Bundespolizeitrojaner, Internetzugang gesperrt

cosinus · 12.07.2012, 19:22

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - prefs.js..keyword.URL: "http://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=http://suche.web.de/search/web/?origin=br_urlbar_ff&su="
FF - user.js - File not found
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.order.1: "WEB.DE Suche"
FF - prefs.js..browser.search.order.2: "amazon.de"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.startup.homepage: "http://go.web.de/br/ff3_startpage"
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.7.5
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
[2011.05.12 21:04:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\JC Müller\AppData\Roaming\mozilla\Firefox\Profiles\uih78sgk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-1782174894-4009563491-1203132981-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1782174894-4009563491-1203132981-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1782174894-4009563491-1203132981-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKU\S-1-5-21-1782174894-4009563491-1203132981-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
[2012.07.04 20:46:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2011.05.11 22:44:54 | 000,000,120 | ---- | C] () -- C:\Users\JC Müller\AppData\Local\Yyikodusexuy.dat
[2011.05.11 22:44:54 | 000,000,000 | ---- | C] () -- C:\Users\JC Müller\AppData\Local\Cmamevub.bin
:Files
C:\Program Files\BabylonToolbar
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Blicknix · 12.07.2012, 20:01

erledigt!

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=br_urlbar_ff&su=" removed from keyword.URL
Prefs.js: "WEB.DE Suche" removed from browser.search.defaultenginename
Prefs.js: "WEB.DE Suche" removed from browser.search.order.1
Prefs.js: "amazon.de" removed from browser.search.order.2
Prefs.js: "amazon.de" removed from browser.search.order.3
Prefs.js: "WEB.DE Suche" removed from browser.search.order.4
Prefs.js: "hxxp://go.web.de/br/ff3_startpage" removed from browser.startup.homepage
Prefs.js: allglassv2@ambroos.neowin.net:2.1.4 removed from extensions.enabledItems
Prefs.js: toolbar@web.de:1.7.5 removed from extensions.enabledItems
Prefs.js: ffxtlbr@babylon.com:1.2.0 removed from extensions.enabledItems
C:\Users\JC Müller\AppData\Roaming\mozilla\Firefox\Profiles\uih78sgk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\JC Müller\AppData\Roaming\mozilla\Firefox\Profiles\uih78sgk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\JC Müller\AppData\Roaming\mozilla\Firefox\Profiles\uih78sgk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\JC Müller\AppData\Roaming\mozilla\Firefox\Profiles\uih78sgk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17166733-40EA-4432-A85C-AE672FF0E236}\ deleted successfully.
C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
C:\Programme\WEB.DE Toolbar\IE\uitb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ deleted successfully.
File C:\Programme\WEB.DE Toolbar\IE\uitb.dll not found.
Registry value HKEY_USERS\S-1-5-21-1782174894-4009563491-1203132981-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
File C:\Programme\WEB.DE Toolbar\IE\uitb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BabylonToolbar deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1782174894-4009563491-1203132981-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1782174894-4009563491-1203132981-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1782174894-4009563491-1203132981-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
C:\ProgramData\l_u0_0.pad moved successfully.
C:\Users\JC Müller\AppData\Local\Yyikodusexuy.dat moved successfully.
C:\Users\JC Müller\AppData\Local\Cmamevub.bin moved successfully.
========== FILES ==========
File\Folder C:\Program Files\BabylonToolbar not found.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Claudia
->Temp folder emptied: 59745720 bytes
->Temporary Internet Files folder emptied: 59399998 bytes
->FireFox cache emptied: 54486077 bytes
->Flash cache emptied: 580 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: JC Müller
->Temp folder emptied: 110707003 bytes
->Temporary Internet Files folder emptied: 237823880 bytes
->FireFox cache emptied: 62983856 bytes
->Google Chrome cache emptied: 7253059 bytes
->Apple Safari cache emptied: 882688 bytes
->Flash cache emptied: 4505 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 134971097 bytes
RecycleBin emptied: 1796097840 bytes
 
Total Files Cleaned = 2.407,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Claudia
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: JC Müller
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07122012_205447

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 12.07.2012, 21:05

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Blicknix · 12.07.2012, 21:57

Hier wie gewünscht:

Code:

ATTFilter

22:50:54.0765 4940	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
22:50:55.0101 4940	============================================================
22:50:55.0101 4940	Current date / time: 2012/07/12 22:50:55.0101
22:50:55.0101 4940	SystemInfo:
22:50:55.0101 4940	
22:50:55.0102 4940	OS Version: 6.1.7601 ServicePack: 1.0
22:50:55.0102 4940	Product type: Workstation
22:50:55.0102 4940	ComputerName: PCGELLERTSTR
22:50:55.0102 4940	UserName: JC Müller
22:50:55.0102 4940	Windows directory: C:\Windows
22:50:55.0102 4940	System windows directory: C:\Windows
22:50:55.0102 4940	Processor architecture: Intel x86
22:50:55.0102 4940	Number of processors: 4
22:50:55.0102 4940	Page size: 0x1000
22:50:55.0102 4940	Boot type: Normal boot
22:50:55.0102 4940	============================================================
22:50:56.0315 4940	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:50:56.0331 4940	============================================================
22:50:56.0331 4940	\Device\Harddisk0\DR0:
22:50:56.0331 4940	MBR partitions:
22:50:56.0331 4940	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x48055000
22:50:56.0357 4940	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x4805644E, BlocksNum 0x2800A73
22:50:56.0357 4940	============================================================
22:50:56.0402 4940	C: <-> \Device\Harddisk0\DR0\Partition0
22:50:56.0424 4940	D: <-> \Device\Harddisk0\DR0\Partition1
22:50:56.0424 4940	============================================================
22:50:56.0424 4940	Initialize success
22:50:56.0424 4940	============================================================
22:51:45.0656 5192	============================================================
22:51:45.0656 5192	Scan started
22:51:45.0656 5192	Mode: Manual; SigCheck; TDLFS; 
22:51:45.0656 5192	============================================================
22:51:46.0374 5192	!SASCORE        (4b7992df1600cf222701435d39fe4f90) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:51:46.0453 5192	!SASCORE - ok
22:51:46.0598 5192	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:51:46.0669 5192	1394ohci - ok
22:51:46.0721 5192	AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
22:51:46.0741 5192	AAV UpdateService - ok
22:51:46.0789 5192	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:51:46.0815 5192	ACPI - ok
22:51:46.0828 5192	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:51:46.0893 5192	AcpiPmi - ok
22:51:46.0954 5192	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:51:46.0986 5192	adp94xx - ok
22:51:47.0009 5192	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:51:47.0024 5192	adpahci - ok
22:51:47.0044 5192	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:51:47.0056 5192	adpu320 - ok
22:51:47.0081 5192	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:51:47.0128 5192	AeLookupSvc - ok
22:51:47.0184 5192	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:51:47.0236 5192	AFD - ok
22:51:47.0288 5192	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:51:47.0309 5192	agp440 - ok
22:51:47.0325 5192	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:51:47.0337 5192	aic78xx - ok
22:51:47.0365 5192	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:51:47.0408 5192	ALG - ok
22:51:47.0427 5192	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:51:47.0447 5192	aliide - ok
22:51:47.0475 5192	AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
22:51:47.0533 5192	AMD External Events Utility - ok
22:51:47.0556 5192	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:51:47.0577 5192	amdagp - ok
22:51:47.0611 5192	amdide          (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys
22:51:47.0627 5192	amdide - ok
22:51:47.0657 5192	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:51:47.0703 5192	AmdK8 - ok
22:51:47.0726 5192	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:51:47.0769 5192	AmdPPM - ok
22:51:47.0796 5192	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:51:47.0817 5192	amdsata - ok
22:51:47.0842 5192	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:51:47.0865 5192	amdsbs - ok
22:51:47.0886 5192	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:51:47.0897 5192	amdxata - ok
22:51:48.0016 5192	AntiVirMailService (b9b5dfafea592bd4ca967824ebb42e3d) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
22:51:48.0043 5192	AntiVirMailService - ok
22:51:48.0081 5192	AntiVirSchedulerService (67b1d78711b4386c26241096326ee14a) C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:51:48.0099 5192	AntiVirSchedulerService - ok
22:51:48.0146 5192	AntiVirService  (845c4e7ae211edad5e0b832126f56932) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:51:48.0165 5192	AntiVirService - ok
22:51:48.0211 5192	AntiVirWebService (30d71e0c149943a8985d02ea0944f2fe) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:51:48.0232 5192	AntiVirWebService - ok
22:51:48.0283 5192	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:51:48.0382 5192	AppID - ok
22:51:48.0430 5192	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:51:48.0488 5192	AppIDSvc - ok
22:51:48.0527 5192	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:51:48.0582 5192	Appinfo - ok
22:51:48.0687 5192	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:51:48.0704 5192	Apple Mobile Device - ok
22:51:48.0764 5192	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:51:48.0786 5192	arc - ok
22:51:48.0806 5192	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:51:48.0817 5192	arcsas - ok
22:51:48.0831 5192	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:51:48.0945 5192	AsyncMac - ok
22:51:48.0964 5192	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:51:48.0975 5192	atapi - ok
22:51:49.0251 5192	atikmdag        (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
22:51:49.0381 5192	atikmdag - ok
22:51:49.0529 5192	AtiPcie         (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:51:49.0555 5192	AtiPcie - ok
22:51:49.0628 5192	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:51:49.0689 5192	AudioEndpointBuilder - ok
22:51:49.0698 5192	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:51:49.0737 5192	Audiosrv - ok
22:51:49.0780 5192	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
22:51:49.0795 5192	avgntflt - ok
22:51:49.0842 5192	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
22:51:49.0865 5192	avipbb - ok
22:51:49.0894 5192	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:51:49.0906 5192	avkmgr - ok
22:51:49.0955 5192	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:51:50.0018 5192	AxInstSV - ok
22:51:50.0072 5192	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:51:50.0123 5192	b06bdrv - ok
22:51:50.0162 5192	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:51:50.0185 5192	b57nd60x - ok
22:51:50.0289 5192	BBSvc           (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
22:51:50.0314 5192	BBSvc - ok
22:51:50.0345 5192	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:51:50.0396 5192	BDESVC - ok
22:51:50.0406 5192	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:51:50.0454 5192	Beep - ok
22:51:50.0530 5192	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
22:51:50.0595 5192	BFE - ok
22:51:50.0661 5192	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
22:51:50.0735 5192	BITS - ok
22:51:50.0741 5192	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:51:50.0770 5192	blbdrive - ok
22:51:50.0833 5192	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:51:50.0859 5192	Bonjour Service - ok
22:51:50.0883 5192	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:51:50.0937 5192	bowser - ok
22:51:50.0952 5192	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:51:51.0017 5192	BrFiltLo - ok
22:51:51.0025 5192	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:51:51.0062 5192	BrFiltUp - ok
22:51:51.0109 5192	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:51:51.0170 5192	Browser - ok
22:51:51.0210 5192	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:51:51.0270 5192	Brserid - ok
22:51:51.0284 5192	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:51:51.0324 5192	BrSerWdm - ok
22:51:51.0344 5192	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:51:51.0377 5192	BrUsbMdm - ok
22:51:51.0395 5192	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:51:51.0432 5192	BrUsbSer - ok
22:51:51.0453 5192	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:51:51.0489 5192	BTHMODEM - ok
22:51:51.0550 5192	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:51:51.0608 5192	bthserv - ok
22:51:51.0732 5192	catchme - ok
22:51:51.0767 5192	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:51:51.0827 5192	cdfs - ok
22:51:51.0864 5192	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
22:51:51.0897 5192	cdrom - ok
22:51:51.0949 5192	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:51:52.0002 5192	CertPropSvc - ok
22:51:52.0035 5192	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:51:52.0059 5192	circlass - ok
22:51:52.0082 5192	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:51:52.0109 5192	CLFS - ok
22:51:52.0181 5192	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:51:52.0202 5192	clr_optimization_v2.0.50727_32 - ok
22:51:52.0262 5192	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:51:52.0283 5192	clr_optimization_v4.0.30319_32 - ok
22:51:52.0300 5192	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:51:52.0320 5192	CmBatt - ok
22:51:52.0330 5192	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:51:52.0343 5192	cmdide - ok
22:51:52.0388 5192	CNG             (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
22:51:52.0409 5192	CNG - ok
22:51:52.0423 5192	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:51:52.0434 5192	Compbatt - ok
22:51:52.0464 5192	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:51:52.0512 5192	CompositeBus - ok
22:51:52.0530 5192	COMSysApp - ok
22:51:52.0553 5192	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:51:52.0574 5192	crcdisk - ok
22:51:52.0627 5192	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
22:51:52.0685 5192	CryptSvc - ok
22:51:52.0732 5192	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:51:52.0789 5192	DcomLaunch - ok
22:51:52.0825 5192	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:51:52.0883 5192	defragsvc - ok
22:51:52.0930 5192	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:51:52.0975 5192	DfsC - ok
22:51:53.0035 5192	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:51:53.0090 5192	Dhcp - ok
22:51:53.0103 5192	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:51:53.0157 5192	discache - ok
22:51:53.0189 5192	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:51:53.0208 5192	Disk - ok
22:51:53.0236 5192	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:51:53.0270 5192	Dnscache - ok
22:51:53.0312 5192	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:51:53.0362 5192	dot3svc - ok
22:51:53.0391 5192	Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
22:51:53.0424 5192	Dot4 - ok
22:51:53.0459 5192	Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
22:51:53.0481 5192	Dot4Print - ok
22:51:53.0503 5192	dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
22:51:53.0532 5192	dot4usb - ok
22:51:53.0560 5192	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:51:53.0618 5192	DPS - ok
22:51:53.0673 5192	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:51:53.0706 5192	drmkaud - ok
22:51:53.0759 5192	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:51:53.0788 5192	DXGKrnl - ok
22:51:53.0824 5192	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:51:53.0873 5192	EapHost - ok
22:51:54.0073 5192	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:51:54.0147 5192	ebdrv - ok
22:51:54.0234 5192	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
22:51:54.0270 5192	EFS - ok
22:51:54.0346 5192	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:51:54.0413 5192	ehRecvr - ok
22:51:54.0446 5192	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:51:54.0498 5192	ehSched - ok
22:51:54.0589 5192	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:51:54.0618 5192	elxstor - ok
22:51:54.0651 5192	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:51:54.0682 5192	ErrDev - ok
22:51:54.0738 5192	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:51:54.0798 5192	EventSystem - ok
22:51:54.0833 5192	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:51:54.0890 5192	exfat - ok
22:51:54.0912 5192	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:51:54.0972 5192	fastfat - ok
22:51:55.0039 5192	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:51:55.0092 5192	Fax - ok
22:51:55.0105 5192	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:51:55.0144 5192	fdc - ok
22:51:55.0160 5192	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:51:55.0215 5192	fdPHost - ok
22:51:55.0233 5192	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:51:55.0284 5192	FDResPub - ok
22:51:55.0328 5192	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:51:55.0350 5192	FileInfo - ok
22:51:55.0363 5192	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:51:55.0406 5192	Filetrace - ok
22:51:55.0421 5192	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:51:55.0442 5192	flpydisk - ok
22:51:55.0476 5192	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:51:55.0502 5192	FltMgr - ok
22:51:55.0570 5192	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:51:55.0630 5192	FontCache - ok
22:51:55.0727 5192	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:51:55.0745 5192	FontCache3.0.0.0 - ok
22:51:55.0763 5192	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:51:55.0774 5192	FsDepends - ok
22:51:55.0809 5192	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
22:51:55.0819 5192	Fs_Rec - ok
22:51:55.0863 5192	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:51:55.0894 5192	fvevol - ok
22:51:55.0921 5192	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:51:55.0942 5192	gagp30kx - ok
22:51:55.0973 5192	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:51:55.0989 5192	GEARAspiWDM - ok
22:51:56.0040 5192	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:51:56.0108 5192	gpsvc - ok
22:51:56.0225 5192	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:51:56.0244 5192	gupdate - ok
22:51:56.0262 5192	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:51:56.0280 5192	gupdatem - ok
22:51:56.0312 5192	gusvc           (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:51:56.0332 5192	gusvc - ok
22:51:56.0353 5192	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:51:56.0403 5192	hcw85cir - ok
22:51:56.0436 5192	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:51:56.0473 5192	HDAudBus - ok
22:51:56.0488 5192	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:51:56.0522 5192	HidBatt - ok
22:51:56.0547 5192	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:51:56.0579 5192	HidBth - ok
22:51:56.0603 5192	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:51:56.0638 5192	HidIr - ok
22:51:56.0662 5192	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
22:51:56.0717 5192	hidserv - ok
22:51:56.0751 5192	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
22:51:56.0771 5192	HidUsb - ok
22:51:56.0813 5192	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:51:56.0868 5192	hkmsvc - ok
22:51:56.0908 5192	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:51:56.0955 5192	HomeGroupListener - ok
22:51:56.0987 5192	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:51:57.0012 5192	HomeGroupProvider - ok
22:51:57.0113 5192	hpqcxs08        (97aac45a375168c6a2297beeb9692e31) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:51:57.0146 5192	hpqcxs08 - ok
22:51:57.0169 5192	hpqddsvc        (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:51:57.0186 5192	hpqddsvc - ok
22:51:57.0205 5192	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:51:57.0216 5192	HpSAMD - ok
22:51:57.0268 5192	HPSLPSVC        (56fc98f1014ea8dc51b92839c32759ec) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:51:57.0293 5192	HPSLPSVC - ok
22:51:57.0363 5192	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:51:57.0411 5192	HTTP - ok
22:51:57.0437 5192	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:51:57.0448 5192	hwpolicy - ok
22:51:57.0462 5192	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:51:57.0496 5192	i8042prt - ok
22:51:57.0532 5192	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:51:57.0557 5192	iaStorV - ok
22:51:57.0685 5192	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:51:57.0735 5192	idsvc - ok
22:51:57.0786 5192	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:51:57.0807 5192	iirsp - ok
22:51:57.0876 5192	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:51:57.0942 5192	IKEEXT - ok
22:51:58.0097 5192	IntcAzAudAddService (fd1d5f1609126831f49d6cfbb61f9ddd) C:\Windows\system32\drivers\RTKVHDA.sys
22:51:58.0164 5192	IntcAzAudAddService - ok
22:51:58.0285 5192	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:51:58.0305 5192	intelide - ok
22:51:58.0339 5192	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:51:58.0370 5192	intelppm - ok
22:51:58.0399 5192	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:51:58.0463 5192	IPBusEnum - ok
22:51:58.0482 5192	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:51:58.0525 5192	IpFilterDriver - ok
22:51:58.0573 5192	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:51:58.0615 5192	iphlpsvc - ok
22:51:58.0639 5192	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:51:58.0675 5192	IPMIDRV - ok
22:51:58.0694 5192	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:51:58.0757 5192	IPNAT - ok
22:51:58.0907 5192	iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
22:51:58.0940 5192	iPod Service - ok
22:51:58.0965 5192	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:51:58.0979 5192	IRENUM - ok
22:51:58.0993 5192	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:51:59.0004 5192	isapnp - ok
22:51:59.0033 5192	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:51:59.0047 5192	iScsiPrt - ok
22:51:59.0068 5192	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
22:51:59.0079 5192	kbdclass - ok
22:51:59.0096 5192	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
22:51:59.0119 5192	kbdhid - ok
22:51:59.0145 5192	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:51:59.0156 5192	KeyIso - ok
22:51:59.0191 5192	KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
22:51:59.0202 5192	KSecDD - ok
22:51:59.0243 5192	KSecPkg         (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
22:51:59.0266 5192	KSecPkg - ok
22:51:59.0302 5192	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:51:59.0341 5192	KtmRm - ok
22:51:59.0375 5192	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
22:51:59.0427 5192	LanmanServer - ok
22:51:59.0463 5192	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
22:51:59.0500 5192	LanmanWorkstation - ok
22:51:59.0545 5192	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:51:59.0598 5192	lltdio - ok
22:51:59.0627 5192	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:51:59.0654 5192	lltdsvc - ok
22:51:59.0666 5192	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:51:59.0690 5192	lmhosts - ok
22:51:59.0716 5192	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:51:59.0727 5192	LSI_FC - ok
22:51:59.0750 5192	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:51:59.0762 5192	LSI_SAS - ok
22:51:59.0773 5192	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:51:59.0784 5192	LSI_SAS2 - ok
22:51:59.0803 5192	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:51:59.0815 5192	LSI_SCSI - ok
22:51:59.0845 5192	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:51:59.0870 5192	luafv - ok
22:51:59.0899 5192	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
22:51:59.0914 5192	MBAMProtector - ok
22:52:00.0006 5192	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:52:00.0040 5192	MBAMService - ok
22:52:00.0065 5192	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:52:00.0078 5192	Mcx2Svc - ok
22:52:00.0111 5192	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:52:00.0132 5192	megasas - ok
22:52:00.0160 5192	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:52:00.0174 5192	MegaSR - ok
22:52:00.0208 5192	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:52:00.0258 5192	MMCSS - ok
22:52:00.0278 5192	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:52:00.0340 5192	Modem - ok
22:52:00.0362 5192	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:52:00.0393 5192	monitor - ok
22:52:00.0421 5192	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
22:52:00.0443 5192	mouclass - ok
22:52:00.0464 5192	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:52:00.0483 5192	mouhid - ok
22:52:00.0526 5192	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:52:00.0548 5192	mountmgr - ok
22:52:00.0577 5192	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:52:00.0589 5192	mpio - ok
22:52:00.0612 5192	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:52:00.0653 5192	mpsdrv - ok
22:52:00.0716 5192	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
22:52:00.0788 5192	MpsSvc - ok
22:52:00.0823 5192	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:52:00.0850 5192	MRxDAV - ok
22:52:00.0888 5192	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:52:00.0937 5192	mrxsmb - ok
22:52:00.0974 5192	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:52:01.0011 5192	mrxsmb10 - ok
22:52:01.0031 5192	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:52:01.0059 5192	mrxsmb20 - ok
22:52:01.0077 5192	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:52:01.0098 5192	msahci - ok
22:52:01.0126 5192	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:52:01.0149 5192	msdsm - ok
22:52:01.0180 5192	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:52:01.0215 5192	MSDTC - ok
22:52:01.0238 5192	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:52:01.0279 5192	Msfs - ok
22:52:01.0296 5192	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:52:01.0320 5192	mshidkmdf - ok
22:52:01.0337 5192	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:52:01.0348 5192	msisadrv - ok
22:52:01.0382 5192	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:52:01.0406 5192	MSiSCSI - ok
22:52:01.0411 5192	msiserver - ok
22:52:01.0436 5192	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:52:01.0489 5192	MSKSSRV - ok
22:52:01.0509 5192	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:52:01.0555 5192	MSPCLOCK - ok
22:52:01.0574 5192	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:52:01.0608 5192	MSPQM - ok
22:52:01.0631 5192	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:52:01.0655 5192	MsRPC - ok
22:52:01.0674 5192	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:52:01.0685 5192	mssmbios - ok
22:52:01.0690 5192	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:52:01.0714 5192	MSTEE - ok
22:52:01.0735 5192	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:52:01.0753 5192	MTConfig - ok
22:52:01.0774 5192	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:52:01.0795 5192	Mup - ok
22:52:01.0837 5192	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
22:52:01.0882 5192	napagent - ok
22:52:01.0920 5192	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:52:01.0961 5192	NativeWifiP - ok
22:52:02.0018 5192	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:52:02.0056 5192	NDIS - ok
22:52:02.0072 5192	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:52:02.0123 5192	NdisCap - ok
22:52:02.0147 5192	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:52:02.0181 5192	NdisTapi - ok
22:52:02.0205 5192	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:52:02.0231 5192	Ndisuio - ok
22:52:02.0261 5192	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:52:02.0321 5192	NdisWan - ok
22:52:02.0347 5192	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:52:02.0408 5192	NDProxy - ok
22:52:02.0465 5192	Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
22:52:02.0491 5192	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:52:02.0491 5192	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:52:02.0528 5192	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:52:02.0593 5192	NetBIOS - ok
22:52:02.0629 5192	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:52:02.0684 5192	NetBT - ok
22:52:02.0711 5192	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:52:02.0732 5192	Netlogon - ok
22:52:02.0789 5192	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:52:02.0845 5192	Netman - ok
22:52:02.0891 5192	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:52:02.0935 5192	netprofm - ok
22:52:02.0990 5192	netr28u         (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
22:52:03.0021 5192	netr28u - ok
22:52:03.0111 5192	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:52:03.0135 5192	NetTcpPortSharing - ok
22:52:03.0187 5192	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:52:03.0209 5192	nfrd960 - ok
22:52:03.0254 5192	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
22:52:03.0346 5192	NlaSvc - ok
22:52:03.0361 5192	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:52:03.0434 5192	Npfs - ok
22:52:03.0458 5192	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:52:03.0499 5192	nsi - ok
22:52:03.0515 5192	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:52:03.0562 5192	nsiproxy - ok
22:52:03.0660 5192	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:52:03.0714 5192	Ntfs - ok
22:52:03.0724 5192	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:52:03.0748 5192	Null - ok
22:52:03.0784 5192	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:52:03.0796 5192	nvraid - ok
22:52:03.0812 5192	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:52:03.0824 5192	nvstor - ok
22:52:03.0846 5192	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:52:03.0858 5192	nv_agp - ok
22:52:03.0965 5192	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:52:04.0005 5192	odserv - ok
22:52:04.0023 5192	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:52:04.0060 5192	ohci1394 - ok
22:52:04.0125 5192	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:52:04.0145 5192	ose - ok
22:52:04.0186 5192	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:52:04.0238 5192	p2pimsvc - ok
22:52:04.0292 5192	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:52:04.0335 5192	p2psvc - ok
22:52:04.0359 5192	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:52:04.0396 5192	Parport - ok
22:52:04.0423 5192	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
22:52:04.0445 5192	partmgr - ok
22:52:04.0464 5192	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:52:04.0498 5192	Parvdm - ok
22:52:04.0540 5192	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:52:04.0570 5192	PcaSvc - ok
22:52:04.0581 5192	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:52:04.0604 5192	pci - ok
22:52:04.0619 5192	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:52:04.0630 5192	pciide - ok
22:52:04.0656 5192	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:52:04.0669 5192	pcmcia - ok
22:52:04.0691 5192	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:52:04.0702 5192	pcw - ok
22:52:04.0739 5192	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:52:04.0780 5192	PEAUTH - ok
22:52:04.0894 5192	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
22:52:04.0970 5192	pla - ok
22:52:05.0091 5192	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
22:52:05.0140 5192	PlugPlay - ok
22:52:05.0192 5192	Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
22:52:05.0216 5192	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:52:05.0216 5192	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:52:05.0248 5192	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:52:05.0280 5192	PNRPAutoReg - ok
22:52:05.0310 5192	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:52:05.0336 5192	PNRPsvc - ok
22:52:05.0370 5192	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
22:52:05.0423 5192	PolicyAgent - ok
22:52:05.0459 5192	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
22:52:05.0485 5192	Power - ok
22:52:05.0548 5192	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:52:05.0601 5192	PptpMiniport - ok
22:52:05.0628 5192	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:52:05.0659 5192	Processor - ok
22:52:05.0713 5192	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
22:52:05.0755 5192	ProfSvc - ok
22:52:05.0779 5192	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:52:05.0800 5192	ProtectedStorage - ok
22:52:05.0828 5192	ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
22:52:05.0840 5192	ProtexisLicensing - ok
22:52:05.0878 5192	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:52:05.0922 5192	Psched - ok
22:52:06.0012 5192	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:52:06.0080 5192	ql2300 - ok
22:52:06.0170 5192	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:52:06.0192 5192	ql40xx - ok
22:52:06.0232 5192	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:52:06.0259 5192	QWAVE - ok
22:52:06.0273 5192	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:52:06.0286 5192	QWAVEdrv - ok
22:52:06.0343 5192	RapiMgr         (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
22:52:06.0366 5192	RapiMgr - ok
22:52:06.0379 5192	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:52:06.0411 5192	RasAcd - ok
22:52:06.0463 5192	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:52:06.0504 5192	RasAgileVpn - ok
22:52:06.0524 5192	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:52:06.0550 5192	RasAuto - ok
22:52:06.0570 5192	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:52:06.0624 5192	Rasl2tp - ok
22:52:06.0675 5192	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
22:52:06.0720 5192	RasMan - ok
22:52:06.0746 5192	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:52:06.0801 5192	RasPppoe - ok
22:52:06.0824 5192	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:52:06.0855 5192	RasSstp - ok
22:52:06.0892 5192	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:52:06.0946 5192	rdbss - ok
22:52:06.0960 5192	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:52:06.0973 5192	rdpbus - ok
22:52:07.0000 5192	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:52:07.0055 5192	RDPCDD - ok
22:52:07.0075 5192	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:52:07.0106 5192	RDPENCDD - ok
22:52:07.0123 5192	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:52:07.0155 5192	RDPREFMP - ok
22:52:07.0191 5192	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
22:52:07.0238 5192	RDPWD - ok
22:52:07.0284 5192	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:52:07.0307 5192	rdyboost - ok
22:52:07.0343 5192	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:52:07.0394 5192	RemoteAccess - ok
22:52:07.0428 5192	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:52:07.0490 5192	RemoteRegistry - ok
22:52:07.0517 5192	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:52:07.0556 5192	RpcEptMapper - ok
22:52:07.0588 5192	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:52:07.0600 5192	RpcLocator - ok
22:52:07.0643 5192	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
22:52:07.0681 5192	RpcSs - ok
22:52:07.0690 5192	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:52:07.0716 5192	rspndr - ok
22:52:07.0763 5192	RTHDMIAzAudService (72a5515a2031d458dd38e9336594184b) C:\Windows\system32\drivers\RtHDMIV.sys
22:52:07.0787 5192	RTHDMIAzAudService - ok
22:52:07.0836 5192	RTL8167         (e099d23ee1bbce0cf5745f811f3b1882) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:52:07.0868 5192	RTL8167 - ok
22:52:07.0910 5192	RTL8169         (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:52:07.0981 5192	RTL8169 - ok
22:52:08.0001 5192	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:52:08.0012 5192	SamSs - ok
22:52:08.0073 5192	SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:52:08.0090 5192	SASDIFSV - ok
22:52:08.0119 5192	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:52:08.0139 5192	SASKUTIL - ok
22:52:08.0177 5192	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:52:08.0199 5192	sbp2port - ok
22:52:08.0240 5192	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:52:08.0276 5192	SCardSvr - ok
22:52:08.0300 5192	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:52:08.0338 5192	scfilter - ok
22:52:08.0405 5192	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
22:52:08.0455 5192	Schedule - ok
22:52:08.0483 5192	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:52:08.0506 5192	SCPolicySvc - ok
22:52:08.0539 5192	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
22:52:08.0589 5192	SDRSVC - ok
22:52:08.0682 5192	SeaPort         (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
22:52:08.0708 5192	SeaPort - ok
22:52:08.0753 5192	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:52:08.0806 5192	secdrv - ok
22:52:08.0829 5192	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:52:08.0873 5192	seclogon - ok
22:52:08.0908 5192	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
22:52:08.0960 5192	SENS - ok
22:52:08.0977 5192	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:52:09.0021 5192	SensrSvc - ok
22:52:09.0044 5192	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:52:09.0073 5192	Serenum - ok
22:52:09.0096 5192	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:52:09.0128 5192	Serial - ok
22:52:09.0153 5192	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:52:09.0173 5192	sermouse - ok
22:52:09.0225 5192	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
22:52:09.0264 5192	SessionEnv - ok
22:52:09.0284 5192	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:52:09.0320 5192	sffdisk - ok
22:52:09.0325 5192	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:52:09.0353 5192	sffp_mmc - ok
22:52:09.0374 5192	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:52:09.0397 5192	sffp_sd - ok
22:52:09.0409 5192	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:52:09.0427 5192	sfloppy - ok
22:52:09.0486 5192	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:52:09.0546 5192	SharedAccess - ok
22:52:09.0596 5192	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
22:52:09.0653 5192	ShellHWDetection - ok
22:52:09.0686 5192	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:52:09.0706 5192	sisagp - ok
22:52:09.0727 5192	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:52:09.0738 5192	SiSRaid2 - ok
22:52:09.0760 5192	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:52:09.0772 5192	SiSRaid4 - ok
22:52:09.0804 5192	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:52:09.0829 5192	Smb - ok
22:52:09.0890 5192	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:52:09.0913 5192	SNMPTRAP - ok
22:52:09.0921 5192	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:52:09.0932 5192	spldr - ok
22:52:09.0982 5192	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
22:52:10.0040 5192	Spooler - ok
22:52:10.0242 5192	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
22:52:10.0303 5192	sppsvc - ok
22:52:10.0409 5192	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
22:52:10.0473 5192	sppuinotify - ok
22:52:10.0537 5192	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:52:10.0587 5192	srv - ok
22:52:10.0621 5192	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:52:10.0660 5192	srv2 - ok
22:52:10.0687 5192	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:52:10.0707 5192	srvnet - ok
22:52:10.0744 5192	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:52:10.0795 5192	SSDPSRV - ok
22:52:10.0836 5192	SSHDRV76        (ef3504dd32e2ea222be0cbc9a0895f89) C:\Windows\system32\drivers\SSHDRV76.sys
22:52:10.0841 5192	SSHDRV76 ( UnsignedFile.Multi.Generic ) - warning
22:52:10.0841 5192	SSHDRV76 - detected UnsignedFile.Multi.Generic (1)
22:52:10.0876 5192	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:52:10.0892 5192	ssmdrv - ok
22:52:10.0909 5192	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:52:10.0946 5192	SstpSvc - ok
22:52:10.0968 5192	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:52:10.0979 5192	stexstor - ok
22:52:11.0037 5192	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
22:52:11.0075 5192	StiSvc - ok
22:52:11.0098 5192	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:52:11.0109 5192	swenum - ok
22:52:11.0138 5192	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:52:11.0168 5192	swprv - ok
22:52:11.0258 5192	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:52:11.0289 5192	SysMain - ok
22:52:11.0325 5192	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:52:11.0371 5192	TabletInputService - ok
22:52:11.0465 5192	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:52:11.0510 5192	TapiSrv - ok
22:52:11.0528 5192	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:52:11.0574 5192	TBS - ok
22:52:11.0693 5192	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
22:52:11.0732 5192	Tcpip - ok
22:52:11.0752 5192	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
22:52:11.0782 5192	TCPIP6 - ok
22:52:11.0817 5192	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:52:11.0867 5192	tcpipreg - ok
22:52:11.0897 5192	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:52:11.0941 5192	TDPIPE - ok
22:52:11.0972 5192	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:52:12.0003 5192	TDTCP - ok
22:52:12.0027 5192	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:52:12.0070 5192	tdx - ok
22:52:12.0097 5192	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:52:12.0109 5192	TermDD - ok
22:52:12.0167 5192	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:52:12.0209 5192	TermService - ok
22:52:12.0227 5192	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:52:12.0284 5192	Themes - ok
22:52:12.0320 5192	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:52:12.0356 5192	THREADORDER - ok
22:52:12.0393 5192	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:52:12.0431 5192	TrkWks - ok
22:52:12.0493 5192	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:52:12.0551 5192	TrustedInstaller - ok
22:52:12.0578 5192	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:52:12.0622 5192	tssecsrv - ok
22:52:12.0664 5192	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:52:12.0697 5192	TsUsbFlt - ok
22:52:12.0746 5192	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:52:12.0801 5192	tunnel - ok
22:52:12.0825 5192	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:52:12.0836 5192	uagp35 - ok
22:52:12.0873 5192	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:52:12.0910 5192	udfs - ok
22:52:12.0935 5192	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:52:12.0960 5192	UI0Detect - ok
22:52:12.0998 5192	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:52:13.0010 5192	uliagpkx - ok
22:52:13.0035 5192	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:52:13.0047 5192	umbus - ok
22:52:13.0069 5192	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:52:13.0100 5192	UmPass - ok
22:52:13.0132 5192	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:52:13.0190 5192	upnphost - ok
22:52:13.0246 5192	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
22:52:13.0269 5192	USBAAPL - ok
22:52:13.0287 5192	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:52:13.0339 5192	usbccgp - ok
22:52:13.0369 5192	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:52:13.0406 5192	usbcir - ok
22:52:13.0427 5192	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:52:13.0446 5192	usbehci - ok
22:52:13.0480 5192	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:52:13.0531 5192	usbhub - ok
22:52:13.0546 5192	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
22:52:13.0580 5192	usbohci - ok
22:52:13.0624 5192	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:52:13.0647 5192	usbprint - ok
22:52:13.0700 5192	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
22:52:13.0738 5192	usbscan - ok
22:52:13.0761 5192	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:52:13.0809 5192	USBSTOR - ok
22:52:13.0820 5192	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
22:52:13.0839 5192	usbuhci - ok
22:52:13.0876 5192	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:52:13.0929 5192	UxSms - ok
22:52:13.0957 5192	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:52:13.0977 5192	VaultSvc - ok
22:52:13.0992 5192	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:52:14.0004 5192	vdrvroot - ok
22:52:14.0056 5192	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:52:14.0109 5192	vds - ok
22:52:14.0136 5192	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:52:14.0148 5192	vga - ok
22:52:14.0167 5192	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:52:14.0192 5192	VgaSave - ok
22:52:14.0215 5192	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:52:14.0227 5192	vhdmp - ok
22:52:14.0250 5192	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:52:14.0262 5192	viaagp - ok
22:52:14.0272 5192	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:52:14.0283 5192	ViaC7 - ok
22:52:14.0299 5192	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:52:14.0309 5192	viaide - ok
22:52:14.0328 5192	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:52:14.0339 5192	volmgr - ok
22:52:14.0360 5192	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:52:14.0375 5192	volmgrx - ok
22:52:14.0397 5192	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:52:14.0410 5192	volsnap - ok
22:52:14.0452 5192	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:52:14.0477 5192	vsmraid - ok
22:52:14.0558 5192	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:52:14.0607 5192	VSS - ok
22:52:14.0631 5192	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:52:14.0655 5192	vwifibus - ok
22:52:14.0679 5192	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:52:14.0693 5192	vwififlt - ok
22:52:14.0710 5192	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
22:52:14.0723 5192	vwifimp - ok
22:52:14.0762 5192	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:52:14.0799 5192	W32Time - ok
22:52:14.0826 5192	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:52:14.0854 5192	WacomPen - ok
22:52:14.0896 5192	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:52:14.0951 5192	WANARP - ok
22:52:14.0956 5192	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:52:14.0979 5192	Wanarpv6 - ok
22:52:15.0099 5192	WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:52:15.0133 5192	WatAdminSvc - ok
22:52:15.0210 5192	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:52:15.0277 5192	wbengine - ok
22:52:15.0301 5192	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:52:15.0344 5192	WbioSrvc - ok
22:52:15.0437 5192	WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
22:52:15.0465 5192	WcesComm - ok
22:52:15.0510 5192	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:52:15.0562 5192	wcncsvc - ok
22:52:15.0584 5192	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:52:15.0643 5192	WcsPlugInService - ok
22:52:15.0706 5192	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:52:15.0726 5192	Wd - ok
22:52:15.0762 5192	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:52:15.0779 5192	Wdf01000 - ok
22:52:15.0795 5192	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:52:15.0856 5192	WdiServiceHost - ok
22:52:15.0861 5192	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:52:15.0876 5192	WdiSystemHost - ok
22:52:15.0908 5192	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:52:15.0926 5192	WebClient - ok
22:52:15.0946 5192	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:52:15.0973 5192	Wecsvc - ok
22:52:15.0985 5192	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:52:16.0010 5192	wercplsupport - ok
22:52:16.0037 5192	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:52:16.0063 5192	WerSvc - ok
22:52:16.0088 5192	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:52:16.0113 5192	WfpLwf - ok
22:52:16.0127 5192	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:52:16.0137 5192	WIMMount - ok
22:52:16.0243 5192	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:52:16.0283 5192	WinDefend - ok
22:52:16.0291 5192	WinHttpAutoProxySvc - ok
22:52:16.0353 5192	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:52:16.0404 5192	Winmgmt - ok
22:52:16.0485 5192	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:52:16.0583 5192	WinRM - ok
22:52:16.0675 5192	WINUSB          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.SYS
22:52:16.0716 5192	WINUSB - ok
22:52:16.0787 5192	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:52:16.0844 5192	Wlansvc - ok
22:52:16.0993 5192	wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:52:17.0039 5192	wlidsvc - ok
22:52:17.0131 5192	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:52:17.0151 5192	WmiAcpi - ok
22:52:17.0213 5192	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:52:17.0252 5192	wmiApSrv - ok
22:52:17.0372 5192	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:52:17.0425 5192	WMPNetworkSvc - ok
22:52:17.0454 5192	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:52:17.0500 5192	WPCSvc - ok
22:52:17.0527 5192	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:52:17.0571 5192	WPDBusEnum - ok
22:52:17.0606 5192	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:52:17.0660 5192	ws2ifsl - ok
22:52:17.0684 5192	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
22:52:17.0725 5192	wscsvc - ok
22:52:17.0730 5192	WSearch - ok
22:52:17.0863 5192	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
22:52:17.0905 5192	wuauserv - ok
22:52:18.0012 5192	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:52:18.0051 5192	WudfPf - ok
22:52:18.0098 5192	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:52:18.0122 5192	WUDFRd - ok
22:52:18.0174 5192	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:52:18.0208 5192	wudfsvc - ok
22:52:18.0253 5192	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:52:18.0310 5192	WwanSvc - ok
22:52:18.0362 5192	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:52:18.0669 5192	\Device\Harddisk0\DR0 - ok
22:52:18.0674 5192	Boot (0x1200)   (6f15c00de9200e707c72a926292b01fa) \Device\Harddisk0\DR0\Partition0
22:52:18.0676 5192	\Device\Harddisk0\DR0\Partition0 - ok
22:52:18.0693 5192	Boot (0x1200)   (149dfd75a77a0e00c31bd7c48f0646d6) \Device\Harddisk0\DR0\Partition1
22:52:18.0694 5192	\Device\Harddisk0\DR0\Partition1 - ok
22:52:18.0694 5192	============================================================
22:52:18.0694 5192	Scan finished
22:52:18.0694 5192	============================================================
22:52:18.0708 1252	Detected object count: 3
22:52:18.0708 1252	Actual detected object count: 3
22:52:40.0000 1252	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:40.0000 1252	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:52:40.0003 1252	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:40.0003 1252	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:52:40.0005 1252	SSHDRV76 ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:40.0005 1252	SSHDRV76 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 13.07.2012, 12:40

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Blicknix · 13.07.2012, 16:40

Hey there,

hier das Ergebnis

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-07-13.02 - JC Müller 13.07.2012  17:09:08.2.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3326.2257 [GMT 2:00]
ausgeführt von:: c:\users\JC M³ller\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-13 bis 2012-07-13  ))))))))))))))))))))))))))))))
.
.
2012-07-13 15:17 . 2012-07-13 15:17	--------	d-----w-	c:\users\JC Müller\AppData\Local\temp
2012-07-13 15:17 . 2012-07-13 15:17	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-07-13 15:17 . 2012-07-13 15:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-13 15:17 . 2012-07-13 15:17	--------	d-----w-	c:\users\Claudia\AppData\Local\temp
2012-07-13 15:12 . 2012-07-13 15:12	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{69DC36BC-2522-4319-8587-BF8413D5B1C5}\offreg.dll
2012-07-13 14:47 . 2012-05-31 03:41	6762896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{69DC36BC-2522-4319-8587-BF8413D5B1C5}\mpengine.dll
2012-07-11 22:08 . 2012-06-02 09:08	140920	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-07-11 22:08 . 2012-06-02 08:22	194560	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2012-07-11 22:08 . 2012-06-02 08:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-07-11 22:08 . 2012-06-02 08:25	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-07-11 22:08 . 2012-06-02 08:21	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2012-07-11 22:08 . 2012-06-02 08:20	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-07-11 22:07 . 2012-06-02 09:08	748664	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2012-07-11 22:07 . 2012-06-02 08:33	1800192	----a-w-	c:\windows\system32\jscript9.dll
2012-07-11 22:07 . 2012-06-02 08:26	387584	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2012-07-11 22:07 . 2012-06-02 08:27	678912	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-07-11 22:07 . 2012-06-02 08:25	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-07-11 22:06 . 2012-06-12 02:40	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-05 17:59 . 2012-07-05 17:59	--------	d-----w-	c:\program files\ESET
2012-07-04 19:31 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-04 18:47 . 2012-07-04 18:47	--------	d-----w-	c:\users\Claudia\AppData\Local\AAV
2012-06-18 21:22 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-18 21:22 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-18 21:22 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-18 21:22 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-18 21:22 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-18 21:22 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-18 21:22 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-18 21:22 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-18 21:22 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-14 20:57 . 2012-04-28 03:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-14 20:57 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\system32\msi.dll
2012-06-14 20:57 . 2012-04-26 04:45	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-14 20:57 . 2012-04-26 04:45	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-14 20:57 . 2012-04-26 04:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-14 20:57 . 2012-05-01 04:44	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-06-14 20:57 . 2012-04-24 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-14 20:57 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-06-14 20:57 . 2012-04-24 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 17:49 . 2009-03-19 15:08	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-05-31 17:49 . 2009-03-19 15:08	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-05-14 20:32 . 2012-02-09 17:05	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-14 20:32 . 2012-02-09 17:05	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-05-16 19:34 . 2011-05-16 19:34	1110476	----a-w-	c:\program files\7z920.exe
2012-03-25 19:18 . 2011-05-13 13:35	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-05-31 296056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\JC Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ctfmon.lnk - c:\windows\System32\rundll32.exe [2009-7-14 44544]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-02 19:48]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:40]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - 
FF - ProfilePath - c:\users\JC Müller\AppData\Roaming\Mozilla\Firefox\Profiles\uih78sgk.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.web.de/br/ff3_startpage
FF - prefs.js: keyword.URL - hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=br_urlbar_ff&su=
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-13  17:25:04
ComboFix-quarantined-files.txt  2012-07-13 15:25
ComboFix2.txt  2011-05-17 19:34
.
Vor Suchlauf: 16 Verzeichnis(se), 491.370.475.520 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 491.298.775.040 Bytes frei
.
- - End Of File - - EA5A15A1DB997F9B0B47673C565CDFEC

--- --- ---

cosinus · 13.07.2012, 21:23

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Blicknix · 13.07.2012, 23:00

Guten Abend,
also GMER mag mich nicht, hab ich gelassen nachdem der Rechner abgestürzt war.
Aber OSAM war besser. Hier der LOG

Code:

ATTFilter

OSAM Logfile:

	Code: 

 ATTFilter

  
	Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:54:55 on 13.07.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Google Inc. Google Chrome 20.0.1132.57

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\JCMLLE~1\AppData\Local\Temp\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"SSHDRV76" (SSHDRV76) - ? - C:\Windows\system32\drivers\SSHDRV76.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{8FAF0273-9CA8-4efc-9536-1E35E254D5CD} "WEB.DE NewTab Protocol" - ? - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll  (File not found)
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\JC Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"MobileDocuments" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"BJ Language Monitor3_2" - "CANON INC." - C:\Windows\system32\CNBLM3_2.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Redmon" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und mit aswMBR bin ich nun auch soweit:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-13 23:37:02
-----------------------------
23:37:02.919    OS Version: Windows 6.1.7601 Service Pack 1
23:37:02.919    Number of processors: 4 586 0x203
23:37:02.919    ComputerName: PCGELLERTSTR  UserName: JC Müller
23:37:04.167    Initialize success
23:37:13.152    AVAST engine defs: 12071301
23:37:19.611    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:37:19.626    Disk 0 Vendor: WDC_WD6400AACS-00G8B1 05.04C05 Size: 610480MB BusType: 11
23:37:19.642    Disk 0 MBR read successfully
23:37:19.658    Disk 0 MBR scan
23:37:19.658    Disk 0 Windows 7 default MBR code
23:37:19.673    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       589994 MB offset 2048
23:37:19.689    Disk 0 Partition - 00     0F Extended LBA             20481 MB offset 1208312847
23:37:19.720    Disk 0 Partition 2 00     0B        FAT32 MSDOS5.0    20481 MB offset 1208312910
23:37:19.736    Disk 0 scanning sectors +1250258625
23:37:19.814    Disk 0 scanning C:\Windows\system32\drivers
23:37:32.340    Service scanning
23:37:52.121    Modules scanning
23:38:12.075    Disk 0 trace - called modules:
23:38:12.621    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 
23:38:12.636    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fa7650]
23:38:12.652    3 CLASSPNP.SYS[843aa59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86f9d030]
23:38:14.103    AVAST engine scan C:\Windows
23:38:22.356    AVAST engine scan C:\Windows\system32
23:41:51.570    AVAST engine scan C:\Windows\system32\drivers
23:42:04.549    AVAST engine scan C:\Users\JC Müller
23:56:33.274    AVAST engine scan C:\ProgramData
23:57:42.491    Scan finished successfully
23:58:32.739    Disk 0 MBR has been saved successfully to "C:\Users\JC Müller\Desktop\MBR.dat"
23:58:32.739    The log file has been saved successfully to "C:\Users\JC Müller\Desktop\aswMBR.txt"

cosinus · 14.07.2012, 13:09

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Blicknix · 17.07.2012, 04:55

Guten Morgen

hier beide Logs:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/16/2012 at 11:24 PM

Application Version : 4.52.1000

Core Rules Database Version : 7167
Trace Rules Database Version: 4979

Scan type       : Complete Scan
Total Scan Time : 01:45:01

Memory items scanned      : 796
Memory threats detected   : 0
Registry items scanned    : 10455
Registry threats detected : 0
File items scanned        : 152267
File threats detected     : 3

Adware.Tracking Cookie
	C:\Users\JC Müller\AppData\Roaming\Microsoft\Windows\Cookies\D2PWBNLN.txt
	C:\Users\JC Müller\AppData\Roaming\Microsoft\Windows\Cookies\jc_müller@doubleclick[1].txt

Trojan.Dropper/SVCHost-Fake
	C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\CHAMELEON\SVCHOST.EXE

und

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
JC Müller :: PCGELLERTSTR [Administrator]

Schutz: Aktiviert

16.07.2012 18:16:57
mbam-log-2012-07-16 (18-16-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377660
Laufzeit: 1 Stunde(n), 27 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Bin gespannt was Du sagts!?

cosinus · 17.07.2012, 14:37

Sieht ok aus, da wurden nur Cookies gefunden. Der andere Fund bei SUPERAntiSpyware ist ein Fehlalarm.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Blicknix · 17.07.2012, 19:32

Hallo Arne,

vielen Dank für die so erfreuliche Nachricht.
Und danke für Deine tolle Arbeit!

Eine letzte Frage habe ich noch: Beim starten des Rechners erscheint immernoch die Mitteilung "Problem beim Starten von C:\user\JCMLLE~1\AppData\Local\Temp\O_On_l.exe das angegebene Modul wurde nicht gefunden".

Was hat es damit auf sich? Wurde die Datei evtl. in eine Quarantäne verschoben weil Trojaner? Oder ist es womöglich ein Fehlalarm o.ä.

Freue mich über Info!
Und nochmals vielen Dank!

cosinus · 18.07.2012, 15:51

Ist nur ein verwaister Autostart-Eintrag, den solltest du über msconfig deaktivieren können

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Blicknix · 19.07.2012, 17:13

Hallo Arne,
nochmals besten Dank! Meine Hochachtung für Deine und eure tolle Arbeit!!

Deine Hinweise werde ich gerne berücksichtigen und hoffe nicht so schnell wieder auf eure kompetente Hilfe angewiesen zu sein.

Schönen Sommer wünsche ich!

14.07.2012, 13:09	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizeitrojaner, Internetzugang gesperrt Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolizeitrojaner, Internetzugang gesperrt

Log-Analyse und Auswertung: Bundespolizeitrojaner, Internetzugang gesperrt