Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Smart Fortress 2012-Befall

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.04.2012, 23:58   #1
Dominik55118
 
Smart Fortress 2012-Befall - Ausrufezeichen

Smart Fortress 2012-Befall



Hallo,

ich habe ein kleines Problem und hoffe, dass mir jemand helfen kann. Ansonsten habe ich bald ein größeres Problem mit meinen Arbeiten an der Uni... Aber ich will ja nicht rumheulen.

Problem:
Mein Computer von Smart Fortress befallen, was bisher jedoch noch keine gravierenden Auswirkungen auf die Funktionsfähigkeit des Computers im Normalmodus zu haben scheint.
Es kam zu einer englischsprachigen Meldung, die auf vermeintlichen Schadsoftwarebefall hinwies. Als erste Reaktion habe ich darauf Smart Fortress in der Systemsteuerung deinstalliert, da ich in diesem Moment weder auf Antivir noch auf die Prozesskontrolle im TaskManager zugreifen konnte. Danach konnte ich dies wieder.
Antivir hat keinerlei Meldung gemacht.

Generelle Computerinfos
System: Windows 7 64bit
Gerät: Acer Aspire 5920G
Bisher standardmäßig verwendeter Virenscanner: AntiVir
Firewall: Windows Defender (beide regelmäßig aktualisiert)

Erste Maßnahmen in chronologischer Reihenfolge

Zunächst habe ich den Computer mit Malwarebytes und darauf mit ESET Online-Scan auf Malware gescannt. Danach habe ich einen OTL-Log erstellt sowie das Rootkill-Tool angewendet. Die Viren/Malware-Scanns liefen bis zum Ende durch und letzteren beiden Programme funktionierten.

Im Folgenden die Logs:
Malwarebytes:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dominik :: DOMINIK-PC [Administrator]

03.04.2012 17:55:50
mbam-log-2012-04-03 (17-55-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382835
Laufzeit: 1 Stunde(n), 6 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
In der Folge habe ich nochmal einen Scan mit ESET online Scanner gemacht.

Dieser fand 2 Dinge:
C:\Users\Dominik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7ff8dfd3-70881085 a variant of Java/TrojanDownloader.Agent.NCJ trojan
C:\Users\Dominik\Downloads\SoftonicDownloader_fuer_burn4free.exe a variant of Win32/SoftonicDownloader.A application
Nächste Handlung: OTL-Scan

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.04.2012 22:29:48 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Dominik\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,02% Memory free
6,00 Gb Paging File | 4,70 Gb Available in Paging File | 78,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 228,60 Gb Free Space | 76,69% Space Free | Partition Type: NTFS
 
Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{377672F0-6B8A-467D-8DDC-79338BCCD531}" = 64 Bit HP CIO Components Installer
"{4B0373F5-8401-5B8B-43CE-99501128E470}" = ccc-utility64
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5B210B8A-B66E-4702-B44D-0D6F388D29EB}" = SpyHunter
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B3F0A88-790D-3AD9-9F96-B19CF2746452}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E4C65E9C-1DC8-1F28-CDF8-D808B210E4F3}" = ATI Catalyst Install Manager
"{F00E8682-43E6-4D3C-C695-9FD56617877F}" = ATI AVIVO64 Codecs
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F4ADD72-A2A9-F6E1-25D4-2BE67EECF488}" = Catalyst Control Center Graphics Light
"{17B2670B-DB33-4F5E-9273-0E5CDF39DA5F}" = Windows Phone Intro Video (DEU)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF6E75E-5717-AC97-4F5A-C40B4678D3A6}" = Catalyst Control Center Core Implementation
"{21D98271-AFC5-CF76-D141-A01CB1913066}" = CCC Help Chinese Standard
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{27335674-0E4D-1762-CEC5-6C7FBD7994E7}" = CCC Help Spanish
"{275D0AE3-B9B4-22AB-3C7F-2DD1D6B1C9F1}" = CCC Help German
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{36E15666-43C1-91A7-0281-498F9D383B2C}" = simfy
"{3E3B1A7E-04C4-1BEB-4725-94B1457F2844}" = CCC Help Japanese
"{463D45C1-3C87-D10A-9445-A51EB0D54BA9}" = CCC Help Czech
"{47C8D2F6-E62F-11E2-8611-C8782E5435E6}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3B172A-7D5E-23A5-9FE7-8187D39E610B}" = CCC Help French
"{4D6ED6C6-CE6C-1A27-827D-6C5F14E230A9}" = CCC Help Russian
"{51611411-AB18-D3A4-0226-DD59AD9B6795}" = Catalyst Control Center Localization All
"{55958C76-EAC8-5E5B-E555-18E5384A5FBA}" = CCC Help Turkish
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5FB36A4E-C181-0500-E8EF-4041961D49B7}" = CCC Help Italian
"{68E1D296-666D-64FE-1F94-7068FF9D8F6F}" = CCC Help Finnish
"{693EA431-2EE9-A392-AD07-89B7459CDA60}" = CCC Help Polish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72C0C051-4B7B-1078-BEC3-F6F8B69A61E7}" = CCC Help Danish
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{77DE7C44-9539-B54F-B4D7-44CFE5CF34D2}" = CCC Help Portuguese
"{79F2C94B-3FFE-0091-AFA9-9F107DE76683}" = Catalyst Control Center Graphics Previews Vista
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8978B727-244B-998B-7964-08D2C163C5B4}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C7F5C58-5193-841E-70FA-A5F4DDA4BA20}" = CCC Help Swedish
"{8D4EA8D8-6573-5942-B15A-A8DF17AD1B65}" = Catalyst Control Center Graphics Full Existing
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.de-de_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.07.07
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{B0AE10DB-3C4E-14D0-1D5D-BE8CCFFA657F}" = ccc-core-static
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C47B4C99-9181-6C1E-DFA1-D9DB91E77DC3}" = Catalyst Control Center Graphics Full New
"{C9C98419-970E-464A-1E81-B20D7EDF4A9A}" = CCC Help Hungarian
"{CA36A06F-C898-C109-FDC3-1F7083327244}" = CCC Help Korean
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D4AAA6F1-8230-2931-0CBC-0E959731063E}" = CCC Help Greek
"{D89BB13D-474A-FA51-07D2-86D633FA8032}" = CCC Help Thai
"{DD38F611-6F62-0F01-B8A7-8E54A7723823}" = CCC Help Norwegian
"{DD5FB3E8-643B-6764-7AFD-C834DD0D411B}" = CCC Help Dutch
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F0EE142F-6CA2-3FCB-20A3-9111E750BE65}" = CCC Help Chinese Traditional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF1C72E2-203C-4E95-8D24-735196D29E04}" = HP Install Network Printer Wizard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Burn4Free DVD Burning_is1" = Burn4Free DVD Burning 5.5.0.0
"Freecorder5.01" = Freecorder 5
"HP Download Manager" = HP Download Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 fr)" = Mozilla Firefox 11.0 (x86 fr)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Simfy" = simfy
"UltraISO_is1" = UltraISO Premium V9.12
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Détection de l'application Winamp
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


Schließlich noch die Ergebnisse der Rootkill-Durchläufe


1
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03.04.2012 at 22:46:38.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:



Rkill completed on 03.04.2012 at 22:46:46.

2

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03.04.2012 at 22:48:32.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\grpconv.exe


Rkill completed on 03.04.2012 at 22:49:57.
3
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03.04.2012 at 22:51:40.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:



Rkill completed on 03.04.2012 at 22:53:14.
4
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03.04.2012 at 22:54:39.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\grpconv.exe


Rkill completed on 03.04.2012 at 22:54:47.

5
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03.04.2012 at 22:58:22.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:



Rkill completed on 03.04.2012 at 22:58:31.


Offene Fragen

Ehrlich gesagt bin ich völlig ahnungslos, was weiter zu tun ist und für jede Hilfe dankbar.

Der Antivir-Schirm ist grafisch in der Taskleiste als geschlossen dargestellt, obwohl das Programm läuft, aktiviert ist und reagiert. In der Auswahlliste für Benachrichtigungen in der Task-Leiste ist mehrmals ein Programm namens Proxy-Check aufgeführt (Proxyeinstellungen im Internetexplorer allerdings nicht definiert), und ein Programm, dessen Name aus folgender Zahlen-Buchstaben-Kombi besteht: F4D55F3E000C4EBP0060677DB4EB2331


Wer kann helfen? Was soll ich tun? Ich hoffe jemand kann helfen....
Liebe Grüße und vielen Dank im Voraus,

Dominik

Geändert von Dominik55118 (04.04.2012 um 00:04 Uhr)

Alt 04.04.2012, 15:35   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Smart Fortress 2012-Befall - Standard

Smart Fortress 2012-Befall



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 04.04.2012, 15:56   #3
Dominik55118
 
Smart Fortress 2012-Befall - Standard

Smart Fortress 2012-Befall



Lieber Arne,

erstmal danke, dass du dich meines Problems angenommen hast.

Vorher hatte ich noch nicht mit Malwarebytes gescannt, aber nach dem veröffentlichten Log noch mehrmals.

Hier alle Logs, die im Reiter stehen
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dominik :: DOMINIK-PC [Administrator]

03.04.2012 17:55:50
mbam-log-2012-04-03 (17-55-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382835
Laufzeit: 1 Stunde(n), 6 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Zweiter log
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.03.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dominik :: DOMINIK-PC [Administrator]

03.04.2012 23:00:41
mbam-log-2012-04-03 (23-00-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 194226
Laufzeit: 3 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
dritter Log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.03.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dominik :: DOMINIK-PC [Administrator]

03.04.2012 23:05:00
mbam-log-2012-04-03 (23-05-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 383751
Laufzeit: 1 Stunde(n), 30 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und vierter (letzter) Log
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.03.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dominik :: DOMINIK-PC [Administrator]

03.04.2012 23:05:00
mbam-log-2012-04-03 (23-05-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 383751
Laufzeit: 1 Stunde(n), 30 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

.... Hoppla, ein Log (3 und 4) ist wohl doppelt (hatte wohl manuell gespeichert)... sry


Was könnte ich noch tun?

Merci und LG,

Dominik
__________________

Alt 04.04.2012, 16:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Smart Fortress 2012-Befall - Standard

Smart Fortress 2012-Befall



Hätte da mal dreiFragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Du hast nur das Extras Log von OTL gepostet, wo ist das Log OTL.txt?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.04.2012, 16:49   #5
Dominik55118
 
Smart Fortress 2012-Befall - Standard

Smart Fortress 2012-Befall



Hello Arne,

zu 1) ja, der normale Modus funktioniert uneingeschränkt.

zu 2) alles da im Startmenü, keine Verluste von Einträgen.

zu 3) hmmm gute Frage. Den finde ich nicht. Ich führe einen neuen OTS-Scan durch. Hier das Resultat:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.04.2012 16:39:35 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Dominik\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 47,99% Memory free
6,00 Gb Paging File | 3,97 Gb Available in Paging File | 66,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 229,13 Gb Free Space | 76,87% Space Free | Partition Type: NTFS
 
Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dominik\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL ()
MOD - C:\Windows\PLFSetI.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (ZuneWlanCfgSvc) -- c:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- c:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- c:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (nuvotoncir) -- C:\Windows\SysNative\drivers\nuvotoncir.sys (Nuvoton Technology Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 48 E6 FA BC 11 CD 01  [binary data]
IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.01 20:14:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.09 22:28:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.29 12:52:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.01.28 00:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions
[2011.01.28 00:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.04.01 20:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\ik12mzv0.default\extensions
[2012.04.01 20:14:56 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\ik12mzv0.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.11.11 02:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\DOMINIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IK12MZV0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DOMINIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IK12MZV0.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.04.01 20:14:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.03 22:53:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.09.26 19:22:31 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2011.09.26 19:22:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.26 19:22:31 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011.09.26 19:22:31 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2011.09.26 19:22:31 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011.09.26 19:22:31 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4780B17-0A95-423A-A887-C9723D7415DA}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.04 13:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire
[2012.04.04 13:06:06 | 000,074,824 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2012.04.04 13:06:06 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2012.04.04 13:06:06 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2012.04.04 13:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire
[2012.04.04 13:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.04.04 01:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.04.03 21:41:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\Logs
[2012.04.03 20:16:50 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe
[2012.04.03 19:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.04.03 17:50:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes
[2012.04.03 17:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.03 17:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.03 17:50:03 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.03 17:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.03 09:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E000C4EBD0060677DB4EB2331
[2012.04.01 03:49:15 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.01 03:49:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.01 03:49:13 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.31 18:39:26 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.31 18:38:59 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.31 18:38:59 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.31 18:38:59 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.31 18:38:48 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.31 18:38:48 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.04 13:03:51 | 000,021,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.04 13:03:51 | 000,021,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.04 13:01:02 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.04 13:01:02 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.04 13:01:02 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.04 13:01:02 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.04 13:01:02 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.04 12:56:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.04 12:56:10 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.03 22:45:48 | 001,008,141 | ---- | M] () -- C:\Users\Dominik\Desktop\rkill.com
[2012.04.03 20:16:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe
[2012.04.03 17:50:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.01 20:12:46 | 000,414,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.03 22:45:40 | 001,008,141 | ---- | C] () -- C:\Users\Dominik\Desktop\rkill.com
[2012.04.03 17:50:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.08.16 12:30:45 | 000,000,092 | ---- | C] () -- C:\Windows\TraceSrv.ini
[2011.08.16 12:23:37 | 000,835,584 | ---- | C] () -- C:\Windows\tls7912d.dll
[2011.08.16 12:23:37 | 000,040,960 | ---- | C] () -- C:\Windows\uninstallrq.exe
[2011.07.11 16:16:09 | 000,007,597 | ---- | C] () -- C:\Users\Dominik\AppData\Local\Resmon.ResmonCfg
[2011.01.26 19:57:13 | 000,015,656 | ---- | C] () -- C:\Windows\SysWow64\drivers\int15_64.sys
[2011.01.26 19:51:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.Shell32.dll
[2011.01.26 19:51:27 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\ScrollBarLib.dll
[2011.01.26 16:36:51 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011.01.26 12:28:03 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011.01.26 12:28:03 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011.01.26 12:28:03 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011.01.26 12:28:03 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2011.01.26 12:04:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

< End of report >
         
--- --- ---


Nochmals dankeschön für die Hilfe!!

LG,

Dom


Alt 04.04.2012, 22:04   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Smart Fortress 2012-Befall - Standard

Smart Fortress 2012-Befall



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O2:64bit: - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
[2012.04.03 09:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E000C4EBD0060677DB4EB2331
[2011.08.16 12:30:45 | 000,000,092 | ---- | C] () -- C:\Windows\TraceSrv.ini
[2011.08.16 12:23:37 | 000,835,584 | ---- | C] () -- C:\Windows\tls7912d.dll
[2011.08.16 12:23:37 | 000,040,960 | ---- | C] () -- C:\Windows\uninstallrq.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Smart Fortress 2012-Befall

Alt 05.04.2012, 14:12   #7
Dominik55118
 
Smart Fortress 2012-Befall - Standard

Smart Fortress 2012-Befall



Hallo nochmal,

danke für die Antwort. Ich hab den Fix ausgeführt.

Hier der Log

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4178791177-2408624748-2417051294-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Folder C:\ProgramData\F4D55F3E000C4EBD0060677DB4EB2331\ not found.
C:\Windows\TraceSrv.ini moved successfully.
C:\Windows\tls7912d.dll moved successfully.
C:\Windows\uninstallrq.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dominik
->Temp folder emptied: 932302336 bytes
->Temporary Internet Files folder emptied: 110997038 bytes
->Java cache emptied: 2996750 bytes
->FireFox cache emptied: 49877714 bytes
->Flash cache emptied: 67640 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1523485 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1017856 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 193922964 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.267,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Dominik
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.39.2 log created on 04052012_140316

Files\Folders moved on Reboot...
C:\Users\Dominik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dominik\AppData\Local\Temp\RtkBtMnt.exe moved successfully.

Registry entries deleted on Reboot...


Alles Richtig gelaufen?

LG,

Dominik

Alt 05.04.2012, 15:12   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Smart Fortress 2012-Befall - Standard

Smart Fortress 2012-Befall



Die Logs bitte in CODE-Tags posten!!

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.04.2012, 15:34   #9
Dominik55118
 
Smart Fortress 2012-Befall - Standard

Smart Fortress 2012-Befall



Ok, wurde gemacht.

Hier der Log

Code:
ATTFilter
15:26:16.0377 5036	TDSS rootkit removing tool 2.7.26.0 Apr  4 2012 19:52:02
15:26:16.0388 5036	============================================================
15:26:16.0388 5036	Current date / time: 2012/04/05 15:26:16.0388
15:26:16.0388 5036	SystemInfo:
15:26:16.0388 5036	
15:26:16.0388 5036	OS Version: 6.1.7601 ServicePack: 1.0
15:26:16.0388 5036	Product type: Workstation
15:26:16.0389 5036	ComputerName: DOMINIK-PC
15:26:16.0389 5036	UserName: Dominik
15:26:16.0389 5036	Windows directory: C:\Windows
15:26:16.0389 5036	System windows directory: C:\Windows
15:26:16.0389 5036	Running under WOW64
15:26:16.0389 5036	Processor architecture: Intel x64
15:26:16.0389 5036	Number of processors: 2
15:26:16.0389 5036	Page size: 0x1000
15:26:16.0389 5036	Boot type: Normal boot
15:26:16.0389 5036	============================================================
15:26:17.0418 5036	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:26:17.0471 5036	\Device\Harddisk0\DR0:
15:26:17.0472 5036	MBR used
15:26:17.0472 5036	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
15:26:17.0505 5036	Initialize success
15:26:17.0505 5036	============================================================
15:27:16.0432 3880	============================================================
15:27:16.0432 3880	Scan started
15:27:16.0432 3880	Mode: Manual; SigCheck; TDLFS; 
15:27:16.0432 3880	============================================================
15:27:16.0993 3880	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:27:17.0149 3880	1394ohci - ok
15:27:17.0181 3880	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:27:17.0212 3880	ACPI - ok
15:27:17.0259 3880	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:27:17.0337 3880	AcpiPmi - ok
15:27:17.0383 3880	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:27:17.0415 3880	adp94xx - ok
15:27:17.0430 3880	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:27:17.0461 3880	adpahci - ok
15:27:17.0493 3880	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:27:17.0508 3880	adpu320 - ok
15:27:17.0555 3880	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:27:17.0711 3880	AeLookupSvc - ok
15:27:17.0867 3880	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:27:17.0961 3880	AFD - ok
15:27:17.0992 3880	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:27:18.0023 3880	agp440 - ok
15:27:18.0070 3880	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:27:18.0148 3880	ALG - ok
15:27:18.0179 3880	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:27:18.0210 3880	aliide - ok
15:27:18.0241 3880	AMD External Events Utility (322a2c5d390109a4e50679ab58dea870) C:\Windows\system32\atiesrxx.exe
15:27:18.0304 3880	AMD External Events Utility - ok
15:27:18.0335 3880	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:27:18.0351 3880	amdide - ok
15:27:18.0397 3880	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:27:18.0491 3880	AmdK8 - ok
15:27:18.0507 3880	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:27:18.0569 3880	AmdPPM - ok
15:27:18.0631 3880	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:27:18.0663 3880	amdsata - ok
15:27:18.0678 3880	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:27:18.0694 3880	amdsbs - ok
15:27:18.0709 3880	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:27:18.0725 3880	amdxata - ok
15:27:18.0834 3880	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:27:18.0850 3880	AntiVirSchedulerService - ok
15:27:18.0912 3880	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:27:18.0943 3880	AntiVirService - ok
15:27:19.0053 3880	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:27:19.0209 3880	AppID - ok
15:27:19.0333 3880	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:27:19.0396 3880	AppIDSvc - ok
15:27:19.0474 3880	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:27:19.0552 3880	Appinfo - ok
15:27:19.0630 3880	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:27:19.0692 3880	AppMgmt - ok
15:27:19.0770 3880	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:27:19.0786 3880	arc - ok
15:27:19.0801 3880	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:27:19.0817 3880	arcsas - ok
15:27:19.0848 3880	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:27:19.0911 3880	AsyncMac - ok
15:27:19.0942 3880	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:27:19.0973 3880	atapi - ok
15:27:20.0129 3880	atikmdag        (de0ede41bc530f1759c6fffcb8c7a0cf) C:\Windows\system32\DRIVERS\atikmdag.sys
15:27:20.0332 3880	atikmdag - ok
15:27:20.0488 3880	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:27:20.0566 3880	AudioEndpointBuilder - ok
15:27:20.0581 3880	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:27:20.0628 3880	AudioSrv - ok
15:27:20.0722 3880	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
15:27:20.0769 3880	avgntflt - ok
15:27:20.0800 3880	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
15:27:20.0800 3880	avipbb - ok
15:27:20.0987 3880	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:27:21.0112 3880	AxInstSV - ok
15:27:21.0283 3880	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:27:21.0361 3880	b06bdrv - ok
15:27:21.0424 3880	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:27:21.0502 3880	b57nd60a - ok
15:27:21.0564 3880	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:27:21.0611 3880	BDESVC - ok
15:27:21.0642 3880	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:27:21.0736 3880	Beep - ok
15:27:21.0814 3880	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:27:21.0876 3880	BFE - ok
15:27:21.0907 3880	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:27:21.0985 3880	BITS - ok
15:27:22.0079 3880	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:27:22.0141 3880	blbdrive - ok
15:27:22.0188 3880	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:27:22.0251 3880	bowser - ok
15:27:22.0297 3880	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:27:22.0391 3880	BrFiltLo - ok
15:27:22.0407 3880	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:27:22.0422 3880	BrFiltUp - ok
15:27:22.0469 3880	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:27:22.0563 3880	Browser - ok
15:27:22.0594 3880	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:27:22.0672 3880	Brserid - ok
15:27:22.0687 3880	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:27:22.0719 3880	BrSerWdm - ok
15:27:22.0750 3880	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:27:22.0781 3880	BrUsbMdm - ok
15:27:22.0797 3880	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:27:22.0812 3880	BrUsbSer - ok
15:27:22.0843 3880	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:27:22.0875 3880	BTHMODEM - ok
15:27:22.0937 3880	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:27:23.0031 3880	bthserv - ok
15:27:23.0077 3880	CAXHWAZL        (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
15:27:23.0155 3880	CAXHWAZL - ok
15:27:23.0187 3880	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:27:23.0265 3880	cdfs - ok
15:27:23.0327 3880	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:27:23.0374 3880	cdrom - ok
15:27:23.0452 3880	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:27:23.0514 3880	CertPropSvc - ok
15:27:23.0561 3880	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:27:23.0608 3880	circlass - ok
15:27:23.0655 3880	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:27:23.0670 3880	CLFS - ok
15:27:23.0748 3880	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:27:23.0779 3880	clr_optimization_v2.0.50727_32 - ok
15:27:23.0857 3880	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:27:23.0873 3880	clr_optimization_v2.0.50727_64 - ok
15:27:23.0967 3880	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:27:24.0029 3880	clr_optimization_v4.0.30319_32 - ok
15:27:24.0060 3880	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:27:24.0091 3880	clr_optimization_v4.0.30319_64 - ok
15:27:24.0201 3880	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:27:24.0247 3880	CmBatt - ok
15:27:24.0294 3880	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:27:24.0310 3880	cmdide - ok
15:27:24.0357 3880	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:27:24.0388 3880	CNG - ok
15:27:24.0419 3880	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:27:24.0435 3880	Compbatt - ok
15:27:24.0466 3880	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:27:24.0513 3880	CompositeBus - ok
15:27:24.0528 3880	COMSysApp - ok
15:27:24.0684 3880	cpuz135 - ok
15:27:24.0731 3880	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:27:24.0762 3880	crcdisk - ok
15:27:24.0809 3880	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:27:24.0887 3880	CryptSvc - ok
15:27:24.0934 3880	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:27:24.0996 3880	CSC - ok
15:27:25.0043 3880	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:27:25.0090 3880	CscService - ok
15:27:25.0137 3880	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:27:25.0199 3880	DcomLaunch - ok
15:27:25.0246 3880	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:27:25.0339 3880	defragsvc - ok
15:27:25.0417 3880	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:27:25.0495 3880	DfsC - ok
15:27:25.0573 3880	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:27:25.0651 3880	Dhcp - ok
15:27:25.0683 3880	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:27:25.0745 3880	discache - ok
15:27:25.0776 3880	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:27:25.0792 3880	Disk - ok
15:27:25.0901 3880	DKbFltr         (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
15:27:25.0917 3880	DKbFltr - ok
15:27:25.0948 3880	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:27:26.0041 3880	Dnscache - ok
15:27:26.0088 3880	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:27:26.0197 3880	dot3svc - ok
15:27:26.0229 3880	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:27:26.0291 3880	DPS - ok
15:27:26.0385 3880	DritekPortIO - ok
15:27:26.0463 3880	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:27:26.0509 3880	drmkaud - ok
15:27:26.0572 3880	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:27:26.0603 3880	DXGKrnl - ok
15:27:26.0650 3880	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:27:26.0728 3880	EapHost - ok
15:27:26.0853 3880	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:27:26.0946 3880	ebdrv - ok
15:27:27.0055 3880	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:27:27.0102 3880	EFS - ok
15:27:27.0180 3880	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:27:27.0274 3880	ehRecvr - ok
15:27:27.0321 3880	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:27:27.0399 3880	ehSched - ok
15:27:27.0508 3880	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:27:27.0539 3880	elxstor - ok
15:27:27.0679 3880	eNet Service    (fc8671bd2363bffa29c2217d882c227a) C:\Acer\Empowering Technology\eNet\eNet Service.exe
15:27:27.0695 3880	eNet Service ( UnsignedFile.Multi.Generic ) - warning
15:27:27.0695 3880	eNet Service - detected UnsignedFile.Multi.Generic (1)
15:27:27.0711 3880	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:27:27.0757 3880	ErrDev - ok
15:27:27.0835 3880	eSettingsService (a9745687a57cdd71237915859aba8dac) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
15:27:27.0867 3880	eSettingsService ( UnsignedFile.Multi.Generic ) - warning
15:27:27.0867 3880	eSettingsService - detected UnsignedFile.Multi.Generic (1)
15:27:27.0913 3880	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:27:28.0007 3880	EventSystem - ok
15:27:28.0069 3880	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:27:28.0163 3880	exfat - ok
15:27:28.0194 3880	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:27:28.0257 3880	fastfat - ok
15:27:28.0319 3880	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:27:28.0397 3880	Fax - ok
15:27:28.0413 3880	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:27:28.0444 3880	fdc - ok
15:27:28.0491 3880	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:27:28.0600 3880	fdPHost - ok
15:27:28.0631 3880	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:27:28.0725 3880	FDResPub - ok
15:27:28.0740 3880	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:27:28.0756 3880	FileInfo - ok
15:27:28.0787 3880	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:27:28.0818 3880	Filetrace - ok
15:27:28.0849 3880	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:27:28.0865 3880	flpydisk - ok
15:27:29.0349 3880	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:27:29.0380 3880	FltMgr - ok
15:27:29.0442 3880	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:27:29.0520 3880	FontCache - ok
15:27:29.0645 3880	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:27:29.0661 3880	FontCache3.0.0.0 - ok
15:27:29.0754 3880	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:27:29.0785 3880	FsDepends - ok
15:27:29.0817 3880	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:27:29.0817 3880	Fs_Rec - ok
15:27:29.0863 3880	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:27:29.0910 3880	fvevol - ok
15:27:29.0926 3880	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:27:29.0941 3880	gagp30kx - ok
15:27:29.0988 3880	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:27:30.0051 3880	gpsvc - ok
15:27:30.0082 3880	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:27:30.0144 3880	hcw85cir - ok
15:27:30.0191 3880	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:27:30.0222 3880	HdAudAddService - ok
15:27:30.0269 3880	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:27:30.0300 3880	HDAudBus - ok
15:27:30.0347 3880	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:27:30.0378 3880	HidBatt - ok
15:27:30.0409 3880	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:27:30.0456 3880	HidBth - ok
15:27:30.0503 3880	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:27:30.0534 3880	HidIr - ok
15:27:30.0581 3880	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:27:30.0643 3880	hidserv - ok
15:27:30.0706 3880	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:27:30.0737 3880	HidUsb - ok
15:27:30.0784 3880	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:27:30.0862 3880	hkmsvc - ok
15:27:30.0893 3880	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:27:30.0971 3880	HomeGroupListener - ok
15:27:31.0018 3880	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:27:31.0049 3880	HomeGroupProvider - ok
15:27:31.0127 3880	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:27:31.0143 3880	HpSAMD - ok
15:27:31.0267 3880	HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
15:27:31.0314 3880	HsfXAudioService - ok
15:27:31.0377 3880	HSF_DPV         (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
15:27:31.0439 3880	HSF_DPV - ok
15:27:31.0626 3880	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:27:31.0704 3880	HTTP - ok
15:27:31.0751 3880	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:27:31.0767 3880	hwpolicy - ok
15:27:31.0798 3880	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:27:31.0813 3880	i8042prt - ok
15:27:31.0860 3880	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:27:31.0907 3880	iaStorV - ok
15:27:32.0063 3880	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:27:32.0110 3880	idsvc - ok
15:27:32.0235 3880	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:27:32.0250 3880	iirsp - ok
15:27:32.0328 3880	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:27:32.0391 3880	IKEEXT - ok
15:27:32.0515 3880	int15           (91b61589bb2915e81d436efe07548507) C:\Windows\SysWOW64\drivers\int15_64.sys
15:27:32.0547 3880	int15 - ok
15:27:32.0671 3880	IntcAzAudAddService (1a6241b70453a6629a83db942aa6b08c) C:\Windows\system32\drivers\RTKVHD64.sys
15:27:32.0718 3880	IntcAzAudAddService - ok
15:27:32.0874 3880	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:27:32.0890 3880	intelide - ok
15:27:32.0937 3880	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:27:32.0983 3880	intelppm - ok
15:27:33.0046 3880	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:27:33.0108 3880	IPBusEnum - ok
15:27:33.0171 3880	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:27:33.0264 3880	IpFilterDriver - ok
15:27:33.0311 3880	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:27:33.0358 3880	iphlpsvc - ok
15:27:33.0389 3880	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:27:33.0436 3880	IPMIDRV - ok
15:27:33.0467 3880	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:27:33.0561 3880	IPNAT - ok
15:27:33.0592 3880	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:27:33.0639 3880	IRENUM - ok
15:27:33.0701 3880	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:27:33.0717 3880	isapnp - ok
15:27:33.0732 3880	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:27:33.0748 3880	iScsiPrt - ok
15:27:33.0873 3880	ISODrive        (7ebda65260289c9043ba48b85135702c) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
15:27:33.0904 3880	ISODrive - ok
15:27:33.0919 3880	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:27:33.0935 3880	kbdclass - ok
15:27:33.0966 3880	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:27:34.0013 3880	kbdhid - ok
15:27:34.0044 3880	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:34.0075 3880	KeyIso - ok
15:27:34.0075 3880	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:27:34.0091 3880	KSecDD - ok
15:27:34.0107 3880	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:27:34.0122 3880	KSecPkg - ok
15:27:34.0169 3880	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:27:34.0231 3880	ksthunk - ok
15:27:34.0278 3880	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:27:34.0341 3880	KtmRm - ok
15:27:34.0387 3880	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:27:34.0465 3880	LanmanServer - ok
15:27:34.0512 3880	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:27:34.0590 3880	LanmanWorkstation - ok
15:27:34.0699 3880	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:27:34.0762 3880	lltdio - ok
15:27:34.0824 3880	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:27:34.0902 3880	lltdsvc - ok
15:27:34.0933 3880	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:27:34.0980 3880	lmhosts - ok
15:27:35.0011 3880	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:27:35.0027 3880	LSI_FC - ok
15:27:35.0058 3880	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:27:35.0074 3880	LSI_SAS - ok
15:27:35.0105 3880	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:27:35.0121 3880	LSI_SAS2 - ok
15:27:35.0136 3880	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:27:35.0152 3880	LSI_SCSI - ok
15:27:35.0167 3880	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:27:35.0230 3880	luafv - ok
15:27:35.0370 3880	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:27:35.0495 3880	Mcx2Svc - ok
15:27:35.0542 3880	mdmxsdk         (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:27:35.0573 3880	mdmxsdk - ok
15:27:35.0604 3880	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:27:35.0620 3880	megasas - ok
15:27:35.0635 3880	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:27:35.0651 3880	MegaSR - ok
15:27:35.0760 3880	Microsoft SharePoint Workspace Audit Service - ok
15:27:35.0807 3880	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:27:35.0916 3880	MMCSS - ok
15:27:35.0932 3880	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:27:35.0994 3880	Modem - ok
15:27:36.0025 3880	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:27:36.0088 3880	monitor - ok
15:27:36.0150 3880	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:27:36.0166 3880	mouclass - ok
15:27:36.0213 3880	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:27:36.0259 3880	mouhid - ok
15:27:36.0306 3880	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:27:36.0322 3880	mountmgr - ok
15:27:36.0369 3880	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:27:36.0400 3880	mpio - ok
15:27:36.0415 3880	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:27:36.0462 3880	mpsdrv - ok
15:27:36.0509 3880	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:27:36.0603 3880	MpsSvc - ok
15:27:36.0649 3880	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:27:36.0665 3880	MRxDAV - ok
15:27:36.0712 3880	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:27:36.0774 3880	mrxsmb - ok
15:27:36.0821 3880	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:27:36.0868 3880	mrxsmb10 - ok
15:27:36.0883 3880	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:27:36.0915 3880	mrxsmb20 - ok
15:27:36.0946 3880	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:27:36.0961 3880	msahci - ok
15:27:36.0993 3880	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:27:37.0008 3880	msdsm - ok
15:27:37.0055 3880	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:27:37.0117 3880	MSDTC - ok
15:27:37.0180 3880	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:27:37.0227 3880	Msfs - ok
15:27:37.0242 3880	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:27:37.0305 3880	mshidkmdf - ok
15:27:37.0351 3880	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:27:37.0367 3880	msisadrv - ok
15:27:37.0414 3880	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:27:37.0476 3880	MSiSCSI - ok
15:27:37.0492 3880	msiserver - ok
15:27:37.0539 3880	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:27:37.0617 3880	MSKSSRV - ok
15:27:37.0617 3880	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:27:37.0663 3880	MSPCLOCK - ok
15:27:37.0695 3880	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:27:37.0757 3880	MSPQM - ok
15:27:37.0819 3880	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:27:37.0851 3880	MsRPC - ok
15:27:37.0897 3880	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:27:37.0913 3880	mssmbios - ok
15:27:37.0929 3880	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:27:38.0007 3880	MSTEE - ok
15:27:38.0007 3880	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:27:38.0022 3880	MTConfig - ok
15:27:38.0069 3880	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:27:38.0100 3880	Mup - ok
15:27:38.0147 3880	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:27:38.0209 3880	napagent - ok
15:27:38.0287 3880	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:27:38.0365 3880	NativeWifiP - ok
15:27:38.0443 3880	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:27:38.0490 3880	NDIS - ok
15:27:38.0537 3880	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:27:38.0584 3880	NdisCap - ok
15:27:38.0631 3880	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:27:38.0693 3880	NdisTapi - ok
15:27:38.0740 3880	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:27:38.0802 3880	Ndisuio - ok
15:27:38.0833 3880	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:27:38.0927 3880	NdisWan - ok
15:27:38.0974 3880	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:27:39.0021 3880	NDProxy - ok
15:27:39.0099 3880	Net Driver HPZ12 (2c723e42fc8d7b0209492828f921fb50) C:\Windows\system32\HPZinw12.dll
15:27:39.0130 3880	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:27:39.0130 3880	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:27:39.0177 3880	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:27:39.0270 3880	NetBIOS - ok
15:27:39.0317 3880	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:27:39.0348 3880	NetBT - ok
15:27:39.0379 3880	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:39.0395 3880	Netlogon - ok
15:27:39.0457 3880	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:27:39.0535 3880	Netman - ok
15:27:39.0567 3880	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:27:39.0645 3880	netprofm - ok
15:27:39.0769 3880	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:27:39.0801 3880	NetTcpPortSharing - ok
15:27:39.0988 3880	netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:27:40.0175 3880	netw5v64 - ok
15:27:40.0315 3880	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:27:40.0347 3880	nfrd960 - ok
15:27:40.0393 3880	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:27:40.0456 3880	NlaSvc - ok
15:27:40.0471 3880	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:27:40.0518 3880	Npfs - ok
15:27:40.0659 3880	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:27:40.0737 3880	nsi - ok
15:27:40.0768 3880	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:27:40.0815 3880	nsiproxy - ok
15:27:40.0908 3880	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:27:40.0971 3880	Ntfs - ok
15:27:41.0017 3880	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:27:41.0111 3880	Null - ok
15:27:41.0173 3880	nuvotoncir      (6f09cb36c344b98356978b37ba9ad42b) C:\Windows\system32\DRIVERS\nuvotoncir.sys
15:27:41.0236 3880	nuvotoncir - ok
15:27:41.0283 3880	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:27:41.0314 3880	nvraid - ok
15:27:41.0329 3880	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:27:41.0345 3880	nvstor - ok
15:27:41.0392 3880	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:27:41.0407 3880	nv_agp - ok
15:27:41.0423 3880	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:27:41.0470 3880	ohci1394 - ok
15:27:41.0548 3880	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:27:41.0579 3880	ose - ok
15:27:41.0797 3880	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:27:41.0953 3880	osppsvc - ok
15:27:42.0094 3880	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:27:42.0156 3880	p2pimsvc - ok
15:27:42.0203 3880	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:27:42.0234 3880	p2psvc - ok
15:27:42.0328 3880	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:27:42.0359 3880	Parport - ok
15:27:42.0390 3880	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:27:42.0406 3880	partmgr - ok
15:27:42.0421 3880	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:27:42.0468 3880	PcaSvc - ok
15:27:42.0515 3880	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:27:42.0531 3880	pci - ok
15:27:42.0546 3880	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:27:42.0562 3880	pciide - ok
15:27:42.0577 3880	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:27:42.0593 3880	pcmcia - ok
15:27:42.0624 3880	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:27:42.0640 3880	pcw - ok
15:27:42.0671 3880	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:27:42.0733 3880	PEAUTH - ok
15:27:42.0796 3880	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:27:42.0874 3880	PeerDistSvc - ok
15:27:42.0999 3880	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:27:43.0045 3880	PerfHost - ok
15:27:43.0170 3880	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:27:43.0264 3880	pla - ok
15:27:43.0373 3880	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:27:43.0435 3880	PlugPlay - ok
15:27:43.0498 3880	Pml Driver HPZ12 (171e6d91a20aac8d02172a64e82ce90b) C:\Windows\system32\HPZipm12.dll
15:27:43.0513 3880	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:27:43.0513 3880	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:27:43.0560 3880	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:27:43.0607 3880	PNRPAutoReg - ok
15:27:43.0654 3880	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:27:43.0685 3880	PNRPsvc - ok
15:27:43.0747 3880	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:27:43.0810 3880	PolicyAgent - ok
15:27:43.0857 3880	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:27:43.0919 3880	Power - ok
15:27:43.0997 3880	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:27:44.0091 3880	PptpMiniport - ok
15:27:44.0122 3880	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:27:44.0169 3880	Processor - ok
15:27:44.0215 3880	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:27:44.0293 3880	ProfSvc - ok
15:27:44.0340 3880	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:44.0356 3880	ProtectedStorage - ok
15:27:44.0449 3880	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:27:44.0527 3880	Psched - ok
15:27:44.0590 3880	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:27:44.0621 3880	ql2300 - ok
15:27:44.0652 3880	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:27:44.0668 3880	ql40xx - ok
15:27:44.0699 3880	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:27:44.0746 3880	QWAVE - ok
15:27:44.0777 3880	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:27:44.0808 3880	QWAVEdrv - ok
15:27:44.0902 3880	RapiMgr         (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
15:27:44.0917 3880	RapiMgr - ok
15:27:44.0949 3880	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:27:45.0027 3880	RasAcd - ok
15:27:45.0089 3880	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:27:45.0136 3880	RasAgileVpn - ok
15:27:45.0167 3880	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:27:45.0229 3880	RasAuto - ok
15:27:45.0276 3880	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:27:45.0354 3880	Rasl2tp - ok
15:27:45.0417 3880	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:27:45.0495 3880	RasMan - ok
15:27:45.0557 3880	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:27:45.0635 3880	RasPppoe - ok
15:27:45.0682 3880	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:27:45.0729 3880	RasSstp - ok
15:27:45.0775 3880	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:27:45.0853 3880	rdbss - ok
15:27:45.0885 3880	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:27:45.0931 3880	rdpbus - ok
15:27:45.0963 3880	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:27:46.0025 3880	RDPCDD - ok
15:27:46.0072 3880	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:27:46.0103 3880	RDPDR - ok
15:27:46.0119 3880	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:27:46.0181 3880	RDPENCDD - ok
15:27:46.0212 3880	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:27:46.0259 3880	RDPREFMP - ok
15:27:46.0290 3880	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:27:46.0353 3880	RDPWD - ok
15:27:46.0399 3880	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:27:46.0415 3880	rdyboost - ok
15:27:46.0446 3880	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:27:46.0509 3880	RemoteAccess - ok
15:27:46.0555 3880	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:27:46.0633 3880	RemoteRegistry - ok
15:27:46.0696 3880	rimmptsk        (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
15:27:46.0743 3880	rimmptsk - ok
15:27:46.0774 3880	rimsptsk        (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
15:27:46.0821 3880	rimsptsk - ok
15:27:46.0852 3880	rismxdp         (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
15:27:46.0899 3880	rismxdp - ok
15:27:46.0945 3880	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:27:47.0023 3880	RpcEptMapper - ok
15:27:47.0055 3880	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:27:47.0101 3880	RpcLocator - ok
15:27:47.0148 3880	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:27:47.0195 3880	RpcSs - ok
15:27:47.0257 3880	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:27:47.0351 3880	rspndr - ok
15:27:47.0413 3880	RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
15:27:47.0429 3880	RTHDMIAzAudService - ok
15:27:47.0476 3880	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:27:47.0538 3880	s3cap - ok
15:27:47.0554 3880	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:47.0569 3880	SamSs - ok
15:27:47.0616 3880	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:27:47.0632 3880	sbp2port - ok
15:27:47.0663 3880	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:27:47.0725 3880	SCardSvr - ok
15:27:47.0757 3880	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:27:47.0850 3880	scfilter - ok
15:27:47.0897 3880	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:27:47.0975 3880	Schedule - ok
15:27:48.0006 3880	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:27:48.0053 3880	SCPolicySvc - ok
15:27:48.0147 3880	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:27:48.0193 3880	sdbus - ok
15:27:48.0225 3880	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:27:48.0287 3880	SDRSVC - ok
15:27:48.0334 3880	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:27:48.0381 3880	secdrv - ok
15:27:48.0412 3880	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:27:48.0505 3880	seclogon - ok
15:27:48.0537 3880	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:27:48.0568 3880	SENS - ok
15:27:48.0599 3880	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:27:48.0646 3880	SensrSvc - ok
15:27:48.0661 3880	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:27:48.0677 3880	Serenum - ok
15:27:48.0708 3880	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:27:48.0739 3880	Serial - ok
15:27:48.0786 3880	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:27:48.0802 3880	sermouse - ok
15:27:48.0849 3880	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:27:48.0911 3880	SessionEnv - ok
15:27:48.0958 3880	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:27:48.0989 3880	sffdisk - ok
15:27:49.0005 3880	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:27:49.0051 3880	sffp_mmc - ok
15:27:49.0067 3880	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:27:49.0114 3880	sffp_sd - ok
15:27:49.0145 3880	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:27:49.0161 3880	sfloppy - ok
15:27:49.0207 3880	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:27:49.0270 3880	SharedAccess - ok
15:27:49.0317 3880	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:27:49.0363 3880	ShellHWDetection - ok
15:27:49.0379 3880	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:27:49.0395 3880	SiSRaid2 - ok
15:27:49.0410 3880	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:27:49.0426 3880	SiSRaid4 - ok
15:27:49.0457 3880	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:27:49.0519 3880	Smb - ok
15:27:49.0582 3880	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:27:49.0613 3880	SNMPTRAP - ok
15:27:49.0644 3880	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:27:49.0660 3880	spldr - ok
15:27:49.0707 3880	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:27:49.0769 3880	Spooler - ok
15:27:49.0878 3880	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:27:49.0987 3880	sppsvc - ok
15:27:50.0112 3880	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:27:50.0190 3880	sppuinotify - ok
15:27:50.0284 3880	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:27:50.0362 3880	srv - ok
15:27:50.0377 3880	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:27:50.0424 3880	srv2 - ok
15:27:50.0502 3880	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:27:50.0533 3880	SrvHsfHDA - ok
15:27:50.0580 3880	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:27:50.0627 3880	SrvHsfV92 - ok
15:27:50.0674 3880	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:27:50.0705 3880	SrvHsfWinac - ok
15:27:50.0752 3880	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:27:50.0783 3880	srvnet - ok
15:27:50.0845 3880	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:27:50.0939 3880	SSDPSRV - ok
15:27:50.0970 3880	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:27:51.0017 3880	SstpSvc - ok
15:27:51.0064 3880	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:27:51.0079 3880	stexstor - ok
15:27:51.0142 3880	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:27:51.0189 3880	stisvc - ok
15:27:51.0235 3880	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:27:51.0251 3880	storflt - ok
15:27:51.0282 3880	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:27:51.0345 3880	StorSvc - ok
15:27:51.0376 3880	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:27:51.0391 3880	storvsc - ok
15:27:51.0407 3880	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:27:51.0423 3880	swenum - ok
15:27:51.0501 3880	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:27:51.0594 3880	swprv - ok
15:27:51.0672 3880	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:27:51.0735 3880	SysMain - ok
15:27:51.0859 3880	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:27:51.0922 3880	TabletInputService - ok
15:27:51.0969 3880	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:27:52.0031 3880	TapiSrv - ok
15:27:52.0078 3880	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:27:52.0156 3880	TBS - ok
15:27:52.0281 3880	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:27:52.0327 3880	Tcpip - ok
15:27:52.0515 3880	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:27:52.0561 3880	TCPIP6 - ok
15:27:52.0702 3880	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:27:52.0795 3880	tcpipreg - ok
15:27:52.0827 3880	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:27:52.0842 3880	TDPIPE - ok
15:27:52.0889 3880	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:27:52.0936 3880	TDTCP - ok
15:27:52.0998 3880	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:27:53.0061 3880	tdx - ok
15:27:53.0092 3880	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:27:53.0123 3880	TermDD - ok
15:27:53.0170 3880	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:27:53.0232 3880	TermService - ok
15:27:53.0263 3880	TfFsMon         (fa5bfb71e561d279edae7e118435c1c9) C:\Windows\system32\drivers\TfFsMon.sys
15:27:53.0279 3880	TfFsMon - ok
15:27:53.0310 3880	TfNetMon        (fa8400d74345ec4bf10e476ca0aaa2df) C:\Windows\system32\drivers\TfNetMon.sys
15:27:53.0326 3880	TfNetMon - ok
15:27:53.0373 3880	TfSysMon        (f11aa1a704a4c027e5e8e0f355523834) C:\Windows\system32\drivers\TfSysMon.sys
15:27:53.0388 3880	TfSysMon - ok
15:27:53.0435 3880	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:27:53.0482 3880	Themes - ok
15:27:53.0513 3880	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:27:53.0575 3880	THREADORDER - ok
15:27:53.0638 3880	ThreatFire - ok
15:27:53.0685 3880	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:27:53.0747 3880	TrkWks - ok
15:27:53.0825 3880	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:27:53.0903 3880	TrustedInstaller - ok
15:27:53.0965 3880	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:27:54.0012 3880	tssecsrv - ok
15:27:54.0043 3880	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:27:54.0121 3880	TsUsbFlt - ok
15:27:54.0184 3880	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:27:54.0262 3880	tunnel - ok
15:27:54.0293 3880	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:27:54.0309 3880	uagp35 - ok
15:27:54.0355 3880	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:27:54.0433 3880	udfs - ok
15:27:54.0480 3880	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:27:54.0527 3880	UI0Detect - ok
15:27:54.0589 3880	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:27:54.0605 3880	uliagpkx - ok
15:27:54.0652 3880	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:27:54.0699 3880	umbus - ok
15:27:54.0745 3880	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:27:54.0777 3880	UmPass - ok
15:27:54.0808 3880	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:27:54.0839 3880	UmRdpService - ok
15:27:54.0886 3880	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:27:54.0933 3880	upnphost - ok
15:27:54.0979 3880	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:27:55.0026 3880	usbccgp - ok
15:27:55.0089 3880	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:27:55.0120 3880	usbcir - ok
15:27:55.0135 3880	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:27:55.0182 3880	usbehci - ok
15:27:55.0245 3880	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:27:55.0307 3880	usbhub - ok
15:27:55.0338 3880	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:27:55.0369 3880	usbohci - ok
15:27:55.0416 3880	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:27:55.0432 3880	usbprint - ok
15:27:55.0463 3880	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
15:27:55.0525 3880	USBSTOR - ok
15:27:55.0557 3880	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:27:55.0588 3880	usbuhci - ok
15:27:55.0650 3880	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:27:55.0681 3880	usbvideo - ok
15:27:55.0728 3880	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:27:55.0759 3880	UxSms - ok
15:27:55.0806 3880	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:55.0822 3880	VaultSvc - ok
15:27:55.0869 3880	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:27:55.0884 3880	vdrvroot - ok
15:27:55.0947 3880	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:27:55.0993 3880	vds - ok
15:27:56.0040 3880	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:27:56.0056 3880	vga - ok
15:27:56.0071 3880	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:27:56.0149 3880	VgaSave - ok
15:27:56.0196 3880	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:27:56.0227 3880	vhdmp - ok
15:27:56.0259 3880	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:27:56.0259 3880	viaide - ok
15:27:56.0290 3880	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:27:56.0305 3880	vmbus - ok
15:27:56.0321 3880	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:27:56.0368 3880	VMBusHID - ok
15:27:56.0415 3880	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:27:56.0430 3880	volmgr - ok
15:27:56.0477 3880	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:27:56.0508 3880	volmgrx - ok
15:27:56.0555 3880	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:27:56.0586 3880	volsnap - ok
15:27:56.0617 3880	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:27:56.0633 3880	vsmraid - ok
15:27:56.0727 3880	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:27:56.0805 3880	VSS - ok
15:27:56.0883 3880	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:27:56.0929 3880	vwifibus - ok
15:27:57.0007 3880	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:27:57.0039 3880	W32Time - ok
15:27:57.0070 3880	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:27:57.0117 3880	WacomPen - ok
15:27:57.0179 3880	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:27:57.0257 3880	WANARP - ok
15:27:57.0288 3880	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:27:57.0319 3880	Wanarpv6 - ok
15:27:57.0413 3880	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:27:57.0475 3880	WatAdminSvc - ok
15:27:57.0522 3880	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:27:57.0585 3880	wbengine - ok
15:27:57.0631 3880	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:27:57.0663 3880	WbioSrvc - ok
15:27:57.0725 3880	WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
15:27:57.0756 3880	WcesComm - ok
15:27:57.0803 3880	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:27:57.0850 3880	wcncsvc - ok
15:27:57.0881 3880	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:27:57.0912 3880	WcsPlugInService - ok
15:27:57.0975 3880	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:27:58.0006 3880	Wd - ok
15:27:58.0037 3880	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:27:58.0053 3880	Wdf01000 - ok
15:27:58.0068 3880	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:27:58.0177 3880	WdiServiceHost - ok
15:27:58.0177 3880	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:27:58.0193 3880	WdiSystemHost - ok
15:27:58.0240 3880	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:27:58.0287 3880	WebClient - ok
15:27:58.0333 3880	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:27:58.0396 3880	Wecsvc - ok
15:27:58.0427 3880	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:27:58.0474 3880	wercplsupport - ok
15:27:58.0505 3880	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:27:58.0552 3880	WerSvc - ok
15:27:58.0645 3880	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:27:58.0692 3880	WfpLwf - ok
15:27:58.0723 3880	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:27:58.0739 3880	WIMMount - ok
15:27:58.0801 3880	winachsf        (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
15:27:58.0833 3880	winachsf - ok
15:27:58.0895 3880	WinDefend - ok
15:27:58.0911 3880	WinHttpAutoProxySvc - ok
15:27:58.0989 3880	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:27:59.0035 3880	Winmgmt - ok
15:27:59.0129 3880	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:27:59.0207 3880	WinRM - ok
15:27:59.0815 3880	winusb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.SYS
15:27:59.0862 3880	winusb - ok
15:27:59.0925 3880	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:27:59.0987 3880	Wlansvc - ok
15:28:00.0034 3880	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:28:00.0065 3880	WmiAcpi - ok
15:28:00.0143 3880	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:28:00.0205 3880	wmiApSrv - ok
15:28:00.0315 3880	WMIService      (eee826cad5ae9eb3d226deb576027d10) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
15:28:00.0330 3880	WMIService ( UnsignedFile.Multi.Generic ) - warning
15:28:00.0330 3880	WMIService - detected UnsignedFile.Multi.Generic (1)
15:28:00.0393 3880	WMPNetworkSvc - ok
15:28:00.0533 3880	WMZuneComm      (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
15:28:00.0564 3880	WMZuneComm - ok
15:28:00.0673 3880	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:28:00.0720 3880	WPCSvc - ok
15:28:00.0767 3880	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:28:00.0814 3880	WPDBusEnum - ok
15:28:00.0892 3880	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:28:00.0954 3880	ws2ifsl - ok
15:28:00.0985 3880	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:28:01.0017 3880	wscsvc - ok
15:28:01.0032 3880	WSearch - ok
15:28:01.0110 3880	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:28:01.0188 3880	wuauserv - ok
15:28:01.0329 3880	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:28:01.0407 3880	WudfPf - ok
15:28:01.0453 3880	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:28:01.0500 3880	WUDFRd - ok
15:28:01.0563 3880	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:28:01.0609 3880	wudfsvc - ok
15:28:01.0641 3880	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:28:01.0703 3880	WwanSvc - ok
15:28:01.0750 3880	XAudio          (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
15:28:01.0797 3880	XAudio - ok
15:28:02.0093 3880	ZuneNetworkSvc  (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
15:28:02.0358 3880	ZuneNetworkSvc - ok
15:28:02.0499 3880	ZuneWlanCfgSvc  (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
15:28:02.0530 3880	ZuneWlanCfgSvc - ok
15:28:02.0561 3880	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:28:02.0701 3880	\Device\Harddisk0\DR0 - ok
15:28:02.0701 3880	Boot (0x1200)   (b69035dd48ee5857f68dc83b44d46484) \Device\Harddisk0\DR0\Partition0
15:28:02.0701 3880	\Device\Harddisk0\DR0\Partition0 - ok
15:28:02.0701 3880	============================================================
15:28:02.0701 3880	Scan finished
15:28:02.0701 3880	============================================================
15:28:02.0733 5052	Detected object count: 5
15:28:02.0733 5052	Actual detected object count: 5
15:28:28.0535 5052	eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052	eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:28:28.0535 5052	eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052	eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:28:28.0535 5052	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:28:28.0535 5052	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:28:28.0535 5052	WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052	WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Vielen Dank nochmal.

Ich hoffe es wird richtig als Code-Box angezeigt....

LG,

Dom

Alt 05.04.2012, 15:40   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Smart Fortress 2012-Befall - Standard

Smart Fortress 2012-Befall



Ja ist richtig so, siehst du doch

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.04.2012, 16:37   #11
Dominik55118
 
Smart Fortress 2012-Befall - Standard

Smart Fortress 2012-Befall



Hello,

hat alles prima funktioniert.

Hier der Log:


Combofix Logfile:
Code:
ATTFilter
ComboFix 12-04-05.06 - Dominik 05.04.2012  15:58:19.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3070.2013 [GMT 2:00]
ausgeführt von:: c:\users\Dominik\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dominik\AppData\Local\Temp\RtkBtMnt.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-05 bis 2012-04-05  ))))))))))))))))))))))))))))))
.
.
2012-04-05 14:11 . 2012-04-05 14:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-05 12:03 . 2012-04-05 12:03	--------	d-----w-	C:\_OTL
2012-04-04 11:06 . 2011-02-22 11:57	74824	----a-w-	c:\windows\system32\drivers\TfSysMon.sys
2012-04-04 11:06 . 2011-02-22 11:57	41888	----a-w-	c:\windows\system32\drivers\TfNetMon.sys
2012-04-04 11:06 . 2011-02-22 11:57	65072	----a-w-	c:\windows\system32\drivers\TfFsMon.sys
2012-04-04 11:06 . 2012-04-04 11:06	--------	d-----w-	c:\program files (x86)\ThreatFire
2012-04-04 11:06 . 2012-04-04 11:06	--------	d-----w-	c:\programdata\PC Tools
2012-04-03 23:19 . 2012-04-03 23:19	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-04-03 17:15 . 2012-04-03 17:15	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-03 15:50 . 2012-04-03 15:50	--------	d-----w-	c:\users\Dominik\AppData\Roaming\Malwarebytes
2012-04-03 15:50 . 2012-04-03 15:50	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-03 15:50 . 2012-04-03 15:50	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-03 15:50 . 2011-12-10 13:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-03 07:59 . 2012-03-20 01:51	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0CB5BE9-8BA2-49C6-82D7-00C23DFD2B82}\mpengine.dll
2012-04-03 07:47 . 2012-04-03 07:53	--------	d-----w-	c:\programdata\F4D55F3E000C4EBD0060677DB4EB2331
2012-04-01 18:14 . 2012-04-01 18:14	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-01 18:14 . 2012-04-01 18:14	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-01 01:49 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-01 01:49 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-04-01 01:49 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 16:39 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-31 16:39 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-31 16:39 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-31 16:38 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-31 16:38 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-31 16:38 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-31 16:38 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-31 16:38 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-31 16:38 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-31 16:38 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 09:00 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-02-29 09:00 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-02-23 07:18 . 2011-01-26 14:32	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-22 08:45 . 2012-02-22 08:45	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-02-22 08:45 . 2012-02-22 08:45	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-22 08:45 . 2012-02-22 08:45	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-22 08:45 . 2012-02-22 08:45	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-02-22 08:45 . 2012-02-22 08:45	1798656	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-02-22 08:45 . 2012-02-22 08:45	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-02-22 08:45 . 2012-02-22 08:45	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2012-02-22 08:45 . 2012-02-22 08:45	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-02-22 08:45 . 2012-02-22 08:45	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-02-22 08:45 . 2012-02-22 08:45	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-02-22 08:45 . 2012-02-22 08:45	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-02-22 08:45 . 2012-02-22 08:45	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-02-22 08:45 . 2012-02-22 08:45	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-02-22 08:45 . 2012-02-22 08:45	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-02-22 08:45 . 2012-02-22 08:45	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-02-22 08:45 . 2012-02-22 08:45	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-02-22 08:45 . 2012-02-22 08:45	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-22 08:45 . 2012-02-22 08:45	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-02-22 08:45 . 2012-02-22 08:45	2308096	----a-w-	c:\windows\system32\jscript9.dll
2012-02-22 08:45 . 2012-02-22 08:45	222208	----a-w-	c:\windows\system32\msls31.dll
2012-02-22 08:45 . 2012-02-22 08:45	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-02-22 08:45 . 2012-02-22 08:45	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-02-22 08:45 . 2012-02-22 08:45	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-02-22 08:45 . 2012-02-22 08:45	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-02-22 08:45 . 2012-02-22 08:45	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-02-22 08:45 . 2012-02-22 08:45	1390080	----a-w-	c:\windows\system32\wininet.dll
2012-02-22 08:45 . 2012-02-22 08:45	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-02-22 08:45 . 2012-02-22 08:45	12288	----a-w-	c:\windows\system32\mshta.exe
2012-02-22 08:45 . 2012-02-22 08:45	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-02-22 08:45 . 2012-02-22 08:45	114176	----a-w-	c:\windows\system32\admparse.dll
2012-02-22 08:45 . 2012-02-22 08:45	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-02-22 08:45 . 2012-02-22 08:45	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-02-22 08:45 . 2012-02-22 08:45	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-02-22 08:45 . 2012-02-22 08:45	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-02-22 08:45 . 2012-02-22 08:45	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-02-22 08:45 . 2012-02-22 08:45	448512	----a-w-	c:\windows\system32\html.iec
2012-02-22 08:45 . 2012-02-22 08:45	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-02-22 08:45 . 2012-02-22 08:45	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-02-22 08:45 . 2012-02-22 08:45	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-02-22 08:45 . 2012-02-22 08:45	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-02-22 08:45 . 2012-02-22 08:45	160256	----a-w-	c:\windows\system32\wextract.exe
2012-02-22 08:45 . 2012-02-22 08:45	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2011-1-26 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz135;cpuz135;c:\users\Dominik\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\ik12mzv0.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ThreatFire\TFService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-05  16:27:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-05 14:27
.
Vor Suchlauf: 14 Verzeichnis(se), 246.968.156.160 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 246.574.608.384 Bytes frei
.
- - End Of File - - 5366063E5CF978EF33D14076C6654E7D
         
--- --- ---


und nun?

THX nochmal.... weiß zwar nicht, was das Programm konkret gemacht hat... sieht aber gut aus

Alt 05.04.2012, 17:56   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Smart Fortress 2012-Befall - Standard

Smart Fortress 2012-Befall



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Folder::
c:\programdata\F4D55F3E000C4EBD0060677DB4EB2331
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.04.2012, 21:01   #13
Dominik55118
 
Smart Fortress 2012-Befall - Standard

Smart Fortress 2012-Befall



Ok. Gemacht. Hier der Log. Sry für die Verspätung.

[CODE] Combofix Logfile:
Code:
ATTFilter
ComboFix 12-04-05.06 - Dominik 05.04.2012  20:27:16.2.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3070.2090 [GMT 2:00]
ausgeführt von:: c:\users\Dominik\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Dominik\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\F4D55F3E000C4EBD0060677DB4EB2331
c:\programdata\F4D55F3E000C4EBD0060677DB4EB2331\F4D55F3E000C4EBD0060677DB4EB2331
c:\users\Dominik\AppData\Local\Temp\RtkBtMnt.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-05 bis 2012-04-05  ))))))))))))))))))))))))))))))
.
.
2012-04-05 18:39 . 2012-04-05 18:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-05 12:03 . 2012-04-05 12:03	--------	d-----w-	C:\_OTL
2012-04-04 11:06 . 2011-02-22 11:57	74824	----a-w-	c:\windows\system32\drivers\TfSysMon.sys
2012-04-04 11:06 . 2011-02-22 11:57	41888	----a-w-	c:\windows\system32\drivers\TfNetMon.sys
2012-04-04 11:06 . 2011-02-22 11:57	65072	----a-w-	c:\windows\system32\drivers\TfFsMon.sys
2012-04-04 11:06 . 2012-04-04 11:06	--------	d-----w-	c:\program files (x86)\ThreatFire
2012-04-04 11:06 . 2012-04-04 11:06	--------	d-----w-	c:\programdata\PC Tools
2012-04-03 23:19 . 2012-04-03 23:19	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-04-03 17:15 . 2012-04-03 17:15	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-03 15:50 . 2012-04-03 15:50	--------	d-----w-	c:\users\Dominik\AppData\Roaming\Malwarebytes
2012-04-03 15:50 . 2012-04-03 15:50	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-03 15:50 . 2012-04-03 15:50	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-03 15:50 . 2011-12-10 13:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-03 07:59 . 2012-03-20 01:51	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0CB5BE9-8BA2-49C6-82D7-00C23DFD2B82}\mpengine.dll
2012-04-01 18:14 . 2012-04-01 18:14	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-01 18:14 . 2012-04-01 18:14	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-01 01:49 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-01 01:49 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-04-01 01:49 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 16:39 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-31 16:39 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-31 16:39 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-31 16:38 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-31 16:38 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-31 16:38 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-31 16:38 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-31 16:38 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-31 16:38 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-31 16:38 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 09:00 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-02-29 09:00 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-02-23 07:18 . 2011-01-26 14:32	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-22 08:45 . 2012-02-22 08:45	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-02-22 08:45 . 2012-02-22 08:45	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-22 08:45 . 2012-02-22 08:45	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-22 08:45 . 2012-02-22 08:45	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-02-22 08:45 . 2012-02-22 08:45	1798656	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-02-22 08:45 . 2012-02-22 08:45	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-02-22 08:45 . 2012-02-22 08:45	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2012-02-22 08:45 . 2012-02-22 08:45	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-02-22 08:45 . 2012-02-22 08:45	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-02-22 08:45 . 2012-02-22 08:45	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-02-22 08:45 . 2012-02-22 08:45	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-02-22 08:45 . 2012-02-22 08:45	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-02-22 08:45 . 2012-02-22 08:45	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-02-22 08:45 . 2012-02-22 08:45	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-02-22 08:45 . 2012-02-22 08:45	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-02-22 08:45 . 2012-02-22 08:45	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-02-22 08:45 . 2012-02-22 08:45	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-22 08:45 . 2012-02-22 08:45	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-02-22 08:45 . 2012-02-22 08:45	2308096	----a-w-	c:\windows\system32\jscript9.dll
2012-02-22 08:45 . 2012-02-22 08:45	222208	----a-w-	c:\windows\system32\msls31.dll
2012-02-22 08:45 . 2012-02-22 08:45	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-02-22 08:45 . 2012-02-22 08:45	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-02-22 08:45 . 2012-02-22 08:45	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-02-22 08:45 . 2012-02-22 08:45	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-02-22 08:45 . 2012-02-22 08:45	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-02-22 08:45 . 2012-02-22 08:45	1390080	----a-w-	c:\windows\system32\wininet.dll
2012-02-22 08:45 . 2012-02-22 08:45	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-02-22 08:45 . 2012-02-22 08:45	12288	----a-w-	c:\windows\system32\mshta.exe
2012-02-22 08:45 . 2012-02-22 08:45	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-02-22 08:45 . 2012-02-22 08:45	114176	----a-w-	c:\windows\system32\admparse.dll
2012-02-22 08:45 . 2012-02-22 08:45	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-02-22 08:45 . 2012-02-22 08:45	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-02-22 08:45 . 2012-02-22 08:45	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-02-22 08:45 . 2012-02-22 08:45	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-02-22 08:45 . 2012-02-22 08:45	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-02-22 08:45 . 2012-02-22 08:45	448512	----a-w-	c:\windows\system32\html.iec
2012-02-22 08:45 . 2012-02-22 08:45	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-02-22 08:45 . 2012-02-22 08:45	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-02-22 08:45 . 2012-02-22 08:45	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-02-22 08:45 . 2012-02-22 08:45	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-02-22 08:45 . 2012-02-22 08:45	160256	----a-w-	c:\windows\system32\wextract.exe
2012-02-22 08:45 . 2012-02-22 08:45	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-04-05_14.18.45   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-26 17:05 . 2012-04-05 14:34	35002              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-05 18:44	40046              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-26 14:19 . 2012-04-05 18:44	12778              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4178791177-2408624748-2417051294-1000_UserData.bin
- 2012-04-05 14:17 . 2012-04-05 14:17	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-05 18:42 . 2012-04-05 18:42	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-05 14:17 . 2012-04-05 14:17	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-05 18:42 . 2012-04-05 18:42	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-27 15:07 . 2012-04-05 17:56	280308              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2012-04-05 12:10	620384              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-05 14:36	620384              c:\windows\system32\perfh009.dat
- 2009-07-14 17:58 . 2012-04-05 12:10	659238              c:\windows\system32\perfh007.dat
+ 2009-07-14 17:58 . 2012-04-05 14:36	659238              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-04-05 14:36	108566              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-05 12:10	108566              c:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2012-04-05 12:10	132776              c:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2012-04-05 14:36	132776              c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-04-05 14:12	385004              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-05 18:39	385004              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-10 00:37 . 2012-04-05 18:39	1456308              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4178791177-2408624748-2417051294-1000-8192.dat
- 2011-07-10 00:37 . 2012-04-05 14:12	1456308              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4178791177-2408624748-2417051294-1000-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2011-1-26 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz135;cpuz135;c:\users\Dominik\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\ik12mzv0.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ThreatFire\TFService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-05  20:51:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-05 18:51
ComboFix2.txt  2012-04-05 14:27
.
Vor Suchlauf: 18 Verzeichnis(se), 246.636.650.496 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 246.577.725.440 Bytes frei
.
- - End Of File - - 3F4DD0846BAF7EA7130951A931392BBB
         
--- --- ---


LG,

DOm

Alt 05.04.2012, 21:31   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Smart Fortress 2012-Befall - Standard

Smart Fortress 2012-Befall



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.04.2012, 21:54   #15
Dominik55118
 
Smart Fortress 2012-Befall - Standard

Smart Fortress 2012-Befall



ok. gemacht

Hier der Log:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-05 21:51:33
-----------------------------
21:51:33.128    OS Version: Windows x64 6.1.7601 Service Pack 1
21:51:33.128    Number of processors: 2 586 0xF0D
21:51:33.128    ComputerName: DOMINIK-PC  UserName: Dominik
21:51:33.752    Initialize success
21:51:38.074    AVAST engine defs: 12040501
21:51:53.284    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
21:51:53.299    Disk 0 Vendor: SAMSUNG_HM321HI 2AJ10001 Size: 305245MB BusType: 11
21:51:53.315    Disk 0 MBR read successfully
21:51:53.315    Disk 0 MBR scan
21:51:53.315    Disk 0 Windows 7 default MBR code
21:51:53.330    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       305243 MB offset 2048
21:51:53.346    Disk 0 scanning C:\Windows\system32\drivers
21:52:06.356    Service scanning
21:52:35.716    Modules scanning
21:52:35.731    Disk 0 trace - called modules:
21:52:35.778    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
21:52:35.794    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003430060]
21:52:35.794    3 CLASSPNP.SYS[fffff8800195a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8002ea0680]
21:52:35.809    Scan finished successfully
21:52:58.710    Disk 0 MBR has been saved successfully to "C:\Users\Dominik\Desktop\Logs\MBR.dat"
21:52:58.710    The log file has been saved successfully to "C:\Users\Dominik\Desktop\Logs\aswMBR.txt"
         
LG,

Dom

Antwort

Themen zu Smart Fortress 2012-Befall
acer aspire, administrator, adobe, ahnungslos, antivir, avira, computer, dateisystem, dll, error, excel, explorer, flash player, format, frage, heuristiks/extra, heuristiks/shuriken, install.exe, java/trojandownloader.agent.ncj, launch, log file, logfile, maßnahme, microsoft office word, mozilla, mozilla thunderbird, opera, problem, proxyeinstellungen, realtek, registry, rundll, security, taskleiste, taskmanager, win32/softonicdownloader.a, windows



Ähnliche Themen: Smart Fortress 2012-Befall


  1. smart fortress 2012 auf meinem PC
    Log-Analyse und Auswertung - 31.05.2012 (1)
  2. Mit Smart Fortress 2012 infiziert!
    Log-Analyse und Auswertung - 24.05.2012 (3)
  3. smart fortress 2012, wie entfernen?
    Log-Analyse und Auswertung - 22.05.2012 (33)
  4. Smart Fortress 2012 eingefangen, schon einiges vorbereitet.
    Log-Analyse und Auswertung - 19.05.2012 (6)
  5. Smart Fortress 2012/Probleme nach Bereinigung
    Log-Analyse und Auswertung - 16.05.2012 (44)
  6. Habe ich Smart Fortress 2012 restlos/erfolgreich entfernt?
    Log-Analyse und Auswertung - 15.05.2012 (18)
  7. Smart Fortress 2012 ... ESET läuft schon
    Plagegeister aller Art und deren Bekämpfung - 13.05.2012 (1)
  8. Virus Löschen SMART FORTRESS 2012
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (1)
  9. Smart Fortress 2012 / sicherheitscenter ausgeschaltet
    Plagegeister aller Art und deren Bekämpfung - 08.05.2012 (25)
  10. Smart Fortress 2012 auf Windows 7 Professional (32bit)
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (21)
  11. Smart Fortress 2012 richtig entfernt?
    Log-Analyse und Auswertung - 15.04.2012 (33)
  12. Mit Smart Fortress 2012 infiziert
    Log-Analyse und Auswertung - 13.04.2012 (25)
  13. Trojanerproblem nach Smart Fortress 2012 Virus
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (9)
  14. (2x) Trojanerproblem nach Smart Fortress 2012 Virus
    Mülltonne - 09.04.2012 (1)
  15. Smart Fortress 2012 Trojaner Problem
    Plagegeister aller Art und deren Bekämpfung - 08.04.2012 (1)
  16. Smart Fortress 2012 entfernt - habe ich das SAUBER gemacht?
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (19)
  17. Smart Fortress 2012 entfernen
    Anleitungen, FAQs & Links - 27.02.2012 (2)

Zum Thema Smart Fortress 2012-Befall - Hallo, ich habe ein kleines Problem und hoffe, dass mir jemand helfen kann. Ansonsten habe ich bald ein größeres Problem mit meinen Arbeiten an der Uni... Aber ich will ja - Smart Fortress 2012-Befall...
Archiv
Du betrachtest: Smart Fortress 2012-Befall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.