EXP/JS.Iframe.AL in Firefox Cache

cosinus · 25.07.2012, 11:34

Das kommt wenn man die Tools nicht mit Adminrechten ausführt
Unter Vista und Win7 muss optimalerweise JEDES Tool per Rechtsklick als Administrator gestartet werden. Alternativ müsste man die UAC komplett abdrehen

FWessling87 · 25.07.2012, 14:09

Mit deaktiviertem Virenprogramm hat es schliesslich geklappt:

Code:

ATTFilter

Files\Folders moved on Reboot...
File\Folder C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

PendingFileRenameOperations files...
File C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

cosinus · 25.07.2012, 14:39

Das Log ist aber unvollständig

Wiederhol den Fix bitte

FWessling87 · 26.07.2012, 08:18

Das sieht so aus, als ob etwas passiert wäre...

[/code]
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-21-2718568662-3913554226-4019351773-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
========== FILES ==========
File\Folder C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File\Folder C:\Users\Daniel\AppData\Local\Mozilla\Firefox\Profiles\or4bq4do.default\Cache not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Daniel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49152 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: SageMobileControl
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: SSGClient
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb

[EMPTYFLASH]

User: All Users

User: Daniel
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: SageMobileControl

User: SSGClient

Total Flash Files Cleaned = 0,00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.54.0 log created on 07262012_091118

Files\Folders moved on Reboot...
File\Folder C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

PendingFileRenameOperations files...
File C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
[/code]

cosinus · 26.07.2012, 15:03

Das mit den CODE-Tag üben wir nochmal

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

FWessling87 · 01.08.2012, 07:07

Guten Morgen,

diesmal sollte es mit dem LOG klappen:

Code:

ATTFilter

08:03:53.0296 2224	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
08:03:53.0874 2224	============================================================
08:03:53.0874 2224	Current date / time: 2012/08/01 08:03:53.0874
08:03:53.0874 2224	SystemInfo:
08:03:53.0874 2224	
08:03:53.0874 2224	OS Version: 6.1.7601 ServicePack: 1.0
08:03:53.0874 2224	Product type: Workstation
08:03:53.0874 2224	ComputerName: DANIEL-PC
08:03:53.0874 2224	UserName: Daniel
08:03:53.0874 2224	Windows directory: C:\Windows
08:03:53.0874 2224	System windows directory: C:\Windows
08:03:53.0874 2224	Running under WOW64
08:03:53.0874 2224	Processor architecture: Intel x64
08:03:53.0874 2224	Number of processors: 2
08:03:53.0874 2224	Page size: 0x1000
08:03:53.0874 2224	Boot type: Normal boot
08:03:53.0874 2224	============================================================
08:03:54.0921 2224	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x23DC4, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
08:03:54.0936 2224	============================================================
08:03:54.0936 2224	\Device\Harddisk0\DR0:
08:03:54.0936 2224	MBR partitions:
08:03:54.0936 2224	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:03:54.0936 2224	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
08:03:54.0936 2224	============================================================
08:03:54.0952 2224	C: <-> \Device\Harddisk0\DR0\Partition1
08:03:54.0952 2224	============================================================
08:03:54.0952 2224	Initialize success
08:03:54.0952 2224	============================================================
08:04:14.0421 1492	============================================================
08:04:14.0421 1492	Scan started
08:04:14.0421 1492	Mode: Manual; SigCheck; TDLFS; 
08:04:14.0421 1492	============================================================
08:04:15.0999 1492	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:04:16.0108 1492	1394ohci - ok
08:04:16.0155 1492	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:04:16.0202 1492	ACPI - ok
08:04:16.0233 1492	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:04:16.0280 1492	AcpiPmi - ok
08:04:16.0343 1492	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:04:16.0343 1492	AdobeARMservice - ok
08:04:16.0452 1492	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:04:16.0468 1492	AdobeFlashPlayerUpdateSvc - ok
08:04:16.0515 1492	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:04:16.0530 1492	adp94xx - ok
08:04:16.0577 1492	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:04:16.0593 1492	adpahci - ok
08:04:16.0608 1492	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:04:16.0624 1492	adpu320 - ok
08:04:16.0671 1492	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:04:16.0780 1492	AeLookupSvc - ok
08:04:16.0843 1492	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:04:16.0905 1492	AFD - ok
08:04:16.0936 1492	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:04:16.0952 1492	agp440 - ok
08:04:16.0999 1492	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:04:17.0077 1492	ALG - ok
08:04:17.0124 1492	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:04:17.0140 1492	aliide - ok
08:04:17.0171 1492	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:04:17.0171 1492	amdide - ok
08:04:17.0280 1492	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:04:17.0327 1492	AmdK8 - ok
08:04:17.0358 1492	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:04:17.0390 1492	AmdPPM - ok
08:04:17.0421 1492	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:04:17.0436 1492	amdsata - ok
08:04:17.0452 1492	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:04:17.0468 1492	amdsbs - ok
08:04:17.0499 1492	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:04:17.0515 1492	amdxata - ok
08:04:17.0577 1492	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:04:17.0593 1492	AntiVirSchedulerService - ok
08:04:17.0608 1492	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:04:17.0624 1492	AntiVirService - ok
08:04:17.0655 1492	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:04:17.0780 1492	AppID - ok
08:04:17.0796 1492	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:04:17.0843 1492	AppIDSvc - ok
08:04:17.0843 1492	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:04:17.0905 1492	Appinfo - ok
08:04:17.0952 1492	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
08:04:17.0983 1492	AppMgmt - ok
08:04:18.0015 1492	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:04:18.0015 1492	arc - ok
08:04:18.0030 1492	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:04:18.0046 1492	arcsas - ok
08:04:18.0124 1492	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:04:18.0171 1492	aspnet_state - ok
08:04:18.0171 1492	Asushwio - ok
08:04:18.0233 1492	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:04:18.0280 1492	AsyncMac - ok
08:04:18.0311 1492	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:04:18.0327 1492	atapi - ok
08:04:18.0405 1492	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:04:18.0468 1492	AudioEndpointBuilder - ok
08:04:18.0468 1492	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:04:18.0515 1492	AudioSrv - ok
08:04:18.0546 1492	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
08:04:18.0858 1492	avgntflt - ok
08:04:18.0890 1492	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
08:04:18.0905 1492	avipbb - ok
08:04:18.0921 1492	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
08:04:18.0936 1492	avkmgr - ok
08:04:18.0983 1492	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:04:19.0046 1492	AxInstSV - ok
08:04:19.0093 1492	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:04:19.0171 1492	b06bdrv - ok
08:04:19.0218 1492	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:04:19.0249 1492	b57nd60a - ok
08:04:19.0280 1492	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:04:19.0311 1492	BDESVC - ok
08:04:19.0327 1492	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:04:19.0374 1492	Beep - ok
08:04:19.0515 1492	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:04:19.0577 1492	BFE - ok
08:04:19.0655 1492	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
08:04:19.0733 1492	BITS - ok
08:04:19.0796 1492	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:04:19.0811 1492	blbdrive - ok
08:04:19.0858 1492	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:04:19.0890 1492	bowser - ok
08:04:19.0921 1492	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:04:19.0936 1492	BrFiltLo - ok
08:04:19.0952 1492	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:04:19.0968 1492	BrFiltUp - ok
08:04:19.0999 1492	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:04:20.0046 1492	Browser - ok
08:04:20.0061 1492	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:04:20.0124 1492	Brserid - ok
08:04:20.0124 1492	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:04:20.0155 1492	BrSerWdm - ok
08:04:20.0171 1492	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:04:20.0186 1492	BrUsbMdm - ok
08:04:20.0186 1492	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:04:20.0218 1492	BrUsbSer - ok
08:04:20.0233 1492	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:04:20.0265 1492	BTHMODEM - ok
08:04:20.0311 1492	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:04:20.0343 1492	bthserv - ok
08:04:20.0374 1492	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:04:20.0405 1492	cdfs - ok
08:04:20.0436 1492	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:04:20.0468 1492	cdrom - ok
08:04:20.0483 1492	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:04:20.0530 1492	CertPropSvc - ok
08:04:20.0546 1492	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:04:20.0577 1492	circlass - ok
08:04:20.0608 1492	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:04:20.0624 1492	CLFS - ok
08:04:20.0686 1492	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:04:20.0702 1492	clr_optimization_v2.0.50727_32 - ok
08:04:20.0749 1492	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:04:20.0749 1492	clr_optimization_v2.0.50727_64 - ok
08:04:20.0827 1492	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:04:20.0921 1492	clr_optimization_v4.0.30319_32 - ok
08:04:20.0968 1492	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:04:20.0999 1492	clr_optimization_v4.0.30319_64 - ok
08:04:21.0030 1492	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
08:04:21.0061 1492	CmBatt - ok
08:04:21.0077 1492	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:04:21.0093 1492	cmdide - ok
08:04:21.0155 1492	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
08:04:21.0186 1492	CNG - ok
08:04:21.0202 1492	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:04:21.0202 1492	Compbatt - ok
08:04:21.0233 1492	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:04:21.0249 1492	CompositeBus - ok
08:04:21.0265 1492	COMSysApp - ok
08:04:21.0280 1492	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:04:21.0296 1492	crcdisk - ok
08:04:21.0343 1492	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:04:21.0358 1492	CryptSvc - ok
08:04:21.0405 1492	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:04:21.0452 1492	CSC - ok
08:04:21.0499 1492	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
08:04:21.0530 1492	CscService - ok
08:04:21.0671 1492	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:04:21.0718 1492	DcomLaunch - ok
08:04:21.0765 1492	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:04:21.0811 1492	defragsvc - ok
08:04:21.0874 1492	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:04:21.0921 1492	DfsC - ok
08:04:21.0952 1492	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:04:21.0999 1492	Dhcp - ok
08:04:22.0015 1492	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:04:22.0046 1492	discache - ok
08:04:22.0077 1492	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:04:22.0093 1492	Disk - ok
08:04:22.0124 1492	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
08:04:22.0155 1492	dmvsc - ok
08:04:22.0202 1492	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:04:22.0249 1492	Dnscache - ok
08:04:22.0280 1492	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:04:22.0327 1492	dot3svc - ok
08:04:22.0343 1492	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:04:22.0374 1492	DPS - ok
08:04:22.0405 1492	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:04:22.0452 1492	drmkaud - ok
08:04:22.0561 1492	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:04:22.0593 1492	DXGKrnl - ok
08:04:22.0624 1492	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:04:22.0671 1492	EapHost - ok
08:04:22.0827 1492	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:04:22.0921 1492	ebdrv - ok
08:04:23.0015 1492	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:04:23.0046 1492	EFS - ok
08:04:23.0124 1492	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:04:23.0218 1492	ehRecvr - ok
08:04:23.0249 1492	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:04:23.0249 1492	ehSched - ok
08:04:23.0280 1492	EIO - ok
08:04:23.0343 1492	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:04:23.0374 1492	elxstor - ok
08:04:23.0374 1492	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:04:23.0405 1492	ErrDev - ok
08:04:23.0452 1492	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:04:23.0515 1492	EventSystem - ok
08:04:23.0530 1492	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:04:23.0561 1492	exfat - ok
08:04:23.0577 1492	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:04:23.0624 1492	fastfat - ok
08:04:23.0671 1492	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:04:23.0718 1492	Fax - ok
08:04:23.0733 1492	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:04:23.0765 1492	fdc - ok
08:04:23.0811 1492	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:04:23.0874 1492	fdPHost - ok
08:04:23.0890 1492	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:04:23.0952 1492	FDResPub - ok
08:04:23.0999 1492	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:04:23.0999 1492	FileInfo - ok
08:04:24.0015 1492	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:04:24.0077 1492	Filetrace - ok
08:04:24.0077 1492	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:04:24.0108 1492	flpydisk - ok
08:04:24.0124 1492	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:04:24.0140 1492	FltMgr - ok
08:04:24.0233 1492	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:04:24.0280 1492	FontCache - ok
08:04:24.0358 1492	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:04:24.0374 1492	FontCache3.0.0.0 - ok
08:04:24.0405 1492	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:04:24.0405 1492	FsDepends - ok
08:04:24.0436 1492	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:04:24.0436 1492	Fs_Rec - ok
08:04:24.0468 1492	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:04:24.0483 1492	fvevol - ok
08:04:24.0515 1492	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:04:24.0530 1492	gagp30kx - ok
08:04:24.0593 1492	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:04:24.0640 1492	gpsvc - ok
08:04:24.0655 1492	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:04:24.0686 1492	hcw85cir - ok
08:04:24.0749 1492	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:04:24.0780 1492	HdAudAddService - ok
08:04:24.0811 1492	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:04:24.0843 1492	HDAudBus - ok
08:04:24.0843 1492	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:04:24.0858 1492	HidBatt - ok
08:04:24.0874 1492	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:04:24.0890 1492	HidBth - ok
08:04:24.0890 1492	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:04:24.0905 1492	HidIr - ok
08:04:24.0921 1492	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
08:04:24.0952 1492	hidserv - ok
08:04:24.0983 1492	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:04:24.0999 1492	HidUsb - ok
08:04:25.0015 1492	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:04:25.0061 1492	hkmsvc - ok
08:04:25.0108 1492	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:04:25.0155 1492	HomeGroupListener - ok
08:04:25.0186 1492	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:04:25.0218 1492	HomeGroupProvider - ok
08:04:25.0249 1492	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:04:25.0265 1492	HpSAMD - ok
08:04:25.0311 1492	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:04:25.0358 1492	HTTP - ok
08:04:25.0374 1492	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:04:25.0374 1492	hwpolicy - ok
08:04:25.0390 1492	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:04:25.0405 1492	i8042prt - ok
08:04:25.0452 1492	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:04:25.0468 1492	iaStorV - ok
08:04:25.0577 1492	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:04:25.0640 1492	idsvc - ok
08:04:25.0655 1492	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:04:25.0655 1492	iirsp - ok
08:04:25.0718 1492	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:04:25.0780 1492	IKEEXT - ok
08:04:25.0811 1492	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:04:25.0811 1492	intelide - ok
08:04:25.0843 1492	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
08:04:25.0858 1492	intelppm - ok
08:04:25.0890 1492	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:04:25.0921 1492	IPBusEnum - ok
08:04:25.0936 1492	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:04:25.0968 1492	IpFilterDriver - ok
08:04:25.0999 1492	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:04:26.0046 1492	iphlpsvc - ok
08:04:26.0046 1492	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:04:26.0077 1492	IPMIDRV - ok
08:04:26.0186 1492	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:04:26.0233 1492	IPNAT - ok
08:04:26.0280 1492	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:04:26.0311 1492	IRENUM - ok
08:04:26.0327 1492	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:04:26.0343 1492	isapnp - ok
08:04:26.0405 1492	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:04:26.0436 1492	iScsiPrt - ok
08:04:26.0452 1492	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:04:26.0468 1492	kbdclass - ok
08:04:26.0483 1492	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:04:26.0515 1492	kbdhid - ok
08:04:26.0530 1492	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:04:26.0546 1492	KeyIso - ok
08:04:26.0561 1492	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
08:04:26.0577 1492	KSecDD - ok
08:04:26.0608 1492	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
08:04:26.0608 1492	KSecPkg - ok
08:04:26.0624 1492	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:04:26.0671 1492	ksthunk - ok
08:04:26.0718 1492	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:04:26.0765 1492	KtmRm - ok
08:04:26.0811 1492	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
08:04:26.0843 1492	LanmanServer - ok
08:04:26.0858 1492	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:04:26.0905 1492	LanmanWorkstation - ok
08:04:26.0952 1492	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:04:26.0983 1492	lltdio - ok
08:04:27.0030 1492	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:04:27.0093 1492	lltdsvc - ok
08:04:27.0108 1492	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:04:27.0140 1492	lmhosts - ok
08:04:27.0171 1492	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:04:27.0186 1492	LSI_FC - ok
08:04:27.0202 1492	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:04:27.0218 1492	LSI_SAS - ok
08:04:27.0218 1492	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:04:27.0233 1492	LSI_SAS2 - ok
08:04:27.0249 1492	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:04:27.0265 1492	LSI_SCSI - ok
08:04:27.0265 1492	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:04:27.0311 1492	luafv - ok
08:04:27.0343 1492	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
08:04:27.0358 1492	MBAMProtector - ok
08:04:27.0452 1492	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:04:27.0468 1492	MBAMService - ok
08:04:27.0499 1492	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:04:27.0530 1492	Mcx2Svc - ok
08:04:27.0546 1492	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:04:27.0561 1492	megasas - ok
08:04:27.0593 1492	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:04:27.0608 1492	MegaSR - ok
08:04:27.0640 1492	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:04:27.0686 1492	MMCSS - ok
08:04:27.0702 1492	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:04:27.0733 1492	Modem - ok
08:04:27.0765 1492	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:04:27.0780 1492	monitor - ok
08:04:27.0796 1492	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:04:27.0811 1492	mouclass - ok
08:04:27.0827 1492	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:04:27.0858 1492	mouhid - ok
08:04:27.0874 1492	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:04:27.0874 1492	mountmgr - ok
08:04:27.0952 1492	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:04:27.0968 1492	MozillaMaintenance - ok
08:04:27.0968 1492	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:04:27.0983 1492	mpio - ok
08:04:27.0999 1492	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:04:28.0030 1492	mpsdrv - ok
08:04:28.0108 1492	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:04:28.0155 1492	MpsSvc - ok
08:04:28.0171 1492	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:04:28.0202 1492	MRxDAV - ok
08:04:28.0233 1492	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:04:28.0265 1492	mrxsmb - ok
08:04:28.0296 1492	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:04:28.0311 1492	mrxsmb10 - ok
08:04:28.0343 1492	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:04:28.0343 1492	mrxsmb20 - ok
08:04:28.0374 1492	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:04:28.0390 1492	msahci - ok
08:04:28.0468 1492	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:04:28.0483 1492	msdsm - ok
08:04:28.0546 1492	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:04:28.0593 1492	MSDTC - ok
08:04:28.0608 1492	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:04:28.0655 1492	Msfs - ok
08:04:28.0686 1492	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:04:28.0733 1492	mshidkmdf - ok
08:04:28.0749 1492	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:04:28.0765 1492	msisadrv - ok
08:04:28.0796 1492	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:04:28.0843 1492	MSiSCSI - ok
08:04:28.0843 1492	msiserver - ok
08:04:28.0874 1492	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:04:28.0921 1492	MSKSSRV - ok
08:04:28.0921 1492	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:04:28.0968 1492	MSPCLOCK - ok
08:04:28.0968 1492	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:04:29.0015 1492	MSPQM - ok
08:04:29.0046 1492	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:04:29.0077 1492	MsRPC - ok
08:04:29.0108 1492	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:04:29.0124 1492	mssmbios - ok
08:04:29.0140 1492	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:04:29.0186 1492	MSTEE - ok
08:04:29.0186 1492	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:04:29.0202 1492	MTConfig - ok
08:04:29.0202 1492	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:04:29.0218 1492	Mup - ok
08:04:29.0265 1492	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:04:29.0327 1492	napagent - ok
08:04:29.0358 1492	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:04:29.0390 1492	NativeWifiP - ok
08:04:29.0452 1492	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:04:29.0483 1492	NDIS - ok
08:04:29.0499 1492	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:04:29.0530 1492	NdisCap - ok
08:04:29.0577 1492	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:04:29.0608 1492	NdisTapi - ok
08:04:29.0624 1492	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:04:29.0655 1492	Ndisuio - ok
08:04:29.0702 1492	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:04:29.0733 1492	NdisWan - ok
08:04:29.0749 1492	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:04:29.0796 1492	NDProxy - ok
08:04:29.0796 1492	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:04:29.0843 1492	NetBIOS - ok
08:04:29.0874 1492	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:04:29.0905 1492	NetBT - ok
08:04:29.0921 1492	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:04:29.0952 1492	Netlogon - ok
08:04:29.0983 1492	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:04:30.0046 1492	Netman - ok
08:04:30.0140 1492	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:04:30.0186 1492	NetMsmqActivator - ok
08:04:30.0202 1492	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:04:30.0202 1492	NetPipeActivator - ok
08:04:30.0249 1492	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:04:30.0311 1492	netprofm - ok
08:04:30.0327 1492	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:04:30.0327 1492	NetTcpActivator - ok
08:04:30.0343 1492	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:04:30.0343 1492	NetTcpPortSharing - ok
08:04:30.0374 1492	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:04:30.0390 1492	nfrd960 - ok
08:04:30.0421 1492	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:04:30.0468 1492	NlaSvc - ok
08:04:30.0483 1492	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:04:30.0515 1492	Npfs - ok
08:04:30.0530 1492	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:04:30.0561 1492	nsi - ok
08:04:30.0577 1492	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:04:30.0608 1492	nsiproxy - ok
08:04:30.0843 1492	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:04:30.0905 1492	Ntfs - ok
08:04:31.0030 1492	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:04:31.0077 1492	Null - ok
08:04:31.0108 1492	nusb3hub        (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\drivers\nusb3hub.sys
08:04:31.0155 1492	nusb3hub - ok
08:04:31.0186 1492	nusb3xhc        (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\drivers\nusb3xhc.sys
08:04:31.0249 1492	nusb3xhc - ok
08:04:31.0296 1492	NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
08:04:31.0358 1492	NVENETFD - ok
08:04:31.0968 1492	nvlddmkm        (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:04:32.0311 1492	nvlddmkm - ok
08:04:32.0452 1492	NVNET           (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
08:04:32.0468 1492	NVNET - ok
08:04:32.0499 1492	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:04:32.0515 1492	nvraid - ok
08:04:32.0546 1492	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:04:32.0546 1492	nvstor - ok
08:04:32.0577 1492	nvsvc           (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
08:04:32.0593 1492	nvsvc - ok
08:04:32.0624 1492	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:04:32.0640 1492	nv_agp - ok
08:04:32.0733 1492	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:04:32.0765 1492	odserv - ok
08:04:32.0765 1492	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:04:32.0796 1492	ohci1394 - ok
08:04:32.0936 1492	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:04:32.0952 1492	ose - ok
08:04:33.0093 1492	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:04:33.0140 1492	p2pimsvc - ok
08:04:33.0202 1492	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:04:33.0233 1492	p2psvc - ok
08:04:33.0296 1492	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:04:33.0327 1492	Parport - ok
08:04:33.0343 1492	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:04:33.0358 1492	partmgr - ok
08:04:33.0374 1492	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:04:33.0405 1492	PcaSvc - ok
08:04:33.0421 1492	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:04:33.0436 1492	pci - ok
08:04:33.0452 1492	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:04:33.0452 1492	pciide - ok
08:04:33.0483 1492	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:04:33.0515 1492	pcmcia - ok
08:04:33.0515 1492	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:04:33.0530 1492	pcw - ok
08:04:33.0561 1492	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:04:33.0608 1492	PEAUTH - ok
08:04:33.0718 1492	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
08:04:33.0811 1492	PeerDistSvc - ok
08:04:33.0890 1492	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:04:33.0905 1492	PerfHost - ok
08:04:34.0046 1492	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:04:34.0140 1492	pla - ok
08:04:34.0186 1492	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:04:34.0233 1492	PlugPlay - ok
08:04:34.0249 1492	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:04:34.0265 1492	PNRPAutoReg - ok
08:04:34.0311 1492	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:04:34.0327 1492	PNRPsvc - ok
08:04:34.0390 1492	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:04:34.0436 1492	PolicyAgent - ok
08:04:34.0483 1492	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:04:34.0515 1492	Power - ok
08:04:34.0577 1492	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:04:34.0608 1492	PptpMiniport - ok
08:04:34.0624 1492	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:04:34.0640 1492	Processor - ok
08:04:34.0671 1492	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:04:34.0702 1492	ProfSvc - ok
08:04:34.0718 1492	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:04:34.0749 1492	ProtectedStorage - ok
08:04:34.0780 1492	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:04:34.0811 1492	Psched - ok
08:04:34.0905 1492	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:04:34.0952 1492	ql2300 - ok
08:04:35.0077 1492	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:04:35.0093 1492	ql40xx - ok
08:04:35.0140 1492	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:04:35.0218 1492	QWAVE - ok
08:04:35.0249 1492	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:04:35.0296 1492	QWAVEdrv - ok
08:04:35.0327 1492	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:04:35.0358 1492	RasAcd - ok
08:04:35.0405 1492	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:04:35.0436 1492	RasAgileVpn - ok
08:04:35.0468 1492	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:04:35.0499 1492	RasAuto - ok
08:04:35.0546 1492	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:04:35.0577 1492	Rasl2tp - ok
08:04:35.0608 1492	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:04:35.0655 1492	RasMan - ok
08:04:35.0671 1492	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:04:35.0718 1492	RasPppoe - ok
08:04:35.0718 1492	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:04:35.0765 1492	RasSstp - ok
08:04:35.0780 1492	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:04:35.0811 1492	rdbss - ok
08:04:35.0827 1492	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:04:35.0843 1492	rdpbus - ok
08:04:35.0858 1492	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:04:35.0905 1492	RDPCDD - ok
08:04:35.0936 1492	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:04:35.0968 1492	RDPDR - ok
08:04:35.0983 1492	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:04:36.0030 1492	RDPENCDD - ok
08:04:36.0046 1492	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:04:36.0093 1492	RDPREFMP - ok
08:04:36.0124 1492	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:04:36.0202 1492	RDPWD - ok
08:04:36.0233 1492	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:04:36.0249 1492	rdyboost - ok
08:04:36.0296 1492	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:04:36.0327 1492	RemoteAccess - ok
08:04:36.0358 1492	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:04:36.0405 1492	RemoteRegistry - ok
08:04:36.0421 1492	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:04:36.0468 1492	RpcEptMapper - ok
08:04:36.0483 1492	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:04:36.0515 1492	RpcLocator - ok
08:04:36.0530 1492	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:04:36.0577 1492	RpcSs - ok
08:04:36.0608 1492	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:04:36.0640 1492	rspndr - ok
08:04:36.0671 1492	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:04:36.0702 1492	s3cap - ok
08:04:36.0811 1492	Sage Mobile SystemControlService (8383ee036beab0a12c1070a8a6c7d9f9) C:\Program Files (x86)\Common Files\Sage Software Shared\Mobile\Control Services\Sagede.Mobile.ControlServices.SystemContextService.exe
08:04:36.0827 1492	Sage Mobile SystemControlService ( UnsignedFile.Multi.Generic ) - warning
08:04:36.0827 1492	Sage Mobile SystemControlService - detected UnsignedFile.Multi.Generic (1)
08:04:36.0843 1492	Sage Mobile UserControlService (6bfb4e4c54870fb6c44f918b5c501767) C:\Program Files (x86)\Common Files\Sage Software Shared\Mobile\Control Services\Sagede.Mobile.ControlServices.UserContextService.exe
08:04:36.0890 1492	Sage Mobile UserControlService ( UnsignedFile.Multi.Generic ) - warning
08:04:36.0890 1492	Sage Mobile UserControlService - detected UnsignedFile.Multi.Generic (1)
08:04:36.0983 1492	SageDB 5.0 - ok
08:04:37.0030 1492	SagedeAdministrationService30 (9dac26d87d4f56710cb327655fa94706) C:\Program Files (x86)\Sage\Application Server\3.0\Sagede.ApplicationServer.Administration.Service.exe
08:04:37.0046 1492	SagedeAdministrationService30 ( UnsignedFile.Multi.Generic ) - warning
08:04:37.0046 1492	SagedeAdministrationService30 - detected UnsignedFile.Multi.Generic (1)
08:04:37.0061 1492	SagedeApplicationServerService30 (feb4bd545da109c6315d20e2c6ce0bb1) C:\Program Files (x86)\Sage\Application Server\3.0\Sagede.ApplicationServer.WindowsService.exe
08:04:37.0077 1492	SagedeApplicationServerService30 ( UnsignedFile.Multi.Generic ) - warning
08:04:37.0077 1492	SagedeApplicationServerService30 - detected UnsignedFile.Multi.Generic (1)
08:04:37.0108 1492	SageMultiUserService40 (624823bf5762fe931584e4cfe5f54826) C:\Program Files (x86)\Common Files\Sage Software Shared\MultiUserServiceServer.exe
08:04:37.0108 1492	SageMultiUserService40 ( UnsignedFile.Multi.Generic ) - warning
08:04:37.0108 1492	SageMultiUserService40 - detected UnsignedFile.Multi.Generic (1)
08:04:37.0155 1492	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:04:37.0171 1492	SamSs - ok
08:04:37.0218 1492	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:04:37.0218 1492	sbp2port - ok
08:04:37.0249 1492	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:04:37.0311 1492	SCardSvr - ok
08:04:37.0327 1492	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:04:37.0374 1492	scfilter - ok
08:04:37.0452 1492	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:04:37.0515 1492	Schedule - ok
08:04:37.0546 1492	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:04:37.0577 1492	SCPolicySvc - ok
08:04:37.0593 1492	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:04:37.0640 1492	SDRSVC - ok
08:04:37.0686 1492	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:04:37.0718 1492	secdrv - ok
08:04:37.0733 1492	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:04:37.0765 1492	seclogon - ok
08:04:37.0780 1492	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:04:37.0827 1492	SENS - ok
08:04:37.0827 1492	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:04:37.0858 1492	SensrSvc - ok
08:04:37.0890 1492	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:04:37.0905 1492	Serenum - ok
08:04:37.0936 1492	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:04:37.0952 1492	Serial - ok
08:04:37.0983 1492	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:04:37.0999 1492	sermouse - ok
08:04:38.0030 1492	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:04:38.0077 1492	SessionEnv - ok
08:04:38.0124 1492	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:04:38.0140 1492	sffdisk - ok
08:04:38.0155 1492	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:04:38.0186 1492	sffp_mmc - ok
08:04:38.0186 1492	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:04:38.0218 1492	sffp_sd - ok
08:04:38.0249 1492	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:04:38.0280 1492	sfloppy - ok
08:04:38.0311 1492	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:04:38.0374 1492	SharedAccess - ok
08:04:38.0405 1492	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:04:38.0608 1492	ShellHWDetection - ok
08:04:38.0655 1492	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:04:38.0686 1492	SiSRaid2 - ok
08:04:38.0749 1492	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:04:38.0765 1492	SiSRaid4 - ok
08:04:38.0843 1492	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:04:38.0905 1492	Smb - ok
08:04:39.0015 1492	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:04:39.0124 1492	SNMPTRAP - ok
08:04:39.0171 1492	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:04:39.0233 1492	spldr - ok
08:04:39.0593 1492	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:04:39.0655 1492	Spooler - ok
08:04:40.0124 1492	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:04:40.0296 1492	sppsvc - ok
08:04:40.0405 1492	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:04:40.0468 1492	sppuinotify - ok
08:04:40.0780 1492	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:04:40.0952 1492	srv - ok
08:04:41.0405 1492	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:04:41.0515 1492	srv2 - ok
08:04:41.0686 1492	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:04:41.0733 1492	srvnet - ok
08:04:41.0780 1492	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:04:41.0827 1492	SSDPSRV - ok
08:04:41.0983 1492	SSGClient       (64ed8b2ab5526d26d0ce4d3ccd2b1158) C:\Program Files (x86)\Sage\SecureGatewayClient\Gateway.Client.Hosts.Service.exe
08:04:41.0999 1492	SSGClient - ok
08:04:41.0999 1492	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:04:42.0030 1492	SstpSvc - ok
08:04:42.0061 1492	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:04:42.0077 1492	stexstor - ok
08:04:42.0171 1492	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:04:42.0218 1492	stisvc - ok
08:04:42.0233 1492	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
08:04:42.0249 1492	storflt - ok
08:04:42.0265 1492	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
08:04:42.0296 1492	StorSvc - ok
08:04:42.0390 1492	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:04:42.0390 1492	storvsc - ok
08:04:42.0483 1492	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:04:42.0499 1492	swenum - ok
08:04:42.0733 1492	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:04:42.0843 1492	swprv - ok
08:04:42.0999 1492	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:04:43.0108 1492	SysMain - ok
08:04:43.0436 1492	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:04:43.0483 1492	TabletInputService - ok
08:04:43.0827 1492	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:04:43.0921 1492	TapiSrv - ok
08:04:44.0015 1492	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:04:44.0093 1492	TBS - ok
08:04:44.0655 1492	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:04:44.0718 1492	Tcpip - ok
08:04:44.0936 1492	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:04:44.0983 1492	TCPIP6 - ok
08:04:45.0374 1492	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:04:45.0405 1492	tcpipreg - ok
08:04:45.0421 1492	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:04:45.0452 1492	TDPIPE - ok
08:04:45.0483 1492	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:04:45.0499 1492	TDTCP - ok
08:04:45.0515 1492	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:04:45.0546 1492	tdx - ok
08:04:45.0561 1492	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
08:04:45.0577 1492	TermDD - ok
08:04:45.0655 1492	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:04:45.0702 1492	TermService - ok
08:04:45.0733 1492	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:04:45.0749 1492	Themes - ok
08:04:45.0780 1492	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:04:45.0811 1492	THREADORDER - ok
08:04:45.0952 1492	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:04:45.0999 1492	TrkWks - ok
08:04:46.0171 1492	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:04:46.0218 1492	TrustedInstaller - ok
08:04:46.0249 1492	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:04:46.0327 1492	tssecsrv - ok
08:04:46.0343 1492	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:04:46.0374 1492	TsUsbFlt - ok
08:04:46.0390 1492	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:04:46.0421 1492	TsUsbGD - ok
08:04:46.0640 1492	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:04:46.0702 1492	tunnel - ok
08:04:46.0811 1492	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:04:46.0827 1492	uagp35 - ok
08:04:46.0858 1492	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:04:46.0921 1492	udfs - ok
08:04:46.0952 1492	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:04:46.0983 1492	UI0Detect - ok
08:04:46.0999 1492	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:04:47.0015 1492	uliagpkx - ok
08:04:47.0030 1492	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:04:47.0046 1492	umbus - ok
08:04:47.0061 1492	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:04:47.0093 1492	UmPass - ok
08:04:47.0124 1492	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
08:04:47.0140 1492	UmRdpService - ok
08:04:47.0171 1492	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:04:47.0233 1492	upnphost - ok
08:04:47.0265 1492	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
08:04:47.0296 1492	usbccgp - ok
08:04:47.0421 1492	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:04:47.0436 1492	usbcir - ok
08:04:47.0515 1492	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:04:47.0546 1492	usbehci - ok
08:04:47.0577 1492	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:04:47.0608 1492	usbhub - ok
08:04:47.0640 1492	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:04:47.0686 1492	usbohci - ok
08:04:47.0733 1492	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
08:04:47.0843 1492	usbprint - ok
08:04:47.0858 1492	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:04:47.0890 1492	USBSTOR - ok
08:04:47.0905 1492	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:04:47.0921 1492	usbuhci - ok
08:04:47.0952 1492	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:04:47.0999 1492	UxSms - ok
08:04:48.0015 1492	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:04:48.0046 1492	VaultSvc - ok
08:04:48.0171 1492	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:04:48.0186 1492	vdrvroot - ok
08:04:48.0343 1492	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:04:48.0405 1492	vds - ok
08:04:48.0421 1492	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:04:48.0436 1492	vga - ok
08:04:48.0468 1492	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:04:48.0499 1492	VgaSave - ok
08:04:48.0686 1492	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:04:48.0686 1492	vhdmp - ok
08:04:48.0718 1492	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:04:48.0718 1492	viaide - ok
08:04:49.0061 1492	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
08:04:49.0077 1492	vmbus - ok
08:04:49.0124 1492	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:04:49.0155 1492	VMBusHID - ok
08:04:49.0186 1492	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:04:49.0186 1492	volmgr - ok
08:04:49.0218 1492	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:04:49.0249 1492	volmgrx - ok
08:04:49.0265 1492	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:04:49.0280 1492	volsnap - ok
08:04:49.0311 1492	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:04:49.0327 1492	vsmraid - ok
08:04:49.0436 1492	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:04:49.0530 1492	VSS - ok
08:04:49.0686 1492	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:04:49.0749 1492	vwifibus - ok
08:04:49.0780 1492	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:04:49.0827 1492	W32Time - ok
08:04:49.0843 1492	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:04:49.0858 1492	WacomPen - ok
08:04:49.0890 1492	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:04:49.0936 1492	WANARP - ok
08:04:49.0936 1492	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:04:49.0968 1492	Wanarpv6 - ok
08:04:50.0061 1492	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:04:50.0155 1492	wbengine - ok
08:04:50.0265 1492	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:04:50.0280 1492	WbioSrvc - ok
08:04:50.0311 1492	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:04:50.0530 1492	wcncsvc - ok
08:04:50.0546 1492	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:04:50.0624 1492	WcsPlugInService - ok
08:04:50.0718 1492	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:04:50.0733 1492	Wd - ok
08:04:50.0780 1492	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:04:50.0796 1492	Wdf01000 - ok
08:04:50.0827 1492	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:04:50.0890 1492	WdiServiceHost - ok
08:04:50.0890 1492	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:04:50.0905 1492	WdiSystemHost - ok
08:04:50.0921 1492	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:04:50.0952 1492	WebClient - ok
08:04:50.0983 1492	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:04:51.0046 1492	Wecsvc - ok
08:04:51.0108 1492	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:04:51.0140 1492	wercplsupport - ok
08:04:51.0171 1492	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:04:51.0202 1492	WerSvc - ok
08:04:51.0265 1492	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:04:51.0296 1492	WfpLwf - ok
08:04:51.0311 1492	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:04:51.0327 1492	WIMMount - ok
08:04:51.0358 1492	WinDefend - ok
08:04:51.0374 1492	WinHttpAutoProxySvc - ok
08:04:51.0436 1492	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:04:51.0468 1492	Winmgmt - ok
08:04:51.0671 1492	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:04:51.0765 1492	WinRM - ok
08:04:51.0983 1492	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:04:52.0030 1492	Wlansvc - ok
08:04:52.0108 1492	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:04:52.0108 1492	WmiAcpi - ok
08:04:52.0186 1492	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:04:52.0233 1492	wmiApSrv - ok
08:04:52.0280 1492	WMPNetworkSvc - ok
08:04:52.0311 1492	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:04:52.0327 1492	WPCSvc - ok
08:04:52.0358 1492	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:04:52.0374 1492	WPDBusEnum - ok
08:04:52.0374 1492	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:04:52.0405 1492	ws2ifsl - ok
08:04:52.0421 1492	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
08:04:52.0452 1492	wscsvc - ok
08:04:52.0452 1492	WSearch - ok
08:04:52.0593 1492	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:04:52.0671 1492	wuauserv - ok
08:04:53.0280 1492	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:04:53.0343 1492	WudfPf - ok
08:04:53.0390 1492	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:04:53.0452 1492	WUDFRd - ok
08:04:53.0483 1492	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:04:53.0515 1492	wudfsvc - ok
08:04:53.0530 1492	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:04:53.0561 1492	WwanSvc - ok
08:04:53.0577 1492	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:04:53.0952 1492	\Device\Harddisk0\DR0 - ok
08:04:53.0952 1492	Boot (0x1200)   (f6c3ad79cce09ee6fd9162a09e4eb78e) \Device\Harddisk0\DR0\Partition0
08:04:53.0952 1492	\Device\Harddisk0\DR0\Partition0 - ok
08:04:53.0983 1492	Boot (0x1200)   (913c90fde303e48372b805999cf65e70) \Device\Harddisk0\DR0\Partition1
08:04:53.0983 1492	\Device\Harddisk0\DR0\Partition1 - ok
08:04:53.0999 1492	============================================================
08:04:53.0999 1492	Scan finished
08:04:53.0999 1492	============================================================
08:04:54.0015 3244	Detected object count: 5
08:04:54.0015 3244	Actual detected object count: 5
08:07:02.0289 3244	Sage Mobile SystemControlService ( UnsignedFile.Multi.Generic ) - skipped by user
08:07:02.0289 3244	Sage Mobile SystemControlService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:07:02.0292 3244	Sage Mobile UserControlService ( UnsignedFile.Multi.Generic ) - skipped by user
08:07:02.0292 3244	Sage Mobile UserControlService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:07:02.0295 3244	SagedeAdministrationService30 ( UnsignedFile.Multi.Generic ) - skipped by user
08:07:02.0295 3244	SagedeAdministrationService30 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:07:02.0300 3244	SagedeApplicationServerService30 ( UnsignedFile.Multi.Generic ) - skipped by user
08:07:02.0300 3244	SagedeApplicationServerService30 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:07:02.0303 3244	SageMultiUserService40 ( UnsignedFile.Multi.Generic ) - skipped by user
08:07:02.0303 3244	SageMultiUserService40 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 02.08.2012, 08:34

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

FWessling87 · 02.08.2012, 09:54

Hallo Arne,

hier ist die LOG-Datei von Combo-Fix. Ich weiß nicht genau, wie ich schnell ich ab nächste Woche antworten kann, da die Arbeit wieder ruft

Aber vielleicht haben wir (bzw. Du) das Problem aus der Welt geschafft.

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-07-31.03 - Daniel 02.08.2012  10:40:47.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.1791.1123 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-02 bis 2012-08-02  ))))))))))))))))))))))))))))))
.
.
2012-08-02 08:44 . 2012-08-02 08:44	--------	d-----w-	c:\users\SSGClient\AppData\Local\temp
2012-08-01 07:11 . 2012-08-01 07:11	--------	d-----w-	c:\users\Daniel\AppData\Local\ElevatedDiagnostics
2012-07-25 09:07 . 2012-07-25 09:07	--------	d-----w-	C:\_OTL
2012-07-12 14:08 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-12 06:01 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 07:25 . 2012-07-11 07:25	--------	d-----w-	c:\program files (x86)\ESET
2012-07-06 11:46 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-07-04 07:20 . 2012-07-04 07:19	268720	----a-w-	c:\windows\system32\javaws.exe
2012-07-04 07:20 . 2012-07-04 07:19	955840	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-07-04 07:20 . 2012-07-04 07:19	839096	----a-w-	c:\windows\system32\deployJava1.dll
2012-07-04 07:20 . 2012-07-04 07:19	189360	----a-w-	c:\windows\system32\javaw.exe
2012-07-04 07:20 . 2012-07-04 07:19	188840	----a-w-	c:\windows\system32\java.exe
2012-07-04 07:19 . 2012-07-04 07:19	--------	d-----w-	c:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 06:23 . 2012-06-14 13:55	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-01 06:23 . 2012-06-14 13:55	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 14:04 . 2012-06-14 10:32	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-18 09:51 . 2012-06-18 09:51	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-06-18 09:51 . 2012-06-18 09:51	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-18 09:51 . 2012-06-18 09:51	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-18 09:51 . 2012-06-18 09:51	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-06-18 09:51 . 2012-06-18 09:51	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-06-18 09:51 . 2012-06-18 09:51	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-06-18 09:51 . 2012-06-18 09:51	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-06-18 09:51 . 2012-06-18 09:51	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-06-18 09:51 . 2012-06-18 09:51	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-06-18 09:51 . 2012-06-18 09:51	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-06-18 09:51 . 2012-06-18 09:51	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-06-18 09:51 . 2012-06-18 09:51	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-06-18 09:51 . 2012-06-18 09:51	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-06-18 09:51 . 2012-06-18 09:51	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-06-18 09:51 . 2012-06-18 09:51	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-06-18 09:51 . 2012-06-18 09:51	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-06-18 09:51 . 2012-06-18 09:51	82432	----a-w-	c:\windows\system32\icardie.dll
2012-06-18 09:51 . 2012-06-18 09:51	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-06-18 09:51 . 2012-06-18 09:51	697344	----a-w-	c:\windows\system32\msfeeds.dll
2012-06-18 09:51 . 2012-06-18 09:51	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-06-18 09:51 . 2012-06-18 09:51	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-06-18 09:51 . 2012-06-18 09:51	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-06-18 09:51 . 2012-06-18 09:51	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-06-18 09:51 . 2012-06-18 09:51	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-06-18 09:51 . 2012-06-18 09:51	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-06-18 09:51 . 2012-06-18 09:51	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-06-18 09:51 . 2012-06-18 09:51	448512	----a-w-	c:\windows\system32\html.iec
2012-06-18 09:51 . 2012-06-18 09:51	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-06-18 09:51 . 2012-06-18 09:51	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-06-18 09:51 . 2012-06-18 09:51	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-06-18 09:51 . 2012-06-18 09:51	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-06-18 09:51 . 2012-06-18 09:51	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-06-18 09:51 . 2012-06-18 09:51	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-06-18 09:51 . 2012-06-18 09:51	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-06-18 09:51 . 2012-06-18 09:51	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-06-18 09:51 . 2012-06-18 09:51	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-06-18 09:51 . 2012-06-18 09:51	222208	----a-w-	c:\windows\system32\msls31.dll
2012-06-18 09:51 . 2012-06-18 09:51	197120	----a-w-	c:\windows\system32\msrating.dll
2012-06-18 09:51 . 2012-06-18 09:51	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-06-18 09:51 . 2012-06-18 09:51	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-06-18 09:51 . 2012-06-18 09:51	160256	----a-w-	c:\windows\system32\wextract.exe
2012-06-18 09:51 . 2012-06-18 09:51	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-06-18 09:51 . 2012-06-18 09:51	149504	----a-w-	c:\windows\system32\occache.dll
2012-06-18 09:51 . 2012-06-18 09:51	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-06-18 09:51 . 2012-06-18 09:51	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-06-18 09:51 . 2012-06-18 09:51	12288	----a-w-	c:\windows\system32\mshta.exe
2012-06-18 09:51 . 2012-06-18 09:51	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-06-18 09:51 . 2012-06-18 09:51	114176	----a-w-	c:\windows\system32\admparse.dll
2012-06-18 09:51 . 2012-06-18 09:51	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-06-18 09:51 . 2012-06-18 09:51	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-06-18 09:51 . 2012-06-18 09:51	103936	----a-w-	c:\windows\system32\inseng.dll
2012-06-18 09:51 . 2012-06-18 09:51	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-06-14 12:47 . 2012-06-14 12:47	708608	----a-w-	c:\windows\SysWow64\wab32.dll
2012-06-14 11:05 . 2012-06-14 11:05	155648	----a-r-	c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{D123A234-875B-484E-A226-7BCDA51F1252}\ARPPRODUCTICON.exe
2012-06-05 07:06 . 2012-06-05 07:06	82432	----a-w-	c:\windows\SysWow64\msxml4r.dll
2012-06-05 07:06 . 2012-06-05 07:06	28160	----a-w-	c:\windows\SysWow64\msxml3a.dll
2012-06-02 22:19 . 2012-06-19 06:00	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 06:00	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 06:00	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 06:00	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 06:00	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 06:00	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 06:00	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 06:00	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 06:00	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-05-04 17:29 . 2012-06-18 11:52	772504	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-05-04 17:29 . 2012-06-18 11:52	687504	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-14 10:24	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-18 11:55	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-14 10:24	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 10:24	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-18 11:55	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiScreen"="c:\program files (x86)\MultiScreen\MultiScreen.exe" [2009-08-11 303104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 250056]
R3 Asushwio;Asushwio;d:\bin\64bit\Asushwio.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
R3 SagedeAdministrationService30;Sage Administration Service 3.0;c:\program files (x86)\Sage\Application Server\3.0\Sagede.ApplicationServer.Administration.Service.exe [2012-04-03 9216]
R3 SagedeApplicationServerService30;Sage Application Server 2012;c:\program files (x86)\Sage\Application Server\3.0\Sagede.ApplicationServer.WindowsService.exe [2012-04-03 7744]
R3 SSGClient;Sage Secure Gateway Client;c:\program files (x86)\Sage\SecureGatewayClient\Gateway.Client.Hosts.Service.exe [2011-11-21 62216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Sage Mobile SystemControlService;Sage Mobile Konfigurationsdienst (Systemkontext);c:\program files (x86)\Common Files\Sage Software Shared\Mobile\Control Services\Sagede.Mobile.ControlServices.SystemContextService.exe [2012-04-23 8192]
S2 Sage Mobile UserControlService;Sage Mobile Konfigurationsdienst (Benutzerkontext);c:\program files (x86)\Common Files\Sage Software Shared\Mobile\Control Services\Sagede.Mobile.ControlServices.UserContextService.exe [2012-04-23 9728]
S2 SageDB 5.0;SageDB 5.0;c:\program files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe [2011-07-18 5685248]
S2 SageMultiUserService40;Sage Mehrbenutzerdienst 4.0;c:\program files (x86)\Common Files\Sage Software Shared\MultiUserServiceServer.exe [2011-10-06 198144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 06:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\or4bq4do.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-02  10:49:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-02 08:49
.
Vor Suchlauf: 10 Verzeichnis(se), 284.033.613.824 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 283.856.691.200 Bytes frei
.
- - End Of File - - 40DA1FE15DA55667B53B6D3EF2DDA9A0

--- --- ---

cosinus · 03.08.2012, 11:15

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

FWessling87 · 03.08.2012, 11:37

Hallo Arne,

hier ist das OSAM-LOG:

Code:

ATTFilter

OSAM Logfile:

	Code: 

 ATTFilter

  
	Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:23:06 on 03.08.2012

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Asushwio" (Asushwio) - ? - D:\Bin\64bit\Asushwio.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"EIO" (EIO) - ? - C:\Windows\system32\drivers\EIO.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"MultiScreen" - ? - C:\Program Files (x86)\MultiScreen\MultiScreen.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bullzip PDF Print Monitor" - "Bullzip" - C:\Windows\system32\bzpdf.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Sage Administration Service 3.0" (SagedeAdministrationService30) - "Sage Software" - C:\Program Files (x86)\Sage\Application Server\3.0\Sagede.ApplicationServer.Administration.Service.exe
"Sage Application Server 2012" (SagedeApplicationServerService30) - "Sage Software" - C:\Program Files (x86)\Sage\Application Server\3.0\Sagede.ApplicationServer.WindowsService.exe
"Sage Mehrbenutzerdienst 4.0" (SageMultiUserService40) - "Sage Software" - C:\Program Files (x86)\Common Files\Sage Software Shared\MultiUserServiceServer.exe
"Sage Mobile Konfigurationsdienst (Benutzerkontext)" (Sage Mobile UserControlService) - "Sage Software" - C:\Program Files (x86)\Common Files\Sage Software Shared\Mobile\Control Services\Sagede.Mobile.ControlServices.UserContextService.exe
"Sage Mobile Konfigurationsdienst (Systemkontext)" (Sage Mobile SystemControlService) - "Sage Software" - C:\Program Files (x86)\Common Files\Sage Software Shared\Mobile\Control Services\Sagede.Mobile.ControlServices.SystemContextService.exe
"Sage Secure Gateway Client" (SSGClient) - "Sage (UK) Limited" - C:\Program Files (x86)\Sage\SecureGatewayClient\Gateway.Client.Hosts.Service.exe
"SageDB 5.0" (SageDB 5.0) - ? - C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und hier das AMR-LOG

Code:

ATTFilter

OSAM Logfile:

	Code: 

 ATTFilter

  
	Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:23:06 on 03.08.2012

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Asushwio" (Asushwio) - ? - D:\Bin\64bit\Asushwio.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"EIO" (EIO) - ? - C:\Windows\system32\drivers\EIO.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"MultiScreen" - ? - C:\Program Files (x86)\MultiScreen\MultiScreen.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bullzip PDF Print Monitor" - "Bullzip" - C:\Windows\system32\bzpdf.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Sage Administration Service 3.0" (SagedeAdministrationService30) - "Sage Software" - C:\Program Files (x86)\Sage\Application Server\3.0\Sagede.ApplicationServer.Administration.Service.exe
"Sage Application Server 2012" (SagedeApplicationServerService30) - "Sage Software" - C:\Program Files (x86)\Sage\Application Server\3.0\Sagede.ApplicationServer.WindowsService.exe
"Sage Mehrbenutzerdienst 4.0" (SageMultiUserService40) - "Sage Software" - C:\Program Files (x86)\Common Files\Sage Software Shared\MultiUserServiceServer.exe
"Sage Mobile Konfigurationsdienst (Benutzerkontext)" (Sage Mobile UserControlService) - "Sage Software" - C:\Program Files (x86)\Common Files\Sage Software Shared\Mobile\Control Services\Sagede.Mobile.ControlServices.UserContextService.exe
"Sage Mobile Konfigurationsdienst (Systemkontext)" (Sage Mobile SystemControlService) - "Sage Software" - C:\Program Files (x86)\Common Files\Sage Software Shared\Mobile\Control Services\Sagede.Mobile.ControlServices.SystemContextService.exe
"Sage Secure Gateway Client" (SSGClient) - "Sage (UK) Limited" - C:\Program Files (x86)\Sage\SecureGatewayClient\Gateway.Client.Hosts.Service.exe
"SageDB 5.0" (SageDB 5.0) - ? - C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Vielen Dank und ein schönes WE

cosinus · 03.08.2012, 19:08

Wieso 2x OSAM?

Was ist mit den anderen Logs?

FWessling87 · 06.08.2012, 07:21

Guten MOrgen,

das eine Tool hat nicht geklappt. Das andere war natürlich ein Fehler meinerseits, copy paste...

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-03 12:24:39
-----------------------------
12:24:39.184    OS Version: Windows x64 6.1.7601 Service Pack 1
12:24:39.184    Number of processors: 2 586 0x602
12:24:39.186    ComputerName: DANIEL-PC  UserName: Daniel
12:24:39.833    Initialize success
12:26:16.904    AVAST engine defs: 12080300
12:29:14.560    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
12:29:14.566    Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
12:29:14.583    Disk 0 MBR read successfully
12:29:14.586    Disk 0 MBR scan
12:29:14.591    Disk 0 Windows 7 default MBR code
12:29:14.597    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
12:29:14.611    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       305143 MB offset 206848
12:29:14.634    Disk 0 scanning C:\Windows\system32\drivers
12:29:20.320    Service scanning
12:29:21.912    Service Asushwio D:\Bin\64bit\Asushwio.sys **LOCKED** 21
12:29:35.072    Modules scanning
12:29:35.082    Disk 0 trace - called modules:
12:29:35.098    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys 
12:29:35.105    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80026e6060]
12:29:35.114    3 CLASSPNP.SYS[fffff880019b243f] -> nt!IofCallDriver -> [0xfffffa8001f84800]
12:29:35.123    5 ACPI.sys[fffff88000f367a1] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8001f84060]
12:29:35.995    AVAST engine scan C:\Windows
12:29:37.712    AVAST engine scan C:\Windows\system32
12:31:46.516    AVAST engine scan C:\Windows\system32\drivers
12:31:53.907    AVAST engine scan C:\Users\Daniel
12:32:34.698    AVAST engine scan C:\ProgramData
12:32:43.394    Scan finished successfully
12:34:32.919    Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
12:34:32.925    The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"

cosinus · 06.08.2012, 15:39

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

FWessling87 · 07.08.2012, 12:07

Hallo Arne,

welches Tool hat eigentlich konkret etwas "repariert" oder gelöscht? Ich als Laie sehe immer nur LOGS ;-)

Hier ist das Malwarebyte Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.07.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: DANIEL-PC [Administrator]

Schutz: Aktiviert

07.08.2012 09:33:33
mbam-log-2012-08-07 (09-33-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 306361
Laufzeit: 20 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und das andere Tool:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/07/2012 at 01:06 PM

Application Version : 5.5.1012

Core Rules Database Version : 9021
Trace Rules Database Version: 6833

Scan type       : Complete Scan
Total Scan Time : 00:38:57

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 575
Memory threats detected   : 0
Registry items scanned    : 69077
Registry threats detected : 0
File items scanned        : 89913
File threats detected     : 34

Adware.Tracking Cookie
	C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\daniel@atdmt[2].txt [ /atdmt ]
	C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\NAGVBIXG.txt [ /doubleclick.net ]
	C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\NCU7XJ3F.txt [ /adform.net ]
	C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\SV0R493V.txt [ /track.adform.net ]
	C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\TCMMYB7H.txt [ /tracking.quisma.com ]
	C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\6X0UT2FL.txt [ /fastclick.net ]
	C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\5AYN3EAN.txt [ /ad.zanox.com ]
	C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\QHYBCNLU.txt [ /imrworldwide.com ]
	C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\7LBB3EV8.txt [ /adfarm1.adition.com ]
	C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\J5Y4RJJV.txt [ /apmebf.com ]
	C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\N51AILFE.txt [ /mediaplex.com ]
	C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\RDHXCWRR.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\WH2UKD4P.txt [ /zanox.com ]
	C:\USERS\DANIEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel@doubleclick[1].txt [ Cookie:daniel@doubleclick.net/ ]
	C:\USERS\DANIEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel@atdmt[2].txt [ Cookie:daniel@atdmt.com/ ]
	C:\USERS\DANIEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel@revsci[1].txt [ Cookie:daniel@revsci.net/ ]
	C:\USERS\DANIEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel@c.atdmt[2].txt [ Cookie:daniel@c.atdmt.com/ ]
	C:\USERS\DANIEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel@serving-sys[1].txt [ Cookie:daniel@serving-sys.com/ ]
	C:\USERS\DANIEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel@smartadserver[1].txt [ Cookie:daniel@smartadserver.com/ ]
	C:\USERS\DANIEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel@www.googleadservices[1].txt [ Cookie:daniel@www.googleadservices.com/pagead/conversion/1010320659/ ]
	C:\USERS\DANIEL\Cookies\NAGVBIXG.txt [ Cookie:daniel@doubleclick.net/ ]
	C:\USERS\DANIEL\Cookies\NCU7XJ3F.txt [ Cookie:daniel@adform.net/ ]
	C:\USERS\DANIEL\Cookies\daniel@atdmt[2].txt [ Cookie:daniel@atdmt.com/ ]
	C:\USERS\DANIEL\Cookies\TCMMYB7H.txt [ Cookie:daniel@tracking.quisma.com/ ]
	C:\USERS\DANIEL\Cookies\6X0UT2FL.txt [ Cookie:daniel@fastclick.net/ ]
	C:\USERS\DANIEL\Cookies\QHYBCNLU.txt [ Cookie:daniel@imrworldwide.com/cgi-bin ]
	C:\USERS\DANIEL\Cookies\7LBB3EV8.txt [ Cookie:daniel@adfarm1.adition.com/ ]
	C:\USERS\DANIEL\Cookies\N51AILFE.txt [ Cookie:daniel@mediaplex.com/ ]
	C:\USERS\DANIEL\Cookies\WH2UKD4P.txt [ Cookie:daniel@zanox.com/ ]
	C:\USERS\DANIEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DANIEL@ADX.CHIP[1].TXT [ /ADX.CHIP ]
	C:\USERS\DANIEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DANIEL@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
	.apmebf.com [ C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OR4BQ4DO.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OR4BQ4DO.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OR4BQ4DO.DEFAULT\COOKIES.SQLITE ]

cosinus · 08.08.2012, 15:11

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

25.07.2012, 11:34	#31
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	EXP/JS.Iframe.AL in Firefox Cache Das kommt wenn man die Tools nicht mit Adminrechten ausführt Unter Vista und Win7 muss optimalerweise JEDES Tool per Rechtsklick als Administrator gestartet werden. Alternativ müsste man die UAC komplett abdrehen __________________ Logfiles bitte immer in CODE-Tags posten

25.07.2012, 14:39	#33
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	EXP/JS.Iframe.AL in Firefox Cache Das Log ist aber unvollständig Wiederhol den Fix bitte __________________ __________________

03.08.2012, 19:08	#41
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	EXP/JS.Iframe.AL in Firefox Cache Wieso 2x OSAM? Was ist mit den anderen Logs? __________________ Logfiles bitte immer in CODE-Tags posten

06.08.2012, 15:39	#43
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	EXP/JS.Iframe.AL in Firefox Cache Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

EXP/JS.Iframe.AL in Firefox Cache

Plagegeister aller Art und deren Bekämpfung: EXP/JS.Iframe.AL in Firefox Cache