.0797 1108 1394ohci - ok
13:47:46.0841 1108 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:47:46.0853 1108 ACPI - ok
13:47:46.0878 1108 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:47:46.0911 1108 AcpiPmi - ok
13:47:46.0936 1108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:47:46.0956 1108 adp94xx - ok
13:47:47.0000 1108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:47:47.0017 1108 adpahci - ok
13:47:47.0059 1108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:47:47.0073 1108 adpu320 - ok
13:47:47.0104 1108 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
13:47:47.0142 1108 AFD - ok
13:47:47.0164 1108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:47:47.0174 1108 agp440 - ok
13:47:47.0218 1108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:47:47.0228 1108 aliide - ok
13:47:47.0240 1108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:47:47.0251 1108 amdide - ok
13:47:47.0278 1108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:47:47.0320 1108 AmdK8 - ok
13:47:47.0328 1108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:47:47.0346 1108 AmdPPM - ok
13:47:47.0381 1108 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:47:47.0394 1108 amdsata - ok
13:47:47.0423 1108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:47:47.0438 1108 amdsbs - ok
13:47:47.0456 1108 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:47:47.0464 1108 amdxata - ok
13:47:47.0536 1108 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:47:47.0659 1108 AppID - ok
13:47:47.0699 1108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:47:47.0711 1108 arc - ok
13:47:47.0721 1108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:47:47.0734 1108 arcsas - ok
13:47:47.0741 1108 Aspi32 - ok
13:47:47.0780 1108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:47:47.0916 1108 AsyncMac - ok
13:47:47.0971 1108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:47:47.0981 1108 atapi - ok
13:47:48.0015 1108 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
13:47:48.0048 1108 avgntflt - ok
13:47:48.0061 1108 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
13:47:48.0072 1108 avipbb - ok
13:47:48.0087 1108 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:47:48.0095 1108 avkmgr - ok
13:47:48.0133 1108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:47:48.0180 1108 b06bdrv - ok
13:47:48.0217 1108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:47:48.0246 1108 b57nd60a - ok
13:47:48.0283 1108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:47:48.0325 1108 Beep - ok
13:47:48.0377 1108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:47:48.0401 1108 blbdrive - ok
13:47:48.0425 1108 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:47:48.0448 1108 bowser - ok
13:47:48.0464 1108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:47:48.0516 1108 BrFiltLo - ok
13:47:48.0557 1108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:47:48.0578 1108 BrFiltUp - ok
13:47:48.0599 1108 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:47:48.0644 1108 Bridge - ok
13:47:48.0648 1108 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:47:48.0676 1108 BridgeMP - ok
13:47:48.0720 1108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:47:48.0761 1108 Brserid - ok
13:47:48.0780 1108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:47:48.0811 1108 BrSerWdm - ok
13:47:48.0829 1108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:47:48.0848 1108 BrUsbMdm - ok
13:47:48.0866 1108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:47:48.0889 1108 BrUsbSer - ok
13:47:48.0916 1108 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:47:48.0957 1108 BthEnum - ok
13:47:48.0978 1108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:47:49.0002 1108 BTHMODEM - ok
13:47:49.0031 1108 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:47:49.0063 1108 BthPan - ok
13:47:49.0099 1108 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
13:47:49.0144 1108 BTHPORT - ok
13:47:49.0184 1108 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
13:47:49.0215 1108 BTHUSB - ok
13:47:49.0234 1108 CbFs (3bd75bd399f79cf2276dc7afd0ffcaee) C:\Windows\system32\drivers\cbfs.sys
13:47:49.0245 1108 CbFs - ok
13:47:49.0266 1108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:47:49.0307 1108 cdfs - ok
13:47:49.0370 1108 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:47:49.0386 1108 cdrom - ok
13:47:49.0407 1108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:47:49.0423 1108 circlass - ok
13:47:49.0455 1108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:47:49.0467 1108 CLFS - ok
13:47:49.0495 1108 CLNUIDriver (2c89677c17e771fd7514c8610c7ce578) C:\Windows\system32\DRIVERS\CLNUIDriver.sys
13:47:49.0505 1108 CLNUIDriver - ok
13:47:49.0562 1108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:47:49.0586 1108 CmBatt - ok
13:47:49.0619 1108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:47:49.0629 1108 cmdide - ok
13:47:49.0696 1108 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
13:47:49.0723 1108 CNG - ok
13:47:49.0739 1108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:47:49.0750 1108 Compbatt - ok
13:47:49.0777 1108 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:47:49.0804 1108 CompositeBus - ok
13:47:49.0873 1108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:47:49.0884 1108 crcdisk - ok
13:47:49.0943 1108 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:47:49.0977 1108 DfsC - ok
13:47:50.0038 1108 DFUBTUSB (b49e99c0860e73cd3d54ecba1f236dfd) C:\Windows\system32\Drivers\frmupgr.sys
13:47:50.0049 1108 DFUBTUSB - ok
13:47:50.0121 1108 dg_ssudbus (bf4e72d6fa78fedc4b8577116eface7e) C:\Windows\system32\DRIVERS\ssudbus.sys
13:47:50.0132 1108 dg_ssudbus - ok
13:47:50.0183 1108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:47:50.0221 1108 discache - ok
13:47:50.0229 1108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:47:50.0237 1108 Disk - ok
13:47:50.0297 1108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:47:50.0323 1108 drmkaud - ok
13:47:50.0402 1108 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:47:50.0424 1108 DXGKrnl - ok
13:47:50.0517 1108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:47:50.0614 1108 ebdrv - ok
13:47:50.0636 1108 ElbyCDFL (8d18a680bdab2aca00506fe6f8aef81a) C:\Windows\system32\Drivers\ElbyCDFL.sys
13:47:50.0645 1108 ElbyCDFL - ok
13:47:50.0659 1108 ElbyCDIO (ea2ff60fcce3b9ffe0bd77658b88512d) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:47:50.0667 1108 ElbyCDIO - ok
13:47:50.0696 1108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:47:50.0715 1108 elxstor - ok
13:47:50.0739 1108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:47:50.0752 1108 ErrDev - ok
13:47:50.0774 1108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:47:50.0820 1108 exfat - ok
13:47:50.0849 1108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:47:50.0893 1108 fastfat - ok
13:47:50.0924 1108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:47:50.0954 1108 fdc - ok
13:47:50.0974 1108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:47:50.0982 1108 FileInfo - ok
13:47:50.0993 1108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:47:51.0037 1108 Filetrace - ok
13:47:51.0051 1108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:47:51.0064 1108 flpydisk - ok
13:47:51.0089 1108 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:47:51.0100 1108 FltMgr - ok
13:47:51.0115 1108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:47:51.0127 1108 FsDepends - ok
13:47:51.0136 1108 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:47:51.0145 1108 Fs_Rec - ok
13:47:51.0166 1108 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:47:51.0176 1108 fvevol - ok
13:47:51.0201 1108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:47:51.0212 1108 gagp30kx - ok
13:47:51.0239 1108 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
13:47:51.0247 1108 ggflt - ok
13:47:51.0264 1108 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
13:47:51.0274 1108 ggsemc - ok
13:47:51.0309 1108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:47:51.0341 1108 hcw85cir - ok
13:47:51.0366 1108 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:47:51.0384 1108 HDAudBus - ok
13:47:51.0402 1108 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
13:47:51.0411 1108 HECIx64 - ok
13:47:51.0425 1108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:47:51.0442 1108 HidBatt - ok
13:47:51.0467 1108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:47:51.0483 1108 HidBth - ok
13:47:51.0496 1108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:47:51.0520 1108 HidIr - ok
13:47:51.0540 1108 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:47:51.0559 1108 HidUsb - ok
13:47:51.0602 1108 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:47:51.0614 1108 HpSAMD - ok
13:47:51.0658 1108 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:47:51.0694 1108 HTTP - ok
13:47:51.0733 1108 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:47:51.0740 1108 hwpolicy - ok
13:47:51.0760 1108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:47:51.0775 1108 i8042prt - ok
13:47:51.0789 1108 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
13:47:51.0800 1108 iaStor - ok
13:47:51.0833 1108 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:47:51.0849 1108 iaStorV - ok
13:47:51.0866 1108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:47:51.0877 1108 iirsp - ok
13:47:51.0930 1108 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
13:47:51.0970 1108 IntcAzAudAddService - ok
13:47:51.0990 1108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:47:52.0000 1108 intelide - ok
13:47:52.0020 1108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:47:52.0031 1108 intelppm - ok
13:47:52.0053 1108 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:47:52.0085 1108 IpFilterDriver - ok
13:47:52.0107 1108 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:47:52.0133 1108 IPMIDRV - ok
13:47:52.0158 1108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:47:52.0199 1108 IPNAT - ok
13:47:52.0219 1108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:47:52.0255 1108 IRENUM - ok
13:47:52.0279 1108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:47:52.0290 1108 isapnp - ok
13:47:52.0317 1108 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:47:52.0335 1108 iScsiPrt - ok
13:47:52.0350 1108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:47:52.0361 1108 kbdclass - ok
13:47:52.0376 1108 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:47:52.0401 1108 kbdhid - ok
13:47:52.0429 1108 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
13:47:52.0438 1108 KMWDFILTER - ok
13:47:52.0469 1108 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
13:47:52.0477 1108 KSecDD - ok
13:47:52.0489 1108 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
13:47:52.0498 1108 KSecPkg - ok
13:47:52.0509 1108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:47:52.0540 1108 ksthunk - ok
13:47:52.0580 1108 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:47:52.0589 1108 LHidFilt - ok
13:47:52.0641 1108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:47:52.0679 1108 lltdio - ok
13:47:52.0705 1108 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:47:52.0713 1108 LMouFilt - ok
13:47:52.0740 1108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:47:52.0753 1108 LSI_FC - ok
13:47:52.0771 1108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:47:52.0785 1108 LSI_SAS - ok
13:47:52.0807 1108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:47:52.0820 1108 LSI_SAS2 - ok
13:47:52.0848 1108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:47:52.0861 1108 LSI_SCSI - ok
13:47:52.0870 1108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:47:52.0906 1108 luafv - ok
13:47:52.0955 1108 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
13:47:52.0962 1108 MBAMProtector - ok
13:47:52.0984 1108 MDFSYSNT (cff4808e80881375e87037ae041b19f0) C:\Windows\system32\drivers\MDFSYSNT.sys
13:47:52.0995 1108 MDFSYSNT - ok
13:47:53.0017 1108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:47:53.0029 1108 megasas - ok
13:47:53.0049 1108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:47:53.0065 1108 MegaSR - ok
13:47:53.0125 1108 mobiolavs (73d06f37480c314ad9082de5aa17cfb8) C:\Windows\system32\DRIVERS\mobiolavs.sys
13:47:53.0135 1108 mobiolavs - ok
13:47:53.0175 1108 MOBIOLA_Wave (14f31d60a6c0d73de9836edc8f304e83) C:\Windows\system32\drivers\mobiolawave.sys
13:47:53.0185 1108 MOBIOLA_Wave - ok
13:47:53.0218 1108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:47:53.0258 1108 Modem - ok
13:47:53.0276 1108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:47:53.0293 1108 monitor - ok
13:47:53.0322 1108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:47:53.0332 1108 mouclass - ok
13:47:53.0351 1108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:47:53.0365 1108 mouhid - ok
13:47:53.0383 1108 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:47:53.0391 1108 mountmgr - ok
13:47:53.0415 1108 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:47:53.0429 1108 mpio - ok
13:47:53.0445 1108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:47:53.0479 1108 mpsdrv - ok
13:47:53.0504 1108 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:47:53.0555 1108 MRxDAV - ok
13:47:53.0574 1108 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:47:53.0598 1108 mrxsmb - ok
13:47:53.0624 1108 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:47:53.0643 1108 mrxsmb10 - ok
13:47:53.0667 1108 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:47:53.0688 1108 mrxsmb20 - ok
13:47:53.0712 1108 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:47:53.0723 1108 msahci - ok
13:47:53.0764 1108 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:47:53.0777 1108 msdsm - ok
13:47:53.0791 1108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:47:53.0831 1108 Msfs - ok
13:47:53.0848 1108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:47:53.0895 1108 mshidkmdf - ok
13:47:53.0909 1108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:47:53.0916 1108 msisadrv - ok
13:47:53.0942 1108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:47:53.0973 1108 MSKSSRV - ok
13:47:53.0990 1108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:47:54.0030 1108 MSPCLOCK - ok
13:47:54.0045 1108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:47:54.0083 1108 MSPQM - ok
13:47:54.0112 1108 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:47:54.0125 1108 MsRPC - ok
13:47:54.0138 1108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:47:54.0144 1108 mssmbios - ok
13:47:54.0166 1108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:47:54.0209 1108 MSTEE - ok
13:47:54.0248 1108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:47:54.0262 1108 MTConfig - ok
13:47:54.0272 1108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:47:54.0282 1108 Mup - ok
13:47:54.0307 1108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:47:54.0339 1108 NativeWifiP - ok
13:47:54.0391 1108 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:47:54.0412 1108 NDIS - ok
13:47:54.0430 1108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:47:54.0462 1108 NdisCap - ok
13:47:54.0480 1108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:47:54.0520 1108 NdisTapi - ok
13:47:54.0547 1108 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:47:54.0583 1108 Ndisuio - ok
13:47:54.0613 1108 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:47:54.0657 1108 NdisWan - ok
13:47:54.0673 1108 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:47:54.0711 1108 NDProxy - ok
13:47:54.0720 1108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:47:54.0755 1108 NetBIOS - ok
13:47:54.0790 1108 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:47:54.0827 1108 NetBT - ok
13:47:54.0863 1108 netr28x (44d4bd55191624c82a2745296ba42814) C:\Windows\system32\DRIVERS\netr28x.sys
13:47:54.0910 1108 netr28x - ok
13:47:54.0946 1108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:47:54.0957 1108 nfrd960 - ok
13:47:55.0000 1108 nmwcd (907b5e1e4a592e5edc5e4ccbde4863c2) C:\Windows\system32\drivers\ccdcmbx64.sys
13:47:55.0047 1108 nmwcd - ok
13:47:55.0087 1108 nmwcdc (41c1ac1f3613435eb32d67bcb80a5fa5) C:\Windows\system32\drivers\ccdcmbox64.sys
13:47:55.0117 1108 nmwcdc - ok
13:47:55.0141 1108 nmwcdnsucx64 (a962be6433ef016e0dfb52eca15a5378) C:\Windows\system32\drivers\nmwcdnsucx64.sys
13:47:55.0167 1108 nmwcdnsucx64 - ok
13:47:55.0199 1108 nmwcdnsux64 (9573223e205907247ae6d948e3453770) C:\Windows\system32\drivers\nmwcdnsux64.sys
13:47:55.0228 1108 nmwcdnsux64 - ok
13:47:55.0250 1108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:47:55.0279 1108 Npfs - ok
13:47:55.0296 1108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:47:55.0325 1108 nsiproxy - ok
13:47:55.0365 1108 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:47:55.0410 1108 Ntfs - ok
13:47:55.0427 1108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:47:55.0458 1108 Null - ok
13:47:55.0479 1108 NVHDA (dd743dc997f26eddfdcebe7146b458b8) C:\Windows\system32\drivers\nvhda64v.sys
13:47:55.0492 1108 NVHDA - ok
13:47:55.0683 1108 nvlddmkm (88e141b9df63c41ea272b2f712d1a227) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:47:55.0855 1108 nvlddmkm - ok
13:47:55.0900 1108 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:47:55.0914 1108 nvraid - ok
13:47:55.0943 1108 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:47:55.0955 1108 nvstor - ok
13:47:55.0983 1108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:47:55.0997 1108 nv_agp - ok
13:47:56.0021 1108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:47:56.0037 1108 ohci1394 - ok
13:47:56.0084 1108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:47:56.0111 1108 Parport - ok
13:47:56.0125 1108 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:47:56.0133 1108 partmgr - ok
13:47:56.0161 1108 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
13:47:56.0187 1108 pccsmcfd - ok
13:47:56.0198 1108 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:47:56.0207 1108 pci - ok
13:47:56.0224 1108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:47:56.0237 1108 pciide - ok
13:47:56.0264 1108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:47:56.0281 1108 pcmcia - ok
13:47:56.0302 1108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:47:56.0310 1108 pcw - ok
13:47:56.0340 1108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:47:56.0396 1108 PEAUTH - ok
13:47:56.0448 1108 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:47:56.0486 1108 PptpMiniport - ok
13:47:56.0509 1108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:47:56.0536 1108 Processor - ok
13:47:56.0571 1108 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:47:56.0611 1108 Psched - ok
13:47:56.0647 1108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:47:56.0708 1108 ql2300 - ok
13:47:56.0729 1108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:47:56.0742 1108 ql40xx - ok
13:47:56.0766 1108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:47:56.0783 1108 QWAVEdrv - ok
13:47:56.0804 1108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:47:56.0848 1108 RasAcd - ok
13:47:56.0864 1108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:47:56.0905 1108 RasAgileVpn - ok
13:47:56.0926 1108 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:47:56.0958 1108 Rasl2tp - ok
13:47:56.0979 1108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:47:57.0012 1108 RasPppoe - ok
13:47:57.0026 1108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:47:57.0059 1108 RasSstp - ok
13:47:57.0093 1108 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:47:57.0122 1108 rdbss - ok
13:47:57.0143 1108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:47:57.0171 1108 rdpbus - ok
13:47:57.0186 1108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:47:57.0222 1108 RDPCDD - ok
13:47:57.0243 1108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:47:57.0283 1108 RDPENCDD - ok
13:47:57.0309 1108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:47:57.0338 1108 RDPREFMP - ok
13:47:57.0367 1108 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:47:57.0401 1108 RDPWD - ok
13:47:57.0430 1108 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:47:57.0439 1108 rdyboost - ok
13:47:57.0479 1108 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:47:57.0496 1108 RFCOMM - ok
13:47:57.0513 1108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:47:57.0558 1108 rspndr - ok
13:47:57.0582 1108 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:47:57.0613 1108 RTL8167 - ok
13:47:57.0644 1108 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:47:57.0657 1108 sbp2port - ok
13:47:57.0682 1108 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:47:57.0715 1108 scfilter - ok
13:47:57.0739 1108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:47:57.0781 1108 secdrv - ok
13:47:57.0809 1108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:47:57.0826 1108 Serenum - ok
13:47:57.0843 1108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:47:57.0858 1108 Serial - ok
13:47:57.0890 1108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:47:57.0903 1108 sermouse - ok
13:47:57.0954 1108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:47:57.0980 1108 sffdisk - ok
13:47:58.0001 1108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:47:58.0024 1108 sffp_mmc - ok
13:47:58.0044 1108 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:47:58.0059 1108 sffp_sd - ok
13:47:58.0074 1108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:47:58.0087 1108 sfloppy - ok
13:47:58.0118 1108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:47:58.0129 1108 SiSRaid2 - ok
13:47:58.0160 1108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:47:58.0172 1108 SiSRaid4 - ok
13:47:58.0193 1108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:47:58.0227 1108 Smb - ok
13:47:58.0277 1108 snapman (b2aa7562ba5858633fcdcd246e8d6730) C:\Windows\system32\DRIVERS\snapman.sys
13:47:58.0287 1108 snapman - ok
13:47:58.0320 1108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:47:58.0328 1108 spldr - ok
13:47:58.0371 1108 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
13:47:58.0403 1108 sptd - ok
13:47:58.0441 1108 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:47:58.0472 1108 srv - ok
13:47:58.0485 1108 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:47:58.0505 1108 srv2 - ok
13:47:58.0525 1108 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:47:58.0535 1108 srvnet - ok
13:47:58.0579 1108 ssudmdm (daa02a6e84a4f99b5b9cd3ef8d59d652) C:\Windows\system32\DRIVERS\ssudmdm.sys
13:47:58.0593 1108 ssudmdm - ok
13:47:58.0629 1108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:47:58.0640 1108 stexstor - ok
13:47:58.0667 1108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:47:58.0677 1108 swenum - ok
13:47:58.0750 1108 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:47:58.0804 1108 Tcpip - ok
13:47:58.0850 1108 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:47:58.0880 1108 TCPIP6 - ok
13:47:58.0911 1108 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:47:58.0958 1108 tcpipreg - ok
13:47:58.0987 1108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:47:59.0030 1108 TDPIPE - ok
13:47:59.0052 1108 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:47:59.0084 1108 TDTCP - ok
13:47:59.0111 1108 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:47:59.0141 1108 tdx - ok
13:47:59.0158 1108 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:47:59.0169 1108 TermDD - ok
13:47:59.0211 1108 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
13:47:59.0224 1108 truecrypt - ok
13:47:59.0260 1108 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:47:59.0298 1108 tssecsrv - ok
13:47:59.0324 1108 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:47:59.0358 1108 TsUsbFlt - ok
13:47:59.0427 1108 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
13:47:59.0435 1108 TuneUpUtilitiesDrv - ok
13:47:59.0462 1108 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:47:59.0500 1108 tunnel - ok
13:47:59.0523 1108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:47:59.0534 1108 uagp35 - ok
13:47:59.0556 1108 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:47:59.0602 1108 udfs - ok
13:47:59.0626 1108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:47:59.0637 1108 uliagpkx - ok
13:47:59.0672 1108 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:47:59.0686 1108 umbus - ok
13:47:59.0711 1108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:47:59.0724 1108 UmPass - ok
13:47:59.0757 1108 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
13:47:59.0765 1108 UnlockerDriver5 - ok
13:47:59.0810 1108 upperdev (4e93c8496359e97830c75ac36393654d) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
13:47:59.0828 1108 upperdev - ok
13:47:59.0856 1108 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
13:47:59.0873 1108 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
13:47:59.0873 1108 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
13:47:59.0889 1108 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:47:59.0912 1108 usbaudio - ok
13:47:59.0922 1108 usbbus - ok
13:47:59.0963 1108 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:47:59.0988 1108 usbccgp - ok
13:48:00.0021 1108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:48:00.0039 1108 usbcir - ok
13:48:00.0047 1108 UsbDiag - ok
13:48:00.0080 1108 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:48:00.0094 1108 usbehci - ok
13:48:00.0109 1108 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:48:00.0136 1108 usbhub - ok
13:48:00.0146 1108 USBModem - ok
13:48:00.0174 1108 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:48:00.0200 1108 usbohci - ok
13:48:00.0221 1108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:48:00.0236 1108 usbprint - ok
13:48:00.0261 1108 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:48:00.0278 1108 usbscan - ok
13:48:00.0304 1108 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
13:48:00.0342 1108 usbser - ok
13:48:00.0358 1108 UsbserFilt (8844cb19a37b65e27049d4a7786726a9) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
13:48:00.0377 1108 UsbserFilt - ok
13:48:00.0420 1108 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:48:00.0439 1108 USBSTOR - ok
13:48:00.0466 1108 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:48:00.0479 1108 usbuhci - ok
13:48:00.0511 1108 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:48:00.0535 1108 usbvideo - ok
13:48:00.0611 1108 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
13:48:00.0636 1108 usb_rndisx - ok
13:48:00.0675 1108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:48:00.0683 1108 vdrvroot - ok
13:48:00.0717 1108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:48:00.0733 1108 vga - ok
13:48:00.0749 1108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:48:00.0779 1108 VgaSave - ok
13:48:00.0805 1108 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:48:00.0824 1108 vhdmp - ok
13:48:00.0843 1108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:48:00.0854 1108 viaide - ok
13:48:00.0913 1108 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
13:48:00.0929 1108 vncmirror - ok
13:48:00.0953 1108 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:48:00.0961 1108 volmgr - ok
13:48:00.0979 1108 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:48:00.0992 1108 volmgrx - ok
13:48:01.0009 1108 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:48:01.0020 1108 volsnap - ok
13:48:01.0032 1108 vserial - ok
13:48:01.0060 1108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:48:01.0073 1108 vsmraid - ok
13:48:01.0094 1108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:48:01.0114 1108 vwifibus - ok
13:48:01.0133 1108 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:48:01.0158 1108 vwififlt - ok
13:48:01.0202 1108 VX3000 (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys
13:48:01.0259 1108 VX3000 - ok
13:48:01.0292 1108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:48:01.0311 1108 WacomPen - ok
13:48:01.0326 1108 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:48:01.0360 1108 WANARP - ok
13:48:01.0368 1108 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:48:01.0395 1108 Wanarpv6 - ok
13:48:01.0437 1108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:48:01.0447 1108 Wd - ok
13:48:01.0462 1108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:48:01.0479 1108 Wdf01000 - ok
13:48:01.0522 1108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:48:01.0560 1108 WfpLwf - ok
13:48:01.0583 1108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:48:01.0592 1108 WIMMount - ok
13:48:01.0645 1108 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:48:01.0660 1108 WinUsb - ok
13:48:01.0699 1108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:48:01.0716 1108 WmiAcpi - ok
13:48:01.0753 1108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:48:01.0796 1108 ws2ifsl - ok
13:48:01.0851 1108 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:48:01.0893 1108 WudfPf - ok
13:48:01.0915 1108 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.SYS
13:48:01.0944 1108 WUDFRd - ok
13:48:01.0980 1108 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
13:48:02.0011 1108 xusb21 - ok
13:48:02.0028 1108 MBR (0x1B8) (45113126de08d48d162159316353bb52) \Device\Harddisk0\DR0
13:48:02.0183 1108 \Device\Harddisk0\DR0 - ok
13:48:02.0186 1108 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:48:02.0244 1108 \Device\Harddisk1\DR1 - ok
13:48:02.0251 1108 Boot (0x1200) (13e96e110803bf3cdf5101f8602a2c82) \Device\Harddisk0\DR0\Partition0
13:48:02.0252 1108 \Device\Harddisk0\DR0\Partition0 - ok
13:48:02.0257 1108 Boot (0x1200) (152344b32f362634a64cfa6e7849ba15) \Device\Harddisk0\DR0\Partition1
13:48:02.0259 1108 \Device\Harddisk0\DR0\Partition1 - ok
13:48:02.0285 1108 Boot (0x1200) (8a4b5aaffa5d1c5f2d2780b5959ca47f) \Device\Harddisk0\DR0\Partition2
13:48:02.0287 1108 \Device\Harddisk0\DR0\Partition2 - ok
13:48:02.0289 1108 Boot (0x1200) (1bf808cffbd8cafd3570e9a972f03128) \Device\Harddisk1\DR1\Partition0
13:48:02.0290 1108 \Device\Harddisk1\DR1\Partition0 - ok
13:48:02.0307 1108 Boot (0x1200) (c4d5147f8885068a8c7bce120614fab1) \Device\Harddisk1\DR1\Partition1
13:48:02.0308 1108 \Device\Harddisk1\DR1\Partition1 - ok
13:48:02.0309 1108 ============================================================
13:48:02.0309 1108 Scan finished
13:48:02.0309 1108 ============================================================
13:48:02.0315 4868 Detected object count: 1
13:48:02.0315 4868 Actual detected object count: 1
13:48:12.0954 4868 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
13:48:12.0954 4868 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 06.12.2011, 13:52

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

DonChulio · 06.12.2011, 14:14

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-12-06.01 - Daniel 06.12.2011  13:59:19.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6071.4073 [GMT 1:00]
ausgeführt von:: c:\users\Daniel\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\program files (x86)\Windows Searchqu Toolbar
c:\programdata\mazuki.dll
c:\users\Daniel\AppData\Roaming\Java\Java.exe
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\((Mutex)).dat
c:\users\Daniel\AppData\Roaming\TuneUpUtilities2012_2030.5-DE.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-06 bis 2011-12-06  ))))))))))))))))))))))))))))))
.
.
2011-12-06 13:09 . 2011-12-06 13:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-06 12:54 . 2011-12-06 12:56	--------	d-----w-	c:\programdata\Sony Ericsson
2011-12-06 11:23 . 2011-12-06 11:23	--------	d-----w-	C:\_OTL
2011-12-04 21:18 . 2011-12-04 21:18	--------	d-----w-	c:\programdata\GEMA
2011-12-02 08:35 . 2011-12-02 08:35	--------	d-----w-	c:\users\UpdatusUser
2011-11-30 20:07 . 2011-11-30 20:08	--------	d-----w-	c:\program files (x86)\Gammu 1.30.91
2011-11-30 12:19 . 2011-11-30 12:19	--------	d-----w-	c:\program files (x86)\Common Files\PCSuite
2011-11-30 09:18 . 2011-11-30 10:00	--------	d-----w-	c:\programdata\OviInstallerCache
2011-11-27 09:02 . 2011-11-27 09:02	--------	d-----w-	c:\users\Daniel\AppData\Local\NokiaCooker.exe_Url_awgeuxefgqdpq0dfplsot5r5tagk2svt
2011-11-25 11:02 . 2011-11-25 11:02	--------	d-----w-	c:\program files (x86)\ESET
2011-11-25 10:52 . 2011-11-25 10:52	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Malwarebytes
2011-11-25 10:52 . 2011-11-25 10:52	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-25 10:52 . 2011-11-25 10:52	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-25 10:52 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-25 09:46 . 2011-11-25 09:46	--------	d-----w-	c:\program files (x86)\Emsisoft HiJackFree
2011-11-25 08:53 . 2011-11-25 08:53	--------	d-----w-	c:\users\Daniel\5F0545E73F0F4730AF7026E61DBDF263.TMP
2011-11-23 18:29 . 2011-11-23 18:29	406336	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2011-11-10 18:44 . 2011-11-10 18:44	--------	d-----w-	c:\program files (x86)\PC Connectivity Solution
2011-11-10 18:34 . 2011-11-10 18:35	--------	d-----w-	c:\programdata\EroNavi
2011-11-10 18:34 . 2011-11-10 18:34	--------	d-----w-	c:\program files (x86)\EroNavi
2011-11-09 07:48 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 07:48 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 07:48 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:48 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-11-06 20:13 . 2011-11-06 20:13	--------	d-----w-	c:\users\Daniel\AppData\Local\ODUI
2011-11-06 20:13 . 2011-11-06 20:13	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Stardock
2011-11-06 20:12 . 2011-11-06 20:12	--------	d-----w-	c:\users\Daniel\AppData\Local\Stardock
2011-11-06 20:12 . 2011-11-06 20:12	--------	d-----w-	c:\users\Daniel\AppData\Local\PackageAware
2011-11-06 19:42 . 2011-10-20 12:40	34624	----a-w-	c:\windows\system32\TURegOpt.exe
2011-11-06 19:42 . 2011-10-20 12:40	25920	----a-w-	c:\windows\system32\authuitu.dll
2011-11-06 19:42 . 2011-10-20 12:40	21312	----a-w-	c:\windows\SysWow64\authuitu.dll
2011-11-06 19:42 . 2011-11-06 19:42	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2012
2011-11-06 19:40 . 2011-12-06 13:08	--------	d-sh--r-	c:\users\Daniel\AppData\Roaming\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:59 . 2011-10-24 18:40	7677248	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2011-11-24 04:59 . 2011-10-24 18:40	2403136	----a-w-	c:\windows\system32\nvapi64.dll
2011-11-24 04:59 . 2011-10-24 18:40	2095424	----a-w-	c:\windows\SysWow64\nvapi.dll
2011-11-24 04:59 . 2011-10-24 18:40	1726272	----a-w-	c:\windows\system32\nvdispco64.dll
2011-11-24 04:59 . 2011-10-24 18:40	1466176	----a-w-	c:\windows\system32\nvgenco64.dll
2011-11-24 04:59 . 2011-06-16 09:44	9622848	----a-w-	c:\windows\system32\nvwgf2umx.dll
2011-11-24 02:47 . 2011-10-24 18:40	6004544	----a-w-	c:\windows\system32\nvcpl.dll
2011-11-24 02:41 . 2011-10-24 18:40	3028800	----a-w-	c:\windows\system32\nvsvc64.dll
2011-11-24 02:38 . 2011-10-24 18:40	2562368	----a-w-	c:\windows\system32\nvsvcr.dll
2011-11-24 02:38 . 2011-10-24 18:40	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2011-11-24 02:38 . 2011-10-24 18:40	63296	----a-w-	c:\windows\system32\nvshext.dll
2011-11-24 02:38 . 2011-10-24 18:40	118080	----a-w-	c:\windows\system32\nvmctray.dll
2011-11-16 08:20 . 2011-05-17 07:33	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-03 21:44 . 2011-11-03 21:44	230864	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2011-10-18 01:43 . 2011-10-18 01:43	203320	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2011-10-18 01:43 . 2011-10-18 01:43	95928	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2011-10-11 13:00 . 2011-10-17 07:07	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-17 07:07	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:00 . 2011-10-17 07:07	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-03 03:06 . 2011-01-11 10:07	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-09-25 18:35 . 2011-09-25 18:35	272480	----a-w-	c:\windows\system32\drivers\snapman.sys
2011-09-13 09:48 . 2011-09-13 09:48	263768	----a-w-	C:\Retoucher.8bf
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 136176]
R3 CLNUIDriver;CLNUIDriver;c:\windows\system32\DRIVERS\CLNUIDriver.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 MDFSYSNT;MacDrive file system driver; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 M4iPodWPDService;M4iPodWPDService;c:\program files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe [2010-11-15 211968]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-11-24 2348864]
S2 OS Selector;Acronis OS Selector Activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-30 2155848]
S2 Payback-Reporting-Service;Payback-Reporting-Service;c:\program files (x86)\Digital Trends Club\Payback-Reporting.exe [2011-01-28 102400]
S2 Payback-Update-Service;Payback-Update-Service;c:\program files (x86)\Digital Trends Club\Payback-Updater.exe [2011-01-28 180224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-23 381248]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-20 2072896]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [x]
S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\DRIVERS\mobiolavs.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 09334622
*Deregistered* - 09334622
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 12:11]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 12:11]
.
2011-11-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110606050927
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Don\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections-per-server - 8
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
AddRemove-Incomedia WebSite X5 v8 - Evolution - c:\windows\system32\iwpsetup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1632809782-2570495090-2087913745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1632809782-2570495090-2087913745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="DCC9C44FB9AF6EBE9631C81E99066B97A03C7E932221B83976799DD8734BE52AEB4EF02315EF29C559D334AE0E4B64C128C9B9C2D41EEF35A09D6249867BBFBC92F866F179A5D0A4C8E5EFEF1673692A4C017F37824D2D4CF8392BDB24397A22E6A91E72E6739AD116F37807DA98C68C79B57429A36370994C0D607AB070EAF73029E4DB4E20550FA5EC20207E7DDCE655210E53A539D0FC98B7BC9108B3FB1F6AA0DA6E1A17DCDA14248D691484A0FCB35F1775674CF59B12415111F6B72C3DC79DF6692266A6FEABD0B915A4361A5520F0AE53C03D9D5E21FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A2D97226D213B555BA7FD869164D679421E49D4F3245B2AE79EAB6F228B605DF26848194003A8BF7236B25223499B4DE20DE1E292BF6AECC2D00F90829DD35DC0016B2696227F4F3C591950F0C29F0728463BA7112B30CB8902986A9C9660D000CA2C4ADBD4CC6F9F87CCD5F0A50BDC46066BDE8477BEAB6FEFDB86300858D698B85445CC3B4042508ECAA1BB9113B91A4ACF5414D632F3C33E7F0B6EB837A6CA3EC42624C7DF047A0F80F3C497DD0442B4FB6A5CC927F73CCA69219CCBF5B105EDE5223CED91763D68860B10B3CA77FAD3D55B092C5C73C524D847286297D8F29320EF3EA10C3341E57075FF70AAF184C382D718C4D34272B42B322A3466F5C5412911EE07A87A452F8F01CA9351A980AD59D6DD08D3C7DA3400EF551300718957E7EE11806B755334F11B1DEA15C3E4E7E079C16FD14B66C560935DE15DA9A874C78EE1A37ED1CE0945C607A463279E4725369372C378399669A98C2B348702622286C93A2070063D44C5B04AD97F07CC1E9B536B866C5A3A7BF4D9464EF58D37C3B73587323BD2472DEC8A5F7D0FD29D23C54B5D52294E6A5F773128E3445562AE0935DE7A947722015452FD862ADE1DE3B8E7ECC3438A33E46A09BAFBEE054CFCECE3CD1423F00E8F45D9217974282F4DD9F7B7AA6B10024335D37D8F984DE653D19B3175AFEE3278917E70E7DB0CA749FB63D4EC8B381DF49A78CB017BF6536E8DEA4B22392978CDD66682CE723DC957DF8774DAD2217C919EF68EE0C57BD62127C95B211BBF91F0538F376EBF5C1E07B7E818FAB1A0F12359A3D620E42215D7E4430B9DEED4DB6956B8E8263BBE2B420D25941DEE99F3BB6821EEA9A2CAC6EF5FCC3FD08D2387FA6D1DC7C6D3991C276F51CA227125F9C39F245FCF1F4623245DFBF4ACEC5457AD8B4AB23EA6980118B5C8E87A54BCC5FDA2D8E2518AF2798BD9C3BFA37D7627D4B4DE8CA8378C5F7F2ED1AD9C37F4703BF67FB7D55A3C5E4B252F0830C4CE1AFA54A27599FC7DEA6C387C893AACB125C11C932B9B54C692E7D193DEAD9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\M*i*c*h*a*l* *Ä*Ri*h*a*Å*"!\Gammu 1.30.91]
@="c:\\Program Files (x86)\\Gammu 1.30.91"
"Start Menu Folder"="Gammu 1.30.91"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-06  14:12:36
ComboFix-quarantined-files.txt  2011-12-06 13:12
.
Vor Suchlauf: 15 Verzeichnis(se), 426.251.620.352 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 425.773.793.280 Bytes frei
.
- - End Of File - - 7CBFACE79A390486CFA33F742C9009BE

--- --- ---

cosinus · 06.12.2011, 14:24

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Folder::
c:\users\Daniel\5F0545E73F0F4730AF7026E61DBDF263.TMP

File::
C:\Retoucher.8bf
c:\users\Daniel\AppData\Local\NokiaCooker.exe_Url_awgeuxefgqdpq0dfplsot5r5tagk2svt

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

DonChulio · 06.12.2011, 17:58

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-12-06.01 - Daniel 06.12.2011  17:17:31.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6071.4480 [GMT 1:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Daniel\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\Retoucher.8bf"
"c:\users\Daniel\AppData\Local\NokiaCooker.exe_Url_awgeuxefgqdpq0dfplsot5r5tagk2svt"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Retoucher.8bf
c:\users\Daniel\5F0545E73F0F4730AF7026E61DBDF263.TMP
c:\users\Daniel\5F0545E73F0F4730AF7026E61DBDF263.TMP\WiseCustomCall.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-06 bis 2011-12-06  ))))))))))))))))))))))))))))))
.
.
2011-12-06 16:27 . 2011-12-06 16:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-06 12:54 . 2011-12-06 12:56	--------	d-----w-	c:\programdata\Sony Ericsson
2011-12-06 11:23 . 2011-12-06 11:23	--------	d-----w-	C:\_OTL
2011-12-04 21:18 . 2011-12-04 21:18	--------	d-----w-	c:\programdata\GEMA
2011-12-02 08:35 . 2011-12-02 08:35	--------	d-----w-	c:\users\UpdatusUser
2011-11-30 20:07 . 2011-11-30 20:08	--------	d-----w-	c:\program files (x86)\Gammu 1.30.91
2011-11-30 12:19 . 2011-11-30 12:19	--------	d-----w-	c:\program files (x86)\Common Files\PCSuite
2011-11-30 09:18 . 2011-11-30 10:00	--------	d-----w-	c:\programdata\OviInstallerCache
2011-11-27 09:02 . 2011-11-27 09:02	--------	d-----w-	c:\users\Daniel\AppData\Local\NokiaCooker.exe_Url_awgeuxefgqdpq0dfplsot5r5tagk2svt
2011-11-25 11:02 . 2011-11-25 11:02	--------	d-----w-	c:\program files (x86)\ESET
2011-11-25 10:52 . 2011-11-25 10:52	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Malwarebytes
2011-11-25 10:52 . 2011-11-25 10:52	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-25 10:52 . 2011-11-25 10:52	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-25 10:52 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-25 09:46 . 2011-11-25 09:46	--------	d-----w-	c:\program files (x86)\Emsisoft HiJackFree
2011-11-23 18:29 . 2011-11-23 18:29	406336	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2011-11-10 18:44 . 2011-11-10 18:44	--------	d-----w-	c:\program files (x86)\PC Connectivity Solution
2011-11-10 18:34 . 2011-11-10 18:35	--------	d-----w-	c:\programdata\EroNavi
2011-11-10 18:34 . 2011-11-10 18:34	--------	d-----w-	c:\program files (x86)\EroNavi
2011-11-09 07:48 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 07:48 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 07:48 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:48 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-11-06 20:13 . 2011-11-06 20:13	--------	d-----w-	c:\users\Daniel\AppData\Local\ODUI
2011-11-06 20:13 . 2011-11-06 20:13	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Stardock
2011-11-06 20:12 . 2011-11-06 20:12	--------	d-----w-	c:\users\Daniel\AppData\Local\Stardock
2011-11-06 20:12 . 2011-11-06 20:12	--------	d-----w-	c:\users\Daniel\AppData\Local\PackageAware
2011-11-06 19:42 . 2011-10-20 12:40	34624	----a-w-	c:\windows\system32\TURegOpt.exe
2011-11-06 19:42 . 2011-10-20 12:40	25920	----a-w-	c:\windows\system32\authuitu.dll
2011-11-06 19:42 . 2011-10-20 12:40	21312	----a-w-	c:\windows\SysWow64\authuitu.dll
2011-11-06 19:42 . 2011-11-06 19:42	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2012
2011-11-06 19:40 . 2011-12-06 13:08	--------	d-sh--r-	c:\users\Daniel\AppData\Roaming\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:59 . 2011-10-24 18:40	7677248	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2011-11-24 04:59 . 2011-10-24 18:40	2403136	----a-w-	c:\windows\system32\nvapi64.dll
2011-11-24 04:59 . 2011-10-24 18:40	2095424	----a-w-	c:\windows\SysWow64\nvapi.dll
2011-11-24 04:59 . 2011-10-24 18:40	1726272	----a-w-	c:\windows\system32\nvdispco64.dll
2011-11-24 04:59 . 2011-10-24 18:40	1466176	----a-w-	c:\windows\system32\nvgenco64.dll
2011-11-24 04:59 . 2011-06-16 09:44	9622848	----a-w-	c:\windows\system32\nvwgf2umx.dll
2011-11-24 02:47 . 2011-10-24 18:40	6004544	----a-w-	c:\windows\system32\nvcpl.dll
2011-11-24 02:41 . 2011-10-24 18:40	3028800	----a-w-	c:\windows\system32\nvsvc64.dll
2011-11-24 02:38 . 2011-10-24 18:40	2562368	----a-w-	c:\windows\system32\nvsvcr.dll
2011-11-24 02:38 . 2011-10-24 18:40	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2011-11-24 02:38 . 2011-10-24 18:40	63296	----a-w-	c:\windows\system32\nvshext.dll
2011-11-24 02:38 . 2011-10-24 18:40	118080	----a-w-	c:\windows\system32\nvmctray.dll
2011-11-16 08:20 . 2011-05-17 07:33	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-03 21:44 . 2011-11-03 21:44	230864	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2011-10-18 01:43 . 2011-10-18 01:43	203320	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2011-10-18 01:43 . 2011-10-18 01:43	95928	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2011-10-11 13:00 . 2011-10-17 07:07	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-17 07:07	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:00 . 2011-10-17 07:07	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-03 03:06 . 2011-01-11 10:07	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-09-25 18:35 . 2011-09-25 18:35	272480	----a-w-	c:\windows\system32\drivers\snapman.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-12-06_13.09.24   )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-06 11:41 . 2011-12-06 11:41	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-06 15:53 . 2011-12-06 15:53	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-06 11:41 . 2011-12-06 11:41	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-06 15:53 . 2011-12-06 15:53	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-12-06 13:31	523792              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-06 11:40	523792              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-06 19:49 . 2011-12-06 13:31	3469040              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1632809782-2570495090-2087913745-1000-12288.dat
- 2011-05-06 19:49 . 2011-12-02 22:17	3469040              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1632809782-2570495090-2087913745-1000-12288.dat
+ 2010-03-31 10:23 . 2011-12-06 13:31	47417744              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1632809782-2570495090-2087913745-1000-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 136176]
R3 CLNUIDriver;CLNUIDriver;c:\windows\system32\DRIVERS\CLNUIDriver.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 MDFSYSNT;MacDrive file system driver; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 M4iPodWPDService;M4iPodWPDService;c:\program files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe [2010-11-15 211968]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-11-24 2348864]
S2 OS Selector;Acronis OS Selector Activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-30 2155848]
S2 Payback-Reporting-Service;Payback-Reporting-Service;c:\program files (x86)\Digital Trends Club\Payback-Reporting.exe [2011-01-28 102400]
S2 Payback-Update-Service;Payback-Update-Service;c:\program files (x86)\Digital Trends Club\Payback-Updater.exe [2011-01-28 180224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-23 381248]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-20 2072896]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [x]
S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\DRIVERS\mobiolavs.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 12:11]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 12:11]
.
2011-11-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110606050927
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Don\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections-per-server - 8
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1632809782-2570495090-2087913745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1632809782-2570495090-2087913745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="DCC9C44FB9AF6EBE9631C81E99066B97A03C7E932221B83976799DD8734BE52AEB4EF02315EF29C559D334AE0E4B64C128C9B9C2D41EEF35A09D6249867BBFBC92F866F179A5D0A4C8E5EFEF1673692A4C017F37824D2D4CF8392BDB24397A22E6A91E72E6739AD116F37807DA98C68C79B57429A36370994C0D607AB070EAF73029E4DB4E20550FA5EC20207E7DDCE655210E53A539D0FC98B7BC9108B3FB1F6AA0DA6E1A17DCDA14248D691484A0FCB35F1775674CF59B12415111F6B72C3DC79DF6692266A6FEABD0B915A4361A5520F0AE53C03D9D5E21FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A2D97226D213B555BA7FD869164D679421E49D4F3245B2AE79EAB6F228B605DF26848194003A8BF7236B25223499B4DE20DE1E292BF6AECC2D00F90829DD35DC0016B2696227F4F3C591950F0C29F0728463BA7112B30CB8902986A9C9660D000CA2C4ADBD4CC6F9F87CCD5F0A50BDC46066BDE8477BEAB6FEFDB86300858D698B85445CC3B4042508ECAA1BB9113B91A4ACF5414D632F3C33E7F0B6EB837A6CA3EC42624C7DF047A0F80F3C497DD0442B4FB6A5CC927F73CCA69219CCBF5B105EDE5223CED91763D68860B10B3CA77FAD3D55B092C5C73C524D847286297D8F29320EF3EA10C3341E57075FF70AAF184C382D718C4D34272B42B322A3466F5C5412911EE07A87A452F8F01CA9351A980AD59D6DD08D3C7DA3400EF551300718957E7EE11806B755334F11B1DEA15C3E4E7E079C16FD14B66C560935DE15DA9A874C78EE1A37ED1CE0945C607A463279E4725369372C378399669A98C2B348702622286C93A2070063D44C5B04AD97F07CC1E9B536B866C5A3A7BF4D9464EF58D37C3B73587323BD2472DEC8A5F7D0FD29D23C54B5D52294E6A5F773128E3445562AE0935DE7A947722015452FD862ADE1DE3B8E7ECC3438A33E46A09BAFBEE054CFCECE3CD1423F00E8F45D9217974282F4DD9F7B7AA6B10024335D37D8F984DE653D19B3175AFEE3278917E70E7DB0CA749FB63D4EC8B381DF49A78CB017BF6536E8DEA4B22392978CDD66682CE723DC957DF8774DAD2217C919EF68EE0C57BD62127C95B211BBF91F0538F376EBF5C1E07B7E818FAB1A0F12359A3D620E42215D7E4430B9DEED4DB6956B8E8263BBE2B420D25941DEE99F3BB6821EEA9A2CAC6EF5FCC3FD08D2387FA6D1DC7C6D3991C276F51CA227125F9C39F245FCF1F4623245DFBF4ACEC5457AD8B4AB23EA6980118B5C8E87A54BCC5FDA2D8E2518AF2798BD9C3BFA37D7627D4B4DE8CA8378C5F7F2ED1AD9C37F4703BF67FB7D55A3C5E4B252F0830C4CE1AFA54A27599FC7DEA6C387C893AACB125C11C932B9B54C692E7D193DEAD9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\M*i*c*h*a*l* *Ä*Ri*h*a*Å*"!\Gammu 1.30.91]
@="c:\\Program Files (x86)\\Gammu 1.30.91"
"Start Menu Folder"="Gammu 1.30.91"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-06  17:30:36
ComboFix-quarantined-files.txt  2011-12-06 16:30
ComboFix2.txt  2011-12-06 13:12
.
Vor Suchlauf: 18 Verzeichnis(se), 425.837.568.000 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 425.776.963.584 Bytes frei
.
- - End Of File - - C6A8AD208CF32CBCB1A584CBB343C90A

--- --- ---

05.12.2011, 18:55	#17
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Winlogon.exe stealer.exe was ist das alles Code: ATTFilter O1 - Hosts: 127.0.0.1 w*w.acronis.de Welchen Sinn und Zweck soll dieser Eintrag bei dir erfüllen? Was hast du davon, wenn dein Rechner acronis.de nicht mehr erreichen kann? __________________ __________________

05.12.2011, 20:57	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Winlogon.exe stealer.exe was ist das alles Aha, du hast also zu Testzwecken einen Crack genutzt und wunderst dich jetzt, dass der Rechner spinnt? __________________ Logfiles bitte immer in CODE-Tags posten

05.12.2011, 22:32	#21
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Winlogon.exe stealer.exe was ist das alles Nagut... Sei bitte so freundlich und mach das OTL-Log als CustomScan nochmal, da ich es ja leider übersehen habe und es doch schon ne Woche (zu) alt ist __________________ --> Winlogon.exe stealer.exe was ist das alles

Winlogon.exe stealer.exe was ist das alles

Log-Analyse und Auswertung: Winlogon.exe stealer.exe was ist das alles