Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Rootkit Befall C:\Windows\Installer

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.07.2012, 20:26   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Alt 11.07.2012, 07:29   #17
f6user
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



Hier der Log
Code:
ATTFilter
# AdwCleaner v1.701 - Logfile created 07/11/2012 at 08:28:05
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : user - pcuser
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bw8mt4vh.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1222 octets] - [11/07/2012 08:28:05]

########## EOF - C:\AdwCleaner[R1].txt - [1350 octets] ##########
         
__________________


Alt 11.07.2012, 10:36   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
__________________

Alt 11.07.2012, 13:07   #19
f6user
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



Hier der Log vom TDSSKiller

Code:
ATTFilter
14:05:00.0520 3000	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
14:05:00.0613 3000	============================================================
14:05:00.0613 3000	Current date / time: 2012/07/11 14:05:00.0613
14:05:00.0613 3000	SystemInfo:
14:05:00.0613 3000	
14:05:00.0613 3000	OS Version: 6.1.7601 ServicePack: 1.0
14:05:00.0613 3000	Product type: Workstation
14:05:00.0613 3000	ComputerName: pcuser
14:05:00.0613 3000	UserName: user
14:05:00.0613 3000	Windows directory: C:\Windows
14:05:00.0613 3000	System windows directory: C:\Windows
14:05:00.0613 3000	Running under WOW64
14:05:00.0613 3000	Processor architecture: Intel x64
14:05:00.0613 3000	Number of processors: 4
14:05:00.0613 3000	Page size: 0x1000
14:05:00.0613 3000	Boot type: Normal boot
14:05:00.0613 3000	============================================================
14:05:00.0754 3000	Drive \Device\Harddisk0\DR0 - Size: 0x1AC882A000 (107.13 Gb), SectorSize: 0x200, Cylinders: 0x3A0B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:05:00.0769 3000	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:05:00.0785 3000	============================================================
14:05:00.0785 3000	\Device\Harddisk0\DR0:
14:05:00.0785 3000	MBR partitions:
14:05:00.0785 3000	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD642971
14:05:00.0785 3000	\Device\Harddisk1\DR1:
14:05:00.0785 3000	MBR partitions:
14:05:00.0785 3000	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
14:05:00.0785 3000	============================================================
14:05:00.0785 3000	C: <-> \Device\Harddisk0\DR0\Partition0
14:05:00.0816 3000	D: <-> \Device\Harddisk1\DR1\Partition0
14:05:00.0816 3000	============================================================
14:05:00.0816 3000	Initialize success
14:05:00.0816 3000	============================================================
14:05:26.0946 3100	============================================================
14:05:26.0946 3100	Scan started
14:05:26.0946 3100	Mode: Manual; SigCheck; TDLFS; 
14:05:26.0946 3100	============================================================
14:05:27.0118 3100	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
14:05:27.0165 3100	1394ohci - ok
14:05:27.0180 3100	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:05:27.0196 3100	ACPI - ok
14:05:27.0196 3100	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:05:27.0211 3100	AcpiPmi - ok
14:05:27.0211 3100	adfs            (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
14:05:27.0227 3100	adfs - ok
14:05:27.0243 3100	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:05:27.0243 3100	AdobeARMservice - ok
14:05:27.0258 3100	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:05:27.0274 3100	adp94xx - ok
14:05:27.0289 3100	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:05:27.0289 3100	adpahci - ok
14:05:27.0305 3100	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:05:27.0305 3100	adpu320 - ok
14:05:27.0321 3100	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:05:27.0336 3100	AeLookupSvc - ok
14:05:27.0352 3100	afcdp           (3f5fdc12ffa4794fc3a178a26d48e7cf) C:\Windows\system32\DRIVERS\afcdp.sys
14:05:27.0367 3100	afcdp - ok
14:05:27.0399 3100	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:05:27.0414 3100	AFD - ok
14:05:27.0414 3100	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:05:27.0414 3100	agp440 - ok
14:05:27.0430 3100	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:05:27.0430 3100	ALG - ok
14:05:27.0430 3100	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:05:27.0445 3100	aliide - ok
14:05:27.0461 3100	AMD External Events Utility (012365a0a24b4c875169ac05e7c79b7b) C:\Windows\system32\atiesrxx.exe
14:05:27.0461 3100	AMD External Events Utility - ok
14:05:27.0461 3100	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:05:27.0477 3100	amdide - ok
14:05:27.0477 3100	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:05:27.0477 3100	AmdK8 - ok
14:05:27.0695 3100	amdkmdag        (2c428ed33f53ff61a2e271d6b2bb7654) C:\Windows\system32\DRIVERS\atipmdag.sys
14:05:27.0757 3100	amdkmdag - ok
14:05:27.0789 3100	amdkmdap        (57c25e7c1220804e92483ae84c8e7734) C:\Windows\system32\DRIVERS\atikmpag.sys
14:05:27.0804 3100	amdkmdap - ok
14:05:27.0804 3100	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:05:27.0820 3100	AmdPPM - ok
14:05:27.0820 3100	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:05:27.0835 3100	amdsata - ok
14:05:27.0835 3100	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:05:27.0851 3100	amdsbs - ok
14:05:27.0851 3100	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:05:27.0851 3100	amdxata - ok
14:05:27.0882 3100	Amsp            (25e9c505a8db1b5efe631e43718fdb22) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
14:05:27.0882 3100	Amsp - ok
14:05:27.0898 3100	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:05:27.0913 3100	AppID - ok
14:05:27.0913 3100	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:05:27.0929 3100	AppIDSvc - ok
14:05:27.0945 3100	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:05:27.0960 3100	Appinfo - ok
14:05:27.0976 3100	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:05:27.0976 3100	AppMgmt - ok
14:05:27.0991 3100	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:05:27.0991 3100	arc - ok
14:05:28.0007 3100	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:05:28.0007 3100	arcsas - ok
14:05:28.0023 3100	asmthub3        (e3b9c89d2ed4a538ab2fc6ec76fa2b17) C:\Windows\system32\DRIVERS\asmthub3.sys
14:05:28.0023 3100	asmthub3 - ok
14:05:28.0054 3100	asmtxhci        (88ce83be5176020be39194a6369af2c2) C:\Windows\system32\DRIVERS\asmtxhci.sys
14:05:28.0054 3100	asmtxhci - ok
14:05:28.0069 3100	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:05:28.0069 3100	aspnet_state - ok
14:05:28.0085 3100	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:05:28.0101 3100	AsyncMac - ok
14:05:28.0101 3100	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:05:28.0101 3100	atapi - ok
14:05:28.0116 3100	AtiHdmiService  (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
14:05:28.0116 3100	AtiHdmiService - ok
14:05:28.0179 3100	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:05:28.0194 3100	AudioEndpointBuilder - ok
14:05:28.0210 3100	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:05:28.0225 3100	AudioSrv - ok
14:05:28.0241 3100	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:05:28.0241 3100	AxInstSV - ok
14:05:28.0272 3100	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:05:28.0288 3100	b06bdrv - ok
14:05:28.0303 3100	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:05:28.0303 3100	b57nd60a - ok
14:05:28.0319 3100	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:05:28.0319 3100	BDESVC - ok
14:05:28.0319 3100	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:05:28.0350 3100	Beep - ok
14:05:28.0350 3100	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:05:28.0350 3100	blbdrive - ok
14:05:28.0366 3100	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:05:28.0366 3100	bowser - ok
14:05:28.0366 3100	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:05:28.0381 3100	BrFiltLo - ok
14:05:28.0381 3100	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:05:28.0397 3100	BrFiltUp - ok
14:05:28.0397 3100	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:05:28.0428 3100	Browser - ok
14:05:28.0444 3100	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:05:28.0444 3100	Brserid - ok
14:05:28.0459 3100	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:05:28.0459 3100	BrSerWdm - ok
14:05:28.0459 3100	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:05:28.0475 3100	BrUsbMdm - ok
14:05:28.0475 3100	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:05:28.0475 3100	BrUsbSer - ok
14:05:28.0491 3100	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:05:28.0491 3100	BTHMODEM - ok
14:05:28.0506 3100	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:05:28.0522 3100	bthserv - ok
14:05:28.0537 3100	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:05:28.0553 3100	cdfs - ok
14:05:28.0569 3100	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:05:28.0569 3100	cdrom - ok
14:05:28.0569 3100	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:05:28.0600 3100	CertPropSvc - ok
14:05:28.0600 3100	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:05:28.0615 3100	circlass - ok
14:05:28.0631 3100	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:05:28.0647 3100	CLFS - ok
14:05:28.0662 3100	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:05:28.0662 3100	clr_optimization_v2.0.50727_32 - ok
14:05:28.0662 3100	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:05:28.0678 3100	clr_optimization_v2.0.50727_64 - ok
14:05:28.0693 3100	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:05:28.0693 3100	clr_optimization_v4.0.30319_32 - ok
14:05:28.0709 3100	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:05:28.0709 3100	clr_optimization_v4.0.30319_64 - ok
14:05:28.0709 3100	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:05:28.0725 3100	CmBatt - ok
14:05:28.0725 3100	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:05:28.0725 3100	cmdide - ok
14:05:28.0756 3100	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:05:28.0771 3100	CNG - ok
14:05:28.0771 3100	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:05:28.0771 3100	Compbatt - ok
14:05:28.0787 3100	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:05:28.0787 3100	CompositeBus - ok
14:05:28.0787 3100	COMSysApp - ok
14:05:28.0803 3100	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:05:28.0803 3100	crcdisk - ok
14:05:28.0818 3100	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:05:28.0834 3100	CryptSvc - ok
14:05:28.0881 3100	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:05:28.0881 3100	CSC - ok
14:05:28.0912 3100	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:05:28.0927 3100	CscService - ok
14:05:28.0927 3100	ctietfjaipsz - ok
14:05:28.0959 3100	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:05:28.0990 3100	DcomLaunch - ok
14:05:29.0005 3100	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:05:29.0021 3100	defragsvc - ok
14:05:29.0037 3100	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:05:29.0052 3100	DfsC - ok
14:05:29.0068 3100	dgderdrv - ok
14:05:29.0068 3100	dg_ssudbus      (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
14:05:29.0068 3100	dg_ssudbus - ok
14:05:29.0099 3100	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:05:29.0115 3100	Dhcp - ok
14:05:29.0115 3100	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:05:29.0146 3100	discache - ok
14:05:29.0146 3100	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:05:29.0146 3100	Disk - ok
14:05:29.0161 3100	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
14:05:29.0161 3100	dmvsc - ok
14:05:29.0177 3100	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:05:29.0193 3100	Dnscache - ok
14:05:29.0208 3100	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:05:29.0224 3100	dot3svc - ok
14:05:29.0239 3100	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:05:29.0255 3100	DPS - ok
14:05:29.0271 3100	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:05:29.0271 3100	drmkaud - ok
14:05:29.0286 3100	dtsoftbus01     (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:05:29.0302 3100	dtsoftbus01 - ok
14:05:29.0364 3100	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:05:29.0380 3100	DXGKrnl - ok
14:05:29.0395 3100	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:05:29.0411 3100	EapHost - ok
14:05:29.0520 3100	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:05:29.0551 3100	ebdrv - ok
14:05:29.0583 3100	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:05:29.0583 3100	EFS - ok
14:05:29.0614 3100	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:05:29.0629 3100	ehRecvr - ok
14:05:29.0645 3100	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:05:29.0645 3100	ehSched - ok
14:05:29.0676 3100	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:05:29.0692 3100	elxstor - ok
14:05:29.0692 3100	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:05:29.0707 3100	ErrDev - ok
14:05:29.0739 3100	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:05:29.0754 3100	EventSystem - ok
14:05:29.0770 3100	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:05:29.0801 3100	exfat - ok
14:05:29.0801 3100	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:05:29.0832 3100	fastfat - ok
14:05:29.0879 3100	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:05:29.0895 3100	Fax - ok
14:05:29.0895 3100	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:05:29.0895 3100	fdc - ok
14:05:29.0895 3100	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:05:29.0926 3100	fdPHost - ok
14:05:29.0926 3100	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:05:29.0941 3100	FDResPub - ok
14:05:29.0957 3100	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:05:29.0957 3100	FileInfo - ok
14:05:29.0957 3100	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:05:29.0973 3100	Filetrace - ok
14:05:30.0004 3100	FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:05:30.0019 3100	FLEXnet Licensing Service - ok
14:05:30.0019 3100	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:05:30.0035 3100	flpydisk - ok
14:05:30.0051 3100	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:05:30.0051 3100	FltMgr - ok
14:05:30.0129 3100	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:05:30.0144 3100	FontCache - ok
14:05:30.0144 3100	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:05:30.0144 3100	FontCache3.0.0.0 - ok
14:05:30.0160 3100	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:05:30.0160 3100	FsDepends - ok
14:05:30.0175 3100	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:05:30.0175 3100	Fs_Rec - ok
14:05:30.0191 3100	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:05:30.0207 3100	fvevol - ok
14:05:30.0207 3100	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:05:30.0207 3100	gagp30kx - ok
14:05:30.0269 3100	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:05:30.0300 3100	gpsvc - ok
14:05:30.0300 3100	hcmon           (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
14:05:30.0300 3100	hcmon - ok
14:05:30.0300 3100	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:05:30.0316 3100	hcw85cir - ok
14:05:30.0331 3100	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:05:30.0331 3100	HDAudBus - ok
14:05:30.0331 3100	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:05:30.0347 3100	HidBatt - ok
14:05:30.0347 3100	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:05:30.0363 3100	HidBth - ok
14:05:30.0363 3100	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:05:30.0378 3100	HidIr - ok
14:05:30.0378 3100	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:05:30.0394 3100	hidserv - ok
14:05:30.0409 3100	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:05:30.0409 3100	HidUsb - ok
14:05:30.0409 3100	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:05:30.0441 3100	hkmsvc - ok
14:05:30.0456 3100	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:05:30.0456 3100	HomeGroupListener - ok
14:05:30.0472 3100	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:05:30.0487 3100	HomeGroupProvider - ok
14:05:30.0487 3100	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:05:30.0503 3100	HpSAMD - ok
14:05:30.0550 3100	HPSLPSVC        (2adf33f93991c4e24e86ffa5f906417b) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:05:30.0565 3100	HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
14:05:30.0565 3100	HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
14:05:30.0612 3100	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:05:30.0643 3100	HTTP - ok
14:05:30.0643 3100	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:05:30.0643 3100	hwpolicy - ok
14:05:30.0659 3100	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:05:30.0659 3100	i8042prt - ok
14:05:30.0690 3100	iaStor          (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
14:05:30.0706 3100	iaStor - ok
14:05:30.0721 3100	IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:05:30.0721 3100	IAStorDataMgrSvc - ok
14:05:30.0737 3100	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:05:30.0753 3100	iaStorV - ok
14:05:30.0784 3100	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:05:30.0799 3100	idsvc - ok
14:05:30.0799 3100	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:05:30.0815 3100	iirsp - ok
14:05:30.0846 3100	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:05:30.0877 3100	IKEEXT - ok
14:05:30.0987 3100	IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
14:05:31.0018 3100	IntcAzAudAddService - ok
14:05:31.0049 3100	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:05:31.0065 3100	intelide - ok
14:05:31.0065 3100	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:05:31.0080 3100	intelppm - ok
14:05:31.0080 3100	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:05:31.0096 3100	IPBusEnum - ok
14:05:31.0111 3100	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:05:31.0127 3100	IpFilterDriver - ok
14:05:31.0127 3100	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:05:31.0143 3100	IPMIDRV - ok
14:05:31.0143 3100	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:05:31.0174 3100	IPNAT - ok
14:05:31.0174 3100	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:05:31.0174 3100	IRENUM - ok
14:05:31.0189 3100	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:05:31.0189 3100	isapnp - ok
14:05:31.0205 3100	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:05:31.0221 3100	iScsiPrt - ok
14:05:31.0221 3100	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:05:31.0236 3100	kbdclass - ok
14:05:31.0236 3100	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:05:31.0236 3100	kbdhid - ok
14:05:31.0252 3100	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:05:31.0252 3100	KeyIso - ok
14:05:31.0252 3100	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:05:31.0267 3100	KSecDD - ok
14:05:31.0283 3100	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:05:31.0283 3100	KSecPkg - ok
14:05:31.0283 3100	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:05:31.0314 3100	ksthunk - ok
14:05:31.0330 3100	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:05:31.0361 3100	KtmRm - ok
14:05:31.0377 3100	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:05:31.0392 3100	LanmanServer - ok
14:05:31.0408 3100	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:05:31.0423 3100	LanmanWorkstation - ok
14:05:31.0439 3100	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:05:31.0455 3100	lltdio - ok
14:05:31.0470 3100	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:05:31.0501 3100	lltdsvc - ok
14:05:31.0501 3100	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:05:31.0517 3100	lmhosts - ok
14:05:31.0533 3100	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:05:31.0533 3100	LSI_FC - ok
14:05:31.0548 3100	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:05:31.0548 3100	LSI_SAS - ok
14:05:31.0548 3100	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:05:31.0564 3100	LSI_SAS2 - ok
14:05:31.0564 3100	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:05:31.0579 3100	LSI_SCSI - ok
14:05:31.0579 3100	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:05:31.0611 3100	luafv - ok
14:05:31.0611 3100	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:05:31.0611 3100	MBAMProtector - ok
14:05:31.0657 3100	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:05:31.0673 3100	MBAMService - ok
14:05:31.0673 3100	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:05:31.0689 3100	Mcx2Svc - ok
14:05:31.0704 3100	MDM             (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
14:05:31.0720 3100	MDM ( UnsignedFile.Multi.Generic ) - warning
14:05:31.0720 3100	MDM - detected UnsignedFile.Multi.Generic (1)
14:05:31.0720 3100	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:05:31.0720 3100	megasas - ok
14:05:31.0751 3100	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:05:31.0751 3100	MegaSR - ok
14:05:31.0767 3100	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:05:31.0767 3100	MEIx64 - ok
14:05:31.0767 3100	MEMSWEEP2 - ok
14:05:31.0782 3100	Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:05:31.0782 3100	Microsoft Office Groove Audit Service - ok
14:05:31.0782 3100	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:05:31.0813 3100	MMCSS - ok
14:05:31.0813 3100	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:05:31.0829 3100	Modem - ok
14:05:31.0829 3100	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:05:31.0845 3100	monitor - ok
14:05:31.0845 3100	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:05:31.0860 3100	mouclass - ok
14:05:31.0860 3100	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
14:05:31.0860 3100	mouhid - ok
14:05:31.0876 3100	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:05:31.0876 3100	mountmgr - ok
14:05:31.0891 3100	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:05:31.0891 3100	MozillaMaintenance - ok
14:05:31.0907 3100	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:05:31.0907 3100	mpio - ok
14:05:31.0923 3100	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:05:31.0938 3100	mpsdrv - ok
14:05:31.0954 3100	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:05:31.0954 3100	MRxDAV - ok
14:05:31.0969 3100	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:05:31.0969 3100	mrxsmb - ok
14:05:32.0001 3100	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:05:32.0001 3100	mrxsmb10 - ok
14:05:32.0016 3100	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:05:32.0016 3100	mrxsmb20 - ok
14:05:32.0032 3100	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:05:32.0032 3100	msahci - ok
14:05:32.0032 3100	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:05:32.0047 3100	msdsm - ok
14:05:32.0063 3100	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:05:32.0063 3100	MSDTC - ok
14:05:32.0063 3100	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:05:32.0094 3100	Msfs - ok
14:05:32.0094 3100	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:05:32.0110 3100	mshidkmdf - ok
14:05:32.0110 3100	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:05:32.0110 3100	msisadrv - ok
14:05:32.0125 3100	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:05:32.0157 3100	MSiSCSI - ok
14:05:32.0157 3100	msiserver - ok
14:05:32.0157 3100	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:05:32.0172 3100	MSKSSRV - ok
14:05:32.0172 3100	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:05:32.0188 3100	MSPCLOCK - ok
14:05:32.0203 3100	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:05:32.0219 3100	MSPQM - ok
14:05:32.0250 3100	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:05:32.0250 3100	MsRPC - ok
14:05:32.0250 3100	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:05:32.0266 3100	mssmbios - ok
14:05:32.0266 3100	MSSQL$DAVID - ok
14:05:32.0266 3100	MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:05:32.0281 3100	MSSQLServerADHelper - ok
14:05:32.0281 3100	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:05:32.0297 3100	MSTEE - ok
14:05:32.0297 3100	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:05:32.0313 3100	MTConfig - ok
14:05:32.0313 3100	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:05:32.0313 3100	Mup - ok
14:05:32.0344 3100	mv91xx          (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\drivers\mv91xx.sys
14:05:32.0344 3100	mv91xx - ok
14:05:32.0375 3100	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:05:32.0406 3100	napagent - ok
14:05:32.0422 3100	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:05:32.0437 3100	NativeWifiP - ok
14:05:32.0500 3100	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:05:32.0515 3100	NDIS - ok
14:05:32.0515 3100	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:05:32.0547 3100	NdisCap - ok
14:05:32.0547 3100	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:05:32.0562 3100	NdisTapi - ok
14:05:32.0578 3100	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:05:32.0593 3100	Ndisuio - ok
14:05:32.0609 3100	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:05:32.0625 3100	NdisWan - ok
14:05:32.0625 3100	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:05:32.0640 3100	NDProxy - ok
14:05:32.0656 3100	Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
14:05:32.0656 3100	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:05:32.0656 3100	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:05:32.0656 3100	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:05:32.0671 3100	NetBIOS - ok
14:05:32.0703 3100	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:05:32.0718 3100	NetBT - ok
14:05:32.0718 3100	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:05:32.0734 3100	Netlogon - ok
14:05:32.0749 3100	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:05:32.0781 3100	Netman - ok
14:05:32.0796 3100	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:32.0796 3100	NetMsmqActivator - ok
14:05:32.0796 3100	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:32.0812 3100	NetPipeActivator - ok
14:05:32.0843 3100	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:05:32.0859 3100	netprofm - ok
14:05:32.0859 3100	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:32.0874 3100	NetTcpActivator - ok
14:05:32.0874 3100	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:32.0874 3100	NetTcpPortSharing - ok
14:05:32.0890 3100	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:05:32.0890 3100	nfrd960 - ok
14:05:32.0905 3100	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:05:32.0937 3100	NlaSvc - ok
14:05:32.0937 3100	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:05:32.0952 3100	Npfs - ok
14:05:32.0968 3100	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:05:32.0983 3100	nsi - ok
14:05:32.0983 3100	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:05:32.0999 3100	nsiproxy - ok
14:05:33.0108 3100	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:05:33.0139 3100	Ntfs - ok
14:05:33.0171 3100	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:05:33.0202 3100	Null - ok
14:05:33.0202 3100	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:05:33.0217 3100	nvraid - ok
14:05:33.0233 3100	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:05:33.0233 3100	nvstor - ok
14:05:33.0249 3100	nvsvc           (97f1a24ac0255c6e0a075c9cc772784a) C:\Windows\system32\nvvsvc.exe
14:05:33.0249 3100	nvsvc - ok
14:05:33.0264 3100	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:05:33.0264 3100	nv_agp - ok
14:05:33.0295 3100	odserv          (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:05:33.0311 3100	odserv - ok
14:05:33.0311 3100	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:05:33.0327 3100	ohci1394 - ok
14:05:33.0342 3100	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:05:33.0342 3100	ose - ok
14:05:33.0545 3100	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:05:33.0623 3100	osppsvc - ok
14:05:33.0670 3100	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:05:33.0670 3100	p2pimsvc - ok
14:05:33.0701 3100	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:05:33.0717 3100	p2psvc - ok
14:05:33.0717 3100	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:05:33.0732 3100	Parport - ok
14:05:33.0732 3100	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:05:33.0732 3100	partmgr - ok
14:05:33.0748 3100	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:05:33.0763 3100	PcaSvc - ok
14:05:33.0779 3100	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:05:33.0795 3100	pci - ok
14:05:33.0795 3100	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:05:33.0795 3100	pciide - ok
14:05:33.0810 3100	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:05:33.0810 3100	pcmcia - ok
14:05:33.0826 3100	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:05:33.0826 3100	pcw - ok
14:05:33.0873 3100	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:05:33.0904 3100	PEAUTH - ok
14:05:33.0951 3100	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:05:33.0982 3100	PeerDistSvc - ok
14:05:34.0013 3100	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:05:34.0013 3100	PerfHost - ok
14:05:34.0138 3100	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:05:34.0169 3100	pla - ok
14:05:34.0200 3100	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:05:34.0200 3100	PlugPlay - ok
14:05:34.0216 3100	Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
14:05:34.0216 3100	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:05:34.0216 3100	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:05:34.0216 3100	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:05:34.0231 3100	PNRPAutoReg - ok
14:05:34.0247 3100	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:05:34.0263 3100	PNRPsvc - ok
14:05:34.0278 3100	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:05:34.0309 3100	PolicyAgent - ok
14:05:34.0325 3100	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:05:34.0341 3100	Power - ok
14:05:34.0356 3100	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:05:34.0372 3100	PptpMiniport - ok
14:05:34.0387 3100	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:05:34.0387 3100	Processor - ok
14:05:34.0403 3100	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:05:34.0419 3100	ProfSvc - ok
14:05:34.0434 3100	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:05:34.0434 3100	ProtectedStorage - ok
14:05:34.0450 3100	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:05:34.0465 3100	Psched - ok
14:05:34.0481 3100	PSI_SVC_2       (0b6dea0a1662cab8f2bf339dc0752ef4) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
14:05:34.0497 3100	PSI_SVC_2 - ok
14:05:34.0497 3100	PxHlpa64        (bc08f7f3c53cbee68670ed1314e290fd) C:\Windows\system32\Drivers\PxHlpa64.sys
14:05:34.0497 3100	PxHlpa64 - ok
14:05:34.0559 3100	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:05:34.0575 3100	ql2300 - ok
14:05:34.0621 3100	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:05:34.0621 3100	ql40xx - ok
14:05:34.0637 3100	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:05:34.0653 3100	QWAVE - ok
14:05:34.0653 3100	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:05:34.0668 3100	QWAVEdrv - ok
14:05:34.0668 3100	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:05:34.0684 3100	RasAcd - ok
14:05:34.0699 3100	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:05:34.0715 3100	RasAgileVpn - ok
14:05:34.0715 3100	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:05:34.0746 3100	RasAuto - ok
14:05:34.0762 3100	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:05:34.0777 3100	Rasl2tp - ok
14:05:34.0793 3100	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:05:34.0809 3100	RasMan - ok
14:05:34.0824 3100	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:05:34.0840 3100	RasPppoe - ok
14:05:34.0855 3100	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:05:34.0871 3100	RasSstp - ok
14:05:34.0887 3100	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:05:34.0918 3100	rdbss - ok
14:05:34.0918 3100	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:05:34.0918 3100	rdpbus - ok
14:05:34.0933 3100	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:05:34.0949 3100	RDPCDD - ok
14:05:34.0965 3100	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:05:34.0965 3100	RDPDR - ok
14:05:34.0965 3100	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:05:34.0996 3100	RDPENCDD - ok
14:05:34.0996 3100	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:05:35.0011 3100	RDPREFMP - ok
14:05:35.0027 3100	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:05:35.0027 3100	RDPWD - ok
14:05:35.0043 3100	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:05:35.0058 3100	rdyboost - ok
14:05:35.0058 3100	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:05:35.0089 3100	RemoteAccess - ok
14:05:35.0105 3100	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:05:35.0121 3100	RemoteRegistry - ok
14:05:35.0121 3100	RimUsb - ok
14:05:35.0121 3100	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:05:35.0152 3100	RpcEptMapper - ok
14:05:35.0152 3100	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:05:35.0152 3100	RpcLocator - ok
14:05:35.0183 3100	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:05:35.0199 3100	RpcSs - ok
14:05:35.0199 3100	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:05:35.0230 3100	rspndr - ok
14:05:35.0261 3100	RTL8167         (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:05:35.0261 3100	RTL8167 - ok
14:05:35.0261 3100	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:05:35.0277 3100	s3cap - ok
14:05:35.0277 3100	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:05:35.0277 3100	SamSs - ok
14:05:35.0277 3100	SAVRKBootTasks - ok
14:05:35.0292 3100	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:05:35.0292 3100	sbp2port - ok
14:05:35.0308 3100	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:05:35.0323 3100	SCardSvr - ok
14:05:35.0339 3100	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:05:35.0355 3100	scfilter - ok
14:05:35.0417 3100	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:05:35.0448 3100	Schedule - ok
14:05:35.0464 3100	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:05:35.0479 3100	SCPolicySvc - ok
14:05:35.0495 3100	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:05:35.0495 3100	SDRSVC - ok
14:05:35.0511 3100	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:05:35.0526 3100	secdrv - ok
14:05:35.0526 3100	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:05:35.0542 3100	seclogon - ok
14:05:35.0557 3100	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:05:35.0573 3100	SENS - ok
14:05:35.0573 3100	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:05:35.0589 3100	SensrSvc - ok
14:05:35.0589 3100	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:05:35.0589 3100	Serenum - ok
14:05:35.0604 3100	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:05:35.0604 3100	Serial - ok
14:05:35.0620 3100	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:05:35.0620 3100	sermouse - ok
14:05:35.0635 3100	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:05:35.0651 3100	SessionEnv - ok
14:05:35.0651 3100	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:05:35.0667 3100	sffdisk - ok
14:05:35.0667 3100	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:05:35.0667 3100	sffp_mmc - ok
14:05:35.0667 3100	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:05:35.0682 3100	sffp_sd - ok
14:05:35.0682 3100	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:05:35.0682 3100	sfloppy - ok
14:05:35.0713 3100	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:05:35.0729 3100	ShellHWDetection - ok
14:05:35.0745 3100	silabenm        (75f3c451d41b35089e92d368ee190aca) C:\Windows\system32\DRIVERS\silabenm.sys
14:05:35.0745 3100	silabenm - ok
14:05:35.0745 3100	silabser        (b816d865910e8f5b7e12d593ec584d91) C:\Windows\system32\DRIVERS\silabser.sys
14:05:35.0760 3100	silabser - ok
14:05:35.0760 3100	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:05:35.0760 3100	SiSRaid2 - ok
14:05:35.0776 3100	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:05:35.0776 3100	SiSRaid4 - ok
14:05:35.0791 3100	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:05:35.0807 3100	SkypeUpdate - ok
14:05:35.0807 3100	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:05:35.0823 3100	Smb - ok
14:05:35.0838 3100	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:05:35.0838 3100	SNMPTRAP - ok
14:05:35.0838 3100	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:05:35.0854 3100	spldr - ok
14:05:35.0885 3100	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:05:35.0916 3100	Spooler - ok
14:05:36.0135 3100	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:05:36.0181 3100	sppsvc - ok
14:05:36.0213 3100	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:05:36.0244 3100	sppuinotify - ok
14:05:36.0244 3100	sptd - ok
14:05:36.0259 3100	SQLBrowser      (b2ec3e1deac5f0a764bd3486d213a0af) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:05:36.0259 3100	SQLBrowser - ok
14:05:36.0291 3100	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:05:36.0306 3100	srv - ok
14:05:36.0322 3100	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:05:36.0337 3100	srv2 - ok
14:05:36.0353 3100	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:05:36.0353 3100	srvnet - ok
14:05:36.0369 3100	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:05:36.0384 3100	SSDPSRV - ok
14:05:36.0400 3100	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:05:36.0415 3100	SstpSvc - ok
14:05:36.0431 3100	ssudmdm         (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
14:05:36.0431 3100	ssudmdm - ok
14:05:36.0447 3100	Stereo Service  (6a36a1ce6e6c71559569a965183ff612) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:05:36.0447 3100	Stereo Service - ok
14:05:36.0462 3100	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:05:36.0462 3100	stexstor - ok
14:05:36.0462 3100	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
14:05:36.0478 3100	StillCam - ok
14:05:36.0493 3100	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:05:36.0509 3100	stisvc - ok
14:05:36.0525 3100	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:05:36.0525 3100	storflt - ok
14:05:36.0525 3100	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
14:05:36.0540 3100	StorSvc - ok
14:05:36.0540 3100	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:05:36.0540 3100	storvsc - ok
14:05:36.0540 3100	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:05:36.0556 3100	swenum - ok
14:05:36.0571 3100	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:05:36.0587 3100	SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
14:05:36.0587 3100	SwitchBoard - detected UnsignedFile.Multi.Generic (1)
14:05:36.0603 3100	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:05:36.0665 3100	swprv - ok
14:05:36.0759 3100	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:05:36.0790 3100	SysMain - ok
14:05:36.0837 3100	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:05:36.0837 3100	TabletInputService - ok
14:05:36.0852 3100	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:05:36.0883 3100	TapiSrv - ok
14:05:36.0883 3100	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:05:36.0915 3100	TBS - ok
14:05:36.0977 3100	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:05:37.0008 3100	Tcpip - ok
14:05:37.0102 3100	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:05:37.0117 3100	TCPIP6 - ok
14:05:37.0149 3100	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:05:37.0164 3100	tcpipreg - ok
14:05:37.0180 3100	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:05:37.0180 3100	TDPIPE - ok
14:05:37.0242 3100	tdrpman258      (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys
14:05:37.0258 3100	tdrpman258 - ok
14:05:37.0289 3100	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:05:37.0289 3100	TDTCP - ok
14:05:37.0305 3100	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:05:37.0320 3100	tdx - ok
14:05:37.0336 3100	TeamViewer5     (213723e1a736910c644b457de6d095e2) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
14:05:37.0351 3100	TeamViewer5 - ok
14:05:37.0351 3100	teamviewervpn   (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
14:05:37.0351 3100	teamviewervpn - ok
14:05:37.0367 3100	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:05:37.0367 3100	TermDD - ok
14:05:37.0398 3100	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:05:37.0414 3100	TermService - ok
14:05:37.0429 3100	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:05:37.0429 3100	Themes - ok
14:05:37.0445 3100	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:05:37.0461 3100	THREADORDER - ok
14:05:37.0461 3100	tmactmon        (ba4030f56aacecd0e6d413565b4aed75) C:\Windows\system32\DRIVERS\tmactmon.sys
14:05:37.0476 3100	tmactmon - ok
14:05:37.0492 3100	tmcomm          (ed866799ca62626341632da9edecfd04) C:\Windows\system32\DRIVERS\tmcomm.sys
14:05:37.0492 3100	tmcomm - ok
14:05:37.0492 3100	tmevtmgr        (84fb4b5c8dcd78163c440431fef3e096) C:\Windows\system32\DRIVERS\tmevtmgr.sys
14:05:37.0507 3100	tmevtmgr - ok
14:05:37.0539 3100	TmListen        (14aad1604c9386899485758c05a1757e) C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
14:05:37.0554 3100	TmListen - ok
14:05:37.0570 3100	tmtdi           (77b9bebb0769f45ef770297196ef3506) C:\Windows\system32\DRIVERS\tmtdi.sys
14:05:37.0570 3100	tmtdi - ok
14:05:37.0585 3100	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:05:37.0601 3100	TrkWks - ok
14:05:37.0617 3100	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:05:37.0632 3100	TrustedInstaller - ok
14:05:37.0648 3100	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:05:37.0663 3100	tssecsrv - ok
14:05:37.0663 3100	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:05:37.0679 3100	TsUsbFlt - ok
14:05:37.0679 3100	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:05:37.0679 3100	TsUsbGD - ok
14:05:37.0819 3100	TuneUp.UtilitiesSvc (6ad9517c083d88bde53dc9f5ead8a0d9) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
14:05:37.0835 3100	TuneUp.UtilitiesSvc - ok
14:05:37.0851 3100	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
14:05:37.0851 3100	TuneUpUtilitiesDrv - ok
14:05:37.0897 3100	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:05:37.0913 3100	tunnel - ok
14:05:37.0913 3100	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:05:37.0929 3100	uagp35 - ok
14:05:37.0944 3100	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:05:37.0960 3100	udfs - ok
14:05:37.0975 3100	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:05:37.0975 3100	UI0Detect - ok
14:05:37.0991 3100	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:05:37.0991 3100	uliagpkx - ok
14:05:37.0991 3100	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:05:38.0007 3100	umbus - ok
14:05:38.0007 3100	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:05:38.0007 3100	UmPass - ok
14:05:38.0022 3100	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:05:38.0038 3100	UmRdpService - ok
14:05:38.0053 3100	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:05:38.0069 3100	upnphost - ok
14:05:38.0085 3100	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:05:38.0085 3100	usbccgp - ok
14:05:38.0100 3100	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:05:38.0100 3100	usbcir - ok
14:05:38.0116 3100	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:05:38.0116 3100	usbehci - ok
14:05:38.0131 3100	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:05:38.0147 3100	usbhub - ok
14:05:38.0147 3100	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:05:38.0163 3100	usbohci - ok
14:05:38.0163 3100	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:05:38.0163 3100	usbprint - ok
14:05:38.0178 3100	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:05:38.0178 3100	USBSTOR - ok
14:05:38.0194 3100	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:05:38.0194 3100	usbuhci - ok
14:05:38.0194 3100	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:05:38.0209 3100	UxSms - ok
14:05:38.0225 3100	UxTuneUp        (69af1428fe0e790f31cc2f10483b40c9) C:\Windows\System32\uxtuneup.dll
14:05:38.0225 3100	UxTuneUp - ok
14:05:38.0225 3100	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:05:38.0241 3100	VaultSvc - ok
14:05:38.0241 3100	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:05:38.0241 3100	vdrvroot - ok
14:05:38.0256 3100	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:05:38.0287 3100	vds - ok
14:05:38.0287 3100	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:05:38.0303 3100	vga - ok
14:05:38.0303 3100	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:05:38.0319 3100	VgaSave - ok
14:05:38.0334 3100	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:05:38.0350 3100	vhdmp - ok
14:05:38.0350 3100	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:05:38.0350 3100	viaide - ok
14:05:38.0365 3100	VMAuthdService  (94cf2d157c8fd9089afa5da78aa64c65) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
14:05:38.0365 3100	VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
14:05:38.0365 3100	VMAuthdService - detected UnsignedFile.Multi.Generic (1)
14:05:38.0381 3100	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:05:38.0381 3100	vmbus - ok
14:05:38.0397 3100	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:05:38.0397 3100	VMBusHID - ok
14:05:38.0412 3100	vmci            (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
14:05:38.0412 3100	vmci - ok
14:05:38.0412 3100	VMnetAdapter - ok
14:05:38.0412 3100	VMnetBridge     (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
14:05:38.0428 3100	VMnetBridge - ok
14:05:38.0428 3100	VMnetDHCP - ok
14:05:38.0428 3100	VMnetuserif     (ec9456d3e0e194d67d7430c7ab4eab2c) C:\Windows\system32\drivers\vmnetuserif.sys
14:05:38.0428 3100	VMnetuserif - ok
14:05:38.0475 3100	VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
14:05:38.0490 3100	VMUSBArbService - ok
14:05:38.0490 3100	VMware NAT Service - ok
14:05:38.0865 3100	VMwareHostd     (8c01ae115e9e6806a25a9b5136fd6fc0) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
14:05:38.0958 3100	VMwareHostd ( UnsignedFile.Multi.Generic ) - warning
14:05:38.0958 3100	VMwareHostd - detected UnsignedFile.Multi.Generic (1)
14:05:38.0989 3100	vmx86           (940933def15495d50dc1232e28c70b48) C:\Windows\system32\drivers\vmx86.sys
14:05:38.0989 3100	vmx86 - ok
14:05:38.0989 3100	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:05:39.0005 3100	volmgr - ok
14:05:39.0036 3100	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:05:39.0036 3100	volmgrx - ok
14:05:39.0067 3100	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:05:39.0067 3100	volsnap - ok
14:05:39.0083 3100	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:05:39.0083 3100	vsmraid - ok
14:05:39.0145 3100	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:05:39.0177 3100	VSS - ok
14:05:39.0208 3100	vstor2-mntapi10-shared (6107e33a30c0b923f31c872e1980d2d1) C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
14:05:39.0223 3100	vstor2-mntapi10-shared - ok
14:05:39.0255 3100	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:05:39.0255 3100	vwifibus - ok
14:05:39.0286 3100	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:05:39.0317 3100	W32Time - ok
14:05:39.0317 3100	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:05:39.0333 3100	WacomPen - ok
14:05:39.0333 3100	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:05:39.0348 3100	WANARP - ok
14:05:39.0364 3100	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:05:39.0379 3100	Wanarpv6 - ok
14:05:39.0426 3100	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:05:39.0457 3100	WatAdminSvc - ok
14:05:39.0520 3100	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:05:39.0535 3100	wbengine - ok
14:05:39.0582 3100	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:05:39.0582 3100	WbioSrvc - ok
14:05:39.0598 3100	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:05:39.0613 3100	wcncsvc - ok
14:05:39.0629 3100	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:05:39.0629 3100	WcsPlugInService - ok
14:05:39.0645 3100	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:05:39.0645 3100	Wd - ok
14:05:39.0691 3100	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:05:39.0707 3100	Wdf01000 - ok
14:05:39.0707 3100	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:05:39.0723 3100	WdiServiceHost - ok
14:05:39.0723 3100	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:05:39.0738 3100	WdiSystemHost - ok
14:05:39.0754 3100	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:05:39.0769 3100	WebClient - ok
14:05:39.0769 3100	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:05:39.0801 3100	Wecsvc - ok
14:05:39.0801 3100	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:05:39.0832 3100	wercplsupport - ok
14:05:39.0832 3100	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:05:39.0847 3100	WerSvc - ok
14:05:39.0863 3100	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:05:39.0879 3100	WfpLwf - ok
14:05:39.0879 3100	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:05:39.0894 3100	WIMMount - ok
14:05:39.0910 3100	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:05:39.0941 3100	Winmgmt - ok
14:05:40.0035 3100	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:05:40.0066 3100	WinRM - ok
14:05:40.0113 3100	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:05:40.0128 3100	WinUsb - ok
14:05:40.0175 3100	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:05:40.0191 3100	Wlansvc - ok
14:05:40.0191 3100	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:05:40.0191 3100	WmiAcpi - ok
14:05:40.0222 3100	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:05:40.0222 3100	wmiApSrv - ok
14:05:40.0237 3100	WMPNetworkSvc - ok
14:05:40.0237 3100	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:05:40.0237 3100	WPCSvc - ok
14:05:40.0253 3100	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:05:40.0253 3100	WPDBusEnum - ok
14:05:40.0253 3100	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:05:40.0284 3100	ws2ifsl - ok
14:05:40.0284 3100	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:05:40.0300 3100	wscsvc - ok
14:05:40.0300 3100	WSearch - ok
14:05:40.0315 3100	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:05:40.0331 3100	WudfPf - ok
14:05:40.0347 3100	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:05:40.0362 3100	WUDFRd - ok
14:05:40.0362 3100	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:05:40.0393 3100	wudfsvc - ok
14:05:40.0409 3100	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:05:40.0425 3100	WwanSvc - ok
14:05:40.0425 3100	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:05:40.0534 3100	\Device\Harddisk0\DR0 - ok
14:05:40.0534 3100	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:05:40.0643 3100	\Device\Harddisk1\DR1 - ok
14:05:40.0643 3100	Boot (0x1200)   (14b71b7dadc4d16655b2d5af1bee8784) \Device\Harddisk0\DR0\Partition0
14:05:40.0643 3100	\Device\Harddisk0\DR0\Partition0 - ok
14:05:40.0643 3100	Boot (0x1200)   (2f83157ee79d0d973fabfdadfb5e14d5) \Device\Harddisk1\DR1\Partition0
14:05:40.0643 3100	\Device\Harddisk1\DR1\Partition0 - ok
14:05:40.0643 3100	============================================================
14:05:40.0643 3100	Scan finished
14:05:40.0643 3100	============================================================
14:05:40.0643 3956	Detected object count: 7
14:05:40.0643 3956	Actual detected object count: 7
14:05:51.0204 3956	HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:05:51.0204 3956	HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:05:51.0204 3956	MDM ( UnsignedFile.Multi.Generic ) - skipped by user
14:05:51.0204 3956	MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:05:51.0204 3956	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:05:51.0204 3956	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:05:51.0204 3956	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:05:51.0204 3956	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:05:51.0220 3956	SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
14:05:51.0220 3956	SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:05:51.0220 3956	VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
14:05:51.0220 3956	VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:05:51.0220 3956	VMwareHostd ( UnsignedFile.Multi.Generic ) - skipped by user
14:05:51.0220 3956	VMwareHostd ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 11.07.2012, 14:11   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.


Alt 12.07.2012, 08:59   #21
f6user
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



Hier der Log vom Kombo Fix

Was mir jetzt auffällt ist dass meine Desktop Icons sich in letzter zeit nicht verschieben haben lassen nach jedem neustart oder aktualisierung via F5 waren alle icon links am Bild Sortiert. Jetzt nach dem Combofix sind die Icons so wie ich sie mal angeordnet habe

Code:
ATTFilter
ComboFix 12-07-11.03 - user 12.07.2012   9:40.1.4 - x64
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\tmp\U
c:\windows\SysWow64\drivers\str.sys
c:\windows\SysWow64\muzapp.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-12 bis 2012-07-12  ))))))))))))))))))))))))))))))
.
.
2012-07-12 07:42 . 2012-07-12 07:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-10 09:59 . 2012-07-10 09:59	--------	d-----w-	C:\_OTL
2012-07-09 12:11 . 2012-07-09 12:11	--------	d-----w-	c:\program files (x86)\JPEG Recovery Pro
2012-07-06 08:15 . 2012-07-06 08:15	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-06 08:15 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-27 06:41 . 2012-06-27 06:41	--------	d-----w-	c:\program files (x86)\Audacity
2012-06-22 06:50 . 2012-06-22 07:06	--------	d-----w-	c:\program files (x86)\MozBackup
2012-06-22 06:38 . 2012-07-12 07:43	--------	d-----w-	c:\users\user
2012-06-22 06:19 . 2012-06-22 06:19	--------	d-----w-	c:\users\Administrator
2012-06-20 07:44 . 2009-06-18 10:55	18816	------w-	c:\windows\SysWow64\SAVRKBootTasks.sys
2012-06-19 08:25 . 2012-06-19 08:25	--------	d-----w-	c:\program files (x86)\KeePass Password Safe 2
2012-06-15 07:15 . 2012-06-15 07:15	--------	d-----w-	c:\program files (x86)\Sophos
2012-06-15 06:39 . 2012-06-15 06:39	251488	----a-w-	c:\windows\system32\drivers\afcdp.sys
2012-06-15 06:39 . 2012-06-15 06:39	1477728	----a-w-	c:\windows\system32\drivers\tdrpm258.sys
2012-06-13 06:25 . 2012-06-13 06:25	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 06:25 . 2012-06-13 06:25	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-12 14:41 . 2012-06-12 14:41	--------	d-----w-	c:\programdata\IObit
2012-06-12 14:41 . 2012-06-12 14:41	--------	d-----w-	c:\program files (x86)\IObit
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 14:16 . 2011-03-02 08:59	4354048	----a-w-	c:\windows\DVAPI32.DLL
2012-06-18 14:56 . 2011-03-02 08:59	9611264	----a-w-	c:\windows\TOBITCLT.DLL
2012-06-14 06:17 . 2012-04-03 06:24	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 06:17 . 2011-05-18 08:10	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-30 18:56 . 2012-06-06 13:31	63088	----a-w-	c:\windows\system32\drivers\vmx86.sys
2012-04-30 18:56 . 2012-06-06 13:31	942192	----a-w-	c:\windows\system32\vnetlib64.dll
2012-04-30 18:56 . 2012-06-06 13:31	354416	----a-w-	c:\windows\SysWow64\vmnetdhcp.exe
2012-04-30 18:56 . 2012-06-06 13:31	433264	----a-w-	c:\windows\SysWow64\vmnat.exe
2012-04-30 18:54 . 2012-06-06 13:31	30320	----a-w-	c:\windows\system32\drivers\vmnetuserif.sys
2012-04-30 16:26 . 2012-04-30 16:26	252016	----a-w-	c:\windows\SysWow64\vmnc.dll
2012-04-30 15:22 . 2012-04-30 15:22	62064	----a-w-	c:\windows\system32\vmnetbridge.dll
2012-04-30 15:22 . 2012-04-30 15:22	45680	----a-w-	c:\windows\system32\drivers\vmnetbridge.sys
2012-04-30 15:22 . 2012-04-30 15:22	24176	----a-w-	c:\windows\system32\drivers\vmnet.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-11-16 107000]
"Second Copy"="c:\program files (x86)\SecCopy\SecCopy.exe" [2008-12-22 2794496]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"DV4TS.EXE"="c:\windows\system32\DV4TS.EXE" [2011-10-21 193536]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe [2011-10-10 7101952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DV4TS.EXE"=c:\windows\system32\DV4TS.EXE
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ctietfjaipsz;ctietfjaipsz;c:\users\user\AppData\Local\Temp\DAT1BE9.tmp.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-06-15 251488]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\738.tmp [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-02-24 52224]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-02-24 72192]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 35112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 mv91xx;mv91xx;c:\windows\System32\drivers\mv91xx.sys [2011-04-26 303408]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2012-06-15 1477728]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-14 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-19 202752]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 MSSQL$DAVID;SQL Server (DAVID);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-02-25 69904]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-19 1974080]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-04-30 11839488]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-19 6366720]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-19 186880]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-11-15 121832]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-11-15 364520]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - IPNAT
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-03-26 204584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bw8mt4vh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\738.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
   43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
   18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
   aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
   f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7f,ff,79,e5,06,3f,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}]
@Denied: (Full) (Administrators)
@Denied: (Full) (Owner)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (Administrators)
@Denied: (Full) (Users)
@="CLSID_SearchFolder"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-12  09:45:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-12 07:45
.
Vor Suchlauf: 11 Verzeichnis(se), 56.103.964.672 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 55.943.475.200 Bytes frei
.
- - End Of File - - 3F9CD111A8153917A28381959593D719
         

Geändert von f6user (12.07.2012 um 09:16 Uhr)

Alt 12.07.2012, 10:56   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Firefox::
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bw8mt4vh.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600

File::
c:\users\user\AppData\Local\Temp\DAT1BE9.tmp.exe
c:\windows\system32\738.tmp

Driver::
ctietfjaipsz
MEMSWEEP2
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Alt 12.07.2012, 13:38   #23
f6user
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-12.02 - user 12.07.2012  14:24:45.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.6125.4411 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\MALWARE_Tools\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\user\Desktop\CFScript.txt
AV: Trend Micro Security Agent *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Security Agent *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\user\AppData\Local\Temp\DAT1BE9.tmp.exe"
"c:\windows\system32\738.tmp"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ctietfjaipsz
-------\Service_MEMSWEEP2
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-12 bis 2012-07-12  ))))))))))))))))))))))))))))))
.
.
2012-07-12 12:27 . 2012-07-12 12:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-12 07:46 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-07-12 07:46 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-07-12 07:46 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-07-12 07:46 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-07-12 07:46 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-07-12 07:46 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-07-12 07:46 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-07-12 07:46 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-07-12 07:46 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-07-10 09:59 . 2012-07-10 09:59	--------	d-----w-	C:\_OTL
2012-07-09 12:11 . 2012-07-09 12:11	--------	d-----w-	c:\program files (x86)\JPEG Recovery Pro
2012-07-06 08:15 . 2012-07-06 08:15	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-06 08:15 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-27 06:41 . 2012-06-27 06:41	--------	d-----w-	c:\program files (x86)\Audacity
2012-06-22 06:50 . 2012-06-22 07:06	--------	d-----w-	c:\program files (x86)\MozBackup
2012-06-22 06:38 . 2012-07-12 07:55	--------	d-----w-	c:\users\user
2012-06-22 06:19 . 2012-06-22 06:19	--------	d-----w-	c:\users\Administrator
2012-06-20 07:44 . 2009-06-18 10:55	18816	------w-	c:\windows\SysWow64\SAVRKBootTasks.sys
2012-06-19 08:25 . 2012-06-19 08:25	--------	d-----w-	c:\program files (x86)\KeePass Password Safe 2
2012-06-15 07:15 . 2012-06-15 07:15	--------	d-----w-	c:\program files (x86)\Sophos
2012-06-15 06:39 . 2012-06-15 06:39	251488	----a-w-	c:\windows\system32\drivers\afcdp.sys
2012-06-15 06:39 . 2012-06-15 06:39	1477728	----a-w-	c:\windows\system32\drivers\tdrpm258.sys
2012-06-13 06:25 . 2012-06-13 06:25	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 06:25 . 2012-06-13 06:25	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-12 14:41 . 2012-06-12 14:41	--------	d-----w-	c:\programdata\IObit
2012-06-12 14:41 . 2012-06-12 14:41	--------	d-----w-	c:\program files (x86)\IObit
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 14:16 . 2011-03-02 08:59	4354048	----a-w-	c:\windows\DVAPI32.DLL
2012-06-18 14:56 . 2011-03-02 08:59	9611264	----a-w-	c:\windows\TOBITCLT.DLL
2012-06-14 06:17 . 2012-04-03 06:24	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 06:17 . 2011-05-18 08:10	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-30 18:56 . 2012-06-06 13:31	63088	----a-w-	c:\windows\system32\drivers\vmx86.sys
2012-04-30 18:56 . 2012-06-06 13:31	942192	----a-w-	c:\windows\system32\vnetlib64.dll
2012-04-30 18:56 . 2012-06-06 13:31	354416	----a-w-	c:\windows\SysWow64\vmnetdhcp.exe
2012-04-30 18:56 . 2012-06-06 13:31	433264	----a-w-	c:\windows\SysWow64\vmnat.exe
2012-04-30 18:54 . 2012-06-06 13:31	30320	----a-w-	c:\windows\system32\drivers\vmnetuserif.sys
2012-04-30 16:26 . 2012-04-30 16:26	252016	----a-w-	c:\windows\SysWow64\vmnc.dll
2012-04-30 15:22 . 2012-04-30 15:22	62064	----a-w-	c:\windows\system32\vmnetbridge.dll
2012-04-30 15:22 . 2012-04-30 15:22	45680	----a-w-	c:\windows\system32\drivers\vmnetbridge.sys
2012-04-30 15:22 . 2012-04-30 15:22	24176	----a-w-	c:\windows\system32\drivers\vmnet.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-12_07.43.14   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-12 07:56	44558              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-12 07:56	40536              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-05-07 06:44 . 2011-02-25 10:09	69904              c:\windows\system32\drivers\tmevtmgr.sys
+ 2012-05-07 06:44 . 2011-06-23 09:34	69904              c:\windows\system32\drivers\tmevtmgr.sys
+ 2012-05-07 06:44 . 2011-06-23 09:34	90896              c:\windows\system32\drivers\tmactmon.sys
- 2012-05-07 06:44 . 2011-02-25 10:10	90896              c:\windows\system32\drivers\tmactmon.sys
+ 2012-06-02 13:19 . 2012-06-02 13:19	79232              c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2011-10-05 11:24 . 2012-07-12 07:56	9028              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4097306890-2138770997-1041978500-1118_UserData.bin
+ 2012-07-12 12:27 . 2012-07-12 12:27	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-12 07:43 . 2012-07-12 07:43	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-12 08:03	715792              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-21 13:09	715792              c:\windows\system32\perfh009.dat
+ 2010-11-21 06:50 . 2012-07-12 08:03	761080              c:\windows\system32\perfh007.dat
- 2010-11-21 06:50 . 2012-06-21 13:09	761080              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-07-12 08:03	144164              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-21 13:09	144164              c:\windows\system32\perfc009.dat
- 2010-11-21 06:50 . 2012-06-21 13:09	171376              c:\windows\system32\perfc007.dat
+ 2010-11-21 06:50 . 2012-07-12 08:03	171376              c:\windows\system32\perfc007.dat
- 2012-05-07 06:44 . 2011-02-25 10:09	146192              c:\windows\system32\drivers\tmcomm.sys
+ 2012-05-07 06:44 . 2011-06-23 09:34	146192              c:\windows\system32\drivers\tmcomm.sys
+ 2009-07-14 04:46 . 2012-07-12 07:57	109704              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-07-12 12:27	966952              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-12 07:42	966952              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-07-12 07:57	7584621              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-15 06:42	7584621              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-07-10 11:49 . 2012-07-12 12:27	2518424              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4097306890-2138770997-1041978500-1118-8192.dat
+ 2009-07-14 02:34 . 2012-07-12 07:54	10485760              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-05-09 09:06	10485760              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-11-22 20:53 . 2011-11-22 20:53	12086784              c:\windows\Installer\214c12.msi
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-11-16 107000]
"Second Copy"="c:\program files (x86)\SecCopy\SecCopy.exe" [2008-12-22 2794496]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"DV4TS.EXE"="c:\windows\system32\DV4TS.EXE" [2011-10-21 193536]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe [2011-10-10 7101952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DV4TS.EXE"=c:\windows\system32\DV4TS.EXE
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-06-15 251488]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-02-24 52224]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-02-24 72192]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 35112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 mv91xx;mv91xx;c:\windows\System32\drivers\mv91xx.sys [2011-04-26 303408]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2012-06-15 1477728]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-14 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-19 202752]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 MSSQL$DAVID;SQL Server (DAVID);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-06-23 69904]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-19 1974080]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-04-30 11839488]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-19 6366720]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-19 186880]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-11-15 121832]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-11-15 364520]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-17 219480]
"combofix"="c:\combofix\CF342.3XE" [2010-11-21 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bw8mt4vh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
   43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
   18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
   aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
   f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7f,ff,79,e5,06,3f,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}]
@Denied: (Full) (Administrators)
@Denied: (Full) (Owner)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (Administrators)
@Denied: (Full) (Users)
@="CLSID_SearchFolder"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-12  14:29:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-12 12:29
ComboFix2.txt  2012-07-12 07:45
.
Vor Suchlauf: 17 Verzeichnis(se), 55.199.891.456 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 54.914.842.624 Bytes frei
.
- - End Of File - - 13F212861F80BA9E01BA3CB852DDECA6
         
--- --- ---

Alt 12.07.2012, 14:57   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Alt 12.07.2012, 15:40   #25
f6user
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



GMER hatt abgeschlossen ohne Funde

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:29:54 on 12.07.2012

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Try&Decide and Restore Points filter (build 258)" (tdrpman258) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpm258.sys
"adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys
"afcdp" (afcdp) - "Acronis" - C:\Windows\System32\DRIVERS\afcdp.sys
"BlackBerry-Smartphone" (RimUsb) - ? - C:\Windows\System32\Drivers\RimUsb_AMD64.sys  (File not found)
"Boot Tasks Driver" (SAVRKBootTasks) - ? - C:\Windows\system32\SAVRKBootTasks.sys  (File not found)
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"tmactmon" (tmactmon) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmactmon.sys
"tmcomm" (tmcomm) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmcomm.sys
"tmevtmgr" (tmevtmgr) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmevtmgr.sys
"Trend Micro TDI Driver" (tmtdi) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmtdi.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
"VMware hcmon" (hcmon) - "VMware, Inc." - C:\Windows\system32\drivers\hcmon.sys
"VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\Windows\system32\drivers\vmnetuserif.sys
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\Windows\System32\DRIVERS\vmnetadapter.sys  (File not found)
"VMware vmx86" (vmx86) - "VMware, Inc." - C:\Windows\system32\drivers\vmx86.sys
"Vstor2 MntApi 1.0 Driver (shared)" (vstor2-mntapi10-shared) - "VMware, Inc." - C:\Windows\SysWOW64\drivers\vstor2-mntapi10-shared.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{8EF5DC20-419C-4E43-A088-DE5B5625CA47} "{8EF5DC20-419C-4E43-A088-DE5B5625CA47}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
{0B37915C-8B98-4B9E-80D4-464D2C830D10} "TBProtocol Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll
{0E526CB5-7446-41D1-A403-19BFE95E8C23} "TmIEPlugInAPP Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\VISSHE.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\SDShelEx-win32.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&RoboForm" - "Siber Systems Inc." - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{0D41B8C5-2599-4893-8183-00195EC8D5F9} "asusTek_sysctrl Class" - ? - C:\Windows\DOWNLO~1\asusTek_sys_ctrl.dll / hxxp://support.asus.de/common/asusTek_sys_ctrl.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{5DA9D8E0-5A57-11CF-9E36-00C0930198C0} "Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00" - "Pegasus Software, LLC." - C:\Windows\SysWOW64\IMW32O40.OCX / hxxp://192.168.13.150/LNetCam.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "{7530BFB8-7293-4D34-9923-61A11451AFC5}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&RoboForm" - "Siber Systems Inc." - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{1CA1377B-DC1D-4A52-9585-6E06050FAC53} "TmIEPlugInBHO Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{724d43a9-0d85-11d4-9908-00400523e39a} "{724d43a9-0d85-11d4-9908-00400523e39a}" - "Siber Systems Inc." - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"TK-Suite Client.lnk" - "AGFEO      " - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"RoboForm" - "Siber Systems" - "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Second Copy" - "Centered Systems" - "C:\Program Files (x86)\SecCopy\SecCopy.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"DV4TS.EXE" - ? - c:\windows\system32\DV4TS.EXE  (File not found)
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Fax-Image Monitor" - "Tobit Software" - C:\Windows\faximgmo.dll
"FaxWare Monitor" - "Tobit Software" - C:\Windows\faxwarmo.dll
"KM Language Monitor" - "KYOCERA MITA Corporation" - C:\Windows\system32\KMPJL64.DLL
"Tobit Color Monitor" - ? - C:\Windows\IMGMSGMO.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"SQL Server (DAVID)" (MSSQL$DAVID) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
"Trend Micro Security Agent Communicator" (TmListen) - "Trend Micro Inc." - C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
"Trend Micro Solution Platform" (Amsp) - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
"VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
"VMware USB Arbitration Service" (VMUSBArbService) - "VMware, Inc." - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
"VMware Workstation Server" (VMwareHostd) - ? - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe  (File found, but it contains no detailed information)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"VMCI sockets DGRAM" - "VMware, Inc." - C:\Windows\system32\vsocklib.dll
"VMCI sockets STREAM" - "VMware, Inc." - C:\Windows\system32\vsocklib.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/CODE]

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-12 16:37:20
-----------------------------
16:37:20.231    OS Version: Windows x64 6.1.7601 Service Pack 1
16:37:20.232    Number of processors: 4 586 0x2A07
16:37:20.232    ComputerName: PCUSER  UserName: user
16:37:20.510    Initialize success
16:37:23.250    AVAST engine defs: 12071200
16:37:28.588    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:37:28.589    Disk 0 Vendor: OCZ-VERT 1.35 Size: 109704MB BusType: 3
16:37:28.590    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:37:28.591    Disk 1 Vendor: ST350041 CC44 Size: 476940MB BusType: 3
16:37:28.596    Disk 0 MBR read successfully
16:37:28.598    Disk 0 MBR scan
16:37:28.600    Disk 0 Windows 7 default MBR code
16:37:28.602    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       109701 MB offset 63
16:37:28.609    Disk 0 scanning C:\Windows\system32\drivers
16:37:31.944    Service scanning
16:37:38.520    Modules scanning
16:37:38.524    Disk 0 trace - called modules:
16:37:38.528    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:37:38.531    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008806060]
16:37:38.533    3 CLASSPNP.SYS[fffff88001fa043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f87050]
16:37:38.535    Scan finished successfully
16:38:09.899    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
16:38:09.902    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         

Alt 12.07.2012, 18:09   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Alt 13.07.2012, 10:37   #27
f6user
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



Ich habe jetzt auf der C partition Ordner wie _OTL und Qoodox was kann ich jetzt mit diesen ordnern machen kann ich die Löschen oder wie soll ich damit umgehen?

Malwarebytes hatt nichts gefunden

hier der Log vom SuperAntiSpyware
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/13/2012 at 10:57 AM

Application Version : 5.5.1006

Core Rules Database Version : 8894
Trace Rules Database Version: 6706

Scan type       : Complete Scan
Total Scan Time : 01:26:22

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 621
Memory threats detected   : 0
Registry items scanned    : 72370
Registry threats detected : 0
File items scanned        : 419486
File threats detected     : 5

Adware.Tracking Cookie
	C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\KYSVSN0G.txt [ /doubleclick.net ]
	C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\KWNXWQ1C.txt [ /xiti.com ]
	C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\WFR4QXAM.txt [ /de.sitestat.com ]
	C:\USERS\user\Cookies\KWNXWQ1C.txt [ Cookie:user@xiti.com/ ]
	C:\USERS\user\Cookies\WFR4QXAM.txt [ Cookie:user@de.sitestat.com/idgcom-de/channelpartner/ ]
         

Alt 13.07.2012, 20:26   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



Das Log von Malwarebytes will ich trotzdem sehen

Alt 16.07.2012, 08:02   #29
f6user
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



ok kein problem habs nochmal durchlaufen lassen
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: PCUSER [Administrator]

16.07.2012 08:23:17
mbam-log-2012-07-16 (08-23-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 428439
Laufzeit: 37 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 16.07.2012, 16:06   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit Befall C:\Windows\Installer - Standard

Rootkit Befall C:\Windows\Installer



Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Antwort

Themen zu Rootkit Befall C:\Windows\Installer
800000cb.@, abgebrochen, anti-malware, autostart, befall, c:\windows, code, dateien, escan, explorer, free, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, hook, iexplore.exe, micro, online, quarantäne, rootkit, service, speicher, trend, trojan, version, win7, windows



Ähnliche Themen: Rootkit Befall C:\Windows\Installer


  1. TR/Crypt.EPACK.15032-, TR/Rootkit.Gen-Befall
    Plagegeister aller Art und deren Bekämpfung - 19.05.2014 (3)
  2. Notebook ASUS Win 8.1 64bit Rootkit befall ...
    Log-Analyse und Auswertung - 17.04.2014 (24)
  3. Rootkit.0Access.64 in C:\\Windows\Installer\ --> kein Windows Update?
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (17)
  4. Rootkit/ Malware Befall
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (7)
  5. Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (6)
  6. Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (7)
  7. Trojaner-Befall (Sirefef.GA/GY/GZ, W64.ZAccess, Generic.7629199) in Windows\Installer
    Log-Analyse und Auswertung - 13.07.2012 (1)
  8. Rootkit Befall
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  9. Trojan.Small, Trojan.Sirefef, Rootkit.0Access in C:\Windows\installer - ist nicht zu entfernen
    Log-Analyse und Auswertung - 05.07.2012 (23)
  10. Rootkit.0Access und vier weitere Trojaner in C:\WINDOWS\Installer\...
    Log-Analyse und Auswertung - 04.07.2012 (19)
  11. Rootkit.gen gefunden/Rootkit-Befall - Bin ich im dran? Brauche dringend Beratung !!!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (3)
  12. Rootkit/Trojaner - Befall --- Neuaufsetzung gewünscht
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (34)
  13. Windows XP Service Pack 3 nicht installierbar (acpi.sys) - Rootkit-Befall?
    Log-Analyse und Auswertung - 15.02.2012 (43)
  14. Evtl Trojaner Befall / Rootkit / a1vcwtl4.exe
    Log-Analyse und Auswertung - 09.01.2011 (2)
  15. Virus/Rootkit Befall? H8SRTkuuotrpkjl.sys
    Log-Analyse und Auswertung - 11.01.2010 (3)
  16. möglicherweise rootkit virus befall
    Plagegeister aller Art und deren Bekämpfung - 22.12.2009 (11)
  17. Adware,Trojaner,Rogue Installer,Worm,Rootkit HILFE!
    Plagegeister aller Art und deren Bekämpfung - 14.06.2009 (65)

Zum Thema Rootkit Befall C:\Windows\Installer - Downloade Dir bitte AdwCleaner auf deinen Desktop. Starte die adwcleaner.exe mit einem Doppelklick. Klicke auf Search . Nach Ende des Suchlaufs öffnet sich eine Textdatei. Poste mir den Inhalt mit - Rootkit Befall C:\Windows\Installer...
Archiv
Du betrachtest: Rootkit Befall C:\Windows\Installer auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.