Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Adware Tracking Cookie und Security HiJack

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.10.2012, 17:48   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
O3 - HKU\S-1-5-21-3094054634-324839966-1081519958-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-3094054634-324839966-1081519958-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O32 - HKLM CDRom: AutoRun - 1
SafeBootMin:64bit: 47384861.sys - Driver
SafeBootMin:64bit: 90498078.sys - Driver
SafeBootMin: 47384861.sys - Driver
SafeBootMin: 90498078.sys - Driver
SafeBootNet:64bit: 47384861.sys - Driver
SafeBootNet:64bit: 90498078.sys - Driver
SafeBootNet: 47384861.sys - Driver
SafeBootNet: 90498078.sys - Driver
@Alternate Data Stream - 1066 bytes -> C:\Users\***\AppData\Local\q2bsBceWgFnU:ykvdxK6K31oFKnig7764yEl2VCz2
:Files
C:\Users\***\AppData\Local\q2bsBceWgFnU
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Alt 05.10.2012, 22:39   #17
Shizznut
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SafeBootMin 47384861.sys\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SafeBootMin 90498078.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47384861.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90498078.sys\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeBootNet 47384861.sys\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeBootNet 90498078.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47384861.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90498078.sys\ deleted successfully.
ADS C:\Users\*\AppData\Local\q2bsBceWgFnU:ykvdxK6K31oFKnig7764yEl2VCz2 deleted successfully.
========== FILES ==========
C:\Users\*\AppData\Local\q2bsBceWgFnU folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\*\Desktop\cmd.bat deleted successfully.
C:\Users\*\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: *
->Temp folder emptied: 17929496 bytes
->Temporary Internet Files folder emptied: 591067 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50333337 bytes
->Google Chrome cache emptied: 8049466 bytes
->Flash cache emptied: 506 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3237984 bytes
%systemroot%\System32 (64bit) .tmp files removed: 35648 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4272 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 375261 bytes
 
Total Files Cleaned = 77,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10052012_232554

Files\Folders moved on Reboot...
C:\Users\*\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\*\AppData\Local\Temp\SAS97B0.tmp moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
__________________


Alt 07.10.2012, 05:26   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Was hast du denn da schon mit dem TDSS-Killer gemacht? Hab ich das für diesen Rechner schon aufgegeben? Wo ist das Log?
__________________
__________________

Alt 07.10.2012, 13:34   #19
Shizznut
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Das war bevor ich das Thema eröffnet habe.
Hier das Log:
Code:
ATTFilter
16:48:55.0967 4848  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:48:55.0999 4848  ============================================================
16:48:55.0999 4848  Current date / time: 2012/09/25 16:48:55.0999
16:48:55.0999 4848  SystemInfo:
16:48:55.0999 4848  
16:48:55.0999 4848  OS Version: 6.1.7601 ServicePack: 1.0
16:48:55.0999 4848  Product type: Workstation
16:48:55.0999 4848  ComputerName:
16:48:55.0999 4848  UserName:
16:48:55.0999 4848  Windows directory: C:\Windows
16:48:55.0999 4848  System windows directory: C:\Windows
16:48:55.0999 4848  Running under WOW64
16:48:55.0999 4848  Processor architecture: Intel x64
16:48:55.0999 4848  Number of processors: 4
16:48:55.0999 4848  Page size: 0x1000
16:48:55.0999 4848  Boot type: Normal boot
16:48:55.0999 4848  ============================================================
16:48:56.0435 4848  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:48:56.0451 4848  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:49:04.0220 4848  ============================================================
16:49:04.0220 4848  \Device\Harddisk0\DR0:
16:49:04.0251 4848  MBR partitions:
16:49:04.0251 4848  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:49:04.0251 4848  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x25990000
16:49:04.0251 4848  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x259C2800, BlocksNum 0x4ED43800
16:49:04.0251 4848  \Device\Harddisk1\DR1:
16:49:04.0251 4848  MBR partitions:
16:49:04.0251 4848  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x322000, BlocksNum 0xC150A000
16:49:04.0251 4848  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC182C000, BlocksNum 0x275DC000
16:49:04.0251 4848  ============================================================
16:49:04.0298 4848  C: <-> \Device\Harddisk0\DR0\Partition2
16:49:04.0329 4848  D: <-> \Device\Harddisk0\DR0\Partition3
16:49:04.0360 4848  T: <-> \Device\Harddisk1\DR1\Partition2
16:49:04.0407 4848  I: <-> \Device\Harddisk1\DR1\Partition1
16:49:04.0407 4848  ============================================================
16:49:04.0407 4848  Initialize success
16:49:04.0407 4848  ============================================================
16:49:20.0912 4104  ============================================================
16:49:20.0912 4104  Scan started
16:49:20.0912 4104  Mode: Manual; SigCheck; TDLFS; 
16:49:20.0912 4104  ============================================================
16:49:21.0177 4104  ================ Scan system memory ========================
16:49:21.0177 4104  System memory - ok
16:49:21.0177 4104  ================ Scan services =============================
16:49:21.0411 4104  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:49:21.0505 4104  1394ohci - ok
16:49:21.0520 4104  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:49:21.0536 4104  ACPI - ok
16:49:21.0567 4104  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:49:21.0614 4104  AcpiPmi - Hok
16:49:21.0676 4104  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:49:21.0692 4104  AdobeARMservice - ok
16:49:21.0801 4104  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:49:21.0817 4104  AdobeFlashPlayerUpdateSvc - ok
16:49:21.0848 4104  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:49:21.0864 4104  adp94xx - ok
16:49:21.0910 4104  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:49:21.0957 4104  adpahci - ok
16:49:21.0957 4104  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:49:21.0973 4104  adpu320 - ok
16:49:22.0020 4104  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:49:22.0082 4104  AeLookupSvc - ok
16:49:22.0113 4104  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:49:22.0144 4104  AFD - ok
16:49:22.0176 4104  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:49:22.0191 4104  agp440 - ok
16:49:22.0207 4104  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:49:22.0254 4104  ALG - ok
16:49:22.0269 4104  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:49:22.0285 4104  aliide - ok
16:49:22.0316 4104  [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:49:22.0363 4104  AMD External Events Utility - ok
16:49:22.0363 4104  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:49:22.0378 4104  amdide - ok
16:49:22.0410 4104  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:49:22.0441 4104  AmdK8 - ok
16:49:22.0644 4104  [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:49:22.0909 4104  amdkmdag - ok
16:49:22.0940 4104  [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:49:22.0956 4104  amdkmdap - ok
16:49:23.0002 4104  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:49:23.0034 4104  AmdPPM - ok
16:49:23.0065 4104  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:49:23.0080 4104  amdsata - ok
16:49:23.0080 4104  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:49:23.0096 4104  amdsbs - ok
16:49:23.0112 4104  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:49:23.0127 4104  amdxata - ok
16:49:23.0143 4104  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:49:23.0190 4104  AppID - ok
16:49:23.0221 4104  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:49:23.0268 4104  AppIDSvc - ok
16:49:23.0283 4104  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:49:23.0330 4104  Appinfo - ok
16:49:23.0361 4104  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:49:23.0377 4104  arc - ok
16:49:23.0377 4104  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:49:23.0392 4104  arcsas - ok
16:49:23.0408 4104  [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
16:49:23.0424 4104  aswFsBlk - ok
16:49:23.0439 4104  [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
16:49:23.0455 4104  aswMonFlt - ok
16:49:23.0455 4104  [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
16:49:23.0470 4104  aswRdr - ok
16:49:23.0486 4104  [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
16:49:23.0533 4104  aswSnx - ok
16:49:23.0564 4104  [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
16:49:23.0580 4104  aswSP - ok
16:49:23.0595 4104  [ C3EC420451AC5300A22190AE38418FBA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
16:49:23.0611 4104  aswTdi - ok
16:49:23.0611 4104  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:49:23.0658 4104  AsyncMac - ok
16:49:23.0673 4104  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:49:23.0689 4104  atapi - ok
16:49:23.0720 4104  [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:49:23.0736 4104  AtiHDAudioService - ok
16:49:23.0907 4104  [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:49:24.0048 4104  atikmdag - ok
16:49:24.0063 4104  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:49:24.0141 4104  AudioEndpointBuilder - ok
16:49:24.0157 4104  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:49:24.0204 4104  AudioSrv - ok
16:49:24.0250 4104  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:49:24.0266 4104  avast! Antivirus - ok
16:49:24.0282 4104  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:49:24.0328 4104  AxInstSV - ok
16:49:24.0360 4104  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:49:24.0391 4104  b06bdrv - ok
16:49:24.0422 4104  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:49:24.0438 4104  b57nd60a - ok
16:49:24.0469 4104  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:49:24.0500 4104  BDESVC - ok
16:49:24.0531 4104  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:49:24.0594 4104  Beep - ok
16:49:24.0625 4104  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:49:24.0687 4104  BFE - ok
16:49:24.0734 4104  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:49:24.0828 4104  BITS - ok
16:49:24.0843 4104  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:49:24.0859 4104  blbdrive - ok
16:49:24.0937 4104  [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:49:24.0952 4104  Bonjour Service - ok
16:49:24.0984 4104  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:49:25.0015 4104  bowser - ok
16:49:25.0030 4104  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:49:25.0046 4104  BrFiltLo - ok
16:49:25.0062 4104  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:49:25.0093 4104  BrFiltUp - ok
16:49:25.0124 4104  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:49:25.0155 4104  Browser - ok
16:49:25.0171 4104  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:49:25.0218 4104  Brserid - ok
16:49:25.0218 4104  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:49:25.0233 4104  BrSerWdm - ok
16:49:25.0249 4104  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:49:25.0264 4104  BrUsbMdm - ok
16:49:25.0264 4104  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:49:25.0296 4104  BrUsbSer - ok
16:49:25.0296 4104  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:49:25.0327 4104  BTHMODEM - ok
16:49:25.0358 4104  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:49:25.0405 4104  bthserv - ok
16:49:25.0420 4104  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:49:25.0467 4104  cdfs - ok
16:49:25.0498 4104  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:49:25.0530 4104  cdrom - ok
16:49:25.0545 4104  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:49:25.0592 4104  CertPropSvc - ok
16:49:25.0686 4104  [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc    C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
16:49:25.0764 4104  CGVPNCliSrvc - ok
16:49:25.0795 4104  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:49:25.0826 4104  circlass - ok
16:49:25.0842 4104  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:49:25.0857 4104  CLFS - ok
16:49:25.0920 4104  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:49:25.0935 4104  clr_optimization_v2.0.50727_32 - ok
16:49:25.0951 4104  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:49:25.0966 4104  clr_optimization_v2.0.50727_64 - ok
16:49:26.0013 4104  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:49:26.0029 4104  clr_optimization_v4.0.30319_32 - ok
16:49:26.0060 4104  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:49:26.0076 4104  clr_optimization_v4.0.30319_64 - ok
16:49:26.0091 4104  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:49:26.0107 4104  CmBatt - ok
16:49:26.0122 4104  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:49:26.0138 4104  cmdide - ok
16:49:26.0169 4104  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:49:26.0200 4104  CNG - ok
16:49:26.0200 4104  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:49:26.0216 4104  Compbatt - ok
16:49:26.0232 4104  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:49:26.0263 4104  CompositeBus - ok
16:49:26.0263 4104  COMSysApp - ok
16:49:26.0278 4104  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:49:26.0294 4104  crcdisk - ok
16:49:26.0325 4104  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:49:26.0356 4104  CryptSvc - ok
16:49:26.0388 4104  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:49:26.0450 4104  DcomLaunch - ok
16:49:26.0481 4104  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:49:26.0544 4104  defragsvc - ok
16:49:26.0559 4104  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:49:26.0622 4104  DfsC - ok
16:49:26.0653 4104  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:49:26.0715 4104  Dhcp - ok
16:49:26.0731 4104  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:49:26.0793 4104  discache - ok
16:49:26.0809 4104  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:49:26.0809 4104  Disk - ok
16:49:26.0840 4104  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:49:26.0871 4104  Dnscache - ok
16:49:26.0902 4104  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:49:26.0934 4104  dot3svc - ok
16:49:26.0965 4104  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:49:27.0027 4104  DPS - ok
16:49:27.0027 4104  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:49:27.0058 4104  drmkaud - ok
16:49:27.0105 4104  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:49:27.0152 4104  DXGKrnl - ok
16:49:27.0183 4104  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:49:27.0230 4104  EapHost - ok
16:49:27.0308 4104  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:49:27.0402 4104  ebdrv - ok
16:49:27.0433 4104  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:49:27.0480 4104  EFS - ok
16:49:27.0526 4104  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:49:27.0558 4104  ehRecvr - ok
16:49:27.0573 4104  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:49:27.0620 4104  ehSched - ok
16:49:27.0651 4104  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:49:27.0682 4104  elxstor - ok
16:49:27.0714 4104  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:49:27.0745 4104  ErrDev - ok
16:49:27.0838 4104  esihdrv - ok
16:49:27.0870 4104  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:49:27.0932 4104  EventSystem - ok
16:49:27.0963 4104  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:49:28.0010 4104  exfat - ok
16:49:28.0010 4104  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:49:28.0057 4104  fastfat - ok
16:49:28.0104 4104  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:49:28.0135 4104  Fax - ok
16:49:28.0166 4104  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:49:28.0197 4104  fdc - ok
16:49:28.0213 4104  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:49:28.0260 4104  fdPHost - ok
16:49:28.0275 4104  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:49:28.0322 4104  FDResPub - ok
16:49:28.0322 4104  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:49:28.0338 4104  FileInfo - ok
16:49:28.0353 4104  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:49:28.0400 4104  Filetrace - ok
16:49:28.0431 4104  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:49:28.0447 4104  flpydisk - ok
16:49:28.0478 4104  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:49:28.0494 4104  FltMgr - ok
16:49:28.0525 4104  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
16:49:28.0556 4104  FontCache - ok
16:49:28.0618 4104  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:49:28.0634 4104  FontCache3.0.0.0 - ok
16:49:28.0650 4104  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:49:28.0665 4104  FsDepends - ok
16:49:28.0681 4104  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:49:28.0696 4104  Fs_Rec - ok
16:49:28.0712 4104  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:49:28.0743 4104  fvevol - ok
16:49:28.0743 4104  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:49:28.0759 4104  gagp30kx - ok
16:49:28.0790 4104  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:49:28.0868 4104  gpsvc - ok
16:49:28.0915 4104  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:49:28.0915 4104  gupdate - ok
16:49:28.0930 4104  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:49:28.0930 4104  gupdatem - ok
16:49:28.0962 4104  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:49:28.0977 4104  gusvc - ok
16:49:28.0993 4104  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:49:29.0024 4104  hcw85cir - ok
16:49:29.0055 4104  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:49:29.0071 4104  HdAudAddService - ok
16:49:29.0102 4104  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:49:29.0133 4104  HDAudBus - ok
16:49:29.0149 4104  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
16:49:29.0164 4104  HECIx64 - ok
16:49:29.0196 4104  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:49:29.0211 4104  HidBatt - ok
16:49:29.0227 4104  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:49:29.0242 4104  HidBth - ok
16:49:29.0258 4104  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:49:29.0274 4104  HidIr - ok
16:49:29.0289 4104  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:49:29.0352 4104  hidserv - ok
16:49:29.0367 4104  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:49:29.0383 4104  HidUsb - ok
16:49:29.0398 4104  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:49:29.0461 4104  hkmsvc - ok
16:49:29.0492 4104  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:49:29.0508 4104  HomeGroupListener - ok
16:49:29.0523 4104  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:49:29.0554 4104  HomeGroupProvider - ok
16:49:29.0586 4104  [ 987CE6F69764B66D8026518AEFEDB508 ] hotcore3        C:\Windows\system32\DRIVERS\hotcore3.sys
16:49:29.0601 4104  hotcore3 - ok
16:49:29.0632 4104  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:49:29.0648 4104  HpSAMD - ok
16:49:29.0679 4104  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:49:29.0757 4104  HTTP - ok
16:49:29.0773 4104  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:49:29.0788 4104  hwpolicy - ok
16:49:29.0804 4104  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:49:29.0820 4104  i8042prt - ok
16:49:29.0866 4104  [ 85977CD13FC16069CE0AF7943A811775 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
16:49:29.0882 4104  iaStor - ok
16:49:29.0898 4104  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:49:29.0929 4104  iaStorV - ok
16:49:29.0991 4104  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:49:30.0022 4104  idsvc - ok
16:49:30.0069 4104  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:49:30.0085 4104  iirsp - ok
16:49:30.0116 4104  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:49:30.0194 4104  IKEEXT - ok
16:49:30.0241 4104  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
16:49:30.0272 4104  Impcd - ok
16:49:30.0319 4104  [ 59B0BBA422F04467E8C89B7CE6AE95E1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:49:30.0381 4104  IntcAzAudAddService - ok
16:49:30.0397 4104  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:49:30.0412 4104  intelide - ok
16:49:30.0428 4104  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:49:30.0444 4104  intelppm - ok
16:49:30.0459 4104  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:49:30.0522 4104  IPBusEnum - ok
16:49:30.0537 4104  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:49:30.0600 4104  IpFilterDriver - ok
16:49:30.0631 4104  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:49:30.0709 4104  iphlpsvc - ok
16:49:30.0724 4104  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:49:30.0756 4104  IPMIDRV - ok
16:49:30.0771 4104  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:49:30.0834 4104  IPNAT - ok
16:49:30.0834 4104  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:49:30.0865 4104  IRENUM - ok
16:49:30.0896 4104  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:49:30.0912 4104  isapnp - ok
16:49:30.0943 4104  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:49:30.0958 4104  iScsiPrt - ok
16:49:30.0990 4104  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:49:30.0990 4104  kbdclass - ok
16:49:31.0021 4104  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:49:31.0036 4104  kbdhid - ok
16:49:31.0052 4104  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:49:31.0068 4104  KeyIso - ok
16:49:31.0099 4104  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:49:31.0114 4104  KSecDD - ok
16:49:31.0114 4104  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:49:31.0130 4104  KSecPkg - ok
16:49:31.0146 4104  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:49:31.0192 4104  ksthunk - ok
16:49:31.0224 4104  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:49:31.0286 4104  KtmRm - ok
16:49:31.0302 4104  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:49:31.0348 4104  LanmanServer - ok
16:49:31.0380 4104  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:49:31.0426 4104  LanmanWorkstation - ok
16:49:31.0442 4104  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:49:31.0473 4104  lltdio - ok
16:49:31.0520 4104  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:49:31.0582 4104  lltdsvc - ok
16:49:31.0598 4104  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:49:31.0645 4104  lmhosts - ok
16:49:31.0660 4104  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:49:31.0676 4104  LSI_FC - ok
16:49:31.0692 4104  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:49:31.0707 4104  LSI_SAS - ok
16:49:31.0707 4104  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:49:31.0723 4104  LSI_SAS2 - ok
16:49:31.0723 4104  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:49:31.0738 4104  LSI_SCSI - ok
16:49:31.0754 4104  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:49:31.0801 4104  luafv - ok
16:49:31.0832 4104  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:49:31.0848 4104  MBAMProtector - ok
16:49:31.0894 4104  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:49:31.0926 4104  MBAMScheduler - ok
16:49:31.0972 4104  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:49:31.0988 4104  MBAMService - ok
16:49:32.0019 4104  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:49:32.0035 4104  Mcx2Svc - ok
16:49:32.0066 4104  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:49:32.0082 4104  megasas - ok
16:49:32.0082 4104  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:49:32.0097 4104  MegaSR - ok
16:49:32.0160 4104  Microsoft SharePoint Workspace Audit Service - ok
16:49:32.0191 4104  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:49:32.0238 4104  MMCSS - ok
16:49:32.0253 4104  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:49:32.0316 4104  Modem - ok
16:49:32.0331 4104  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:49:32.0347 4104  monitor - ok
16:49:32.0378 4104  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:49:32.0378 4104  mouclass - ok
16:49:32.0409 4104  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:49:32.0425 4104  mouhid - ok
16:49:32.0456 4104  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:49:32.0472 4104  mountmgr - ok
16:49:32.0487 4104  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:49:32.0503 4104  mpio - ok
16:49:32.0534 4104  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:49:32.0581 4104  mpsdrv - ok
16:49:32.0628 4104  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:49:32.0706 4104  MpsSvc - ok
16:49:32.0721 4104  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:49:32.0752 4104  MRxDAV - ok
16:49:32.0784 4104  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:49:32.0799 4104  mrxsmb - ok
16:49:32.0815 4104  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:49:32.0830 4104  mrxsmb10 - ok
16:49:32.0830 4104  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:49:32.0862 4104  mrxsmb20 - ok
16:49:32.0862 4104  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:49:32.0877 4104  msahci - ok
16:49:32.0908 4104  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:49:32.0924 4104  msdsm - ok
16:49:32.0940 4104  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:49:32.0971 4104  MSDTC - ok
16:49:33.0002 4104  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:49:33.0033 4104  Msfs - ok
16:49:33.0049 4104  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:49:33.0111 4104  mshidkmdf - ok
16:49:33.0111 4104  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:49:33.0127 4104  msisadrv - ok
16:49:33.0158 4104  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:49:33.0205 4104  MSiSCSI - ok
16:49:33.0205 4104  msiserver - ok
16:49:33.0220 4104  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:49:33.0267 4104  MSKSSRV - ok
16:49:33.0283 4104  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:49:33.0330 4104  MSPCLOCK - ok
16:49:33.0345 4104  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:49:33.0392 4104  MSPQM - ok
16:49:33.0423 4104  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:49:33.0439 4104  MsRPC - ok
16:49:33.0470 4104  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:49:33.0486 4104  mssmbios - ok
16:49:33.0501 4104  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:49:33.0548 4104  MSTEE - ok
16:49:33.0564 4104  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:49:33.0564 4104  MTConfig - ok
16:49:33.0579 4104  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:49:33.0595 4104  Mup - ok
16:49:33.0657 4104  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:49:33.0720 4104  napagent - ok
16:49:33.0766 4104  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:49:33.0813 4104  NativeWifiP - ok
16:49:33.0844 4104  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:49:33.0891 4104  NDIS - ok
16:49:33.0907 4104  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:49:33.0954 4104  NdisCap - ok
16:49:33.0985 4104  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:49:34.0032 4104  NdisTapi - ok
16:49:34.0047 4104  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:49:34.0110 4104  Ndisuio - ok
16:49:34.0110 4104  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:49:34.0156 4104  NdisWan - ok
16:49:34.0188 4104  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:49:34.0250 4104  NDProxy - ok
16:49:34.0266 4104  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:49:34.0312 4104  NetBIOS - ok
16:49:34.0328 4104  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:49:34.0375 4104  NetBT - ok
16:49:34.0406 4104  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:49:34.0422 4104  Netlogon - ok
16:49:34.0437 4104  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:49:34.0500 4104  Netman - ok
16:49:34.0515 4104  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:49:34.0578 4104  netprofm - ok
16:49:34.0593 4104  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:49:34.0609 4104  NetTcpPortSharing - ok
16:49:34.0624 4104  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:49:34.0640 4104  nfrd960 - ok
16:49:34.0671 4104  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:49:34.0734 4104  NlaSvc - ok
16:49:34.0749 4104  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:49:34.0796 4104  Npfs - ok
16:49:34.0827 4104  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:49:34.0874 4104  nsi - ok
16:49:34.0905 4104  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:49:34.0936 4104  nsiproxy - ok
16:49:34.0983 4104  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:49:35.0046 4104  Ntfs - ok
16:49:35.0061 4104  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:49:35.0124 4104  Null - ok
16:49:35.0139 4104  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:49:35.0155 4104  nvraid - ok
16:49:35.0170 4104  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:49:35.0186 4104  nvstor - ok
16:49:35.0217 4104  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:49:35.0233 4104  nv_agp - ok
16:49:35.0264 4104  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:49:35.0295 4104  ohci1394 - ok
16:49:35.0326 4104  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:49:35.0342 4104  ose64 - ok
16:49:35.0451 4104  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:49:35.0529 4104  osppsvc - ok
16:49:35.0560 4104  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:49:35.0592 4104  p2pimsvc - ok
16:49:35.0607 4104  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:49:35.0638 4104  p2psvc - ok
16:49:35.0670 4104  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:49:35.0685 4104  Parport - ok
16:49:35.0701 4104  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:49:35.0716 4104  partmgr - ok
16:49:35.0732 4104  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:49:35.0763 4104  PcaSvc - ok
16:49:35.0779 4104  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:49:35.0794 4104  pci - ok
16:49:35.0826 4104  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:49:35.0826 4104  pciide - ok
16:49:35.0857 4104  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:49:35.0872 4104  pcmcia - ok
16:49:35.0888 4104  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:49:35.0904 4104  pcw - ok
16:49:35.0935 4104  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:49:35.0997 4104  PEAUTH - ok
16:49:36.0075 4104  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:49:36.0091 4104  PerfHost - ok
16:49:36.0138 4104  [ 663962900E7FEA522126BA287715BB4A ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
16:49:36.0153 4104  PGEffect - ok
16:49:36.0216 4104  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:49:36.0278 4104  pla - ok
16:49:36.0325 4104  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:49:36.0340 4104  PlugPlay - ok
16:49:36.0372 4104  PnkBstrA - ok
16:49:36.0403 4104  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:49:36.0434 4104  PNRPAutoReg - ok
16:49:36.0450 4104  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:49:36.0465 4104  PNRPsvc - ok
16:49:36.0481 4104  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:49:36.0543 4104  PolicyAgent - ok
16:49:36.0574 4104  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:49:36.0637 4104  Power - ok
16:49:36.0652 4104  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:49:36.0684 4104  PptpMiniport - ok
16:49:36.0715 4104  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:49:36.0730 4104  Processor - ok
16:49:36.0746 4104  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:49:36.0777 4104  ProfSvc - ok
16:49:36.0793 4104  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:49:36.0808 4104  ProtectedStorage - ok
16:49:36.0840 4104  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:49:36.0886 4104  Psched - ok
16:49:36.0902 4104  [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
16:49:36.0918 4104  PxHlpa64 - ok
16:49:36.0949 4104  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:49:37.0011 4104  ql2300 - ok
16:49:37.0027 4104  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:49:37.0042 4104  ql40xx - ok
16:49:37.0058 4104  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:49:37.0089 4104  QWAVE - ok
16:49:37.0089 4104  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:49:37.0105 4104  QWAVEdrv - ok
16:49:37.0120 4104  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:49:37.0167 4104  RasAcd - ok
16:49:37.0183 4104  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:49:37.0214 4104  RasAgileVpn - ok
16:49:37.0230 4104  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:49:37.0292 4104  RasAuto - ok
16:49:37.0308 4104  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:49:37.0354 4104  Rasl2tp - ok
16:49:37.0370 4104  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:49:37.0417 4104  RasMan - ok
16:49:37.0432 4104  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:49:37.0479 4104  RasPppoe - ok
16:49:37.0479 4104  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:49:37.0542 4104  RasSstp - ok
16:49:37.0557 4104  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:49:37.0604 4104  rdbss - ok
16:49:37.0620 4104  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:49:37.0651 4104  rdpbus - ok
16:49:37.0666 4104  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:49:37.0713 4104  RDPCDD - ok
16:49:37.0729 4104  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:49:37.0776 4104  RDPENCDD - ok
16:49:37.0776 4104  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:49:37.0822 4104  RDPREFMP - ok
16:49:37.0838 4104  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:49:37.0869 4104  RDPWD - ok
16:49:37.0900 4104  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:49:37.0916 4104  rdyboost - ok
16:49:37.0947 4104  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:49:38.0010 4104  RemoteAccess - ok
16:49:38.0041 4104  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:49:38.0088 4104  RemoteRegistry - ok
16:49:38.0119 4104  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:49:38.0166 4104  RpcEptMapper - ok
16:49:38.0197 4104  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:49:38.0212 4104  RpcLocator - ok
16:49:38.0244 4104  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:49:38.0290 4104  RpcSs - ok
16:49:38.0306 4104  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:49:38.0353 4104  rspndr - ok
16:49:38.0400 4104  [ 483C537E69FA97C77F7FE0E2E1C1F102 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
16:49:38.0415 4104  RTHDMIAzAudService - ok
16:49:38.0446 4104  [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:49:38.0462 4104  RTL8167 - ok
16:49:38.0493 4104  [ A8ED9726734D403217A4861A6788B144 ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
16:49:38.0540 4104  rtl8192se - ok
16:49:38.0556 4104  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:49:38.0571 4104  SamSs - ok
16:49:38.0602 4104  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:49:38.0618 4104  sbp2port - ok
16:49:38.0665 4104  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:49:38.0680 4104  SBSDWSCService - ok
16:49:38.0712 4104  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:49:38.0758 4104  SCardSvr - ok
16:49:38.0774 4104  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:49:38.0836 4104  scfilter - ok
16:49:38.0868 4104  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:49:38.0946 4104  Schedule - ok
16:49:38.0977 4104  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:49:39.0008 4104  SCPolicySvc - ok
16:49:39.0039 4104  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:49:39.0070 4104  SDRSVC - ok
16:49:39.0102 4104  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:49:39.0148 4104  secdrv - ok
16:49:39.0164 4104  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:49:39.0195 4104  seclogon - ok
16:49:39.0211 4104  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:49:39.0273 4104  SENS - ok
16:49:39.0289 4104  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:49:39.0320 4104  SensrSvc - ok
16:49:39.0336 4104  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:49:39.0367 4104  Serenum - ok
16:49:39.0382 4104  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:49:39.0398 4104  Serial - ok
16:49:39.0429 4104  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:49:39.0445 4104  sermouse - ok
16:49:39.0476 4104  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:49:39.0538 4104  SessionEnv - ok
16:49:39.0554 4104  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:49:39.0570 4104  sffdisk - ok
16:49:39.0585 4104  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:49:39.0616 4104  sffp_mmc - ok
16:49:39.0616 4104  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:49:39.0632 4104  sffp_sd - ok
16:49:39.0648 4104  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:49:39.0679 4104  sfloppy - ok
16:49:39.0726 4104  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:49:39.0772 4104  SharedAccess - ok
16:49:39.0804 4104  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:49:39.0850 4104  ShellHWDetection - ok
16:49:39.0882 4104  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:49:39.0897 4104  SiSRaid2 - ok
16:49:39.0897 4104  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:49:39.0913 4104  SiSRaid4 - ok
16:49:39.0944 4104  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:49:39.0944 4104  SkypeUpdate - ok
16:49:39.0975 4104  [ 544788D536087DAF32B846F10D8392F5 ] SLEE_17_DRIVER  C:\Windows\Sleen1764.sys
16:49:39.0991 4104  SLEE_17_DRIVER - ok
16:49:40.0006 4104  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:49:40.0069 4104  Smb - ok
16:49:40.0100 4104  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:49:40.0131 4104  SNMPTRAP - ok
16:49:40.0147 4104  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:49:40.0162 4104  spldr - ok
16:49:40.0209 4104  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:49:40.0256 4104  Spooler - ok
16:49:40.0334 4104  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:49:40.0459 4104  sppsvc - ok
16:49:40.0490 4104  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:49:40.0537 4104  sppuinotify - ok
16:49:40.0568 4104  [ 4C33F139236FD9BD14A920F60C1CB072 ] sptd            C:\Windows\system32\Drivers\sptd.sys
16:49:40.0568 4104  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 4C33F139236FD9BD14A920F60C1CB072
16:49:40.0584 4104  sptd ( LockedFile.Multi.Generic ) - warning
16:49:40.0584 4104  sptd - detected LockedFile.Multi.Generic (1)
16:49:40.0615 4104  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:49:40.0646 4104  srv - ok
16:49:40.0646 4104  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:49:40.0677 4104  srv2 - ok
16:49:40.0708 4104  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:49:40.0740 4104  srvnet - ok
16:49:40.0755 4104  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:49:40.0818 4104  SSDPSRV - ok
16:49:40.0818 4104  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:49:40.0880 4104  SstpSvc - ok
16:49:40.0911 4104  Steam Client Service - ok
16:49:40.0942 4104  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:49:40.0958 4104  stexstor - ok
16:49:40.0989 4104  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:49:41.0036 4104  stisvc - ok
16:49:41.0067 4104  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:49:41.0083 4104  swenum - ok
16:49:41.0130 4104  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:49:41.0161 4104  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
16:49:41.0161 4104  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
16:49:41.0192 4104  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:49:41.0254 4104  swprv - ok
16:49:41.0286 4104  [ E28CA52ECF8CB6EB04B34DE440BA260E ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:49:41.0301 4104  SynTP - ok
16:49:41.0332 4104  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:49:41.0410 4104  SysMain - ok
16:49:41.0442 4104  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:49:41.0473 4104  TabletInputService - ok
16:49:41.0488 4104  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
16:49:41.0520 4104  tap0901 - ok
16:49:41.0535 4104  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:49:41.0598 4104  TapiSrv - ok
16:49:41.0644 4104  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:49:41.0676 4104  TBS - ok
16:49:41.0722 4104  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:49:41.0785 4104  Tcpip - ok
16:49:41.0832 4104  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:49:41.0863 4104  TCPIP6 - ok
16:49:41.0894 4104  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:49:41.0941 4104  tcpipreg - ok
16:49:41.0972 4104  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:49:42.0003 4104  TDPIPE - ok
16:49:42.0019 4104  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:49:42.0050 4104  TDTCP - ok
16:49:42.0066 4104  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:49:42.0112 4104  tdx - ok
16:49:42.0175 4104  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:49:42.0222 4104  TeamViewer7 - ok
16:49:42.0253 4104  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:49:42.0268 4104  TermDD - ok
16:49:42.0300 4104  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:49:42.0362 4104  TermService - ok
16:49:42.0378 4104  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:49:42.0409 4104  Themes - ok
16:49:42.0424 4104  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:49:42.0456 4104  THREADORDER - ok
16:49:42.0487 4104  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64       C:\Windows\system32\DRIVERS\tos_sps64.sys
16:49:42.0502 4104  tos_sps64 - ok
16:49:42.0518 4104  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:49:42.0565 4104  TrkWks - ok
16:49:42.0612 4104  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:49:42.0658 4104  TrustedInstaller - ok
16:49:42.0690 4104  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:49:42.0721 4104  tssecsrv - ok
16:49:42.0736 4104  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:49:42.0752 4104  TsUsbFlt - ok
16:49:42.0830 4104  [ 4BA2126EEB1B5B2A1103284C55CCE0EB ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
16:49:42.0877 4104  TuneUp.UtilitiesSvc - ok
16:49:42.0877 4104  [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
16:49:42.0892 4104  TuneUpUtilitiesDrv - ok
16:49:42.0908 4104  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:49:42.0955 4104  tunnel - ok
16:49:42.0970 4104  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
16:49:42.0986 4104  TVALZ - ok
16:49:43.0002 4104  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:49:43.0017 4104  uagp35 - ok
16:49:43.0033 4104  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:49:43.0080 4104  udfs - ok
16:49:43.0111 4104  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:49:43.0126 4104  UI0Detect - ok
16:49:43.0158 4104  [ 5357F9507B59C831C5CD79F1F6374A5E ] UimBus          C:\Windows\system32\DRIVERS\uimx64.sys
16:49:43.0173 4104  UimBus - ok
16:49:43.0189 4104  [ 001402EA0FB543F77F91090130FD029D ] Uim_IM          C:\Windows\system32\Drivers\Uim_IMx64.sys
16:49:43.0220 4104  Uim_IM - ok
16:49:43.0236 4104  [ E75B35EEBC923B6DB2DBEA52E71A7892 ] Uim_VIM         C:\Windows\system32\Drivers\uim_vimx64.sys
16:49:43.0251 4104  Uim_VIM - ok
16:49:43.0282 4104  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:49:43.0298 4104  uliagpkx - ok
16:49:43.0314 4104  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
16:49:43.0345 4104  umbus - ok
16:49:43.0376 4104  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:49:43.0392 4104  UmPass - ok
16:49:43.0423 4104  [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
16:49:43.0438 4104  UnlockerDriver5 - ok
16:49:43.0454 4104  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:49:43.0501 4104  upnphost - ok
16:49:43.0516 4104  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:49:43.0532 4104  usbccgp - ok
16:49:43.0563 4104  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:49:43.0579 4104  usbcir - ok
16:49:43.0594 4104  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:49:43.0610 4104  usbehci - ok
16:49:43.0626 4104  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:49:43.0657 4104  usbhub - ok
16:49:43.0672 4104  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:49:43.0688 4104  usbohci - ok
16:49:43.0719 4104  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:49:43.0735 4104  usbprint - ok
16:49:43.0766 4104  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:49:43.0782 4104  USBSTOR - ok
16:49:43.0797 4104  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:49:43.0828 4104  usbuhci - ok
16:49:43.0860 4104  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:49:43.0891 4104  usbvideo - ok
16:49:43.0922 4104  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:49:43.0969 4104  UxSms - ok
16:49:43.0984 4104  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:49:43.0984 4104  VaultSvc - ok
16:49:44.0016 4104  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:49:44.0031 4104  vdrvroot - ok
16:49:44.0062 4104  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:49:44.0109 4104  vds - ok
16:49:44.0140 4104  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:49:44.0156 4104  vga - ok
16:49:44.0172 4104  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:49:44.0218 4104  VgaSave - ok
16:49:44.0250 4104  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:49:44.0265 4104  vhdmp - ok
16:49:44.0281 4104  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:49:44.0281 4104  viaide - ok
16:49:44.0296 4104  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:49:44.0312 4104  volmgr - ok
16:49:44.0328 4104  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:49:44.0343 4104  volmgrx - ok
16:49:44.0343 4104  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:49:44.0374 4104  volsnap - ok
16:49:44.0390 4104  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:49:44.0406 4104  vsmraid - ok
16:49:44.0452 4104  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:49:44.0530 4104  VSS - ok
16:49:44.0530 4104  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:49:44.0562 4104  vwifibus - ok
16:49:44.0577 4104  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:49:44.0608 4104  vwififlt - ok
16:49:44.0624 4104  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:49:44.0671 4104  W32Time - ok
16:49:44.0702 4104  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:49:44.0718 4104  WacomPen - ok
16:49:44.0749 4104  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:49:44.0796 4104  WANARP - ok
16:49:44.0796 4104  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:49:44.0842 4104  Wanarpv6 - ok
16:49:44.0889 4104  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:49:44.0952 4104  wbengine - ok
16:49:44.0983 4104  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:49:44.0998 4104  WbioSrvc - ok
16:49:45.0030 4104  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:49:45.0061 4104  wcncsvc - ok
16:49:45.0061 4104  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:49:45.0092 4104  WcsPlugInService - ok
16:49:45.0108 4104  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:49:45.0123 4104  Wd - ok
16:49:45.0139 4104  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:49:45.0186 4104  Wdf01000 - ok
16:49:45.0201 4104  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:49:45.0232 4104  WdiServiceHost - ok
16:49:45.0232 4104  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:49:45.0264 4104  WdiSystemHost - ok
16:49:45.0279 4104  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:49:45.0310 4104  WebClient - ok
16:49:45.0326 4104  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:49:45.0388 4104  Wecsvc - ok
16:49:45.0404 4104  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:49:45.0435 4104  wercplsupport - ok
16:49:45.0451 4104  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:49:45.0498 4104  WerSvc - ok
16:49:45.0513 4104  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:49:45.0544 4104  WfpLwf - ok
16:49:45.0560 4104  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:49:45.0576 4104  WIMMount - ok
16:49:45.0591 4104  WinDefend - ok
16:49:45.0591 4104  WinHttpAutoProxySvc - ok
16:49:45.0638 4104  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:49:45.0700 4104  Winmgmt - ok
16:49:45.0747 4104  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:49:45.0841 4104  WinRM - ok
16:49:45.0888 4104  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:49:45.0903 4104  WinUsb - ok
16:49:45.0950 4104  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:49:46.0012 4104  Wlansvc - ok
16:49:46.0137 4104  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:49:46.0246 4104  wlidsvc - ok
16:49:46.0262 4104  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:49:46.0293 4104  WmiAcpi - ok
16:49:46.0324 4104  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:49:46.0356 4104  wmiApSrv - ok
16:49:46.0371 4104  WMPNetworkSvc - ok
16:49:46.0387 4104  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:49:46.0402 4104  WPCSvc - ok
16:49:46.0418 4104  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:49:46.0449 4104  WPDBusEnum - ok
16:49:46.0480 4104  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:49:46.0527 4104  ws2ifsl - ok
16:49:46.0543 4104  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:49:46.0574 4104  wscsvc - ok
16:49:46.0574 4104  WSearch - ok
16:49:46.0636 4104  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:49:46.0714 4104  wuauserv - ok
16:49:46.0746 4104  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:49:46.0792 4104  WudfPf - ok
16:49:46.0808 4104  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:49:46.0855 4104  WUDFRd - ok
16:49:46.0870 4104  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:49:46.0902 4104  wudfsvc - ok
16:49:46.0933 4104  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:49:46.0964 4104  WwanSvc - ok
16:49:47.0011 4104  [ 7C5522028410A4A34BB8021F026733AF ] XMouseButton Launcher C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
16:49:47.0026 4104  XMouseButton Launcher ( UnsignedFile.Multi.Generic ) - warning
16:49:47.0026 4104  XMouseButton Launcher - detected UnsignedFile.Multi.Generic (1)
16:49:47.0042 4104  ================ Scan global ===============================
16:49:47.0073 4104  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:49:47.0104 4104  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:49:47.0120 4104  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:49:47.0151 4104  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:49:47.0182 4104  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:49:47.0182 4104  [Global] - ok
16:49:47.0182 4104  ================ Scan MBR ==================================
16:49:47.0198 4104  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:49:47.0697 4104  \Device\Harddisk0\DR0 - ok
16:49:47.0697 4104  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:49:48.0571 4104  \Device\Harddisk1\DR1 - ok
16:49:48.0571 4104  ================ Scan VBR ==================================
16:49:48.0586 4104  [ A20062AE79C399784E0D5B12454EF217 ] \Device\Harddisk0\DR0\Partition1
16:49:48.0586 4104  \Device\Harddisk0\DR0\Partition1 - ok
16:49:48.0586 4104  [ C707203494401CCF489BA12BEF8E0544 ] \Device\Harddisk0\DR0\Partition2
16:49:48.0602 4104  \Device\Harddisk0\DR0\Partition2 - ok
16:49:48.0618 4104  [ 063931AE1B49CA570EB3ACADDEDDDAC0 ] \Device\Harddisk0\DR0\Partition3
16:49:48.0618 4104  \Device\Harddisk0\DR0\Partition3 - ok
16:49:48.0618 4104  [ F731A385709CD66402C2176FAC60221D ] \Device\Harddisk1\DR1\Partition1
16:49:48.0618 4104  \Device\Harddisk1\DR1\Partition1 - ok
16:49:48.0633 4104  [ E7282DE604CDB162E9B9AE4B7DDBE64E ] \Device\Harddisk1\DR1\Partition2
16:49:48.0633 4104  \Device\Harddisk1\DR1\Partition2 - ok
16:49:48.0633 4104  ============================================================
16:49:48.0633 4104  Scan finished
16:49:48.0633 4104  ============================================================
16:49:48.0633 3000  Detected object count: 3
16:49:48.0633 3000  Actual detected object count: 3
16:51:40.0349 3000  C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
16:51:40.0396 3000  sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 
16:51:40.0427 3000  C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe - copied to quarantine
16:51:40.0443 3000  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
16:51:40.0474 3000  C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe - copied to quarantine
16:51:40.0490 3000  XMouseButton Launcher ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
16:52:04.0735 4784  Deinitialize success
         

Alt 07.10.2012, 19:42   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Ja schön blöd, du hast was in die Q geschickt obwohl völlig unnötig!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.


Alt 07.10.2012, 22:45   #21
Shizznut
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Code:
ATTFilter
ComboFix 12-10-04.02 - * 07.10.2012  23:31:07.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3958.2464 [GMT 2:00]
ausgeführt von:: c:\users\*\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-07 bis 2012-10-07  ))))))))))))))))))))))))))))))
.
.
2012-10-07 21:37 . 2012-10-07 21:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-07 14:29 . 2012-10-07 14:29	4196	----a-w-	C:\STFCCE3.tmp
2012-10-07 13:25 . 2012-10-07 13:39	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-10-07 12:23 . 2012-09-18 22:58	9308616	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7611BBB8-BEDF-4EDD-ADBB-F35825D998B7}\mpengine.dll
2012-10-05 21:25 . 2012-10-05 21:25	--------	d-----w-	C:\_OTL
2012-10-05 13:32 . 2012-10-05 13:33	--------	d-----w-	c:\programdata\Solidshield
2012-10-05 12:54 . 2012-10-05 12:54	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-10-05 12:54 . 2012-10-05 12:54	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-10-05 05:17 . 2012-10-05 05:18	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-09-28 12:50 . 2012-07-02 10:23	35112	----a-w-	c:\windows\system32\drivers\teamviewervpn.sys
2012-09-28 10:46 . 2012-09-28 10:46	--------	d-----w-	c:\program files\CyberGhost VPN
2012-09-28 01:56 . 2012-09-28 01:56	--------	d-----w-	c:\program files (x86)\Alcohol Soft
2012-09-28 01:56 . 2012-09-28 01:56	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-09-28 01:15 . 2012-09-28 01:15	868848	----a-w-	c:\windows\system32\drivers\sptd.sys
2012-09-28 01:15 . 2012-09-28 01:15	--------	d-----w-	c:\program files (x86)\Franzis
2012-09-28 01:08 . 2012-09-28 01:08	--------	d-----w-	c:\users\*\AppData\Roaming\Nero
2012-09-28 01:04 . 2012-09-28 01:06	--------	d-----w-	c:\program files (x86)\Common Files\Nero
2012-09-28 01:04 . 2012-09-28 01:04	--------	d-----w-	c:\program files (x86)\Nero
2012-09-28 00:11 . 2012-09-19 09:29	34656	----a-w-	c:\windows\system32\TURegOpt.exe
2012-09-28 00:11 . 2012-09-19 09:29	25952	----a-w-	c:\windows\system32\authuitu.dll
2012-09-28 00:11 . 2012-09-19 09:29	21344	----a-w-	c:\windows\SysWow64\authuitu.dll
2012-09-28 00:10 . 2012-09-28 00:28	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2013
2012-09-28 00:08 . 2012-09-28 00:20	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-09-28 00:08 . 2012-09-28 00:08	--------	d--h--w-	c:\programdata\Common Files
2012-09-27 17:12 . 2012-09-27 17:13	--------	d-----w-	c:\users\*\.gnubg
2012-09-27 16:15 . 2012-09-27 16:30	--------	d-----w-	c:\program files (x86)\K-Lite Codec Pack
2012-09-26 16:03 . 2012-09-27 22:15	--------	d-----w-	c:\users\*\AppData\Roaming\SUPERAntiSpyware.com
2012-09-26 16:02 . 2012-09-26 16:02	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-09-26 00:30 . 2012-09-26 00:31	--------	d-----w-	C:\AVZ
2012-09-25 18:30 . 2012-09-25 18:30	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-09-25 17:46 . 2012-09-27 22:16	--------	d-----w-	c:\users\*\AppData\Roaming\NetMeter
2012-09-25 17:46 . 2012-09-25 17:46	--------	d-----w-	c:\program files (x86)\NetMeter
2012-09-25 17:39 . 2012-09-26 18:34	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-09-25 17:38 . 2012-09-25 17:39	--------	d-----w-	c:\programdata\Logishrd
2012-09-25 17:38 . 2012-09-25 17:39	--------	d-----w-	c:\program files\Logitech
2012-09-25 17:38 . 2012-09-25 17:39	--------	d-----w-	c:\program files\Common Files\Logishrd
2012-09-25 17:35 . 2012-09-27 17:30	--------	d-----w-	c:\users\*\AppData\Roaming\Logishrd
2012-09-25 17:35 . 2012-09-25 18:13	--------	d-----w-	c:\users\*\AppData\Roaming\Logitech
2012-09-25 17:08 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-25 14:51 . 2012-09-25 15:07	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-09-19 16:50 . 2012-09-19 16:50	--------	d-----w-	c:\users\*\AppData\Roaming\Malwarebytes
2012-09-19 16:50 . 2012-09-19 16:50	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-19 16:50 . 2012-09-28 01:39	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-17 20:32 . 2012-09-17 20:32	--------	d-----w-	c:\users\*\AppData\Roaming\PACE Anti-Piracy
2012-09-17 20:32 . 2012-09-17 20:32	--------	d-----w-	c:\users\*\AppData\Local\PACE Anti-Piracy
2012-09-17 20:32 . 2012-09-17 20:32	--------	d-----w-	c:\programdata\PACE Anti-Piracy
2012-09-17 16:42 . 2012-09-17 16:42	--------	d-----w-	c:\users\*\AppData\Roaming\Ahead
2012-09-17 08:45 . 2012-09-17 09:33	--------	d-----w-	c:\users\*\AppData\Roaming\TeamViewer
2012-09-17 08:12 . 2012-09-17 08:12	--------	d-----w-	c:\users\*\AppData\Local\Apps
2012-09-17 01:06 . 2012-09-17 01:06	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-09-16 15:36 . 2012-09-16 15:36	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-09-16 15:36 . 2012-09-16 15:36	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-09-16 15:26 . 2012-09-16 15:26	--------	d-----w-	c:\users\*\AppData\Local\Apple
2012-09-16 15:26 . 2012-09-16 15:26	--------	d-----w-	c:\program files\Bonjour
2012-09-16 15:26 . 2012-09-16 15:26	--------	d-----w-	c:\program files (x86)\Bonjour
2012-09-16 15:19 . 2012-09-16 15:19	--------	d-----w-	c:\users\*\AppData\Local\Secunia PSI
2012-09-16 13:24 . 2012-09-16 13:24	--------	d-----w-	c:\windows\de
2012-09-16 13:24 . 2012-09-16 13:24	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-09-16 13:23 . 2012-09-16 13:24	--------	d-----w-	c:\program files (x86)\Windows Live
2012-09-16 13:21 . 2012-09-27 22:16	--------	d-----r-	c:\users\*\SkyDrive
2012-09-16 13:21 . 2012-09-16 13:21	--------	d-----w-	c:\programdata\Microsoft SkyDrive
2012-09-16 13:20 . 2012-09-19 22:53	--------	d-----w-	c:\users\*\AppData\Local\Windows Live
2012-09-16 13:20 . 2012-09-16 13:20	--------	d-----w-	c:\program files (x86)\Common Files\Windows Live
2012-09-12 08:10 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 08:10 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 08:10 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-12 08:10 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-12 08:10 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 08:10 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 08:10 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 07:56 . 2012-09-11 07:56	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-09-10 22:17 . 2012-10-05 10:09	--------	d-----w-	c:\program files (x86)\Origin Games
2012-09-10 22:16 . 2012-09-10 22:16	--------	d-----w-	c:\users\*\AppData\Local\PunkBuster
2012-09-10 22:09 . 2012-09-27 22:25	--------	d-----w-	c:\program files (x86)\Battlelog Web Plugins
2012-09-10 22:07 . 2012-10-06 22:39	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2012-09-10 22:07 . 2012-09-10 22:08	--------	d-----w-	c:\users\*\AppData\Local\Origin
2012-09-10 22:05 . 2012-10-05 10:03	--------	d-----w-	c:\program files (x86)\Origin
2012-09-10 21:13 . 2012-09-10 21:13	--------	d--h--w-	c:\program files (x86)\Common Files\EAInstaller
2012-09-10 21:13 . 2012-09-11 07:56	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-09-10 21:13 . 2012-09-11 05:15	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-09-10 21:13 . 2012-09-11 05:15	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-09-10 19:38 . 2012-09-10 19:49	--------	d-----w-	c:\users\*\AppData\Local\Microsoft Games
2012-09-10 18:00 . 2012-10-05 14:39	--------	d-----w-	c:\programdata\Origin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 22:34 . 2012-09-05 15:31	696240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-27 22:34 . 2012-09-05 15:31	73136	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 08:30 . 2012-09-04 13:25	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-09-05 02:42 . 2012-09-05 02:42	15453832	----a-w-	c:\windows\SysWow64\xlive.dll
2012-09-05 02:40 . 2012-09-05 02:40	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2012-09-05 02:40 . 2012-09-05 02:40	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-09-05 02:40 . 2012-09-05 02:40	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-09-05 02:40 . 2012-09-05 02:40	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-09-04 18:49 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-09-04 18:49 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-09-04 17:56 . 2012-09-04 17:56	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 17:56 . 2012-09-04 17:56	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-04 17:56 . 2012-09-04 17:56	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-04 15:47 . 2012-09-04 15:47	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-09-04 15:47 . 2012-09-04 15:47	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-09-04 15:47 . 2012-09-04 15:47	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-04 15:47 . 2012-09-04 15:47	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-04 15:47 . 2012-09-04 15:47	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-09-04 15:47 . 2012-09-04 15:47	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-09-04 15:47 . 2012-09-04 15:47	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-09-04 15:47 . 2012-09-04 15:47	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-09-04 15:47 . 2012-09-04 15:47	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-09-04 15:47 . 2012-09-04 15:47	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-09-04 15:47 . 2012-09-04 15:47	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-09-04 15:47 . 2012-09-04 15:47	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-09-04 15:47 . 2012-09-04 15:47	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-09-04 15:47 . 2012-09-04 15:47	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-09-04 15:47 . 2012-09-04 15:47	222208	----a-w-	c:\windows\system32\msls31.dll
2012-09-04 15:47 . 2012-09-04 15:47	197120	----a-w-	c:\windows\system32\msrating.dll
2012-09-04 15:47 . 2012-09-04 15:47	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-09-04 15:47 . 2012-09-04 15:47	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-09-04 15:47 . 2012-09-04 15:47	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-09-04 15:47 . 2012-09-04 15:47	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-09-04 15:47 . 2012-09-04 15:47	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-09-04 15:47 . 2012-09-04 15:47	149504	----a-w-	c:\windows\system32\occache.dll
2012-09-04 15:47 . 2012-09-04 15:47	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-09-04 15:47 . 2012-09-04 15:47	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-09-04 15:47 . 2012-09-04 15:47	12288	----a-w-	c:\windows\system32\mshta.exe
2012-09-04 15:47 . 2012-09-04 15:47	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-09-04 15:47 . 2012-09-04 15:47	114176	----a-w-	c:\windows\system32\admparse.dll
2012-09-04 15:47 . 2012-09-04 15:47	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-09-04 15:47 . 2012-09-04 15:47	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-09-04 15:47 . 2012-09-04 15:47	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-09-04 15:47 . 2012-09-04 15:47	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-09-04 15:47 . 2012-09-04 15:47	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-09-04 15:47 . 2012-09-04 15:47	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-09-04 15:47 . 2012-09-04 15:47	82432	----a-w-	c:\windows\system32\icardie.dll
2012-09-04 15:47 . 2012-09-04 15:47	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-09-04 15:47 . 2012-09-04 15:47	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-09-04 15:47 . 2012-09-04 15:47	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-09-04 15:47 . 2012-09-04 15:47	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-09-04 15:47 . 2012-09-04 15:47	448512	----a-w-	c:\windows\system32\html.iec
2012-09-04 15:47 . 2012-09-04 15:47	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-09-04 15:47 . 2012-09-04 15:47	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-09-04 15:47 . 2012-09-04 15:47	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-09-04 15:47 . 2012-09-04 15:47	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-09-04 15:47 . 2012-09-04 15:47	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-09-04 15:47 . 2012-09-04 15:47	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-09-04 15:47 . 2012-09-04 15:47	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-09-04 15:47 . 2012-09-04 15:47	160256	----a-w-	c:\windows\system32\wextract.exe
2012-09-04 15:47 . 2012-09-04 15:47	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-09-04 15:47 . 2012-09-04 15:47	103936	----a-w-	c:\windows\system32\inseng.dll
2012-08-21 09:13 . 2012-09-04 11:36	359464	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-09-04 11:36	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-09-04 11:36	969200	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-09-04 11:36	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-09-04 11:36	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-09-04 11:36	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-09-04 11:35	41224	----a-w-	c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-09-04 11:35	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-09-04 11:36	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-07-28 00:54 . 2012-07-28 00:54	321472	----a-w-	c:\windows\WLXPGSS.SCR
2012-07-26 17:08 . 2012-07-26 17:08	862664	----a-w-	c:\windows\SysWow64\msvcr110.dll
2012-07-26 17:08 . 2012-07-26 17:08	534480	----a-w-	c:\windows\SysWow64\msvcp110.dll
2012-07-26 17:08 . 2012-07-26 17:08	251864	----a-w-	c:\windows\SysWow64\vccorlib110.dll
2012-07-26 17:08 . 2012-07-26 17:08	153536	----a-w-	c:\windows\SysWow64\atl110.dll
2012-07-26 17:08 . 2012-07-26 17:08	115656	----a-w-	c:\windows\SysWow64\vcomp110.dll
2012-07-26 13:22 . 2012-07-26 13:22	828872	----a-w-	c:\windows\system32\msvcr110.dll
2012-07-26 13:22 . 2012-07-26 13:22	661448	----a-w-	c:\windows\system32\msvcp110.dll
2012-07-26 13:22 . 2012-07-26 13:22	354264	----a-w-	c:\windows\system32\vccorlib110.dll
2012-07-26 13:22 . 2012-07-26 13:22	177096	----a-w-	c:\windows\system32\atl110.dll
2012-07-26 13:22 . 2012-07-26 13:22	124360	----a-w-	c:\windows\system32\vcomp110.dll
2012-07-18 18:15 . 2012-09-04 13:19	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-17 13:14 . 2012-07-17 13:14	253184	----a-w-	c:\windows\system32\LIVESSP.DLL
2012-07-17 12:49 . 2012-07-17 12:49	209648	----a-w-	c:\windows\SysWow64\LIVESSP.DLL
2012-07-17 12:37 . 2012-07-17 12:37	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ZoomIt"="d:\downloads\ZoomIt43\ZoomIt.exe" [2012-07-11 568432]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 250288]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 esihdrv;esihdrv;c:\users\*\AppData\Local\Temp\esihdrv.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-25 114144]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2012-06-09 39248]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-28 868848]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\Sleen1764.sys [2010-02-17 13:21 108256]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2012-06-09 389968]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2012-07-02 35112]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-19 11880]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 22:34]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094054634-324839966-1081519958-1000Core.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 15:47]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094054634-324839966-1081519958-1000UA.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 15:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\clm4btjq.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-LBTWlgn - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*L*u*n*a*t**Υn\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*à']
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*à'\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-*mpeg]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-*mpeg\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*€@”n\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-07  23:40:07
ComboFix-quarantined-files.txt  2012-10-07 21:40
.
Vor Suchlauf: 11 Verzeichnis(se), 194.268.020.736 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 193.969.610.752 Bytes frei
.
- - End Of File - - D46CBAA20E97BC2CBE9CB93C7508566E
         

Alt 08.10.2012, 10:50   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
File::
C:\STFCCE3.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=-
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Alt 08.10.2012, 15:31   #23
Shizznut
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Code:
ATTFilter
ComboFix 12-10-08.01 - * 08.10.2012  15:15:48.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3958.2432 [GMT 2:00]
ausgeführt von:: c:\users\*\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\*\Desktop\Cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\STFCCE3.tmp"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\STFCCE3.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-08 bis 2012-10-08  ))))))))))))))))))))))))))))))
.
.
2012-10-08 13:21 . 2012-10-08 13:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-08 13:02 . 2012-09-18 22:58	9308616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{57FF9323-3D5A-4002-A0D4-A107AFDE7B8D}\mpengine.dll
2012-10-07 21:43 . 2012-10-07 21:43	--------	d-----w-	C:\IDE
2012-10-07 13:25 . 2012-10-07 13:39	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-10-07 12:23 . 2012-09-18 22:58	9308616	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7611BBB8-BEDF-4EDD-ADBB-F35825D998B7}\mpengine.dll
2012-10-05 21:25 . 2012-10-05 21:25	--------	d-----w-	C:\_OTL
2012-10-05 13:32 . 2012-10-05 13:33	--------	d-----w-	c:\programdata\Solidshield
2012-10-05 12:54 . 2012-10-05 12:54	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-10-05 12:54 . 2012-10-05 12:54	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-10-05 05:17 . 2012-10-05 05:18	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-09-28 12:50 . 2012-07-02 10:23	35112	----a-w-	c:\windows\system32\drivers\teamviewervpn.sys
2012-09-28 10:46 . 2012-09-28 10:46	--------	d-----w-	c:\program files\CyberGhost VPN
2012-09-28 01:56 . 2012-09-28 01:56	--------	d-----w-	c:\program files (x86)\Alcohol Soft
2012-09-28 01:56 . 2012-09-28 01:56	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-09-28 01:15 . 2012-09-28 01:15	868848	----a-w-	c:\windows\system32\drivers\sptd.sys
2012-09-28 01:15 . 2012-09-28 01:15	--------	d-----w-	c:\program files (x86)\Franzis
2012-09-28 01:08 . 2012-09-28 01:08	--------	d-----w-	c:\users\*\AppData\Roaming\Nero
2012-09-28 01:04 . 2012-09-28 01:06	--------	d-----w-	c:\program files (x86)\Common Files\Nero
2012-09-28 01:04 . 2012-09-28 01:04	--------	d-----w-	c:\program files (x86)\Nero
2012-09-28 00:11 . 2012-09-19 09:29	34656	----a-w-	c:\windows\system32\TURegOpt.exe
2012-09-28 00:11 . 2012-09-19 09:29	25952	----a-w-	c:\windows\system32\authuitu.dll
2012-09-28 00:11 . 2012-09-19 09:29	21344	----a-w-	c:\windows\SysWow64\authuitu.dll
2012-09-28 00:10 . 2012-09-28 00:28	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2013
2012-09-28 00:08 . 2012-09-28 00:20	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-09-28 00:08 . 2012-09-28 00:08	--------	d--h--w-	c:\programdata\Common Files
2012-09-27 17:12 . 2012-09-27 17:13	--------	d-----w-	c:\users\*\.gnubg
2012-09-27 16:15 . 2012-09-27 16:30	--------	d-----w-	c:\program files (x86)\K-Lite Codec Pack
2012-09-26 16:03 . 2012-09-27 22:15	--------	d-----w-	c:\users\*\AppData\Roaming\SUPERAntiSpyware.com
2012-09-26 16:02 . 2012-09-26 16:02	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-09-26 00:30 . 2012-09-26 00:31	--------	d-----w-	C:\AVZ
2012-09-25 18:30 . 2012-09-25 18:30	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-09-25 17:46 . 2012-09-27 22:16	--------	d-----w-	c:\users\*\AppData\Roaming\NetMeter
2012-09-25 17:46 . 2012-09-25 17:46	--------	d-----w-	c:\program files (x86)\NetMeter
2012-09-25 17:39 . 2012-09-26 18:34	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-09-25 17:38 . 2012-09-25 17:39	--------	d-----w-	c:\programdata\Logishrd
2012-09-25 17:38 . 2012-09-25 17:39	--------	d-----w-	c:\program files\Logitech
2012-09-25 17:38 . 2012-09-25 17:39	--------	d-----w-	c:\program files\Common Files\Logishrd
2012-09-25 17:35 . 2012-09-27 17:30	--------	d-----w-	c:\users\*\AppData\Roaming\Logishrd
2012-09-25 17:35 . 2012-09-25 18:13	--------	d-----w-	c:\users\*\AppData\Roaming\Logitech
2012-09-25 17:08 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-25 14:51 . 2012-09-25 15:07	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-09-19 16:50 . 2012-09-19 16:50	--------	d-----w-	c:\users\*\AppData\Roaming\Malwarebytes
2012-09-19 16:50 . 2012-09-19 16:50	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-19 16:50 . 2012-09-28 01:39	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-17 20:32 . 2012-09-17 20:32	--------	d-----w-	c:\users\*\AppData\Roaming\PACE Anti-Piracy
2012-09-17 20:32 . 2012-09-17 20:32	--------	d-----w-	c:\users\*\AppData\Local\PACE Anti-Piracy
2012-09-17 20:32 . 2012-09-17 20:32	--------	d-----w-	c:\programdata\PACE Anti-Piracy
2012-09-17 16:42 . 2012-09-17 16:42	--------	d-----w-	c:\users\*\AppData\Roaming\Ahead
2012-09-17 08:45 . 2012-09-17 09:33	--------	d-----w-	c:\users\*\AppData\Roaming\TeamViewer
2012-09-17 08:12 . 2012-09-17 08:12	--------	d-----w-	c:\users\*\AppData\Local\Apps
2012-09-17 01:06 . 2012-09-17 01:06	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-09-16 15:36 . 2012-09-16 15:36	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-09-16 15:36 . 2012-09-16 15:36	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-09-16 15:26 . 2012-09-16 15:26	--------	d-----w-	c:\users\*\AppData\Local\Apple
2012-09-16 15:26 . 2012-09-16 15:26	--------	d-----w-	c:\program files\Bonjour
2012-09-16 15:26 . 2012-09-16 15:26	--------	d-----w-	c:\program files (x86)\Bonjour
2012-09-16 15:19 . 2012-09-16 15:19	--------	d-----w-	c:\users\*\AppData\Local\Secunia PSI
2012-09-16 13:24 . 2012-09-16 13:24	--------	d-----w-	c:\windows\de
2012-09-16 13:24 . 2012-09-16 13:24	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-09-16 13:23 . 2012-09-16 13:24	--------	d-----w-	c:\program files (x86)\Windows Live
2012-09-16 13:21 . 2012-09-27 22:16	--------	d-----r-	c:\users\*\SkyDrive
2012-09-16 13:21 . 2012-09-16 13:21	--------	d-----w-	c:\programdata\Microsoft SkyDrive
2012-09-16 13:20 . 2012-09-19 22:53	--------	d-----w-	c:\users\*\AppData\Local\Windows Live
2012-09-16 13:20 . 2012-09-16 13:20	--------	d-----w-	c:\program files (x86)\Common Files\Windows Live
2012-09-12 08:10 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 08:10 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 08:10 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-12 08:10 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-12 08:10 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 08:10 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 08:10 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 07:56 . 2012-09-11 07:56	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-09-10 22:17 . 2012-10-05 10:09	--------	d-----w-	c:\program files (x86)\Origin Games
2012-09-10 22:16 . 2012-09-10 22:16	--------	d-----w-	c:\users\*\AppData\Local\PunkBuster
2012-09-10 22:09 . 2012-09-27 22:25	--------	d-----w-	c:\program files (x86)\Battlelog Web Plugins
2012-09-10 22:07 . 2012-10-06 22:39	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2012-09-10 22:07 . 2012-09-10 22:08	--------	d-----w-	c:\users\*\AppData\Local\Origin
2012-09-10 22:05 . 2012-10-05 10:03	--------	d-----w-	c:\program files (x86)\Origin
2012-09-10 21:13 . 2012-09-10 21:13	--------	d--h--w-	c:\program files (x86)\Common Files\EAInstaller
2012-09-10 21:13 . 2012-09-11 07:56	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-09-10 21:13 . 2012-09-11 05:15	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-09-10 21:13 . 2012-09-11 05:15	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-09-10 19:38 . 2012-09-10 19:49	--------	d-----w-	c:\users\*\AppData\Local\Microsoft Games
2012-09-10 18:00 . 2012-10-05 14:39	--------	d-----w-	c:\programdata\Origin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 22:34 . 2012-09-05 15:31	696240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-27 22:34 . 2012-09-05 15:31	73136	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 08:30 . 2012-09-04 13:25	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-09-05 02:42 . 2012-09-05 02:42	15453832	----a-w-	c:\windows\SysWow64\xlive.dll
2012-09-05 02:40 . 2012-09-05 02:40	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2012-09-05 02:40 . 2012-09-05 02:40	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-09-05 02:40 . 2012-09-05 02:40	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-09-05 02:40 . 2012-09-05 02:40	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-09-04 18:49 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-09-04 18:49 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-09-04 17:56 . 2012-09-04 17:56	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 17:56 . 2012-09-04 17:56	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-04 17:56 . 2012-09-04 17:56	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-04 15:47 . 2012-09-04 15:47	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-09-04 15:47 . 2012-09-04 15:47	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-09-04 15:47 . 2012-09-04 15:47	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-04 15:47 . 2012-09-04 15:47	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-04 15:47 . 2012-09-04 15:47	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-09-04 15:47 . 2012-09-04 15:47	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-09-04 15:47 . 2012-09-04 15:47	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-09-04 15:47 . 2012-09-04 15:47	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-09-04 15:47 . 2012-09-04 15:47	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-09-04 15:47 . 2012-09-04 15:47	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-09-04 15:47 . 2012-09-04 15:47	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-09-04 15:47 . 2012-09-04 15:47	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-09-04 15:47 . 2012-09-04 15:47	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-09-04 15:47 . 2012-09-04 15:47	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-09-04 15:47 . 2012-09-04 15:47	222208	----a-w-	c:\windows\system32\msls31.dll
2012-09-04 15:47 . 2012-09-04 15:47	197120	----a-w-	c:\windows\system32\msrating.dll
2012-09-04 15:47 . 2012-09-04 15:47	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-09-04 15:47 . 2012-09-04 15:47	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-09-04 15:47 . 2012-09-04 15:47	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-09-04 15:47 . 2012-09-04 15:47	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-09-04 15:47 . 2012-09-04 15:47	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-09-04 15:47 . 2012-09-04 15:47	149504	----a-w-	c:\windows\system32\occache.dll
2012-09-04 15:47 . 2012-09-04 15:47	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-09-04 15:47 . 2012-09-04 15:47	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-09-04 15:47 . 2012-09-04 15:47	12288	----a-w-	c:\windows\system32\mshta.exe
2012-09-04 15:47 . 2012-09-04 15:47	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-09-04 15:47 . 2012-09-04 15:47	114176	----a-w-	c:\windows\system32\admparse.dll
2012-09-04 15:47 . 2012-09-04 15:47	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-09-04 15:47 . 2012-09-04 15:47	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-09-04 15:47 . 2012-09-04 15:47	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-09-04 15:47 . 2012-09-04 15:47	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-09-04 15:47 . 2012-09-04 15:47	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-09-04 15:47 . 2012-09-04 15:47	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-09-04 15:47 . 2012-09-04 15:47	82432	----a-w-	c:\windows\system32\icardie.dll
2012-09-04 15:47 . 2012-09-04 15:47	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-09-04 15:47 . 2012-09-04 15:47	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-09-04 15:47 . 2012-09-04 15:47	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-09-04 15:47 . 2012-09-04 15:47	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-09-04 15:47 . 2012-09-04 15:47	448512	----a-w-	c:\windows\system32\html.iec
2012-09-04 15:47 . 2012-09-04 15:47	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-09-04 15:47 . 2012-09-04 15:47	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-09-04 15:47 . 2012-09-04 15:47	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-09-04 15:47 . 2012-09-04 15:47	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-09-04 15:47 . 2012-09-04 15:47	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-09-04 15:47 . 2012-09-04 15:47	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-09-04 15:47 . 2012-09-04 15:47	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-09-04 15:47 . 2012-09-04 15:47	160256	----a-w-	c:\windows\system32\wextract.exe
2012-09-04 15:47 . 2012-09-04 15:47	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-09-04 15:47 . 2012-09-04 15:47	103936	----a-w-	c:\windows\system32\inseng.dll
2012-08-21 09:13 . 2012-09-04 11:36	359464	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-09-04 11:36	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-09-04 11:36	969200	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-09-04 11:36	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-09-04 11:36	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-09-04 11:36	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-09-04 11:35	41224	----a-w-	c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-09-04 11:35	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-09-04 11:36	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-07-28 00:54 . 2012-07-28 00:54	321472	----a-w-	c:\windows\WLXPGSS.SCR
2012-07-26 17:08 . 2012-07-26 17:08	862664	----a-w-	c:\windows\SysWow64\msvcr110.dll
2012-07-26 17:08 . 2012-07-26 17:08	534480	----a-w-	c:\windows\SysWow64\msvcp110.dll
2012-07-26 17:08 . 2012-07-26 17:08	251864	----a-w-	c:\windows\SysWow64\vccorlib110.dll
2012-07-26 17:08 . 2012-07-26 17:08	153536	----a-w-	c:\windows\SysWow64\atl110.dll
2012-07-26 17:08 . 2012-07-26 17:08	115656	----a-w-	c:\windows\SysWow64\vcomp110.dll
2012-07-26 13:22 . 2012-07-26 13:22	828872	----a-w-	c:\windows\system32\msvcr110.dll
2012-07-26 13:22 . 2012-07-26 13:22	661448	----a-w-	c:\windows\system32\msvcp110.dll
2012-07-26 13:22 . 2012-07-26 13:22	354264	----a-w-	c:\windows\system32\vccorlib110.dll
2012-07-26 13:22 . 2012-07-26 13:22	177096	----a-w-	c:\windows\system32\atl110.dll
2012-07-26 13:22 . 2012-07-26 13:22	124360	----a-w-	c:\windows\system32\vcomp110.dll
2012-07-18 18:15 . 2012-09-04 13:19	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-17 13:14 . 2012-07-17 13:14	253184	----a-w-	c:\windows\system32\LIVESSP.DLL
2012-07-17 12:49 . 2012-07-17 12:49	209648	----a-w-	c:\windows\SysWow64\LIVESSP.DLL
2012-07-17 12:37 . 2012-07-17 12:37	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ZoomIt"="d:\downloads\ZoomIt43\ZoomIt.exe" [2012-07-11 568432]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
 [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 250288]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 esihdrv;esihdrv;c:\users\*\AppData\Local\Temp\esihdrv.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-25 114144]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2012-06-09 39248]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-28 868848]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\Sleen1764.sys [2010-02-17 13:21 108256]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2012-06-09 389968]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2012-07-02 35112]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-19 11880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 22:34]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094054634-324839966-1081519958-1000Core.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 15:47]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094054634-324839966-1081519958-1000UA.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 15:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\clm4btjq.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*L*u*n*a*t**Υn\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*à']
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*à'\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-*mpeg]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-*mpeg\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*€@”n\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-08  15:23:52
ComboFix-quarantined-files.txt  2012-10-08 13:23
ComboFix2.txt  2012-10-07 21:40
.
Vor Suchlauf: 15 Verzeichnis(se), 193.735.700.480 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 193.526.767.616 Bytes frei
.
- - End Of File - - 164F77C79F5390F2D81CF3855CDA47EE
         

Alt 08.10.2012, 16:31   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Alt 08.10.2012, 20:52   #25
Shizznut
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-08 21:31:02
Windows 6.1.7601 Service Pack 1 
Running: h0i99ffr.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                    771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                    285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                    1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0x71 0x96 0xD3 0x60 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                             
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0x59 0x04 0x55 0xD0 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0xDF 0x9F 0x28 0x5C ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x71 0x96 0xD3 0x60 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x59 0x04 0x55 0xD0 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xDF 0x9F 0x28 0x5C ...

---- EOF - GMER 1.0.15 ----
         
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:35:13 on 08.10.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Google Inc. Google Chrome 22.0.1229.79

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-3094054634-324839966-1081519958-1000Core.job" - "Google Inc." - C:\Users\*\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3094054634-324839966-1081519958-1000UA.job" - "Google Inc." - C:\Users\*\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"am8li0mv" (am8li0mv) - "Microsoft Corporation" - C:\Windows\system32\drivers\am8li0mv.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"esihdrv" (esihdrv) - ? - C:\Users\*\AppData\Local\Temp\esihdrv.sys  (File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"Steganos Live Encryption Engine 17 [Driver]" (SLEE_17_DRIVER) - "Softwareentwicklung Remus - ArchiCrypt - " - C:\Windows\Sleen1764.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "ms-help" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Microsoft Outlook Custom Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - C:\Program Files\TeraCopy\TeraCopyExt.dll  (File found, but it contains no detailed information)
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2013\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2013\SDShelEx-win32.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
ITBar7Height64 "ITBar7Height64" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout64" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_4_402_278.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{0E8D0700-75DF-11D3-8B4A-0008C7450C4A} "{0E8D0700-75DF-11D3-8B4A-0008C7450C4A}" - ? -   (File not found | COM-object registry key not found) / hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Microsoft-Konto-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
"ZoomIt" - "Sysinternals - www.sysinternals.com" - D:\Downloads\ZoomIt43\ZoomIt.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"CyberGhost VPN Client" (CGVPNCliSrvc) - "mobile concepts GmbH" - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office 64 Source Engine" (ose64) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File not found)
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
"StarWind AE Service" (StarWindServiceAE) - "Rocket Division Software" - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Windows\system32\G-Force.scr  (File found, but it contains no detailed information)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
aswMBR stürzte beim Quickscan ab.
Hier das Log mit "None-Einstellung":

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-08 21:40:29
-----------------------------
21:40:29.449    OS Version: Windows x64 6.1.7601 Service Pack 1
21:40:29.449    Number of processors: 4 586 0x2502
21:40:29.449    ComputerName: *-*  UserName: *
21:40:30.478    Initialize success
21:40:30.572    AVAST engine defs: 12100800
21:40:37.951    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:40:37.951    Disk 0 Vendor: TOSHIBA_ AX00 Size: 953869MB BusType: 3
21:40:37.982    Disk 0 MBR read successfully
21:40:37.982    Disk 0 MBR scan
21:40:37.982    Disk 0 Windows 7 default MBR code
21:40:37.998    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:40:38.013    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       308000 MB offset 206848
21:40:38.029    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       645767 MB offset 630990848
21:40:38.076    Disk 0 scanning C:\Windows\system32\drivers
21:40:46.000    Service scanning
21:41:03.535    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:41:09.666    Modules scanning
21:41:09.666    Disk 0 trace - called modules:
21:41:09.697    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spdu.sys hal.dll 
21:41:09.712    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a4f060]
21:41:09.712    3 CLASSPNP.SYS[fffff88001d5643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a04050]
21:41:09.712    Scan finished successfully
21:41:27.403    Disk 0 MBR has been saved successfully to "C:\Users\*\Desktop\MBR.dat"
21:41:27.418    The log file has been saved successfully to "C:\Users\*\Desktop\aswMBR.txt"
         

Alt 09.10.2012, 11:16   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Alt 09.10.2012, 19:48   #27
Shizznut
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Hi,
Malwarebytes hat nichts gefunden - kein Log.
Kannst du mir evtl. was zu der von SUPERAntiSpyware sagen?
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/09/2012 at 08:41 PM

Application Version : 5.5.1022

Core Rules Database Version : 9366
Trace Rules Database Version: 7178

Scan type       : Complete Scan
Total Scan Time : 04:32:58

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 728
Memory threats detected   : 0
Registry items scanned    : 73408
Registry threats detected : 30
File items scanned        : 223901
File threats detected     : 0

Security.HiJack[ImageFileExecutionOptions]
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXCEL.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXCEL.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GROOVE.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GROOVE.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOPATH.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOPATH.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MISC.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MISC.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACCESS.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACCESS.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSPUB.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSPUB.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OIS.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OIS.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ONENOTE.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ONENOTE.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERPNT.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERPNT.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSCONTENTINSTALLER.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSCONTENTINSTALLER.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSLAUNCHER.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSLAUNCHER.EXE#Debugger
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE
	(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE#Debugger
         

Alt 09.10.2012, 20:13   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Hm, irgendwie machen diese Einträge keinen Sinn, kann sein dass die durch Tuneup kommen

Alt 10.10.2012, 12:48   #29
Shizznut
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Hi,
Spyware hat danach nichts mehr gefunden und alle Office-Anwendungen funktionieren noch. Office wurde zwar, nach der Übernahme der jeweiligen Registrierungsschlüssel in die Quarantäne, einmalig beim Start neukonfiguriert, aber funktioniert alles soweit.
Ansonsten wären wir durch?
Gruß

Alt 10.10.2012, 14:09   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware Tracking Cookie und Security HiJack - Standard

Adware Tracking Cookie und Security HiJack



Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Antwort

Themen zu Adware Tracking Cookie und Security HiJack
adware, antivirus, avast, avast antivirus, browser, dateien, detected, explorer, file, firefox, frage, gelöscht, google, hijack, home, internet, internet browser, internet explorer, microsoft, mozilla, ordner, registrierungsdatenbank, security, software, suche, superantispyware, windows



Ähnliche Themen: Adware Tracking Cookie und Security HiJack


  1. Adware.Tracking cookie
    Überwachung, Datenschutz und Spam - 08.04.2014 (16)
  2. Trojan.Agent/Gen, Adware.Tracking Cookie und Oreans32 gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (11)
  3. Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt
    Log-Analyse und Auswertung - 05.07.2012 (27)
  4. "SuperantiSpyware" erkennt "Adware.tracking cookie" kann aber das nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (21)
  5. Tracking Cookie
    Log-Analyse und Auswertung - 08.07.2010 (3)
  6. unerwünschte pop ups -> (Adware Tracking Cookie,trojan agent,trojan dropper)
    Log-Analyse und Auswertung - 02.06.2010 (20)
  7. AVG Meldungen: Adware:Generic2.CMX und Tracking cookie.Atdmt gefunden
    Plagegeister aller Art und deren Bekämpfung - 26.06.2009 (1)
  8. tracking cookie, 100% CPU Auslastung
    Plagegeister aller Art und deren Bekämpfung - 16.06.2009 (27)
  9. @atdmt Tracking Cookie ???
    Plagegeister aller Art und deren Bekämpfung - 10.06.2009 (0)
  10. Tracking Cookie
    Plagegeister aller Art und deren Bekämpfung - 27.01.2009 (0)
  11. adware tracking cookie
    Plagegeister aller Art und deren Bekämpfung - 15.11.2008 (1)
  12. Adware.Tracking.Cookie
    Plagegeister aller Art und deren Bekämpfung - 13.09.2008 (6)
  13. tracking cookie yadro.ru.c77afad5
    Plagegeister aller Art und deren Bekämpfung - 29.08.2008 (1)
  14. Tracking-cookie, popup-terror, cookie-einstellungen
    Plagegeister aller Art und deren Bekämpfung - 02.08.2008 (0)
  15. Tracking Cookie
    Plagegeister aller Art und deren Bekämpfung - 15.02.2008 (5)
  16. Adware.Tracking Cookie
    Plagegeister aller Art und deren Bekämpfung - 12.06.2007 (1)
  17. Tracking-Cookie
    Plagegeister aller Art und deren Bekämpfung - 04.01.2006 (2)

Zum Thema Adware Tracking Cookie und Security HiJack - Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert - Adware Tracking Cookie und Security HiJack...
Archiv
Du betrachtest: Adware Tracking Cookie und Security HiJack auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.